From f1e293f371680309a80938a2265de79875a1e4b1 Mon Sep 17 00:00:00 2001
From: oberrich <6305520+oberrich@users.noreply.github.com>
Date: Mon, 8 Apr 2024 04:36:24 +0200
Subject: [PATCH] make `phnt_nightly` dependency a submodule
---
deps/phnt-nightly | 1 +
deps/phnt-nightly/LICENSE | 686 --
deps/phnt-nightly/README.md | 32 -
deps/phnt-nightly/ntbcd.h | 2133 ------
deps/phnt-nightly/ntdbg.h | 380 --
deps/phnt-nightly/ntexapi.h | 7096 -------------------
deps/phnt-nightly/ntgdi.h | 127 -
deps/phnt-nightly/ntimage.h | 211 -
deps/phnt-nightly/ntioapi.h | 2948 --------
deps/phnt-nightly/ntkeapi.h | 174 -
deps/phnt-nightly/ntldr.h | 1185 ----
deps/phnt-nightly/ntlpcapi.h | 1055 ---
deps/phnt-nightly/ntmisc.h | 640 --
deps/phnt-nightly/ntmmapi.h | 1215 ----
deps/phnt-nightly/ntnls.h | 42 -
deps/phnt-nightly/ntobapi.h | 442 --
deps/phnt-nightly/ntpebteb.h | 514 --
deps/phnt-nightly/ntpfapi.h | 456 --
deps/phnt-nightly/ntpnpapi.h | 207 -
deps/phnt-nightly/ntpoapi.h | 791 ---
deps/phnt-nightly/ntpsapi.h | 2723 --------
deps/phnt-nightly/ntregapi.h | 887 ---
deps/phnt-nightly/ntrtl.h | 10249 ----------------------------
deps/phnt-nightly/ntsam.h | 1894 -----
deps/phnt-nightly/ntseapi.h | 710 --
deps/phnt-nightly/ntsmss.h | 28 -
deps/phnt-nightly/ntsxs.h | 515 --
deps/phnt-nightly/nttmapi.h | 479 --
deps/phnt-nightly/nttp.h | 462 --
deps/phnt-nightly/ntwmi.h | 5928 ----------------
deps/phnt-nightly/ntwow64.h | 782 ---
deps/phnt-nightly/ntxcapi.h | 129 -
deps/phnt-nightly/ntzwapi.h | 4816 -------------
deps/phnt-nightly/phnt.h | 123 -
deps/phnt-nightly/phnt_ntdef.h | 365 -
deps/phnt-nightly/phnt_windows.h | 128 -
deps/phnt-nightly/subprocesstag.h | 100 -
deps/phnt-nightly/usermgr.h | 223 -
deps/phnt-nightly/winsta.h | 1168 ----
src/ffi/generated.rs | 8 +-
40 files changed, 5 insertions(+), 52047 deletions(-)
create mode 160000 deps/phnt-nightly
delete mode 100644 deps/phnt-nightly/LICENSE
delete mode 100644 deps/phnt-nightly/README.md
delete mode 100644 deps/phnt-nightly/ntbcd.h
delete mode 100644 deps/phnt-nightly/ntdbg.h
delete mode 100644 deps/phnt-nightly/ntexapi.h
delete mode 100644 deps/phnt-nightly/ntgdi.h
delete mode 100644 deps/phnt-nightly/ntimage.h
delete mode 100644 deps/phnt-nightly/ntioapi.h
delete mode 100644 deps/phnt-nightly/ntkeapi.h
delete mode 100644 deps/phnt-nightly/ntldr.h
delete mode 100644 deps/phnt-nightly/ntlpcapi.h
delete mode 100644 deps/phnt-nightly/ntmisc.h
delete mode 100644 deps/phnt-nightly/ntmmapi.h
delete mode 100644 deps/phnt-nightly/ntnls.h
delete mode 100644 deps/phnt-nightly/ntobapi.h
delete mode 100644 deps/phnt-nightly/ntpebteb.h
delete mode 100644 deps/phnt-nightly/ntpfapi.h
delete mode 100644 deps/phnt-nightly/ntpnpapi.h
delete mode 100644 deps/phnt-nightly/ntpoapi.h
delete mode 100644 deps/phnt-nightly/ntpsapi.h
delete mode 100644 deps/phnt-nightly/ntregapi.h
delete mode 100644 deps/phnt-nightly/ntrtl.h
delete mode 100644 deps/phnt-nightly/ntsam.h
delete mode 100644 deps/phnt-nightly/ntseapi.h
delete mode 100644 deps/phnt-nightly/ntsmss.h
delete mode 100644 deps/phnt-nightly/ntsxs.h
delete mode 100644 deps/phnt-nightly/nttmapi.h
delete mode 100644 deps/phnt-nightly/nttp.h
delete mode 100644 deps/phnt-nightly/ntwmi.h
delete mode 100644 deps/phnt-nightly/ntwow64.h
delete mode 100644 deps/phnt-nightly/ntxcapi.h
delete mode 100644 deps/phnt-nightly/ntzwapi.h
delete mode 100644 deps/phnt-nightly/phnt.h
delete mode 100644 deps/phnt-nightly/phnt_ntdef.h
delete mode 100644 deps/phnt-nightly/phnt_windows.h
delete mode 100644 deps/phnt-nightly/subprocesstag.h
delete mode 100644 deps/phnt-nightly/usermgr.h
delete mode 100644 deps/phnt-nightly/winsta.h
diff --git a/deps/phnt-nightly b/deps/phnt-nightly
new file mode 160000
index 0000000..3b44027
--- /dev/null
+++ b/deps/phnt-nightly
@@ -0,0 +1 @@
+Subproject commit 3b4402752801a2be6641d9b409c046258b4ea3a5
diff --git a/deps/phnt-nightly/LICENSE b/deps/phnt-nightly/LICENSE
deleted file mode 100644
index 0eaa759..0000000
--- a/deps/phnt-nightly/LICENSE
+++ /dev/null
@@ -1,686 +0,0 @@
-Process Hacker is distributed under the GNU GPL version 3, with the
-following exception:
-
- Permission is granted to dynamically (but not statically) link this
- program with independent modules, regardless of the license terms of
- these independent modules, provided that this program is not modified
- in any way. An independent module is a module which is not derived
- from or based on this program. If you modify this program, this
- additional permission no longer applies unless authorized by the
- copyright holders.
-
- GNU GENERAL PUBLIC LICENSE
- Version 3, 29 June 2007
-
- Copyright (C) 2007 Free Software Foundation, Inc.
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
- Preamble
-
- The GNU General Public License is a free, copyleft license for
-software and other kinds of works.
-
- The licenses for most software and other practical works are designed
-to take away your freedom to share and change the works. By contrast,
-the GNU General Public License is intended to guarantee your freedom to
-share and change all versions of a program--to make sure it remains free
-software for all its users. We, the Free Software Foundation, use the
-GNU General Public License for most of our software; it applies also to
-any other work released this way by its authors. You can apply it to
-your programs, too.
-
- When we speak of free software, we are referring to freedom, not
-price. Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-them if you wish), that you receive source code or can get it if you
-want it, that you can change the software or use pieces of it in new
-free programs, and that you know you can do these things.
-
- To protect your rights, we need to prevent others from denying you
-these rights or asking you to surrender the rights. Therefore, you have
-certain responsibilities if you distribute copies of the software, or if
-you modify it: responsibilities to respect the freedom of others.
-
- For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must pass on to the recipients the same
-freedoms that you received. You must make sure that they, too, receive
-or can get the source code. And you must show them these terms so they
-know their rights.
-
- Developers that use the GNU GPL protect your rights with two steps:
-(1) assert copyright on the software, and (2) offer you this License
-giving you legal permission to copy, distribute and/or modify it.
-
- For the developers' and authors' protection, the GPL clearly explains
-that there is no warranty for this free software. For both users' and
-authors' sake, the GPL requires that modified versions be marked as
-changed, so that their problems will not be attributed erroneously to
-authors of previous versions.
-
- Some devices are designed to deny users access to install or run
-modified versions of the software inside them, although the manufacturer
-can do so. This is fundamentally incompatible with the aim of
-protecting users' freedom to change the software. The systematic
-pattern of such abuse occurs in the area of products for individuals to
-use, which is precisely where it is most unacceptable. Therefore, we
-have designed this version of the GPL to prohibit the practice for those
-products. If such problems arise substantially in other domains, we
-stand ready to extend this provision to those domains in future versions
-of the GPL, as needed to protect the freedom of users.
-
- Finally, every program is threatened constantly by software patents.
-States should not allow patents to restrict development and use of
-software on general-purpose computers, but in those that do, we wish to
-avoid the special danger that patents applied to a free program could
-make it effectively proprietary. To prevent this, the GPL assures that
-patents cannot be used to render the program non-free.
-
- The precise terms and conditions for copying, distribution and
-modification follow.
-
- TERMS AND CONDITIONS
-
- 0. Definitions.
-
- "This License" refers to version 3 of the GNU General Public License.
-
- "Copyright" also means copyright-like laws that apply to other kinds of
-works, such as semiconductor masks.
-
- "The Program" refers to any copyrightable work licensed under this
-License. Each licensee is addressed as "you". "Licensees" and
-"recipients" may be individuals or organizations.
-
- To "modify" a work means to copy from or adapt all or part of the work
-in a fashion requiring copyright permission, other than the making of an
-exact copy. The resulting work is called a "modified version" of the
-earlier work or a work "based on" the earlier work.
-
- A "covered work" means either the unmodified Program or a work based
-on the Program.
-
- To "propagate" a work means to do anything with it that, without
-permission, would make you directly or secondarily liable for
-infringement under applicable copyright law, except executing it on a
-computer or modifying a private copy. Propagation includes copying,
-distribution (with or without modification), making available to the
-public, and in some countries other activities as well.
-
- To "convey" a work means any kind of propagation that enables other
-parties to make or receive copies. Mere interaction with a user through
-a computer network, with no transfer of a copy, is not conveying.
-
- An interactive user interface displays "Appropriate Legal Notices"
-to the extent that it includes a convenient and prominently visible
-feature that (1) displays an appropriate copyright notice, and (2)
-tells the user that there is no warranty for the work (except to the
-extent that warranties are provided), that licensees may convey the
-work under this License, and how to view a copy of this License. If
-the interface presents a list of user commands or options, such as a
-menu, a prominent item in the list meets this criterion.
-
- 1. Source Code.
-
- The "source code" for a work means the preferred form of the work
-for making modifications to it. "Object code" means any non-source
-form of a work.
-
- A "Standard Interface" means an interface that either is an official
-standard defined by a recognized standards body, or, in the case of
-interfaces specified for a particular programming language, one that
-is widely used among developers working in that language.
-
- The "System Libraries" of an executable work include anything, other
-than the work as a whole, that (a) is included in the normal form of
-packaging a Major Component, but which is not part of that Major
-Component, and (b) serves only to enable use of the work with that
-Major Component, or to implement a Standard Interface for which an
-implementation is available to the public in source code form. A
-"Major Component", in this context, means a major essential component
-(kernel, window system, and so on) of the specific operating system
-(if any) on which the executable work runs, or a compiler used to
-produce the work, or an object code interpreter used to run it.
-
- The "Corresponding Source" for a work in object code form means all
-the source code needed to generate, install, and (for an executable
-work) run the object code and to modify the work, including scripts to
-control those activities. However, it does not include the work's
-System Libraries, or general-purpose tools or generally available free
-programs which are used unmodified in performing those activities but
-which are not part of the work. For example, Corresponding Source
-includes interface definition files associated with source files for
-the work, and the source code for shared libraries and dynamically
-linked subprograms that the work is specifically designed to require,
-such as by intimate data communication or control flow between those
-subprograms and other parts of the work.
-
- The Corresponding Source need not include anything that users
-can regenerate automatically from other parts of the Corresponding
-Source.
-
- The Corresponding Source for a work in source code form is that
-same work.
-
- 2. Basic Permissions.
-
- All rights granted under this License are granted for the term of
-copyright on the Program, and are irrevocable provided the stated
-conditions are met. This License explicitly affirms your unlimited
-permission to run the unmodified Program. The output from running a
-covered work is covered by this License only if the output, given its
-content, constitutes a covered work. This License acknowledges your
-rights of fair use or other equivalent, as provided by copyright law.
-
- You may make, run and propagate covered works that you do not
-convey, without conditions so long as your license otherwise remains
-in force. You may convey covered works to others for the sole purpose
-of having them make modifications exclusively for you, or provide you
-with facilities for running those works, provided that you comply with
-the terms of this License in conveying all material for which you do
-not control copyright. Those thus making or running the covered works
-for you must do so exclusively on your behalf, under your direction
-and control, on terms that prohibit them from making any copies of
-your copyrighted material outside their relationship with you.
-
- Conveying under any other circumstances is permitted solely under
-the conditions stated below. Sublicensing is not allowed; section 10
-makes it unnecessary.
-
- 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
-
- No covered work shall be deemed part of an effective technological
-measure under any applicable law fulfilling obligations under article
-11 of the WIPO copyright treaty adopted on 20 December 1996, or
-similar laws prohibiting or restricting circumvention of such
-measures.
-
- When you convey a covered work, you waive any legal power to forbid
-circumvention of technological measures to the extent such circumvention
-is effected by exercising rights under this License with respect to
-the covered work, and you disclaim any intention to limit operation or
-modification of the work as a means of enforcing, against the work's
-users, your or third parties' legal rights to forbid circumvention of
-technological measures.
-
- 4. Conveying Verbatim Copies.
-
- You may convey verbatim copies of the Program's source code as you
-receive it, in any medium, provided that you conspicuously and
-appropriately publish on each copy an appropriate copyright notice;
-keep intact all notices stating that this License and any
-non-permissive terms added in accord with section 7 apply to the code;
-keep intact all notices of the absence of any warranty; and give all
-recipients a copy of this License along with the Program.
-
- You may charge any price or no price for each copy that you convey,
-and you may offer support or warranty protection for a fee.
-
- 5. Conveying Modified Source Versions.
-
- You may convey a work based on the Program, or the modifications to
-produce it from the Program, in the form of source code under the
-terms of section 4, provided that you also meet all of these conditions:
-
- a) The work must carry prominent notices stating that you modified
- it, and giving a relevant date.
-
- b) The work must carry prominent notices stating that it is
- released under this License and any conditions added under section
- 7. This requirement modifies the requirement in section 4 to
- "keep intact all notices".
-
- c) You must license the entire work, as a whole, under this
- License to anyone who comes into possession of a copy. This
- License will therefore apply, along with any applicable section 7
- additional terms, to the whole of the work, and all its parts,
- regardless of how they are packaged. This License gives no
- permission to license the work in any other way, but it does not
- invalidate such permission if you have separately received it.
-
- d) If the work has interactive user interfaces, each must display
- Appropriate Legal Notices; however, if the Program has interactive
- interfaces that do not display Appropriate Legal Notices, your
- work need not make them do so.
-
- A compilation of a covered work with other separate and independent
-works, which are not by their nature extensions of the covered work,
-and which are not combined with it such as to form a larger program,
-in or on a volume of a storage or distribution medium, is called an
-"aggregate" if the compilation and its resulting copyright are not
-used to limit the access or legal rights of the compilation's users
-beyond what the individual works permit. Inclusion of a covered work
-in an aggregate does not cause this License to apply to the other
-parts of the aggregate.
-
- 6. Conveying Non-Source Forms.
-
- You may convey a covered work in object code form under the terms
-of sections 4 and 5, provided that you also convey the
-machine-readable Corresponding Source under the terms of this License,
-in one of these ways:
-
- a) Convey the object code in, or embodied in, a physical product
- (including a physical distribution medium), accompanied by the
- Corresponding Source fixed on a durable physical medium
- customarily used for software interchange.
-
- b) Convey the object code in, or embodied in, a physical product
- (including a physical distribution medium), accompanied by a
- written offer, valid for at least three years and valid for as
- long as you offer spare parts or customer support for that product
- model, to give anyone who possesses the object code either (1) a
- copy of the Corresponding Source for all the software in the
- product that is covered by this License, on a durable physical
- medium customarily used for software interchange, for a price no
- more than your reasonable cost of physically performing this
- conveying of source, or (2) access to copy the
- Corresponding Source from a network server at no charge.
-
- c) Convey individual copies of the object code with a copy of the
- written offer to provide the Corresponding Source. This
- alternative is allowed only occasionally and noncommercially, and
- only if you received the object code with such an offer, in accord
- with subsection 6b.
-
- d) Convey the object code by offering access from a designated
- place (gratis or for a charge), and offer equivalent access to the
- Corresponding Source in the same way through the same place at no
- further charge. You need not require recipients to copy the
- Corresponding Source along with the object code. If the place to
- copy the object code is a network server, the Corresponding Source
- may be on a different server (operated by you or a third party)
- that supports equivalent copying facilities, provided you maintain
- clear directions next to the object code saying where to find the
- Corresponding Source. Regardless of what server hosts the
- Corresponding Source, you remain obligated to ensure that it is
- available for as long as needed to satisfy these requirements.
-
- e) Convey the object code using peer-to-peer transmission, provided
- you inform other peers where the object code and Corresponding
- Source of the work are being offered to the general public at no
- charge under subsection 6d.
-
- A separable portion of the object code, whose source code is excluded
-from the Corresponding Source as a System Library, need not be
-included in conveying the object code work.
-
- A "User Product" is either (1) a "consumer product", which means any
-tangible personal property which is normally used for personal, family,
-or household purposes, or (2) anything designed or sold for incorporation
-into a dwelling. In determining whether a product is a consumer product,
-doubtful cases shall be resolved in favor of coverage. For a particular
-product received by a particular user, "normally used" refers to a
-typical or common use of that class of product, regardless of the status
-of the particular user or of the way in which the particular user
-actually uses, or expects or is expected to use, the product. A product
-is a consumer product regardless of whether the product has substantial
-commercial, industrial or non-consumer uses, unless such uses represent
-the only significant mode of use of the product.
-
- "Installation Information" for a User Product means any methods,
-procedures, authorization keys, or other information required to install
-and execute modified versions of a covered work in that User Product from
-a modified version of its Corresponding Source. The information must
-suffice to ensure that the continued functioning of the modified object
-code is in no case prevented or interfered with solely because
-modification has been made.
-
- If you convey an object code work under this section in, or with, or
-specifically for use in, a User Product, and the conveying occurs as
-part of a transaction in which the right of possession and use of the
-User Product is transferred to the recipient in perpetuity or for a
-fixed term (regardless of how the transaction is characterized), the
-Corresponding Source conveyed under this section must be accompanied
-by the Installation Information. But this requirement does not apply
-if neither you nor any third party retains the ability to install
-modified object code on the User Product (for example, the work has
-been installed in ROM).
-
- The requirement to provide Installation Information does not include a
-requirement to continue to provide support service, warranty, or updates
-for a work that has been modified or installed by the recipient, or for
-the User Product in which it has been modified or installed. Access to a
-network may be denied when the modification itself materially and
-adversely affects the operation of the network or violates the rules and
-protocols for communication across the network.
-
- Corresponding Source conveyed, and Installation Information provided,
-in accord with this section must be in a format that is publicly
-documented (and with an implementation available to the public in
-source code form), and must require no special password or key for
-unpacking, reading or copying.
-
- 7. Additional Terms.
-
- "Additional permissions" are terms that supplement the terms of this
-License by making exceptions from one or more of its conditions.
-Additional permissions that are applicable to the entire Program shall
-be treated as though they were included in this License, to the extent
-that they are valid under applicable law. If additional permissions
-apply only to part of the Program, that part may be used separately
-under those permissions, but the entire Program remains governed by
-this License without regard to the additional permissions.
-
- When you convey a copy of a covered work, you may at your option
-remove any additional permissions from that copy, or from any part of
-it. (Additional permissions may be written to require their own
-removal in certain cases when you modify the work.) You may place
-additional permissions on material, added by you to a covered work,
-for which you have or can give appropriate copyright permission.
-
- Notwithstanding any other provision of this License, for material you
-add to a covered work, you may (if authorized by the copyright holders of
-that material) supplement the terms of this License with terms:
-
- a) Disclaiming warranty or limiting liability differently from the
- terms of sections 15 and 16 of this License; or
-
- b) Requiring preservation of specified reasonable legal notices or
- author attributions in that material or in the Appropriate Legal
- Notices displayed by works containing it; or
-
- c) Prohibiting misrepresentation of the origin of that material, or
- requiring that modified versions of such material be marked in
- reasonable ways as different from the original version; or
-
- d) Limiting the use for publicity purposes of names of licensors or
- authors of the material; or
-
- e) Declining to grant rights under trademark law for use of some
- trade names, trademarks, or service marks; or
-
- f) Requiring indemnification of licensors and authors of that
- material by anyone who conveys the material (or modified versions of
- it) with contractual assumptions of liability to the recipient, for
- any liability that these contractual assumptions directly impose on
- those licensors and authors.
-
- All other non-permissive additional terms are considered "further
-restrictions" within the meaning of section 10. If the Program as you
-received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
-restriction, you may remove that term. If a license document contains
-a further restriction but permits relicensing or conveying under this
-License, you may add to a covered work material governed by the terms
-of that license document, provided that the further restriction does
-not survive such relicensing or conveying.
-
- If you add terms to a covered work in accord with this section, you
-must place, in the relevant source files, a statement of the
-additional terms that apply to those files, or a notice indicating
-where to find the applicable terms.
-
- Additional terms, permissive or non-permissive, may be stated in the
-form of a separately written license, or stated as exceptions;
-the above requirements apply either way.
-
- 8. Termination.
-
- You may not propagate or modify a covered work except as expressly
-provided under this License. Any attempt otherwise to propagate or
-modify it is void, and will automatically terminate your rights under
-this License (including any patent licenses granted under the third
-paragraph of section 11).
-
- However, if you cease all violation of this License, then your
-license from a particular copyright holder is reinstated (a)
-provisionally, unless and until the copyright holder explicitly and
-finally terminates your license, and (b) permanently, if the copyright
-holder fails to notify you of the violation by some reasonable means
-prior to 60 days after the cessation.
-
- Moreover, your license from a particular copyright holder is
-reinstated permanently if the copyright holder notifies you of the
-violation by some reasonable means, this is the first time you have
-received notice of violation of this License (for any work) from that
-copyright holder, and you cure the violation prior to 30 days after
-your receipt of the notice.
-
- Termination of your rights under this section does not terminate the
-licenses of parties who have received copies or rights from you under
-this License. If your rights have been terminated and not permanently
-reinstated, you do not qualify to receive new licenses for the same
-material under section 10.
-
- 9. Acceptance Not Required for Having Copies.
-
- You are not required to accept this License in order to receive or
-run a copy of the Program. Ancillary propagation of a covered work
-occurring solely as a consequence of using peer-to-peer transmission
-to receive a copy likewise does not require acceptance. However,
-nothing other than this License grants you permission to propagate or
-modify any covered work. These actions infringe copyright if you do
-not accept this License. Therefore, by modifying or propagating a
-covered work, you indicate your acceptance of this License to do so.
-
- 10. Automatic Licensing of Downstream Recipients.
-
- Each time you convey a covered work, the recipient automatically
-receives a license from the original licensors, to run, modify and
-propagate that work, subject to this License. You are not responsible
-for enforcing compliance by third parties with this License.
-
- An "entity transaction" is a transaction transferring control of an
-organization, or substantially all assets of one, or subdividing an
-organization, or merging organizations. If propagation of a covered
-work results from an entity transaction, each party to that
-transaction who receives a copy of the work also receives whatever
-licenses to the work the party's predecessor in interest had or could
-give under the previous paragraph, plus a right to possession of the
-Corresponding Source of the work from the predecessor in interest, if
-the predecessor has it or can get it with reasonable efforts.
-
- You may not impose any further restrictions on the exercise of the
-rights granted or affirmed under this License. For example, you may
-not impose a license fee, royalty, or other charge for exercise of
-rights granted under this License, and you may not initiate litigation
-(including a cross-claim or counterclaim in a lawsuit) alleging that
-any patent claim is infringed by making, using, selling, offering for
-sale, or importing the Program or any portion of it.
-
- 11. Patents.
-
- A "contributor" is a copyright holder who authorizes use under this
-License of the Program or a work on which the Program is based. The
-work thus licensed is called the contributor's "contributor version".
-
- A contributor's "essential patent claims" are all patent claims
-owned or controlled by the contributor, whether already acquired or
-hereafter acquired, that would be infringed by some manner, permitted
-by this License, of making, using, or selling its contributor version,
-but do not include claims that would be infringed only as a
-consequence of further modification of the contributor version. For
-purposes of this definition, "control" includes the right to grant
-patent sublicenses in a manner consistent with the requirements of
-this License.
-
- Each contributor grants you a non-exclusive, worldwide, royalty-free
-patent license under the contributor's essential patent claims, to
-make, use, sell, offer for sale, import and otherwise run, modify and
-propagate the contents of its contributor version.
-
- In the following three paragraphs, a "patent license" is any express
-agreement or commitment, however denominated, not to enforce a patent
-(such as an express permission to practice a patent or covenant not to
-sue for patent infringement). To "grant" such a patent license to a
-party means to make such an agreement or commitment not to enforce a
-patent against the party.
-
- If you convey a covered work, knowingly relying on a patent license,
-and the Corresponding Source of the work is not available for anyone
-to copy, free of charge and under the terms of this License, through a
-publicly available network server or other readily accessible means,
-then you must either (1) cause the Corresponding Source to be so
-available, or (2) arrange to deprive yourself of the benefit of the
-patent license for this particular work, or (3) arrange, in a manner
-consistent with the requirements of this License, to extend the patent
-license to downstream recipients. "Knowingly relying" means you have
-actual knowledge that, but for the patent license, your conveying the
-covered work in a country, or your recipient's use of the covered work
-in a country, would infringe one or more identifiable patents in that
-country that you have reason to believe are valid.
-
- If, pursuant to or in connection with a single transaction or
-arrangement, you convey, or propagate by procuring conveyance of, a
-covered work, and grant a patent license to some of the parties
-receiving the covered work authorizing them to use, propagate, modify
-or convey a specific copy of the covered work, then the patent license
-you grant is automatically extended to all recipients of the covered
-work and works based on it.
-
- A patent license is "discriminatory" if it does not include within
-the scope of its coverage, prohibits the exercise of, or is
-conditioned on the non-exercise of one or more of the rights that are
-specifically granted under this License. You may not convey a covered
-work if you are a party to an arrangement with a third party that is
-in the business of distributing software, under which you make payment
-to the third party based on the extent of your activity of conveying
-the work, and under which the third party grants, to any of the
-parties who would receive the covered work from you, a discriminatory
-patent license (a) in connection with copies of the covered work
-conveyed by you (or copies made from those copies), or (b) primarily
-for and in connection with specific products or compilations that
-contain the covered work, unless you entered into that arrangement,
-or that patent license was granted, prior to 28 March 2007.
-
- Nothing in this License shall be construed as excluding or limiting
-any implied license or other defenses to infringement that may
-otherwise be available to you under applicable patent law.
-
- 12. No Surrender of Others' Freedom.
-
- If conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License. If you cannot convey a
-covered work so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you may
-not convey it at all. For example, if you agree to terms that obligate you
-to collect a royalty for further conveying from those to whom you convey
-the Program, the only way you could satisfy both those terms and this
-License would be to refrain entirely from conveying the Program.
-
- 13. Use with the GNU Affero General Public License.
-
- Notwithstanding any other provision of this License, you have
-permission to link or combine any covered work with a work licensed
-under version 3 of the GNU Affero General Public License into a single
-combined work, and to convey the resulting work. The terms of this
-License will continue to apply to the part which is the covered work,
-but the special requirements of the GNU Affero General Public License,
-section 13, concerning interaction through a network will apply to the
-combination as such.
-
- 14. Revised Versions of this License.
-
- The Free Software Foundation may publish revised and/or new versions of
-the GNU General Public License from time to time. Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
- Each version is given a distinguishing version number. If the
-Program specifies that a certain numbered version of the GNU General
-Public License "or any later version" applies to it, you have the
-option of following the terms and conditions either of that numbered
-version or of any later version published by the Free Software
-Foundation. If the Program does not specify a version number of the
-GNU General Public License, you may choose any version ever published
-by the Free Software Foundation.
-
- If the Program specifies that a proxy can decide which future
-versions of the GNU General Public License can be used, that proxy's
-public statement of acceptance of a version permanently authorizes you
-to choose that version for the Program.
-
- Later license versions may give you additional or different
-permissions. However, no additional obligations are imposed on any
-author or copyright holder as a result of your choosing to follow a
-later version.
-
- 15. Disclaimer of Warranty.
-
- THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
-APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
-HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
-OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
-THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
-IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
-ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
- 16. Limitation of Liability.
-
- IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
-THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
-GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
-USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
-DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
-PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
-EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGES.
-
- 17. Interpretation of Sections 15 and 16.
-
- If the disclaimer of warranty and limitation of liability provided
-above cannot be given local legal effect according to their terms,
-reviewing courts shall apply local law that most closely approximates
-an absolute waiver of all civil liability in connection with the
-Program, unless a warranty or assumption of liability accompanies a
-copy of the Program in return for a fee.
-
- END OF TERMS AND CONDITIONS
-
- How to Apply These Terms to Your New Programs
-
- If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
- To do so, attach the following notices to the program. It is safest
-to attach them to the start of each source file to most effectively
-state the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-
- Copyright (C)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see .
-
-Also add information on how to contact you by electronic and paper mail.
-
- If the program does terminal interaction, make it output a short
-notice like this when it starts in an interactive mode:
-
- Copyright (C)
- This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
- This is free software, and you are welcome to redistribute it
- under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License. Of course, your program's commands
-might be different; for a GUI interface, you would use an "about box".
-
- You should also get your employer (if you work as a programmer) or school,
-if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU GPL, see
-.
-
- The GNU General Public License does not permit incorporating your program
-into proprietary programs. If your program is a subroutine library, you
-may consider it more useful to permit linking proprietary applications with
-the library. If this is what you want to do, use the GNU Lesser General
-Public License instead of this License. But first, please read
-.
-
diff --git a/deps/phnt-nightly/README.md b/deps/phnt-nightly/README.md
deleted file mode 100644
index 9ebad7d..0000000
--- a/deps/phnt-nightly/README.md
+++ /dev/null
@@ -1,32 +0,0 @@
-## Information
-
-This is an unofficial standalone version of the [Process Hacker](https://github.com/processhacker/processhacker) Native API headers (phnt). The headers are directly pulled from Process Hacker master branch every night and may contain untested code.
-If you are looking for a stable release check out the [official phnt repository](https://github.com/processhacker/phnt)
-
-***
-
-This collection of Native API header files has been maintained since 2009 for the Process Hacker project, and is the most up-to-date set of Native API definitions that we know of. We have gathered these definitions from official Microsoft header files and symbol files, as well as a lot of reverse engineering and guessing. See `phnt.h` for more information.
-
-## Usage
-
-First make sure that your program is using the latest Windows SDK.
-
-These header files are designed to be used by user-mode programs. Instead of `#include `, place
-
-```
-#include
-#include
-```
-
-at the top of your program. The first line provides access to the Win32 API as well as the `NTSTATUS` values. The second line provides access to the entire Native API. By default, only definitions present in Windows XP are included into your program. To change this, use one of the following:
-
-```
-#define PHNT_VERSION PHNT_WINXP // Windows XP
-#define PHNT_VERSION PHNT_WS03 // Windows Server 2003
-#define PHNT_VERSION PHNT_VISTA // Windows Vista
-#define PHNT_VERSION PHNT_WIN7 // Windows 7
-#define PHNT_VERSION PHNT_WIN8 // Windows 8
-#define PHNT_VERSION PHNT_WINBLUE // Windows 8.1
-#define PHNT_VERSION PHNT_THRESHOLD // Windows 10
-```
-
diff --git a/deps/phnt-nightly/ntbcd.h b/deps/phnt-nightly/ntbcd.h
deleted file mode 100644
index e0b40ab..0000000
--- a/deps/phnt-nightly/ntbcd.h
+++ /dev/null
@@ -1,2133 +0,0 @@
-/*
- * Boot Configuration Data (BCD) support functions
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTBCD_H
-#define _NTBCD_H
-
-#ifndef PHNT_INLINE_BCD_GUIDS
-// 5189B25C-5558-4BF2-BCA4-289B11BD29E2 // {badmemory}
-DEFINE_GUID(GUID_BAD_MEMORY_GROUP, 0x5189B25C, 0x5558, 0x4BF2, 0xBC, 0xA4, 0x28, 0x9B, 0x11, 0xBD, 0x29, 0xE2);
-// 6EFB52BF-1766-41DB-A6B3-0EE5EFF72BD7 // {bootloadersettings}
-DEFINE_GUID(GUID_BOOT_LOADER_SETTINGS_GROUP, 0x6EFB52BF, 0x1766, 0x41DB, 0xA6, 0xB3, 0x0E, 0xE5, 0xEF, 0xF7, 0x2B, 0xD7);
-// FA926493-6F1C-4193-A414-58F0B2456D1E // {current}
-DEFINE_GUID(GUID_CURRENT_BOOT_ENTRY, 0xFA926493, 0x6F1C, 0x4193, 0xA4, 0x14, 0x58, 0xF0, 0xB2, 0x45, 0x6D, 0x1E);
-// 4636856E-540F-4170-A130-A84776F4C654 // {eventsettings} {dbgsettings}
-DEFINE_GUID(GUID_DEBUGGER_SETTINGS_GROUP, 0x4636856E, 0x540F, 0x4170, 0xA1, 0x30, 0xA8, 0x47, 0x76, 0xF4, 0xC6, 0x54);
-// 1CAE1EB7-A0DF-4D4D-9851-4860E34EF535 // {default}
-DEFINE_GUID(GUID_DEFAULT_BOOT_ENTRY, 0x1CAE1EB7, 0xA0DF, 0x4D4D, 0x98, 0x51, 0x48, 0x60, 0xE3, 0x4E, 0xF5, 0x35);
-// 0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9 // {emssettings}
-DEFINE_GUID(GUID_EMS_SETTINGS_GROUP, 0x0CE4991B, 0xE6B3, 0x4B16, 0xB2, 0x3C, 0x5E, 0x0D, 0x92, 0x50, 0xE5, 0xD9);
-// A5A30FA2-3D06-4E9F-B5F4-A01DF9D1FCBA // {fwbootmgr}
-DEFINE_GUID(GUID_FIRMWARE_BOOTMGR, 0xA5A30FA2, 0x3D06, 0x4E9F, 0xB5, 0xF4, 0xA0, 0x1D, 0xF9, 0xD1, 0xFC, 0xBA);
-// 7EA2E1AC-2E61-4728-AAA3-896D9D0A9F0E // {globalsettings}
-DEFINE_GUID(GUID_GLOBAL_SETTINGS_GROUP, 0x7EA2E1AC, 0x2E61, 0x4728, 0xAA, 0xA3, 0x89, 0x6D, 0x9D, 0x0A, 0x9F, 0x0E);
-// 7FF607E0-4395-11DB-B0DE-0800200C9A66 // {hypervisorsettings}
-DEFINE_GUID(GUID_HYPERVISOR_SETTINGS_GROUP, 0x7FF607E0, 0x4395, 0x11DB, 0xB0, 0xDE, 0x08, 0x00, 0x20, 0x0C, 0x9A, 0x66);
-// 313E8EED-7098-4586-A9BF-309C61F8D449 // {kerneldbgsettings}
-DEFINE_GUID(GUID_KERNEL_DEBUGGER_SETTINGS_GROUP, 0x313E8EED, 0x7098, 0x4586, 0xA9, 0xBF, 0x30, 0x9C, 0x61, 0xF8, 0xD4, 0x49);
-// 1AFA9C49-16AB-4A5C-4A90-212802DA9460 // {resumeloadersettings}
-DEFINE_GUID(GUID_RESUME_LOADER_SETTINGS_GROUP, 0x1AFA9C49, 0x16AB, 0x4A5C, 0x4A, 0x90, 0x21, 0x28, 0x02, 0xDA, 0x94, 0x60);
-// 9DEA862C-5CDD-4E70-ACC1-F32B344D4795 // {bootmgr}
-DEFINE_GUID(GUID_WINDOWS_BOOTMGR, 0x9DEA862C, 0x5CDD, 0x4E70, 0xAC, 0xC1, 0xF3, 0x2B, 0x34, 0x4D, 0x47, 0x95);
-// 466F5A88-0AF2-4F76-9038-095B170DC21C // {ntldr} {legacy}
-DEFINE_GUID(GUID_WINDOWS_LEGACY_NTLDR, 0x466F5A88, 0x0AF2, 0x4F76, 0x90, 0x38, 0x09, 0x5B, 0x17, 0x0D, 0xC2, 0x1C);
-// B2721D73-1DB4-4C62-BF78-C548A880142D // {memdiag}
-DEFINE_GUID(GUID_WINDOWS_MEMORY_TESTER, 0xB2721D73, 0x1DB4, 0x4C62, 0xBF, 0x78, 0xC5, 0x48, 0xA8, 0x80, 0x14, 0x2D);
-// B012B84D-C47C-4ED5-B722-C0C42163E569
-DEFINE_GUID(GUID_WINDOWS_OS_TARGET_TEMPLATE_EFI, 0xB012B84D, 0xC47C, 0x4ED5, 0xB7, 0x22, 0xC0, 0xC4, 0x21, 0x63, 0xE5, 0x69);
-// A1943BBC-EA85-487C-97C7-C9EDE908A38A
-DEFINE_GUID(GUID_WINDOWS_OS_TARGET_TEMPLATE_PCAT, 0xA1943BBC, 0xEA85, 0x487C, 0x97, 0xC7, 0xC9, 0xED, 0xE9, 0x08, 0xA3, 0x8A);
-// {0C334284-9A41-4DE1-99B3-A7E87E8FF07E}
-DEFINE_GUID(GUID_WINDOWS_RESUME_TARGET_TEMPLATE_EFI, 0x0C334284, 0x9A41, 0x4DE1, 0x99, 0xB3, 0xA7, 0xE8, 0x7E, 0x8F, 0xF0, 0x7E);
-// {98B02A23-0674-4CE7-BDAD-E0A15A8FF97B}
-DEFINE_GUID(GUID_WINDOWS_RESUME_TARGET_TEMPLATE_PCAT, 0x98B02A23, 0x0674, 0x4CE7, 0xBD, 0xAD, 0xE0, 0xA1, 0x5A, 0x8F, 0xF9, 0x7B);
-// A1943BBC-EA85-487C-97C7-C9EDE908A38A
-DEFINE_GUID(GUID_WINDOWS_SETUP_EFI, 0x7254A080, 0x1510, 0x4E85, 0xAC, 0x0F, 0xE7, 0xFB, 0x3D, 0x44, 0x47, 0x36);
-// CBD971BF-B7B8-4885-951A-FA03044F5D71
-DEFINE_GUID(GUID_WINDOWS_SETUP_PCAT, 0xCBD971BF, 0xB7B8, 0x4885, 0x95, 0x1A, 0xFA, 0x03, 0x04, 0x4F, 0x5D, 0x71);
-// AE5534E0-A924-466C-B836-758539A3EE3A // {ramdiskoptions}
-DEFINE_GUID(GUID_WINDOWS_SETUP_RAMDISK_OPTIONS, 0xAE5534E0, 0xA924, 0x466C, 0xB8, 0x36, 0x75, 0x85, 0x39, 0xA3, 0xEE, 0x3A);
-// {7619dcc9-fafe-11d9-b411-000476eba25f}
-DEFINE_GUID(GUID_WINDOWS_SETUP_BOOT_ENTRY, 0x7619dcc9, 0xfafe, 0x11d9, 0xb4, 0x11, 0x00, 0x04, 0x76, 0xeb, 0xa2, 0x5f);
-#else
-NTSYSAPI GUID GUID_BAD_MEMORY_GROUP; // {badmemory}
-NTSYSAPI GUID GUID_BOOT_LOADER_SETTINGS_GROUP; // {bootloadersettings}
-NTSYSAPI GUID GUID_CURRENT_BOOT_ENTRY; // {current}
-NTSYSAPI GUID GUID_DEBUGGER_SETTINGS_GROUP; // {eventsettings} {dbgsettings}
-NTSYSAPI GUID GUID_DEFAULT_BOOT_ENTRY; // {default}
-NTSYSAPI GUID GUID_EMS_SETTINGS_GROUP; // {emssettings}
-NTSYSAPI GUID GUID_FIRMWARE_BOOTMGR; // {fwbootmgr}
-NTSYSAPI GUID GUID_GLOBAL_SETTINGS_GROUP; // {globalsettings}
-NTSYSAPI GUID GUID_HYPERVISOR_SETTINGS_GROUP; // {hypervisorsettings}
-NTSYSAPI GUID GUID_KERNEL_DEBUGGER_SETTINGS_GROUP; // {kerneldbgsettings}
-NTSYSAPI GUID GUID_RESUME_LOADER_SETTINGS_GROUP; // {resumeloadersettings}
-NTSYSAPI GUID GUID_WINDOWS_BOOTMGR; // {bootmgr}
-NTSYSAPI GUID GUID_WINDOWS_LEGACY_NTLDR; // {ntldr} {legacy}
-NTSYSAPI GUID GUID_WINDOWS_MEMORY_TESTER; // {memdiag}
-NTSYSAPI GUID GUID_WINDOWS_OS_TARGET_TEMPLATE_EFI;
-NTSYSAPI GUID GUID_WINDOWS_OS_TARGET_TEMPLATE_PCAT;
-NTSYSAPI GUID GUID_WINDOWS_RESUME_TARGET_TEMPLATE_EFI;
-NTSYSAPI GUID GUID_WINDOWS_RESUME_TARGET_TEMPLATE_PCAT;
-NTSYSAPI GUID GUID_WINDOWS_SETUP_EFI;
-NTSYSAPI GUID GUID_WINDOWS_SETUP_PCAT;
-NTSYSAPI GUID GUID_WINDOWS_SETUP_RAMDISK_OPTIONS; // {ramdiskoptions}
-#endif
-
-typedef enum _BCD_MESSAGE_TYPE
-{
- BCD_MESSAGE_TYPE_NONE,
- BCD_MESSAGE_TYPE_TRACE,
- BCD_MESSAGE_TYPE_INFORMATION,
- BCD_MESSAGE_TYPE_WARNING,
- BCD_MESSAGE_TYPE_ERROR,
- BCD_MESSAGE_TYPE_MAXIMUM
-} BCD_MESSAGE_TYPE;
-
-typedef VOID (NTAPI* BCD_MESSAGE_CALLBACK)(
- _In_ BCD_MESSAGE_TYPE type,
- _In_ PWSTR Message
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdSetLogging(
- _In_ BCD_MESSAGE_TYPE BcdLoggingLevel,
- _In_ BCD_MESSAGE_CALLBACK BcdMessageCallbackRoutine
- );
-
-NTSYSAPI
-VOID
-NTAPI
-BcdInitializeBcdSyncMutant(
- VOID
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdGetSystemStorePath(
- _Out_ PWSTR* BcdSystemStorePath // RtlFreeHeap(RtlProcessHeap(), 0, BcdSystemStorePath);
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdSetSystemStoreDevice(
- _In_ UNICODE_STRING SystemPartition
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdOpenSystemStore(
- _Out_ PHANDLE BcdStoreHandle
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdOpenStoreFromFile(
- _In_ UNICODE_STRING BcdFilePath,
- _Out_ PHANDLE BcdStoreHandle
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdCreateStore(
- _In_ UNICODE_STRING BcdFilePath,
- _Out_ PHANDLE BcdStoreHandle
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdExportStore(
- _In_ UNICODE_STRING BcdFilePath
- );
-
-#if (PHNT_VERSION > PHNT_WIN11)
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdExportStoreEx(
- _In_ HANDLE BcdStoreHandle,
- _In_ ULONG Flags,
- _In_ UNICODE_STRING BcdFilePath
- );
-#endif
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdImportStore(
- _In_ UNICODE_STRING BcdFilePath
- );
-
-typedef enum _BCD_IMPORT_FLAGS
-{
- BCD_IMPORT_NONE,
- BCD_IMPORT_DELETE_FIRMWARE_OBJECTS
-} BCD_IMPORT_FLAGS;
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdImportStoreWithFlags(
- _In_ UNICODE_STRING BcdFilePath,
- _In_ BCD_IMPORT_FLAGS BcdImportFlags
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdDeleteObjectReferences(
- _In_ HANDLE BcdStoreHandle,
- _In_ PGUID Identifier
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdDeleteSystemStore(
- VOID
- );
-
-typedef enum _BCD_OPEN_FLAGS
-{
- BCD_OPEN_NONE,
- BCD_OPEN_OPEN_STORE_OFFLINE,
- BCD_OPEN_SYNC_FIRMWARE_ENTRIES
-} BCD_OPEN_FLAGS;
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdOpenStore(
- _In_ UNICODE_STRING BcdFilePath,
- _In_ BCD_OPEN_FLAGS BcdOpenFlags,
- _Out_ PHANDLE BcdStoreHandle
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdCloseStore(
- _In_ HANDLE BcdStoreHandle
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdFlushStore(
- _In_ HANDLE BcdStoreHandle
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdForciblyUnloadStore(
- _In_ HANDLE BcdStoreHandle
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdMarkAsSystemStore(
- _In_ HANDLE BcdStoreHandle
- );
-
-typedef enum _BCD_OBJECT_TYPE
-{
- BCD_OBJECT_TYPE_NONE,
- BCD_OBJECT_TYPE_APPLICATION, // 0x10000000
- BCD_OBJECT_TYPE_INHERITED, // 0x20000000
- BCD_OBJECT_TYPE_DEVICE, // 0x30000000
-} BCD_OBJECT_TYPE;
-
-typedef enum _BCD_APPLICATION_OBJECT_TYPE
-{
- BCD_APPLICATION_OBJECT_NONE = 0,
- BCD_APPLICATION_OBJECT_FIRMWARE_BOOT_MANAGER = 1, // 0x00000001
- BCD_APPLICATION_OBJECT_WINDOWS_BOOT_MANAGER = 2, // 0x00000002
- BCD_APPLICATION_OBJECT_WINDOWS_BOOT_LOADER = 3, // 0x00000003
- BCD_APPLICATION_OBJECT_WINDOWS_RESUME_APPLICATION = 4, // 0x00000004
- BCD_APPLICATION_OBJECT_MEMORY_TESTER = 5, // 0x00000005
- BCD_APPLICATION_OBJECT_LEGACY_NTLDR = 6, // 0x00000006
- BCD_APPLICATION_OBJECT_LEGACY_SETUPLDR = 7, // 0x00000007
- BCD_APPLICATION_OBJECT_BOOT_SECTOR = 8, // 0x00000008
- BCD_APPLICATION_OBJECT_STARTUP_MODULE = 9, // 0x00000009
- BCD_APPLICATION_OBJECT_GENERIC_APPLICATION = 10, // 0x0000000a
- BCD_APPLICATION_OBJECT_RESERVED = 0xFFFFF // 0x000fffff
-} BCD_APPLICATION_OBJECT_TYPE;
-
-typedef enum _BCD_APPLICATION_IMAGE_TYPE
-{
- BCD_APPLICATION_IMAGE_NONE,
- BCD_APPLICATION_IMAGE_FIRMWARE_APPLICATION, // 0x00100000
- BCD_APPLICATION_IMAGE_BOOT_APPLICATION, // 0x00200000
- BCD_APPLICATION_IMAGE_LEGACY_LOADER, // 0x00300000
- BCD_APPLICATION_IMAGE_REALMODE_CODE, // 0x00400000
-} BCD_APPLICATION_IMAGE_TYPE;
-
-typedef enum _BCD_INHERITED_CLASS_TYPE
-{
- BCD_INHERITED_CLASS_NONE,
- BCD_INHERITED_CLASS_LIBRARY,
- BCD_INHERITED_CLASS_APPLICATION,
- BCD_INHERITED_CLASS_DEVICE
-} BCD_INHERITED_CLASS_TYPE;
-
-#define MAKE_BCD_OBJECT(ObjectType, ImageType, ApplicationType) \
- (((ULONG)(ObjectType) << 28) | \
- (((ULONG)(ImageType) & 0xF) << 20) | \
- ((ULONG)(ApplicationType) & 0xFFFFF))
-
-#define MAKE_BCD_APPLICATION_OBJECT(ImageType, ApplicationType) \
- MAKE_BCD_OBJECT(BCD_OBJECT_TYPE_APPLICATION, (ULONG)(ImageType), (ULONG)(ApplicationType))
-
-#define GET_BCD_OBJECT_TYPE(DataType) \
- ((BCD_OBJECT_TYPE)(((((ULONG)DataType)) >> 28) & 0xF))
-#define GET_BCD_APPLICATION_IMAGE(DataType) \
- ((BCD_APPLICATION_IMAGE_TYPE)(((((ULONG)DataType)) >> 20) & 0xF))
-#define GET_BCD_APPLICATION_OBJECT(DataType) \
- ((BCD_APPLICATION_OBJECT_TYPE)((((ULONG)DataType)) & 0xFFFFF))
-
-#define BCD_OBJECT_OSLOADER_TYPE \
- MAKE_BCD_APPLICATION_OBJECT(BCD_APPLICATION_IMAGE_BOOT_APPLICATION, BCD_APPLICATION_OBJECT_WINDOWS_BOOT_LOADER)
-
-typedef union _BCD_OBJECT_DATATYPE
-{
- ULONG PackedValue;
- union
- {
- struct
- {
- ULONG Reserved : 28;
- BCD_OBJECT_TYPE ObjectType : 4;
- };
- struct
- {
- BCD_APPLICATION_OBJECT_TYPE ApplicationType : 20;
- BCD_APPLICATION_IMAGE_TYPE ImageType : 4;
- ULONG Reserved : 4;
- BCD_OBJECT_TYPE ObjectType : 4;
- } Application;
- struct
- {
- ULONG Value : 20;
- BCD_INHERITED_CLASS_TYPE Class : 4;
- ULONG Reserved : 4;
- BCD_OBJECT_TYPE ObjectType : 4;
- } Inherit;
- struct
- {
- ULONG Reserved : 28;
- BCD_OBJECT_TYPE ObjectType : 4;
- } Device;
- };
-} BCD_OBJECT_DATATYPE, *PBCD_OBJECT_DATATYPE;
-
-static_assert(sizeof(BCD_OBJECT_DATATYPE) == sizeof(ULONG), "sizeof(BCD_OBJECT_DATATYPE) is invalid.");
-
-#define BCD_OBJECT_DESCRIPTION_VERSION 0x1
-
-typedef struct _BCD_OBJECT_DESCRIPTION
-{
- ULONG Version; // BCD_OBJECT_DESCRIPTION_VERSION
- ULONG Type; // BCD_OBJECT_DATATYPE
-} BCD_OBJECT_DESCRIPTION, *PBCD_OBJECT_DESCRIPTION;
-
-typedef struct _BCD_OBJECT
-{
- GUID Identifer;
- PBCD_OBJECT_DESCRIPTION Description;
-} BCD_OBJECT, *PBCD_OBJECT;
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdEnumerateObjects(
- _In_ HANDLE BcdStoreHandle,
- _In_ PBCD_OBJECT_DESCRIPTION BcdEnumDescriptor,
- _Out_writes_bytes_opt_(*BufferSize) PVOID Buffer, // BCD_OBJECT[]
- _Inout_ PULONG BufferSize,
- _Out_ PULONG ObjectCount
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdOpenObject(
- _In_ HANDLE BcdStoreHandle,
- _In_ const GUID* Identifier,
- _Out_ PHANDLE BcdObjectHandle
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdCreateObject(
- _In_ HANDLE BcdStoreHandle,
- _In_ PGUID Identifier,
- _In_ PBCD_OBJECT_DESCRIPTION Description,
- _Out_ PHANDLE BcdObjectHandle
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdDeleteObject(
- _In_ HANDLE BcdObjectHandle
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdCloseObject(
- _In_ HANDLE BcdObjectHandle
- );
-
-typedef enum _BCD_COPY_FLAGS
-{
- BCD_COPY_NONE = 0x0,
- BCD_COPY_COPY_CREATE_NEW_OBJECT_IDENTIFIER = 0x1,
- BCD_COPY_COPY_DELETE_EXISTING_OBJECT = 0x2,
- BCD_COPY_COPY_UNKNOWN_FIRMWARE_APPLICATION = 0x4,
- BCD_COPY_IGNORE_SETUP_TEMPLATE_ELEMENTS = 0x8,
- BCD_COPY_RETAIN_ELEMENT_DATA = 0x10,
- BCD_COPY_MIGRATE_ELEMENT_DATA = 0x20
-} BCD_COPY_FLAGS;
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdCopyObject(
- _In_ HANDLE BcdStoreHandle,
- _In_ HANDLE BcdObjectHandle,
- _In_ BCD_COPY_FLAGS BcdCopyFlags,
- _In_ HANDLE TargetStoreHandle,
- _Out_ PHANDLE TargetObjectHandle
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdCopyObjectEx(
- _In_ HANDLE BcdStoreHandle,
- _In_ HANDLE BcdObjectHandle,
- _In_ BCD_COPY_FLAGS BcdCopyFlags,
- _In_ HANDLE TargetStoreHandle,
- _In_ PGUID TargetObjectId,
- _Out_ PHANDLE TargetObjectHandle
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdCopyObjects(
- _In_ HANDLE BcdStoreHandle,
- _In_ BCD_OBJECT_DESCRIPTION Characteristics,
- _In_ BCD_COPY_FLAGS BcdCopyFlags,
- _In_ HANDLE TargetStoreHandle
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdMigrateObjectElementValues(
- _In_ HANDLE TemplateObjectHandle,
- _In_ HANDLE SourceObjectHandle,
- _In_ HANDLE TargetObjectHandle
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdQueryObject(
- _In_ HANDLE BcdObjectHandle,
- _In_ ULONG BcdVersion, // BCD_OBJECT_DESCRIPTION_VERSION
- _Out_ BCD_OBJECT_DESCRIPTION Description,
- _Out_ PGUID Identifier
- );
-
-typedef enum _BCD_ELEMENT_DATATYPE_FORMAT
-{
- BCD_ELEMENT_DATATYPE_FORMAT_UNKNOWN,
- BCD_ELEMENT_DATATYPE_FORMAT_DEVICE, // 0x01000000
- BCD_ELEMENT_DATATYPE_FORMAT_STRING, // 0x02000000
- BCD_ELEMENT_DATATYPE_FORMAT_OBJECT, // 0x03000000
- BCD_ELEMENT_DATATYPE_FORMAT_OBJECTLIST, // 0x04000000
- BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, // 0x05000000
- BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, // 0x06000000
- BCD_ELEMENT_DATATYPE_FORMAT_INTEGERLIST, // 0x07000000
- BCD_ELEMENT_DATATYPE_FORMAT_BINARY // 0x08000000
-} BCD_ELEMENT_DATATYPE_FORMAT;
-
-typedef enum _BCD_ELEMENT_DATATYPE_CLASS
-{
- BCD_ELEMENT_DATATYPE_CLASS_NONE,
- BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, // 0x10000000
- BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, // 0x20000000
- BCD_ELEMENT_DATATYPE_CLASS_DEVICE, // 0x30000000
- BCD_ELEMENT_DATATYPE_CLASS_SETUPTEMPLATE, // 0x40000000
- BCD_ELEMENT_DATATYPE_CLASS_OEM // 0x50000000
-} BCD_ELEMENT_DATATYPE_CLASS;
-
-typedef enum _BCD_ELEMENT_DEVICE_TYPE
-{
- BCD_ELEMENT_DEVICE_TYPE_NONE,
- BCD_ELEMENT_DEVICE_TYPE_BOOT_DEVICE,
- BCD_ELEMENT_DEVICE_TYPE_PARTITION,
- BCD_ELEMENT_DEVICE_TYPE_FILE,
- BCD_ELEMENT_DEVICE_TYPE_RAMDISK,
- BCD_ELEMENT_DEVICE_TYPE_UNKNOWN,
- BCD_ELEMENT_DEVICE_TYPE_QUALIFIED_PARTITION,
- BCD_ELEMENT_DEVICE_TYPE_VMBUS,
- BCD_ELEMENT_DEVICE_TYPE_LOCATE_DEVICE,
- BCD_ELEMENT_DEVICE_TYPE_URI,
- BCD_ELEMENT_DEVICE_TYPE_COMPOSITE
-} BCD_ELEMENT_DEVICE_TYPE;
-
-#define MAKE_BCDE_DATA_TYPE(Class, Format, Subtype) \
- (((((ULONG)Class) & 0xF) << 28) | ((((ULONG)Format) & 0xF) << 24) | (((ULONG)Subtype) & 0x00FFFFFF))
-
-#define GET_BCDE_DATA_CLASS(DataType) \
- ((BCD_ELEMENT_DATATYPE_CLASS)(((((ULONG)DataType)) >> 28) & 0xF))
-#define GET_BCDE_DATA_FORMAT(DataType) \
- ((BCD_ELEMENT_DATATYPE_FORMAT)(((((ULONG)DataType)) >> 24) & 0xF))
-#define GET_BCDE_DATA_SUBTYPE(DataType) \
- ((ULONG)((((ULONG)DataType)) & 0x00FFFFFF))
-
-typedef union _BCD_ELEMENT_DATATYPE
-{
- ULONG PackedValue;
- struct
- {
- ULONG SubType : 24;
- BCD_ELEMENT_DATATYPE_FORMAT Format : 4;
- BCD_ELEMENT_DATATYPE_CLASS Class : 4;
- };
-} BCD_ELEMENT_DATATYPE, *PBCD_ELEMENT_DATATYPE;
-
-static_assert(sizeof(BCD_ELEMENT_DATATYPE) == sizeof(ULONG), "sizeof(BCD_ELEMENT_DATATYPE) is invalid.");
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdEnumerateElementTypes(
- _In_ HANDLE BcdObjectHandle,
- _Out_writes_bytes_opt_(*BufferSize) PVOID Buffer, // BCD_ELEMENT_DATATYPE[]
- _Inout_ PULONG BufferSize,
- _Out_ PULONG ElementCount
- );
-
-typedef struct _BCD_ELEMENT_DEVICE_QUALIFIED_PARTITION
-{
- ULONG PartitionStyle;
- ULONG Reserved;
- struct
- {
- union
- {
- ULONG DiskSignature;
- ULONG64 PartitionOffset;
- } Mbr;
- union
- {
- GUID DiskSignature;
- GUID PartitionSignature;
- } Gpt;
- };
-} BCD_ELEMENT_DEVICE_QUALIFIED_PARTITION, *PBCD_ELEMENT_DEVICE_QUALIFIED_PARTITION;
-
-typedef struct _BCD_ELEMENT_DEVICE
-{
- ULONG DeviceType;
- GUID AdditionalOptions;
- struct
- {
- union
- {
- ULONG ParentOffset;
- WCHAR Path[ANYSIZE_ARRAY];
- } File;
- union
- {
- WCHAR Path[ANYSIZE_ARRAY];
- } Partition;
- union
- {
- ULONG Type;
- ULONG ParentOffset;
- ULONG ElementType;
- WCHAR Path[ANYSIZE_ARRAY];
- } Locate;
- union
- {
- GUID InterfaceInstance;
- } Vmbus;
- union
- {
- ULONG Data[ANYSIZE_ARRAY];
- } Unknown;
- BCD_ELEMENT_DEVICE_QUALIFIED_PARTITION QualifiedPartition;
- };
-} BCD_ELEMENT_DEVICE, *PBCD_ELEMENT_DEVICE;
-
-typedef struct _BCD_ELEMENT_STRING
-{
- WCHAR Value[ANYSIZE_ARRAY];
-} BCD_ELEMENT_STRING, *PBCD_ELEMENT_STRING;
-
-typedef struct _BCD_ELEMENT_OBJECT
-{
- GUID Object;
-} BCD_ELEMENT_OBJECT, *PBCD_ELEMENT_OBJECT;
-
-typedef struct _BCD_ELEMENT_OBJECT_LIST
-{
- GUID ObjectList[ANYSIZE_ARRAY];
-} BCD_ELEMENT_OBJECT_LIST, *PBCD_ELEMENT_OBJECT_LIST;
-
-typedef struct _BCD_ELEMENT_INTEGER
-{
- ULONG64 Value;
-} BCD_ELEMENT_INTEGER, *PBCD_ELEMENT_INTEGER;
-
-typedef struct _BCD_ELEMENT_INTEGER_LIST
-{
- ULONG64 Value[ANYSIZE_ARRAY];
-} BCD_ELEMENT_INTEGER_LIST, *PBCD_ELEMENT_INTEGER_LIST;
-
-typedef struct _BCD_ELEMENT_BOOLEAN
-{
- BOOLEAN Value;
- //BOOLEAN Pad; // sym
-} BCD_ELEMENT_BOOLEAN, *PBCD_ELEMENT_BOOLEAN;
-
-#define BCD_ELEMENT_DESCRIPTION_VERSION 0x1
-
-typedef struct BCD_ELEMENT_DESCRIPTION
-{
- ULONG Version; // BCD_ELEMENT_DESCRIPTION_VERSION
- ULONG Type;
- ULONG DataSize;
-} BCD_ELEMENT_DESCRIPTION, *PBCD_ELEMENT_DESCRIPTION;
-
-typedef struct _BCD_ELEMENT
-{
- PBCD_ELEMENT_DESCRIPTION Description;
- PVOID Data;
-} BCD_ELEMENT, *PBCD_ELEMENT;
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdEnumerateElements(
- _In_ HANDLE BcdObjectHandle,
- _Out_writes_bytes_opt_(*BufferSize) PVOID Buffer, // BCD_ELEMENT[]
- _Inout_ PULONG BufferSize,
- _Out_ PULONG ElementCount
- );
-
-typedef enum _BCD_FLAGS
-{
- BCD_FLAG_NONE = 0x0,
- BCD_FLAG_QUALIFIED_PARTITION = 0x1,
- BCD_FLAG_NO_DEVICE_TRANSLATION = 0x2,
- BCD_FLAG_ENUMERATE_INHERITED_OBJECTS = 0x4,
- BCD_FLAG_ENUMERATE_DEVICE_OPTIONS = 0x8,
- BCD_FLAG_OBSERVE_PRECEDENCE = 0x10,
- BCD_FLAG_DISABLE_VHD_NT_TRANSLATION = 0x20,
- BCD_FLAG_DISABLE_VHD_DEVICE_DETECTION = 0x40,
- BCD_FLAG_DISABLE_POLICY_CHECKS = 0x80
-} BCD_FLAGS;
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdEnumerateElementsWithFlags(
- _In_ HANDLE BcdObjectHandle,
- _In_ BCD_FLAGS BcdFlags,
- _Out_writes_bytes_opt_(*BufferSize) PVOID Buffer, // BCD_ELEMENT[]
- _Inout_ PULONG BufferSize,
- _Out_ PULONG ElementCount
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdEnumerateAndUnpackElements(
- _In_ HANDLE BcdStoreHandle,
- _In_ HANDLE BcdObjectHandle,
- _In_ BCD_FLAGS BcdFlags,
- _Out_writes_bytes_opt_(*BufferSize) PVOID Buffer, // BCD_ELEMENT[]
- _Inout_ PULONG BufferSize,
- _Out_ PULONG ElementCount
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdGetElementData(
- _In_ HANDLE BcdObjectHandle,
- _In_ ULONG BcdElement, // BCD_ELEMENT_DATATYPE
- _Out_writes_bytes_opt_(*BufferSize) PVOID Buffer,
- _Inout_ PULONG BufferSize
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdGetElementDataWithFlags(
- _In_ HANDLE BcdObjectHandle,
- _In_ ULONG BcdElement, // BCD_ELEMENT_DATATYPE
- _In_ BCD_FLAGS BcdFlags,
- _Out_writes_bytes_opt_(*BufferSize) PVOID Buffer,
- _Inout_ PULONG BufferSize
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdSetElementData(
- _In_ HANDLE BcdObjectHandle,
- _In_ ULONG BcdElement, // BCD_ELEMENT_DATATYPE
- _In_reads_bytes_opt_(BufferSize) PVOID Buffer,
- _In_ ULONG BufferSize
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdSetElementDataWithFlags(
- _In_ HANDLE BcdObjectHandle,
- _In_ ULONG BcdElement, // BCD_ELEMENT_DATATYPE
- _In_ BCD_FLAGS BcdFlags,
- _In_reads_bytes_opt_(BufferSize) PVOID Buffer,
- _In_ ULONG BufferSize
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-BcdDeleteElement(
- _In_ HANDLE BcdObjectHandle,
- _In_ ULONG BcdElement // BCD_ELEMENT_DATATYPE
- );
-
-// Element types
-
-typedef enum _BcdBootMgrElementTypes
-{
- ///
- /// The order in which BCD objects should be displayed.
- /// Objects are displayed using the string specified by the BcdLibraryString_Description element.
- ///
- /// 0x24000001
- BcdBootMgrObjectList_DisplayOrder = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_OBJECTLIST, 1),
- ///
- /// List of boot environment applications the boot manager should execute.
- /// The applications are executed in the order they appear in this list.
- /// If the firmware boot manager does not support loading multiple applications, this list cannot contain more than one entry.
- ///
- /// 0x24000002
- BcdBootMgrObjectList_BootSequence = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_OBJECTLIST, 2),
- ///
- /// The default boot environment application to load if the user does not select one.
- ///
- /// 0x23000003
- BcdBootMgrObject_DefaultObject = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_OBJECT, 3),
- ///
- /// The maximum number of seconds a boot selection menu is to be displayed to the user.
- /// The menu is displayed until the user selects an option or the time-out expires.
- /// If this value is not specified, the boot manager waits for the user to make a selection.
- ///
- /// 0x25000004
- BcdBootMgrInteger_Timeout = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 4),
- ///
- /// Indicates that a resume operation should be attempted during a system restart.
- ///
- /// 0x26000005
- BcdBootMgrBoolean_AttemptResume = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 5),
- ///
- /// The resume application object.
- ///
- /// 0x23000006
- BcdBootMgrObject_ResumeObject = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_OBJECT, 6),
- ///
- ///
- ///
- /// 0x24000007
- BcdBootMgrObjectList_StartupSequence = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_OBJECTLIST, 7),
- ///
- /// The boot manager tools display order list.
- ///
- /// 0x24000010
- BcdBootMgrObjectList_ToolsDisplayOrder = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_OBJECTLIST, 16),
- ///
- /// Forces the display of the legacy boot menu, regardless of the number of OS entries in the BCD store and their BcdOSLoaderInteger_BootMenuPolicy.
- ///
- /// 0x26000020
- BcdBootMgrBoolean_DisplayBootMenu = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 32),
- ///
- /// Indicates whether the display of errors should be suppressed.
- /// If this setting is enabled, the boot manager exits to the multi-OS menu on OS launch error.
- ///
- /// 0x26000021
- BcdBootMgrBoolean_NoErrorDisplay = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 33),
- ///
- /// The device on which the boot application resides.
- ///
- /// 0x21000022
- BcdBootMgrDevice_BcdDevice = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_DEVICE, 34),
- ///
- /// The boot application.
- ///
- /// 0x22000023
- BcdBootMgrString_BcdFilePath = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 35),
- ///
- ///
- ///
- /// 0x26000024
- BcdBootMgrBoolean_HormEnabled = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 36),
- ///
- ///
- ///
- /// 0x26000025
- BcdBootMgrBoolean_HiberRoot = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 37),
- ///
- ///
- ///
- /// 0x22000026
- BcdBootMgrString_PasswordOverride = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 38),
- ///
- ///
- ///
- /// 0x22000027
- BcdBootMgrString_PinpassPhraseOverride = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 39),
- ///
- /// Controls whether custom actions are processed before a boot sequence.
- /// Note This value is supported starting in Windows 8 and Windows Server 2012.
- ///
- /// 0x26000028
- BcdBootMgrBoolean_ProcessCustomActionsFirst = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 40),
- ///
- /// Custom Bootstrap Actions.
- ///
- /// 0x27000030
- BcdBootMgrIntegerList_CustomActionsList = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGERLIST, 48),
- ///
- /// Controls whether a boot sequence persists across multiple boots.
- /// Note This value is supported starting in Windows 8 and Windows Server 2012.
- ///
- /// 0x26000031
- BcdBootMgrBoolean_PersistBootSequence = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 49),
- ///
- ///
- ///
- /// 0x26000032
- BcdBootMgrBoolean_SkipStartupSequence = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 50),
-} BcdBootMgrElementTypes;
-
-typedef enum _BcdLibrary_FirstMegabytePolicy
-{
- ///
- /// Use none of the first megabyte of memory.
- ///
- FirstMegabytePolicyUseNone,
- ///
- /// Use all of the first megabyte of memory.
- ///
- FirstMegabytePolicyUseAll,
- ///
- /// Reserved for future use.
- ///
- FirstMegabytePolicyUsePrivate
-} BcdLibrary_FirstMegabytePolicy;
-
-typedef enum _BcdLibrary_DebuggerType
-{
- DebuggerSerial = 0,
- Debugger1394 = 1,
- DebuggerUsb = 2,
- DebuggerNet = 3,
- DebuggerLocal = 4
-} BcdLibrary_DebuggerType;
-
-typedef enum _BcdLibrary_DebuggerStartPolicy
-{
- ///
- /// The debugger will start active.
- ///
- DebuggerStartActive,
- ///
- /// The debugger will start in the auto-enabled state.
- /// If a debugger is attached it will be used; otherwise the debugger port will be available for other applications.
- ///
- DebuggerStartAutoEnable,
- ///
- /// The debugger will not start.
- ///
- DebuggerStartDisable
-} BcdLibrary_DebuggerStartPolicy;
-
-typedef enum _BcdLibrary_ConfigAccessPolicy
-{
- ///
- /// Access to PCI configuration space through the memory-mapped region is allowed.
- ///
- ConfigAccessPolicyDefault,
- ///
- /// Access to PCI configuration space through the memory-mapped region is not allowed.
- /// This setting is used for platforms that implement memory-mapped configuration space incorrectly.
- /// The CFC/CF8 access mechanism can be used to access configuration space on these platforms.
- ///
- ConfigAccessPolicyDisallowMmConfig
-} BcdLibrary_ConfigAccessPolicy;
-
-typedef enum _BcdLibrary_UxDisplayMessageType
-{
- DisplayMessageTypeDefault = 0,
- DisplayMessageTypeResume = 1,
- DisplayMessageTypeHyperV = 2,
- DisplayMessageTypeRecovery = 3,
- DisplayMessageTypeStartupRepair = 4,
- DisplayMessageTypeSystemImageRecovery = 5,
- DisplayMessageTypeCommandPrompt = 6,
- DisplayMessageTypeSystemRestore = 7,
- DisplayMessageTypePushButtonReset = 8,
-} BcdLibrary_UxDisplayMessageType;
-
-typedef enum BcdLibrary_SafeBoot
-{
- ///
- /// Load the drivers and services specified by name or group under the following registry key:
- /// HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal.
- ///
- SafemodeMinimal = 0,
- ///
- /// Load the drivers and services specified by name or group under the following registry key:
- /// HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
- ///
- SafemodeNetwork = 1,
- ///
- /// Boot the system into a repair mode that restores the Active Directory service from backup medium.
- ///
- SafemodeDsRepair = 2
-} BcdLibrary_SafeBoot;
-
-// BcdLibraryElementTypes based on geoffchappell: https://www.geoffchappell.com/notes/windows/boot/bcd/elements.htm (dmex)
-typedef enum _BcdLibraryElementTypes
-{
- ///
- /// Device on which a boot environment application resides.
- ///
- /// 0x11000001
- BcdLibraryDevice_ApplicationDevice = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_DEVICE, 1),
- ///
- /// Path to a boot environment application.
- ///
- /// 0x12000002
- BcdLibraryString_ApplicationPath = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 2),
- ///
- /// Display name of the boot environment application.
- ///
- /// 0x12000004
- BcdLibraryString_Description = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 4),
- ///
- /// Preferred locale, in RFC 3066 format.
- ///
- /// 0x12000005
- BcdLibraryString_PreferredLocale = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 5),
- ///
- /// List of BCD objects from which the current object should inherit elements.
- ///
- /// 0x14000006
- BcdLibraryObjectList_InheritedObjects = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_OBJECTLIST, 6),
- ///
- /// Maximum physical address a boot environment application should recognize. All memory above this address is ignored.
- ///
- /// 0x15000007
- BcdLibraryInteger_TruncatePhysicalMemory = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 7),
- ///
- /// List of boot environment applications to be executed if the associated application fails. The applications are executed in the order they appear in this list.
- ///
- /// 0x14000008
- BcdLibraryObjectList_RecoverySequence = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_OBJECTLIST, 8),
- ///
- /// Indicates whether the recovery sequence executes automatically if the boot application fails. Otherwise, the recovery sequence only runs on demand.
- ///
- /// 0x16000009
- BcdLibraryBoolean_AutoRecoveryEnabled = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 9),
- ///
- /// List of page frame numbers describing faulty memory in the system.
- ///
- /// 0x1700000A
- BcdLibraryIntegerList_BadMemoryList = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGERLIST, 10),
- ///
- /// If TRUE, indicates that a boot application can use memory listed in the BcdLibraryIntegerList_BadMemoryList.
- ///
- /// 0x1600000B
- BcdLibraryBoolean_AllowBadMemoryAccess = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 11),
- ///
- /// Indicates how the first megabyte of memory is to be used. The Integer property is one of the values from the BcdLibrary_FirstMegabytePolicy enumeration.
- ///
- /// 0x1500000C
- BcdLibraryInteger_FirstMegabytePolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 12),
- ///
- /// Relocates physical memory on certain AMD processors.
- /// This value is not used in Windows 8 or Windows Server 2012.
- ///
- /// 0x1500000D
- BcdLibraryInteger_RelocatePhysicalMemory = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 13),
- ///
- /// Specifies a minimum physical address to use in the boot environment.
- ///
- /// 0x1500000E
- BcdLibraryInteger_AvoidLowPhysicalMemory = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 14),
- ///
- ///
- ///
- /// 0x1600000F
- BcdLibraryBoolean_TraditionalKsegMappings = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 15),
- ///
- /// Indicates whether the boot debugger should be enabled.
- ///
- /// 0x16000010
- BcdLibraryBoolean_DebuggerEnabled = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 16),
- ///
- /// Debugger type. The Integer property is one of the values from the BcdLibrary_DebuggerType enumeration.
- ///
- /// 0x15000011
- BcdLibraryInteger_DebuggerType = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 17),
- ///
- /// I/O port address for the serial debugger.
- ///
- /// 0x15000012
- BcdLibraryInteger_SerialDebuggerPortAddress = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 18),
- ///
- /// Serial port number for serial debugging.
- /// If this value is not specified, the default is specified by the DBGP ACPI table settings.
- ///
- /// 0x15000013
- BcdLibraryInteger_SerialDebuggerPort = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 19),
- ///
- /// Baud rate for serial debugging.
- ///
- /// 0x15000014
- BcdLibraryInteger_SerialDebuggerBaudRate = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 20),
- ///
- /// Channel number for 1394 debugging.
- ///
- /// 0x15000015
- BcdLibraryInteger_1394DebuggerChannel = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 21),
- ///
- /// The target name for the USB debugger. The target name is arbitrary but must match between the debugger and the debug target.
- ///
- /// 0x12000016
- BcdLibraryString_UsbDebuggerTargetName = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 22),
- ///
- /// If TRUE, the debugger will ignore user mode exceptions and only stop for kernel mode exceptions.
- ///
- /// 0x16000017
- BcdLibraryBoolean_DebuggerIgnoreUsermodeExceptions = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 23),
- ///
- /// Indicates the debugger start policy. The Integer property is one of the values from the BcdLibrary_DebuggerStartPolicy enumeration.
- ///
- /// 0x15000018
- BcdLibraryInteger_DebuggerStartPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 24),
- ///
- /// Defines the PCI bus, device, and function numbers of the debugging device. For example, 1.5.0 describes the debugging device on bus 1, device 5, function 0.
- ///
- /// 0x12000019
- BcdLibraryString_DebuggerBusParameters = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 25),
- ///
- /// Defines the host IP address for the network debugger.
- ///
- /// 0x1500001A
- BcdLibraryInteger_DebuggerNetHostIP = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 26),
- ///
- /// Defines the network port for the network debugger.
- ///
- /// 0x1500001B
- BcdLibraryInteger_DebuggerNetPort = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 27),
- ///
- /// Controls the use of DHCP by the network debugger. Setting this to false causes the OS to only use link-local addresses.
- /// This value is supported starting in Windows 8 and Windows Server 2012.
- ///
- /// 0x1600001C
- BcdLibraryBoolean_DebuggerNetDhcp = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 28),
- ///
- /// Holds the key used to encrypt the network debug connection.
- /// This value is supported starting in Windows 8 and Windows Server 2012.
- ///
- /// 0x1200001D
- BcdLibraryString_DebuggerNetKey = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 29),
- ///
- ///
- ///
- /// 0x1600001E
- BcdLibraryBoolean_DebuggerNetVM = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 30),
- ///
- ///
- ///
- /// 0x1200001F
- BcdLibraryString_DebuggerNetHostIpv6 = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 31),
- ///
- /// Indicates whether EMS redirection should be enabled.
- ///
- /// 0x16000020
- BcdLibraryBoolean_EmsEnabled = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 32),
- ///
- /// COM port number for EMS redirection.
- ///
- /// 0x15000022
- BcdLibraryInteger_EmsPort = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 34),
- ///
- /// Baud rate for EMS redirection.
- ///
- /// 0x15000023
- BcdLibraryInteger_EmsBaudRate = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 35),
- ///
- /// String that is appended to the load options string passed to the kernel to be consumed by kernel-mode components.
- /// This is useful for communicating with kernel-mode components that are not BCD-aware.
- ///
- /// 0x12000030
- BcdLibraryString_LoadOptionsString = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 48),
- ///
- ///
- ///
- /// 0x16000031
- BcdLibraryBoolean_AttemptNonBcdStart = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 49),
- ///
- /// Indicates whether the advanced options boot menu (F8) is displayed.
- ///
- /// 0x16000040
- BcdLibraryBoolean_DisplayAdvancedOptions = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 64),
- ///
- /// Indicates whether the boot options editor is enabled.
- ///
- /// 0x16000041
- BcdLibraryBoolean_DisplayOptionsEdit = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 65),
- ///
- ///
- ///
- /// 0x15000042
- BcdLibraryInteger_FVEKeyRingAddress = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 66),
- ///
- /// Allows a device override for the bootstat.dat log in the boot manager and winload.exe.
- ///
- /// 0x11000043
- BcdLibraryDevice_BsdLogDevice = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_DEVICE, 67),
- ///
- /// Allows a path override for the bootstat.dat log file in the boot manager and winload.exe.
- ///
- /// 0x12000044
- BcdLibraryString_BsdLogPath = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 68),
- ///
- /// Indicates whether graphics mode is disabled and boot applications must use text mode display.
- ///
- /// 0x16000045
- BcdLibraryBoolean_BsdPreserveLog = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 69),
- ///
- ///
- ///
- /// 0x16000046
- BcdLibraryBoolean_GraphicsModeDisabled = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 70),
- ///
- /// Indicates the access policy for PCI configuration space.
- ///
- /// 0x15000047
- BcdLibraryInteger_ConfigAccessPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 71),
- ///
- /// Disables integrity checks.
- /// Cannot be set when secure boot is enabled.
- /// This value is ignored by Windows 7 and Windows 8.
- ///
- /// 0x16000048
- BcdLibraryBoolean_DisableIntegrityChecks = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 72),
- ///
- /// Indicates whether the test code signing certificate is supported.
- ///
- /// 0x16000049
- BcdLibraryBoolean_AllowPrereleaseSignatures = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 73),
- ///
- /// Overrides the default location of the boot fonts.
- ///
- /// 0x1200004A
- BcdLibraryString_FontPath = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 74),
- ///
- ///
- ///
- /// 0x1500004B
- BcdLibraryInteger_SiPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 75),
- ///
- /// This value (if present) should not be modified.
- ///
- /// 0x1500004C
- BcdLibraryInteger_FveBandId = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 76),
- ///
- /// Specifies that legacy BIOS systems should use INT 16h Function 10h for console input instead of INT 16h Function 0h.
- ///
- /// 0x16000050
- BcdLibraryBoolean_ConsoleExtendedInput = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 80),
- ///
- ///
- ///
- /// 0x15000051
- BcdLibraryInteger_InitialConsoleInput = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 81),
- ///
- /// Forces a specific graphics resolution at boot.
- /// Possible values include GraphicsResolution1024x768 (0), GraphicsResolution800x600 (1), and GraphicsResolution1024x600 (2).
- ///
- /// 0x15000052
- BcdLibraryInteger_GraphicsResolution = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 82),
- ///
- /// If enabled, specifies that boot error screens are not shown when OS launch errors occur, and the system is reset rather than exiting directly back to the firmware.
- ///
- /// 0x16000053
- BcdLibraryBoolean_RestartOnFailure = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 83),
- ///
- /// Forces highest available graphics resolution at boot.
- /// This value can only be used on UEFI systems.
- /// This value is supported starting in Windows 8 and Windows Server 2012.
- ///
- /// 0x16000054
- BcdLibraryBoolean_GraphicsForceHighestMode = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 84),
- ///
- /// This setting is used to differentiate between the Windows 7 and Windows 8 implementations of UEFI.
- /// Do not modify this setting.
- /// If this setting is removed from a Windows 8 installation, it will not boot.
- /// If this setting is added to a Windows 7 installation, it will not boot.
- ///
- /// 0x16000060
- BcdLibraryBoolean_IsolatedExecutionContext = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 96),
- ///
- /// This setting disables the progress bar and default Windows logo. If a custom text string has been defined, it is also disabled by this setting.
- /// The Integer property is one of the values from the BcdLibrary_UxDisplayMessageType enumeration.
- ///
- /// 0x15000065
- BcdLibraryInteger_BootUxDisplayMessage = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 101),
- ///
- ///
- ///
- /// 0x15000066
- BcdLibraryInteger_BootUxDisplayMessageOverride = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 102),
- ///
- /// This setting disables the boot logo.
- ///
- /// 0x16000067
- BcdLibraryBoolean_BootUxLogoDisable = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 103),
- ///
- /// This setting disables the boot status text.
- ///
- /// 0x16000068
- BcdLibraryBoolean_BootUxTextDisable = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 104),
- ///
- /// This setting disables the boot progress bar.
- ///
- /// 0x16000069
- BcdLibraryBoolean_BootUxProgressDisable = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 105),
- ///
- /// This setting disables the boot transition fading.
- ///
- /// 0x1600006A
- BcdLibraryBoolean_BootUxFadeDisable = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 106),
- ///
- ///
- ///
- /// 0x1600006B
- BcdLibraryBoolean_BootUxReservePoolDebug = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 107),
- ///
- ///
- ///
- /// 0x1600006C
- BcdLibraryBoolean_BootUxDisable = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 108),
- ///
- ///
- ///
- /// 0x1500006D
- BcdLibraryInteger_BootUxFadeFrames = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 109),
- ///
- ///
- ///
- /// 0x1600006E
- BcdLibraryBoolean_BootUxDumpStats = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 110),
- ///
- ///
- ///
- /// 0x1600006F
- BcdLibraryBoolean_BootUxShowStats = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 111),
- ///
- ///
- ///
- /// 0x16000071
- BcdLibraryBoolean_MultiBootSystem = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 113),
- ///
- ///
- ///
- /// 0x16000072
- BcdLibraryBoolean_ForceNoKeyboard = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 114),
- ///
- ///
- ///
- /// 0x15000073
- BcdLibraryInteger_AliasWindowsKey = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 115),
- ///
- /// Disables the 1-minute timer that triggers shutdown on boot error screens, and the F8 menu, on UEFI systems.
- ///
- /// 0x16000074
- BcdLibraryBoolean_BootShutdownDisabled = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 116),
- ///
- ///
- ///
- /// 0x15000075
- BcdLibraryInteger_PerformanceFrequency = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 117),
- ///
- ///
- ///
- /// 0x15000076
- BcdLibraryInteger_SecurebootRawPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 118),
- ///
- /// Indicates whether or not an in-memory BCD setting passed between boot apps will trigger BitLocker recovery.
- /// This value should not be modified as it could trigger a BitLocker recovery action.
- ///
- /// 0x17000077
- BcdLibraryIntegerList_AllowedInMemorySettings = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 119),
- ///
- ///
- ///
- /// 0x15000079
- BcdLibraryInteger_BootUxBitmapTransitionTime = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 121),
- ///
- ///
- ///
- /// 0x1600007A
- BcdLibraryBoolean_TwoBootImages = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 122),
- ///
- /// Force the use of FIPS cryptography checks on boot applications.
- /// BcdLibraryBoolean_ForceFipsCrypto is documented with wrong value 0x16000079
- ///
- /// 0x1600007B
- BcdLibraryBoolean_ForceFipsCrypto = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 123),
- ///
- ///
- ///
- /// 0x1500007D
- BcdLibraryInteger_BootErrorUx = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 125),
- ///
- ///
- ///
- /// 0x1600007E
- BcdLibraryBoolean_AllowFlightSignatures = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 126),
- ///
- ///
- ///
- /// 0x1500007F
- BcdLibraryInteger_BootMeasurementLogFormat = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 127),
- ///
- ///
- ///
- /// 0x15000080
- BcdLibraryInteger_DisplayRotation = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 128),
- ///
- ///
- ///
- /// 0x15000081
- BcdLibraryInteger_LogControl = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 129),
- ///
- ///
- ///
- /// 0x16000082
- BcdLibraryBoolean_NoFirmwareSync = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 130),
- ///
- ///
- ///
- /// 0x11000084
- BcdLibraryDevice_WindowsSystemDevice = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_DEVICE, 132),
- ///
- ///
- ///
- /// 0x16000087
- BcdLibraryBoolean_NumLockOn = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 135),
- ///
- ///
- ///
- /// 0x12000088
- BcdLibraryString_AdditionalCiPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 136),
-} BcdLibraryElementTypes;
-
-typedef enum _BcdTemplateElementTypes
-{
- ///
- ///
- ///
- /// 0x45000001
- BcdSetupInteger_DeviceType = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_SETUPTEMPLATE, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 1),
- ///
- ///
- ///
- /// 0x42000002
- BcdSetupString_ApplicationRelativePath = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_SETUPTEMPLATE, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 2),
- ///
- ///
- ///
- /// 0x42000003
- BcdSetupString_RamdiskDeviceRelativePath = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_SETUPTEMPLATE, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 3),
- ///
- ///
- ///
- /// 0x46000004
- BcdSetupBoolean_OmitOsLoaderElements = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_SETUPTEMPLATE, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 4),
- ///
- ///
- ///
- /// 0x47000006
- BcdSetupIntegerList_ElementsToMigrateList = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_SETUPTEMPLATE, BCD_ELEMENT_DATATYPE_FORMAT_INTEGERLIST, 6),
- ///
- ///
- ///
- /// 0x46000010
- BcdSetupBoolean_RecoveryOs = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_SETUPTEMPLATE, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 16),
-} BcdTemplateElementTypes;
-
-///
-/// Specifies the no-execute page protection policies.
-///
-typedef enum _BcdOSLoader_NxPolicy
-{
- ///
- /// The no-execute page protection is off by default.
- ///
- NxPolicyOptIn = 0,
- ///
- /// The no-execute page protection is on by default.
- ///
- NxPolicyOptOut = 1,
- ///
- /// The no-execute page protection is always off.
- ///
- NxPolicyAlwaysOff = 2,
- ///
- /// The no-execute page protection is always on.
- ///
- NxPolicyAlwaysOn = 3
-} BcdOSLoader_NxPolicy;
-
-///
-/// Specifies the Physical Address Extension (PAE) policies.
-///
-typedef enum _BcdOSLoader_PAEPolicy
-{
- ///
- /// Enable PAE if hot-pluggable memory is defined above 4GB.
- ///
- PaePolicyDefault = 0,
- ///
- /// PAE is enabled.
- ///
- PaePolicyForceEnable = 1,
- ///
- /// PAE is disabled.
- ///
- PaePolicyForceDisable = 2
-} BcdOSLoader_PAEPolicy;
-
-typedef enum _BcdOSLoader_BootStatusPolicy
-{
- ///
- /// Display all boot failures.
- ///
- BootStatusPolicyDisplayAllFailures = 0,
- ///
- /// Ignore all boot failures.
- ///
- BootStatusPolicyIgnoreAllFailures = 1,
- ///
- /// Ignore all shutdown failures.
- ///
- BootStatusPolicyIgnoreShutdownFailures = 2,
- ///
- /// Ignore all boot failures.
- ///
- BootStatusPolicyIgnoreBootFailures = 3,
- ///
- /// Ignore checkpoint failures.
- ///
- BootStatusPolicyIgnoreCheckpointFailures = 4,
- ///
- /// Display shutdown failures.
- ///
- BootStatusPolicyDisplayShutdownFailures = 5,
- ///
- /// Display boot failures.
- ///
- BootStatusPolicyDisplayBootFailures = 6,
- ///
- /// Display checkpoint failures.
- ///
- BootStatusPolicyDisplayCheckpointFailures = 7
-} BcdOSLoaderBootStatusPolicy;
-
-// BcdOSLoaderElementTypes based on geoffchappell: https://www.geoffchappell.com/notes/windows/boot/bcd/elements.htm (dmex)
-typedef enum _BcdOSLoaderElementTypes
-{
- ///
- /// The device on which the operating system resides.
- ///
- /// 0x21000001
- BcdOSLoaderDevice_OSDevice = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_DEVICE, 1),
- ///
- /// The file path to the operating system (%SystemRoot% minus the volume).
- ///
- /// 0x22000002
- BcdOSLoaderString_SystemRoot = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 2),
- ///
- /// The resume application associated with the operating system.
- ///
- /// 0x23000003
- BcdOSLoaderObject_AssociatedResumeObject = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_OBJECT, 3),
- ///
- ///
- ///
- /// 0x26000004
- BcdOSLoaderBoolean_StampDisks = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 4),
- ///
- /// Indicates whether the operating system loader should determine the kernel and HAL to load based on the platform features.
- ///
- /// 0x26000010
- BcdOSLoaderBoolean_DetectKernelAndHal = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 16),
- ///
- /// The kernel to be loaded by the operating system loader. This value overrides the default kernel.
- ///
- /// 0x22000011
- BcdOSLoaderString_KernelPath = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 17),
- ///
- /// The HAL to be loaded by the operating system loader. This value overrides the default HAL.
- ///
- /// 0x22000012
- BcdOSLoaderString_HalPath = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 18),
- ///
- /// The transport DLL to be loaded by the operating system loader. This value overrides the default Kdcom.dll.
- ///
- /// 0x22000013
- BcdOSLoaderString_DbgTransportPath = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 19),
- ///
- /// The no-execute page protection policy. The Integer property is one of the values from the BcdOSLoader_NxPolicy enumeration.
- ///
- /// 0x25000020
- BcdOSLoaderInteger_NxPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 32),
- ///
- /// The Physical Address Extension (PAE) policy. The Integer property is one of the values from the BcdOSLoader_PAEPolicy enumeration.
- ///
- /// 0x25000021
- BcdOSLoaderInteger_PAEPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 33),
- ///
- /// Indicates that the system should be started in Windows Preinstallation Environment (Windows PE) mode.
- ///
- /// 0x26000022
- BcdOSLoaderBoolean_WinPEMode = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 34),
- ///
- /// Indicates that the system should not automatically reboot when it crashes.
- ///
- /// 0x26000024
- BcdOSLoaderBoolean_DisableCrashAutoReboot = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 36),
- ///
- /// Indicates that the system should use the last-known good settings.
- ///
- /// 0x26000025
- BcdOSLoaderBoolean_UseLastGoodSettings = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 37),
- ///
- ///
- ///
- /// 0x26000026
- BcdOSLoaderBoolean_DisableCodeIntegrityChecks = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 38),
- ///
- /// Indicates whether the test code signing certificate is supported.
- ///
- /// 0x26000027
- BcdOSLoaderBoolean_AllowPrereleaseSignatures = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 39),
- ///
- /// Indicates whether the system should utilize the first 4GB of physical memory.
- /// This option requires 5GB of physical memory, and on x86 systems it requires PAE to be enabled.
- ///
- /// 0x26000030
- BcdOSLoaderBoolean_NoLowMemory = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 48),
- ///
- /// The amount of memory the system should ignore.
- ///
- /// 0x25000031
- BcdOSLoaderInteger_RemoveMemory = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 49),
- ///
- /// The amount of memory that should be utilized by the process address space, in bytes.
- /// This value should be between 2GB and 3GB.
- /// Increasing this value from the default 2GB decreases the amount of virtual address space available to the system and device drivers.
- ///
- /// 0x25000032
- BcdOSLoaderInteger_IncreaseUserVa = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 50),
- ///
- ///
- ///
- /// 0x25000033
- BcdOSLoaderInteger_PerformaceDataMemory = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 51),
- ///
- /// Indicates whether the system should use the standard VGA display driver instead of a high-performance display driver.
- ///
- /// 0x26000040
- BcdOSLoaderBoolean_UseVgaDriver = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 64),
- ///
- /// Indicates whether the system should initialize the VGA driver responsible for displaying simple graphics during the boot process.
- /// If not, there is no display is presented during the boot process.
- ///
- /// 0x26000041
- BcdOSLoaderBoolean_DisableBootDisplay = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 65),
- ///
- /// Indicates whether the VGA driver should avoid VESA BIOS calls.
- /// Note This value is ignored by Windows 8 and Windows Server 2012.
- ///
- /// 0x26000042
- BcdOSLoaderBoolean_DisableVesaBios = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 66),
- ///
- /// Disables the use of VGA modes in the OS.
- ///
- /// 0x26000043
- BcdOSLoaderBoolean_DisableVgaMode = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 67),
- ///
- /// Indicates that cluster-mode APIC addressing should be utilized, and the value is the maximum number of processors per cluster.
- ///
- /// 0x25000050
- BcdOSLoaderInteger_ClusterModeAddressing = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 80),
- ///
- /// Indicates whether to enable physical-destination mode for all APIC messages.
- ///
- /// 0x26000051
- BcdOSLoaderBoolean_UsePhysicalDestination = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 81),
- ///
- /// The maximum number of APIC clusters that should be used by cluster-mode addressing.
- ///
- /// 0x25000052
- BcdOSLoaderInteger_RestrictApicCluster = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 82),
- ///
- ///
- ///
- /// 0x22000053
- BcdOSLoaderString_OSLoaderTypeEVStore = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 83),
- ///
- /// Used to force legacy APIC mode, even if the processors and chipset support extended APIC mode.
- ///
- /// 0x26000054
- BcdOSLoaderBoolean_UseLegacyApicMode = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 84),
- ///
- /// Enables the use of extended APIC mode, if supported.
- /// Zero (0) indicates default behavior, one (1) indicates that extended APIC mode is disabled, and two (2) indicates that extended APIC mode is enabled.
- /// The system defaults to using extended APIC mode if available.
- ///
- /// 0x25000055
- BcdOSLoaderInteger_X2ApicPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 85),
- ///
- /// Indicates whether the operating system should initialize or start non-boot processors.
- ///
- /// 0x26000060
- BcdOSLoaderBoolean_UseBootProcessorOnly = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 96),
- ///
- /// The maximum number of processors that can be utilized by the system; all other processors are ignored.
- ///
- /// 0x25000061
- BcdOSLoaderInteger_NumberOfProcessors = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 97),
- ///
- /// Indicates whether the system should use the maximum number of processors.
- ///
- /// 0x26000062
- BcdOSLoaderBoolean_ForceMaximumProcessors = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 98),
- ///
- /// Indicates whether processor specific configuration flags are to be used.
- ///
- /// 0x25000063
- BcdOSLoaderBoolean_ProcessorConfigurationFlags = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 99),
- ///
- /// Maximizes the number of groups created when assigning nodes to processor groups.
- ///
- /// 0x26000064
- BcdOSLoaderBoolean_MaximizeGroupsCreated = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 100),
- ///
- /// This setting makes drivers group aware and can be used to determine improper group usage.
- ///
- /// 0x26000065
- BcdOSLoaderBoolean_ForceGroupAwareness = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 101),
- ///
- /// Specifies the size of all processor groups. Must be set to a power of 2.
- ///
- /// 0x25000066
- BcdOSLoaderInteger_GroupSize = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 102),
- ///
- /// Indicates whether the system should use I/O and IRQ resources created by the system firmware instead of using dynamically configured resources.
- ///
- /// 0x26000070
- BcdOSLoaderInteger_UseFirmwarePciSettings = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 112),
- ///
- /// The PCI Message Signaled Interrupt (MSI) policy. Zero (0) indicates default, and one (1) indicates that MSI interrupts are disabled.
- ///
- /// 0x25000071
- BcdOSLoaderInteger_MsiPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 113),
- ///
- /// Undocumented. Zero (0) indicates default, and one (1) indicates that PCI Express is forcefully disabled.
- ///
- /// 0x25000072
- BcdOSLoaderInteger_PciExpressPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 114),
- ///
- /// The Integer property is one of the values from the BcdLibrary_SafeBoot enumeration.
- ///
- /// 0x25000080
- BcdOSLoaderInteger_SafeBoot = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 128),
- ///
- /// Indicates whether the system should use the shell specified under the following registry key instead of the default shell:
- /// HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell.
- ///
- /// 0x26000081
- BcdOSLoaderBoolean_SafeBootAlternateShell = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 129),
- ///
- /// Indicates whether the system should write logging information to %SystemRoot%\Ntbtlog.txt during initialization.
- ///
- /// 0x26000090
- BcdOSLoaderBoolean_BootLogInitialization = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 144),
- ///
- /// Indicates whether the system should display verbose information.
- ///
- /// 0x26000091
- BcdOSLoaderBoolean_VerboseObjectLoadMode = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 145),
- ///
- /// Indicates whether the kernel debugger should be enabled using the settings in the inherited debugger object.
- ///
- /// 0x260000A0
- BcdOSLoaderBoolean_KernelDebuggerEnabled = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 160),
- ///
- /// Indicates whether the HAL should call DbgBreakPoint at the start of HalInitSystem for phase 0 initialization of the kernel.
- ///
- /// 0x260000A1
- BcdOSLoaderBoolean_DebuggerHalBreakpoint = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 161),
- ///
- /// Forces the use of the platform clock as the system's performance counter.
- ///
- /// 0x260000A2
- BcdOSLoaderBoolean_UsePlatformClock = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 162),
- ///
- /// Forces the OS to assume the presence of legacy PC devices like CMOS and keyboard controllers.
- /// This value should only be used for debugging.
- ///
- /// 0x260000A3
- BcdOSLoaderBoolean_ForceLegacyPlatform = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 163),
- ///
- ///
- ///
- /// 0x260000A4
- BcdOSLoaderBoolean_UsePlatformTick = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 164),
- ///
- ///
- ///
- /// 0x260000A5
- BcdOSLoaderBoolean_DisableDynamicTick = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 165),
- ///
- /// Controls the TSC synchronization policy. Possible values include default (0), legacy (1), or enhanced (2).
- /// This value is supported starting in Windows 8 and Windows Server 2012.
- ///
- /// 0x250000A6
- BcdOSLoaderInteger_TscSyncPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 166),
- ///
- /// Indicates whether EMS should be enabled in the kernel.
- ///
- /// 0x260000B0
- BcdOSLoaderBoolean_EmsEnabled = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 176),
- ///
- ///
- ///
- /// 0x250000C0
- BcdOSLoaderInteger_ForceFailure = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 192),
- ///
- /// Indicates the driver load failure policy. Zero (0) indicates that a failed driver load is fatal and the boot will not continue,
- /// one (1) indicates that the standard error control is used.
- ///
- /// 0x250000C1
- BcdOSLoaderInteger_DriverLoadFailurePolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 193),
- ///
- /// Defines the type of boot menus the system will use. Possible values include menupolicylegacy (0) or menupolicystandard (1).
- /// The default value is menupolicylegacy (0).
- ///
- /// 0x250000C2
- BcdOSLoaderInteger_BootMenuPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 194),
- ///
- /// Controls whether the system boots to the legacy menu (F8 menu) on the next boot.
- /// Note This value is supported starting in Windows 8 and Windows Server 2012.
- ///
- /// 0x260000C3
- BcdOSLoaderBoolean_AdvancedOptionsOneTime = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 195),
- ///
- ///
- ///
- /// 0x260000C4
- BcdOSLoaderBoolean_OptionsEditOneTime = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 196),
- ///
- /// The boot status policy. The Integer property is one of the values from the BcdOSLoaderBootStatusPolicy enumeration
- ///
- /// 0x250000E0
- BcdOSLoaderInteger_BootStatusPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 224),
- ///
- /// The OS loader removes this entry for security reasons. This option can only be triggered by using the F8 menu; a user must be physically present to trigger this option.
- /// This value is supported starting in Windows 8 and Windows Server 2012.
- ///
- /// 0x260000E1
- BcdOSLoaderBoolean_DisableElamDrivers = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 225),
- ///
- /// Controls the hypervisor launch type. Options are HyperVisorLaunchOff (0) and HypervisorLaunchAuto (1).
- ///
- /// 0x250000F0
- BcdOSLoaderInteger_HypervisorLaunchType = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 240),
- ///
- ///
- ///
- /// 0x250000F1
- BcdOSLoaderString_HypervisorPath = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 241),
- ///
- /// Controls whether the hypervisor debugger is enabled.
- ///
- /// 0x260000F2
- BcdOSLoaderBoolean_HypervisorDebuggerEnabled = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 242),
- ///
- /// Controls the hypervisor debugger type. Can be set to SERIAL (0), 1394 (1), or NET (2).
- ///
- /// 0x250000F3
- BcdOSLoaderInteger_HypervisorDebuggerType = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 243),
- ///
- /// Specifies the serial port number for serial debugging.
- ///
- /// 0x250000F4
- BcdOSLoaderInteger_HypervisorDebuggerPortNumber = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 244),
- ///
- /// Specifies the baud rate for serial debugging.
- ///
- /// 0x250000F5
- BcdOSLoaderInteger_HypervisorDebuggerBaudrate = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 245),
- ///
- /// Specifies the channel number for 1394 debugging.
- ///
- /// 0x250000F6
- BcdOSLoaderInteger_HypervisorDebugger1394Channel = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 246),
- ///
- /// Values are Disabled (0), Basic (1), and Standard (2).
- ///
- /// 0x250000F7
- BcdOSLoaderInteger_BootUxPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 247),
- ///
- ///
- ///
- /// 0x220000F8
- BcdOSLoaderInteger_HypervisorSlatDisabled = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 248),
- ///
- /// Defines the PCI bus, device, and function numbers of the debugging device used with the hypervisor.
- /// For example, 1.5.0 describes the debugging device on bus 1, device 5, function 0.
- ///
- /// 0x220000F9
- BcdOSLoaderString_HypervisorDebuggerBusParams = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 249),
- ///
- ///
- ///
- /// 0x250000FA
- BcdOSLoaderInteger_HypervisorNumProc = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 250),
- ///
- ///
- ///
- /// 0x250000FB
- BcdOSLoaderInteger_HypervisorRootProcPerNode = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 251),
- ///
- ///
- ///
- /// 0x260000FC
- BcdOSLoaderBoolean_HypervisorUseLargeVTlb = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 252),
- ///
- ///
- ///
- /// 0x250000FD
- BcdOSLoaderInteger_HypervisorDebuggerNetHostIp = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 253),
- ///
- ///
- ///
- /// 0x250000FE
- BcdOSLoaderInteger_HypervisorDebuggerNetHostPort = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 254),
- ///
- ///
- ///
- /// 0x250000FF
- BcdOSLoaderInteger_HypervisorDebuggerPages = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 255),
- ///
- ///
- ///
- /// 0x25000100
- BcdOSLoaderInteger_TpmBootEntropyPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 256),
- ///
- ///
- ///
- /// 0x22000110
- BcdOSLoaderString_HypervisorDebuggerNetKey = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 272),
- ///
- ///
- ///
- /// 0x22000112
- BcdOSLoaderString_HypervisorProductSkuType = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 274),
- ///
- ///
- ///
- /// 0x22000113
- BcdOSLoaderInteger_HypervisorRootProc = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 275),
- ///
- ///
- ///
- /// 0x26000114
- BcdOSLoaderBoolean_HypervisorDebuggerNetDhcp = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 276),
- ///
- ///
- ///
- /// 0x25000115
- BcdOSLoaderInteger_HypervisorIommuPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 277),
- ///
- ///
- ///
- /// 0x26000116
- BcdOSLoaderBoolean_HypervisorUseVApic = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 278),
- ///
- ///
- ///
- /// 0x22000117
- BcdOSLoaderString_HypervisorLoadOptions = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 279),
- ///
- ///
- ///
- /// 0x25000118
- BcdOSLoaderInteger_HypervisorMsrFilterPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 280),
- ///
- ///
- ///
- /// 0x25000119
- BcdOSLoaderInteger_HypervisorMmioNxPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 281),
- ///
- ///
- ///
- /// 0x2500011A
- BcdOSLoaderInteger_HypervisorSchedulerType = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 282),
- ///
- ///
- ///
- /// 0x2200011B
- BcdOSLoaderString_HypervisorRootProcNumaNodes = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 283),
- ///
- ///
- ///
- /// 0x2500011C
- BcdOSLoaderInteger_HypervisorPerfmon = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 284),
- ///
- ///
- ///
- /// 0x2500011D
- BcdOSLoaderInteger_HypervisorRootProcPerCore = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 285),
- ///
- ///
- ///
- /// 0x2200011E
- BcdOSLoaderString_HypervisorRootProcNumaNodeLps = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 286),
- ///
- ///
- ///
- /// 0x25000120
- BcdOSLoaderInteger_XSavePolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 288),
- ///
- ///
- ///
- /// 0x25000121
- BcdOSLoaderInteger_XSaveAddFeature0 = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 289),
- ///
- ///
- ///
- /// 0x25000122
- BcdOSLoaderInteger_XSaveAddFeature1 = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 290),
- ///
- ///
- ///
- /// 0x25000123
- BcdOSLoaderInteger_XSaveAddFeature2 = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 291),
- ///
- ///
- ///
- /// 0x25000124
- BcdOSLoaderInteger_XSaveAddFeature3 = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 292),
- ///
- ///
- ///
- /// 0x25000125
- BcdOSLoaderInteger_XSaveAddFeature4 = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 293),
- ///
- ///
- ///
- /// 0x25000126
- BcdOSLoaderInteger_XSaveAddFeature5 = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 294),
- ///
- ///
- ///
- /// 0x25000127
- BcdOSLoaderInteger_XSaveAddFeature6 = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 295),
- ///
- ///
- ///
- /// 0x25000128
- BcdOSLoaderInteger_XSaveAddFeature7 = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 296),
- ///
- ///
- ///
- /// 0x25000129
- BcdOSLoaderInteger_XSaveRemoveFeature = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 297),
- ///
- ///
- ///
- /// 0x2500012A
- BcdOSLoaderInteger_XSaveProcessorsMask = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 298),
- ///
- ///
- ///
- /// 0x2500012B
- BcdOSLoaderInteger_XSaveDisable = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 299),
- ///
- ///
- ///
- /// 0x2500012C
- BcdOSLoaderInteger_KernelDebuggerType = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 300),
- ///
- ///
- ///
- /// 0x2200012D
- BcdOSLoaderString_KernelDebuggerBusParameters = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 301),
- ///
- ///
- ///
- /// 0x2500012E
- BcdOSLoaderInteger_KernelDebuggerPortAddress = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 302),
- ///
- ///
- ///
- /// 0x2500012F
- BcdOSLoaderInteger_KernelDebuggerPortNumber = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 303),
- ///
- ///
- ///
- /// 0x25000130
- BcdOSLoaderInteger_ClaimedTpmCounter = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 304),
- ///
- ///
- ///
- /// 0x25000131
- BcdOSLoaderInteger_KernelDebugger1394Channel = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 305),
- ///
- ///
- ///
- /// 0x22000132
- BcdOSLoaderString_KernelDebuggerUsbTargetname = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 306),
- ///
- ///
- ///
- /// 0x25000133
- BcdOSLoaderInteger_KernelDebuggerNetHostIp = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 307),
- ///
- ///
- ///
- /// 0x25000134
- BcdOSLoaderInteger_KernelDebuggerNetHostPort = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 308),
- ///
- ///
- ///
- /// 0x26000135
- BcdOSLoaderBoolean_KernelDebuggerNetDhcp = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 309),
- ///
- ///
- ///
- /// 0x22000136
- BcdOSLoaderString_KernelDebuggerNetKey = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 310),
- ///
- ///
- ///
- /// 0x22000137
- BcdOSLoaderString_IMCHiveName = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 311),
- ///
- ///
- ///
- /// 0x21000138
- BcdOSLoaderDevice_IMCDevice = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_DEVICE, 312),
- ///
- ///
- ///
- /// 0x25000139
- BcdOSLoaderInteger_KernelDebuggerBaudrate = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 313),
- ///
- ///
- ///
- /// 0x22000140
- BcdOSLoaderString_ManufacturingMode = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 320),
- ///
- ///
- ///
- /// 0x26000141
- BcdOSLoaderBoolean_EventLoggingEnabled = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 321),
- ///
- ///
- ///
- /// 0x25000142
- BcdOSLoaderInteger_VsmLaunchType = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 322),
- ///
- /// Undocumented. Zero (0) indicates default, one (1) indicates that disabled and two (2) indicates strict mode.
- ///
- /// 0x25000144
- BcdOSLoaderInteger_HypervisorEnforcedCodeIntegrity = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 324),
- ///
- ///
- ///
- /// 0x26000145
- BcdOSLoaderBoolean_DtraceEnabled = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 325),
- ///
- ///
- ///
- /// 0x21000150
- BcdOSLoaderDevice_SystemDataDevice = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_DEVICE, 336),
- ///
- ///
- ///
- /// 0x21000151
- BcdOSLoaderDevice_OsArcDevice = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_DEVICE, 337),
- ///
- ///
- ///
- /// 0x21000153
- BcdOSLoaderDevice_OsDataDevice = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_DEVICE, 339),
- ///
- ///
- ///
- /// 0x21000154
- BcdOSLoaderDevice_BspDevice = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_DEVICE, 340),
- ///
- ///
- ///
- /// 0x21000155
- BcdOSLoaderDevice_BspFilepath = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_DEVICE, 341),
- ///
- ///
- ///
- /// 0x22000156
- BcdOSLoaderString_KernelDebuggerNetHostIpv6 = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 342),
- ///
- ///
- ///
- /// 0x22000161
- BcdOSLoaderString_HypervisorDebuggerNetHostIpv6 = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 353),
-} BcdOSLoaderElementTypes;
-
-#endif
diff --git a/deps/phnt-nightly/ntdbg.h b/deps/phnt-nightly/ntdbg.h
deleted file mode 100644
index 1ecc3fc..0000000
--- a/deps/phnt-nightly/ntdbg.h
+++ /dev/null
@@ -1,380 +0,0 @@
-/*
- * Debugger support functions
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTDBG_H
-#define _NTDBG_H
-
-// Debugging
-
-NTSYSAPI
-VOID
-NTAPI
-DbgUserBreakPoint(
- VOID
- );
-
-NTSYSAPI
-VOID
-NTAPI
-DbgBreakPoint(
- VOID
- );
-
-NTSYSAPI
-VOID
-NTAPI
-DbgBreakPointWithStatus(
- _In_ ULONG Status
- );
-
-#define DBG_STATUS_CONTROL_C 1
-#define DBG_STATUS_SYSRQ 2
-#define DBG_STATUS_BUGCHECK_FIRST 3
-#define DBG_STATUS_BUGCHECK_SECOND 4
-#define DBG_STATUS_FATAL 5
-#define DBG_STATUS_DEBUG_CONTROL 6
-#define DBG_STATUS_WORKER 7
-
-NTSYSAPI
-ULONG
-STDAPIVCALLTYPE
-DbgPrint(
- _In_z_ _Printf_format_string_ PCSTR Format,
- ...
- );
-
-NTSYSAPI
-ULONG
-STDAPIVCALLTYPE
-DbgPrintEx(
- _In_ ULONG ComponentId,
- _In_ ULONG Level,
- _In_z_ _Printf_format_string_ PCSTR Format,
- ...
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-vDbgPrintEx(
- _In_ ULONG ComponentId,
- _In_ ULONG Level,
- _In_z_ PCCH Format,
- _In_ va_list arglist
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-vDbgPrintExWithPrefix(
- _In_z_ PCCH Prefix,
- _In_ ULONG ComponentId,
- _In_ ULONG Level,
- _In_z_ PCCH Format,
- _In_ va_list arglist
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-DbgQueryDebugFilterState(
- _In_ ULONG ComponentId,
- _In_ ULONG Level
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-DbgSetDebugFilterState(
- _In_ ULONG ComponentId,
- _In_ ULONG Level,
- _In_ BOOLEAN State
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-DbgPrompt(
- _In_ PCCH Prompt,
- _Out_writes_bytes_(Length) PCH Response,
- _In_ ULONG Length
- );
-
-// Definitions
-
-typedef struct _DBGKM_EXCEPTION
-{
- EXCEPTION_RECORD ExceptionRecord;
- ULONG FirstChance;
-} DBGKM_EXCEPTION, *PDBGKM_EXCEPTION;
-
-typedef struct _DBGKM_CREATE_THREAD
-{
- ULONG SubSystemKey;
- PVOID StartAddress;
-} DBGKM_CREATE_THREAD, *PDBGKM_CREATE_THREAD;
-
-typedef struct _DBGKM_CREATE_PROCESS
-{
- ULONG SubSystemKey;
- HANDLE FileHandle;
- PVOID BaseOfImage;
- ULONG DebugInfoFileOffset;
- ULONG DebugInfoSize;
- DBGKM_CREATE_THREAD InitialThread;
-} DBGKM_CREATE_PROCESS, *PDBGKM_CREATE_PROCESS;
-
-typedef struct _DBGKM_EXIT_THREAD
-{
- NTSTATUS ExitStatus;
-} DBGKM_EXIT_THREAD, *PDBGKM_EXIT_THREAD;
-
-typedef struct _DBGKM_EXIT_PROCESS
-{
- NTSTATUS ExitStatus;
-} DBGKM_EXIT_PROCESS, *PDBGKM_EXIT_PROCESS;
-
-typedef struct _DBGKM_LOAD_DLL
-{
- HANDLE FileHandle;
- PVOID BaseOfDll;
- ULONG DebugInfoFileOffset;
- ULONG DebugInfoSize;
- PVOID NamePointer;
-} DBGKM_LOAD_DLL, *PDBGKM_LOAD_DLL;
-
-typedef struct _DBGKM_UNLOAD_DLL
-{
- PVOID BaseAddress;
-} DBGKM_UNLOAD_DLL, *PDBGKM_UNLOAD_DLL;
-
-typedef enum _DBG_STATE
-{
- DbgIdle,
- DbgReplyPending,
- DbgCreateThreadStateChange,
- DbgCreateProcessStateChange,
- DbgExitThreadStateChange,
- DbgExitProcessStateChange,
- DbgExceptionStateChange,
- DbgBreakpointStateChange,
- DbgSingleStepStateChange,
- DbgLoadDllStateChange,
- DbgUnloadDllStateChange
-} DBG_STATE, *PDBG_STATE;
-
-typedef struct _DBGUI_CREATE_THREAD
-{
- HANDLE HandleToThread;
- DBGKM_CREATE_THREAD NewThread;
-} DBGUI_CREATE_THREAD, *PDBGUI_CREATE_THREAD;
-
-typedef struct _DBGUI_CREATE_PROCESS
-{
- HANDLE HandleToProcess;
- HANDLE HandleToThread;
- DBGKM_CREATE_PROCESS NewProcess;
-} DBGUI_CREATE_PROCESS, *PDBGUI_CREATE_PROCESS;
-
-typedef struct _DBGUI_WAIT_STATE_CHANGE
-{
- DBG_STATE NewState;
- CLIENT_ID AppClientId;
- union
- {
- DBGKM_EXCEPTION Exception;
- DBGUI_CREATE_THREAD CreateThread;
- DBGUI_CREATE_PROCESS CreateProcessInfo;
- DBGKM_EXIT_THREAD ExitThread;
- DBGKM_EXIT_PROCESS ExitProcess;
- DBGKM_LOAD_DLL LoadDll;
- DBGKM_UNLOAD_DLL UnloadDll;
- } StateInfo;
-} DBGUI_WAIT_STATE_CHANGE, *PDBGUI_WAIT_STATE_CHANGE;
-
-#define DEBUG_READ_EVENT 0x0001
-#define DEBUG_PROCESS_ASSIGN 0x0002
-#define DEBUG_SET_INFORMATION 0x0004
-#define DEBUG_QUERY_INFORMATION 0x0008
-#define DEBUG_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
- DEBUG_READ_EVENT | DEBUG_PROCESS_ASSIGN | DEBUG_SET_INFORMATION | \
- DEBUG_QUERY_INFORMATION)
-
-#define DEBUG_KILL_ON_CLOSE 0x1
-
-typedef enum _DEBUGOBJECTINFOCLASS
-{
- DebugObjectUnusedInformation,
- DebugObjectKillProcessOnExitInformation, // s: ULONG
- MaxDebugObjectInfoClass
-} DEBUGOBJECTINFOCLASS, *PDEBUGOBJECTINFOCLASS;
-
-// System calls
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateDebugObject(
- _Out_ PHANDLE DebugObjectHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ ULONG Flags
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtDebugActiveProcess(
- _In_ HANDLE ProcessHandle,
- _In_ HANDLE DebugObjectHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtDebugContinue(
- _In_ HANDLE DebugObjectHandle,
- _In_ PCLIENT_ID ClientId,
- _In_ NTSTATUS ContinueStatus
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtRemoveProcessDebug(
- _In_ HANDLE ProcessHandle,
- _In_ HANDLE DebugObjectHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetInformationDebugObject(
- _In_ HANDLE DebugObjectHandle,
- _In_ DEBUGOBJECTINFOCLASS DebugObjectInformationClass,
- _In_ PVOID DebugInformation,
- _In_ ULONG DebugInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtWaitForDebugEvent(
- _In_ HANDLE DebugObjectHandle,
- _In_ BOOLEAN Alertable,
- _In_opt_ PLARGE_INTEGER Timeout,
- _Out_ PDBGUI_WAIT_STATE_CHANGE WaitStateChange
- );
-
-// Debugging UI
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-DbgUiConnectToDbg(
- VOID
- );
-
-NTSYSAPI
-HANDLE
-NTAPI
-DbgUiGetThreadDebugObject(
- VOID
- );
-
-NTSYSAPI
-VOID
-NTAPI
-DbgUiSetThreadDebugObject(
- _In_ HANDLE DebugObject
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-DbgUiWaitStateChange(
- _Out_ PDBGUI_WAIT_STATE_CHANGE StateChange,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-DbgUiContinue(
- _In_ PCLIENT_ID AppClientId,
- _In_ NTSTATUS ContinueStatus
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-DbgUiStopDebugging(
- _In_ HANDLE Process
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-DbgUiDebugActiveProcess(
- _In_ HANDLE Process
- );
-
-NTSYSAPI
-VOID
-NTAPI
-DbgUiRemoteBreakin(
- _In_ PVOID Context
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-DbgUiIssueRemoteBreakin(
- _In_ HANDLE Process
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-DbgUiConvertStateChangeStructure(
- _In_ PDBGUI_WAIT_STATE_CHANGE StateChange,
- _Out_ LPDEBUG_EVENT DebugEvent
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-DbgUiConvertStateChangeStructureEx(
- _In_ PDBGUI_WAIT_STATE_CHANGE StateChange,
- _Out_ LPDEBUG_EVENT DebugEvent
- );
-
-typedef struct _EVENT_FILTER_DESCRIPTOR *PEVENT_FILTER_DESCRIPTOR;
-
-typedef VOID (NTAPI *PENABLECALLBACK)(
- _In_ LPCGUID SourceId,
- _In_ ULONG IsEnabled,
- _In_ UCHAR Level,
- _In_ ULONGLONG MatchAnyKeyword,
- _In_ ULONGLONG MatchAllKeyword,
- _In_opt_ PEVENT_FILTER_DESCRIPTOR FilterData,
- _Inout_opt_ PVOID CallbackContext
- );
-
-typedef ULONGLONG REGHANDLE, *PREGHANDLE;
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-EtwEventRegister(
- _In_ LPCGUID ProviderId,
- _In_opt_ PENABLECALLBACK EnableCallback,
- _In_opt_ PVOID CallbackContext,
- _Out_ PREGHANDLE RegHandle
- );
-
-#endif
diff --git a/deps/phnt-nightly/ntexapi.h b/deps/phnt-nightly/ntexapi.h
deleted file mode 100644
index 96b74fb..0000000
--- a/deps/phnt-nightly/ntexapi.h
+++ /dev/null
@@ -1,7096 +0,0 @@
-/*
- * Executive support library functions
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTEXAPI_H
-#define _NTEXAPI_H
-
-#include
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-// Thread execution
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtDelayExecution(
- _In_ BOOLEAN Alertable,
- _In_ PLARGE_INTEGER DelayInterval
- );
-
-// Environment values
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQuerySystemEnvironmentValue(
- _In_ PUNICODE_STRING VariableName,
- _Out_writes_bytes_(ValueLength) PWSTR VariableValue,
- _In_ USHORT ValueLength,
- _Out_opt_ PUSHORT ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetSystemEnvironmentValue(
- _In_ PUNICODE_STRING VariableName,
- _In_ PUNICODE_STRING VariableValue
- );
-
-#define EFI_VARIABLE_NON_VOLATILE 0x00000001
-#define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x00000002
-#define EFI_VARIABLE_RUNTIME_ACCESS 0x00000004
-#define EFI_VARIABLE_HARDWARE_ERROR_RECORD 0x00000008
-#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010
-#define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS 0x00000020
-#define EFI_VARIABLE_APPEND_WRITE 0x00000040
-#define EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS 0x00000080
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQuerySystemEnvironmentValueEx(
- _In_ PUNICODE_STRING VariableName,
- _In_ PCGUID VendorGuid,
- _Out_writes_bytes_opt_(*ValueLength) PVOID Value,
- _Inout_ PULONG ValueLength,
- _Out_opt_ PULONG Attributes // EFI_VARIABLE_*
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetSystemEnvironmentValueEx(
- _In_ PUNICODE_STRING VariableName,
- _In_ PCGUID VendorGuid,
- _In_reads_bytes_opt_(ValueLength) PVOID Value,
- _In_ ULONG ValueLength, // 0 = delete variable
- _In_ ULONG Attributes // EFI_VARIABLE_*
- );
-
-typedef enum _SYSTEM_ENVIRONMENT_INFORMATION_CLASS
-{
- SystemEnvironmentNameInformation = 1, // q: VARIABLE_NAME
- SystemEnvironmentValueInformation = 2, // q: VARIABLE_NAME_AND_VALUE
- MaxSystemEnvironmentInfoClass
-} SYSTEM_ENVIRONMENT_INFORMATION_CLASS;
-
-typedef struct _VARIABLE_NAME
-{
- ULONG NextEntryOffset;
- GUID VendorGuid;
- WCHAR Name[ANYSIZE_ARRAY];
-} VARIABLE_NAME, *PVARIABLE_NAME;
-
-typedef struct _VARIABLE_NAME_AND_VALUE
-{
- ULONG NextEntryOffset;
- ULONG ValueOffset;
- ULONG ValueLength;
- ULONG Attributes;
- GUID VendorGuid;
- WCHAR Name[ANYSIZE_ARRAY];
- //BYTE Value[ANYSIZE_ARRAY];
-} VARIABLE_NAME_AND_VALUE, *PVARIABLE_NAME_AND_VALUE;
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtEnumerateSystemEnvironmentValuesEx(
- _In_ ULONG InformationClass, // SYSTEM_ENVIRONMENT_INFORMATION_CLASS
- _Out_ PVOID Buffer,
- _Inout_ PULONG BufferLength
- );
-
-// EFI
-
-// private
-typedef struct _BOOT_ENTRY
-{
- ULONG Version;
- ULONG Length;
- ULONG Id;
- ULONG Attributes;
- ULONG FriendlyNameOffset;
- ULONG BootFilePathOffset;
- ULONG OsOptionsLength;
- _Field_size_bytes_(OsOptionsLength) UCHAR OsOptions[1];
-} BOOT_ENTRY, *PBOOT_ENTRY;
-
-// private
-typedef struct _BOOT_ENTRY_LIST
-{
- ULONG NextEntryOffset;
- BOOT_ENTRY BootEntry;
-} BOOT_ENTRY_LIST, *PBOOT_ENTRY_LIST;
-
-// private
-typedef struct _BOOT_OPTIONS
-{
- ULONG Version;
- ULONG Length;
- ULONG Timeout;
- ULONG CurrentBootEntryId;
- ULONG NextBootEntryId;
- WCHAR HeadlessRedirection[1];
-} BOOT_OPTIONS, *PBOOT_OPTIONS;
-
-// private
-typedef struct _FILE_PATH
-{
- ULONG Version;
- ULONG Length;
- ULONG Type;
- _Field_size_bytes_(Length) UCHAR FilePath[1];
-} FILE_PATH, *PFILE_PATH;
-
-// private
-typedef struct _EFI_DRIVER_ENTRY
-{
- ULONG Version;
- ULONG Length;
- ULONG Id;
- ULONG FriendlyNameOffset;
- ULONG DriverFilePathOffset;
-} EFI_DRIVER_ENTRY, *PEFI_DRIVER_ENTRY;
-
-// private
-typedef struct _EFI_DRIVER_ENTRY_LIST
-{
- ULONG NextEntryOffset;
- EFI_DRIVER_ENTRY DriverEntry;
-} EFI_DRIVER_ENTRY_LIST, *PEFI_DRIVER_ENTRY_LIST;
-
-#if (PHNT_VERSION >= PHNT_WINXP)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAddBootEntry(
- _In_ PBOOT_ENTRY BootEntry,
- _Out_opt_ PULONG Id
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtDeleteBootEntry(
- _In_ ULONG Id
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtModifyBootEntry(
- _In_ PBOOT_ENTRY BootEntry
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtEnumerateBootEntries(
- _Out_writes_bytes_opt_(*BufferLength) PVOID Buffer,
- _Inout_ PULONG BufferLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryBootEntryOrder(
- _Out_writes_opt_(*Count) PULONG Ids,
- _Inout_ PULONG Count
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetBootEntryOrder(
- _In_reads_(Count) PULONG Ids,
- _In_ ULONG Count
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryBootOptions(
- _Out_writes_bytes_opt_(*BootOptionsLength) PBOOT_OPTIONS BootOptions,
- _Inout_ PULONG BootOptionsLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetBootOptions(
- _In_ PBOOT_OPTIONS BootOptions,
- _In_ ULONG FieldsToChange
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtTranslateFilePath(
- _In_ PFILE_PATH InputFilePath,
- _In_ ULONG OutputType,
- _Out_writes_bytes_opt_(*OutputFilePathLength) PFILE_PATH OutputFilePath,
- _Inout_opt_ PULONG OutputFilePathLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAddDriverEntry(
- _In_ PEFI_DRIVER_ENTRY DriverEntry,
- _Out_opt_ PULONG Id
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtDeleteDriverEntry(
- _In_ ULONG Id
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtModifyDriverEntry(
- _In_ PEFI_DRIVER_ENTRY DriverEntry
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtEnumerateDriverEntries(
- _Out_writes_bytes_opt_(*BufferLength) PVOID Buffer,
- _Inout_ PULONG BufferLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryDriverEntryOrder(
- _Out_writes_opt_(*Count) PULONG Ids,
- _Inout_ PULONG Count
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetDriverEntryOrder(
- _In_reads_(Count) PULONG Ids,
- _In_ ULONG Count
- );
-
-#endif
-
-typedef enum _FILTER_BOOT_OPTION_OPERATION
-{
- FilterBootOptionOperationOpenSystemStore,
- FilterBootOptionOperationSetElement,
- FilterBootOptionOperationDeleteElement,
- FilterBootOptionOperationMax
-} FILTER_BOOT_OPTION_OPERATION;
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtFilterBootOption(
- _In_ FILTER_BOOT_OPTION_OPERATION FilterOperation,
- _In_ ULONG ObjectType,
- _In_ ULONG ElementType,
- _In_reads_bytes_opt_(DataSize) PVOID Data,
- _In_ ULONG DataSize
- );
-
-#endif
-
-// Event
-
-#ifndef EVENT_QUERY_STATE
-#define EVENT_QUERY_STATE 0x0001
-#endif
-
-#ifndef EVENT_MODIFY_STATE
-#define EVENT_MODIFY_STATE 0x0002
-#endif
-
-#ifndef EVENT_ALL_ACCESS
-#define EVENT_ALL_ACCESS (EVENT_QUERY_STATE|EVENT_MODIFY_STATE|STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE)
-#endif
-
-typedef enum _EVENT_INFORMATION_CLASS
-{
- EventBasicInformation
-} EVENT_INFORMATION_CLASS;
-
-typedef struct _EVENT_BASIC_INFORMATION
-{
- EVENT_TYPE EventType;
- LONG EventState;
-} EVENT_BASIC_INFORMATION, *PEVENT_BASIC_INFORMATION;
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateEvent(
- _Out_ PHANDLE EventHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ EVENT_TYPE EventType,
- _In_ BOOLEAN InitialState
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenEvent(
- _Out_ PHANDLE EventHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetEvent(
- _In_ HANDLE EventHandle,
- _Out_opt_ PLONG PreviousState
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetEventBoostPriority(
- _In_ HANDLE EventHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtClearEvent(
- _In_ HANDLE EventHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtResetEvent(
- _In_ HANDLE EventHandle,
- _Out_opt_ PLONG PreviousState
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtPulseEvent(
- _In_ HANDLE EventHandle,
- _Out_opt_ PLONG PreviousState
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryEvent(
- _In_ HANDLE EventHandle,
- _In_ EVENT_INFORMATION_CLASS EventInformationClass,
- _Out_writes_bytes_(EventInformationLength) PVOID EventInformation,
- _In_ ULONG EventInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-// Event Pair
-
-#define EVENT_PAIR_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateEventPair(
- _Out_ PHANDLE EventPairHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenEventPair(
- _Out_ PHANDLE EventPairHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetLowEventPair(
- _In_ HANDLE EventPairHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetHighEventPair(
- _In_ HANDLE EventPairHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtWaitLowEventPair(
- _In_ HANDLE EventPairHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtWaitHighEventPair(
- _In_ HANDLE EventPairHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetLowWaitHighEventPair(
- _In_ HANDLE EventPairHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetHighWaitLowEventPair(
- _In_ HANDLE EventPairHandle
- );
-
-// Mutant
-
-#ifndef MUTANT_QUERY_STATE
-#define MUTANT_QUERY_STATE 0x0001
-#endif
-
-#ifndef MUTANT_ALL_ACCESS
-#define MUTANT_ALL_ACCESS (MUTANT_QUERY_STATE|STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE)
-#endif
-
-typedef enum _MUTANT_INFORMATION_CLASS
-{
- MutantBasicInformation, // MUTANT_BASIC_INFORMATION
- MutantOwnerInformation // MUTANT_OWNER_INFORMATION
-} MUTANT_INFORMATION_CLASS;
-
-typedef struct _MUTANT_BASIC_INFORMATION
-{
- LONG CurrentCount;
- BOOLEAN OwnedByCaller;
- BOOLEAN AbandonedState;
-} MUTANT_BASIC_INFORMATION, *PMUTANT_BASIC_INFORMATION;
-
-typedef struct _MUTANT_OWNER_INFORMATION
-{
- CLIENT_ID ClientId;
-} MUTANT_OWNER_INFORMATION, *PMUTANT_OWNER_INFORMATION;
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateMutant(
- _Out_ PHANDLE MutantHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ BOOLEAN InitialOwner
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenMutant(
- _Out_ PHANDLE MutantHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtReleaseMutant(
- _In_ HANDLE MutantHandle,
- _Out_opt_ PLONG PreviousCount
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryMutant(
- _In_ HANDLE MutantHandle,
- _In_ MUTANT_INFORMATION_CLASS MutantInformationClass,
- _Out_writes_bytes_(MutantInformationLength) PVOID MutantInformation,
- _In_ ULONG MutantInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-// Semaphore
-
-#ifndef SEMAPHORE_QUERY_STATE
-#define SEMAPHORE_QUERY_STATE 0x0001
-#endif
-
-#ifndef SEMAPHORE_MODIFY_STATE
-#define SEMAPHORE_MODIFY_STATE 0x0002
-#endif
-
-#ifndef SEMAPHORE_ALL_ACCESS
-#define SEMAPHORE_ALL_ACCESS (SEMAPHORE_QUERY_STATE|SEMAPHORE_MODIFY_STATE|STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE)
-#endif
-
-typedef enum _SEMAPHORE_INFORMATION_CLASS
-{
- SemaphoreBasicInformation
-} SEMAPHORE_INFORMATION_CLASS;
-
-typedef struct _SEMAPHORE_BASIC_INFORMATION
-{
- LONG CurrentCount;
- LONG MaximumCount;
-} SEMAPHORE_BASIC_INFORMATION, *PSEMAPHORE_BASIC_INFORMATION;
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateSemaphore(
- _Out_ PHANDLE SemaphoreHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ LONG InitialCount,
- _In_ LONG MaximumCount
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenSemaphore(
- _Out_ PHANDLE SemaphoreHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtReleaseSemaphore(
- _In_ HANDLE SemaphoreHandle,
- _In_ LONG ReleaseCount,
- _Out_opt_ PLONG PreviousCount
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQuerySemaphore(
- _In_ HANDLE SemaphoreHandle,
- _In_ SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass,
- _Out_writes_bytes_(SemaphoreInformationLength) PVOID SemaphoreInformation,
- _In_ ULONG SemaphoreInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-// Timer
-
-#ifndef TIMER_QUERY_STATE
-#define TIMER_QUERY_STATE 0x0001
-#endif
-
-#ifndef TIMER_MODIFY_STATE
-#define TIMER_MODIFY_STATE 0x0002
-#endif
-
-#ifndef TIMER_ALL_ACCESS
-#define TIMER_ALL_ACCESS (TIMER_QUERY_STATE|TIMER_MODIFY_STATE|STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE)
-#endif
-
-typedef enum _TIMER_INFORMATION_CLASS
-{
- TimerBasicInformation // TIMER_BASIC_INFORMATION
-} TIMER_INFORMATION_CLASS;
-
-typedef struct _TIMER_BASIC_INFORMATION
-{
- LARGE_INTEGER RemainingTime;
- BOOLEAN TimerState;
-} TIMER_BASIC_INFORMATION, *PTIMER_BASIC_INFORMATION;
-
-typedef VOID (NTAPI *PTIMER_APC_ROUTINE)(
- _In_ PVOID TimerContext,
- _In_ ULONG TimerLowValue,
- _In_ LONG TimerHighValue
- );
-
-typedef enum _TIMER_SET_INFORMATION_CLASS
-{
- TimerSetCoalescableTimer, // TIMER_SET_COALESCABLE_TIMER_INFO
- MaxTimerInfoClass
-} TIMER_SET_INFORMATION_CLASS;
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-typedef struct _COUNTED_REASON_CONTEXT *PCOUNTED_REASON_CONTEXT;
-
-typedef struct _TIMER_SET_COALESCABLE_TIMER_INFO
-{
- _In_ LARGE_INTEGER DueTime;
- _In_opt_ PTIMER_APC_ROUTINE TimerApcRoutine;
- _In_opt_ PVOID TimerContext;
- _In_opt_ PCOUNTED_REASON_CONTEXT WakeContext;
- _In_opt_ ULONG Period;
- _In_ ULONG TolerableDelay;
- _Out_opt_ PBOOLEAN PreviousState;
-} TIMER_SET_COALESCABLE_TIMER_INFO, *PTIMER_SET_COALESCABLE_TIMER_INFO;
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateTimer(
- _Out_ PHANDLE TimerHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ TIMER_TYPE TimerType
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenTimer(
- _Out_ PHANDLE TimerHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetTimer(
- _In_ HANDLE TimerHandle,
- _In_ PLARGE_INTEGER DueTime,
- _In_opt_ PTIMER_APC_ROUTINE TimerApcRoutine,
- _In_opt_ PVOID TimerContext,
- _In_ BOOLEAN ResumeTimer,
- _In_opt_ LONG Period,
- _Out_opt_ PBOOLEAN PreviousState
- );
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetTimerEx(
- _In_ HANDLE TimerHandle,
- _In_ TIMER_SET_INFORMATION_CLASS TimerSetInformationClass,
- _Inout_updates_bytes_opt_(TimerSetInformationLength) PVOID TimerSetInformation,
- _In_ ULONG TimerSetInformationLength
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCancelTimer(
- _In_ HANDLE TimerHandle,
- _Out_opt_ PBOOLEAN CurrentState
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryTimer(
- _In_ HANDLE TimerHandle,
- _In_ TIMER_INFORMATION_CLASS TimerInformationClass,
- _Out_writes_bytes_(TimerInformationLength) PVOID TimerInformation,
- _In_ ULONG TimerInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateIRTimer(
- _Out_ PHANDLE TimerHandle,
- _In_ ACCESS_MASK DesiredAccess
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetIRTimer(
- _In_ HANDLE TimerHandle,
- _In_opt_ PLARGE_INTEGER DueTime
- );
-
-#endif
-
-typedef struct _T2_SET_PARAMETERS_V0
-{
- ULONG Version;
- ULONG Reserved;
- LONGLONG NoWakeTolerance;
-} T2_SET_PARAMETERS, *PT2_SET_PARAMETERS;
-
-typedef PVOID PT2_CANCEL_PARAMETERS;
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateTimer2(
- _Out_ PHANDLE TimerHandle,
- _In_opt_ PVOID Reserved1,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ ULONG Attributes,
- _In_ ACCESS_MASK DesiredAccess
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetTimer2(
- _In_ HANDLE TimerHandle,
- _In_ PLARGE_INTEGER DueTime,
- _In_opt_ PLARGE_INTEGER Period,
- _In_ PT2_SET_PARAMETERS Parameters
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCancelTimer2(
- _In_ HANDLE TimerHandle,
- _In_ PT2_CANCEL_PARAMETERS Parameters
- );
-
-#endif
-
-// Profile
-
-#define PROFILE_CONTROL 0x0001
-#define PROFILE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | PROFILE_CONTROL)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateProfile(
- _Out_ PHANDLE ProfileHandle,
- _In_opt_ HANDLE Process,
- _In_ PVOID ProfileBase,
- _In_ SIZE_T ProfileSize,
- _In_ ULONG BucketSize,
- _In_reads_bytes_(BufferSize) PULONG Buffer,
- _In_ ULONG BufferSize,
- _In_ KPROFILE_SOURCE ProfileSource,
- _In_ KAFFINITY Affinity
- );
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateProfileEx(
- _Out_ PHANDLE ProfileHandle,
- _In_opt_ HANDLE Process,
- _In_ PVOID ProfileBase,
- _In_ SIZE_T ProfileSize,
- _In_ ULONG BucketSize,
- _In_reads_bytes_(BufferSize) PULONG Buffer,
- _In_ ULONG BufferSize,
- _In_ KPROFILE_SOURCE ProfileSource,
- _In_ USHORT GroupCount,
- _In_reads_(GroupCount) PGROUP_AFFINITY GroupAffinity
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtStartProfile(
- _In_ HANDLE ProfileHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtStopProfile(
- _In_ HANDLE ProfileHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryIntervalProfile(
- _In_ KPROFILE_SOURCE ProfileSource,
- _Out_ PULONG Interval
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetIntervalProfile(
- _In_ ULONG Interval,
- _In_ KPROFILE_SOURCE Source
- );
-
-// Keyed Event
-
-#define KEYEDEVENT_WAIT 0x0001
-#define KEYEDEVENT_WAKE 0x0002
-#define KEYEDEVENT_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED | KEYEDEVENT_WAIT | KEYEDEVENT_WAKE)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateKeyedEvent(
- _Out_ PHANDLE KeyedEventHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _Reserved_ ULONG Flags
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenKeyedEvent(
- _Out_ PHANDLE KeyedEventHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtReleaseKeyedEvent(
- _In_opt_ HANDLE KeyedEventHandle,
- _In_ PVOID KeyValue,
- _In_ BOOLEAN Alertable,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtWaitForKeyedEvent(
- _In_opt_ HANDLE KeyedEventHandle,
- _In_ PVOID KeyValue,
- _In_ BOOLEAN Alertable,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-// UMS
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtUmsThreadYield(
- _In_ PVOID SchedulerParam
- );
-#endif
-
-// WNF
-
-// begin_private
-
-typedef struct _WNF_STATE_NAME
-{
- ULONG Data[2];
-} WNF_STATE_NAME, *PWNF_STATE_NAME;
-
-typedef const WNF_STATE_NAME *PCWNF_STATE_NAME;
-
-typedef enum _WNF_STATE_NAME_LIFETIME
-{
- WnfWellKnownStateName,
- WnfPermanentStateName,
- WnfPersistentStateName,
- WnfTemporaryStateName
-} WNF_STATE_NAME_LIFETIME;
-
-typedef enum _WNF_STATE_NAME_INFORMATION
-{
- WnfInfoStateNameExist,
- WnfInfoSubscribersPresent,
- WnfInfoIsQuiescent
-} WNF_STATE_NAME_INFORMATION;
-
-typedef enum _WNF_DATA_SCOPE
-{
- WnfDataScopeSystem,
- WnfDataScopeSession,
- WnfDataScopeUser,
- WnfDataScopeProcess,
- WnfDataScopeMachine, // REDSTONE3
- WnfDataScopePhysicalMachine, // WIN11
-} WNF_DATA_SCOPE;
-
-typedef struct _WNF_TYPE_ID
-{
- GUID TypeId;
-} WNF_TYPE_ID, *PWNF_TYPE_ID;
-
-typedef const WNF_TYPE_ID *PCWNF_TYPE_ID;
-
-// rev
-typedef ULONG WNF_CHANGE_STAMP, *PWNF_CHANGE_STAMP;
-
-typedef struct _WNF_DELIVERY_DESCRIPTOR
-{
- ULONGLONG SubscriptionId;
- WNF_STATE_NAME StateName;
- WNF_CHANGE_STAMP ChangeStamp;
- ULONG StateDataSize;
- ULONG EventMask;
- WNF_TYPE_ID TypeId;
- ULONG StateDataOffset;
-} WNF_DELIVERY_DESCRIPTOR, *PWNF_DELIVERY_DESCRIPTOR;
-
-// end_private
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateWnfStateName(
- _Out_ PWNF_STATE_NAME StateName,
- _In_ WNF_STATE_NAME_LIFETIME NameLifetime,
- _In_ WNF_DATA_SCOPE DataScope,
- _In_ BOOLEAN PersistData,
- _In_opt_ PCWNF_TYPE_ID TypeId,
- _In_ ULONG MaximumStateSize,
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtDeleteWnfStateName(
- _In_ PCWNF_STATE_NAME StateName
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtUpdateWnfStateData(
- _In_ PCWNF_STATE_NAME StateName,
- _In_reads_bytes_opt_(Length) const VOID* Buffer,
- _In_opt_ ULONG Length,
- _In_opt_ PCWNF_TYPE_ID TypeId,
- _In_opt_ const VOID* ExplicitScope,
- _In_ WNF_CHANGE_STAMP MatchingChangeStamp,
- _In_ LOGICAL CheckStamp
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtDeleteWnfStateData(
- _In_ PCWNF_STATE_NAME StateName,
- _In_opt_ const VOID* ExplicitScope
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryWnfStateData(
- _In_ PCWNF_STATE_NAME StateName,
- _In_opt_ PCWNF_TYPE_ID TypeId,
- _In_opt_ const VOID* ExplicitScope,
- _Out_ PWNF_CHANGE_STAMP ChangeStamp,
- _Out_writes_bytes_opt_(*BufferSize) PVOID Buffer,
- _Inout_ PULONG BufferSize
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryWnfStateNameInformation(
- _In_ PCWNF_STATE_NAME StateName,
- _In_ WNF_STATE_NAME_INFORMATION NameInfoClass,
- _In_opt_ const VOID* ExplicitScope,
- _Out_writes_bytes_(InfoBufferSize) PVOID InfoBuffer,
- _In_ ULONG InfoBufferSize
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSubscribeWnfStateChange(
- _In_ PCWNF_STATE_NAME StateName,
- _In_opt_ WNF_CHANGE_STAMP ChangeStamp,
- _In_ ULONG EventMask,
- _Out_opt_ PULONG64 SubscriptionId
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtUnsubscribeWnfStateChange(
- _In_ PCWNF_STATE_NAME StateName
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtGetCompleteWnfStateSubscription(
- _In_opt_ PWNF_STATE_NAME OldDescriptorStateName,
- _In_opt_ ULONG64 *OldSubscriptionId,
- _In_opt_ ULONG OldDescriptorEventMask,
- _In_opt_ ULONG OldDescriptorStatus,
- _Out_writes_bytes_(DescriptorSize) PWNF_DELIVERY_DESCRIPTOR NewDeliveryDescriptor,
- _In_ ULONG DescriptorSize
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetWnfProcessNotificationEvent(
- _In_ HANDLE NotificationEvent
- );
-
-#endif
-
-// Worker factory
-
-// begin_rev
-
-#define WORKER_FACTORY_RELEASE_WORKER 0x0001
-#define WORKER_FACTORY_WAIT 0x0002
-#define WORKER_FACTORY_SET_INFORMATION 0x0004
-#define WORKER_FACTORY_QUERY_INFORMATION 0x0008
-#define WORKER_FACTORY_READY_WORKER 0x0010
-#define WORKER_FACTORY_SHUTDOWN 0x0020
-
-#define WORKER_FACTORY_ALL_ACCESS ( \
- STANDARD_RIGHTS_REQUIRED | \
- WORKER_FACTORY_RELEASE_WORKER | \
- WORKER_FACTORY_WAIT | \
- WORKER_FACTORY_SET_INFORMATION | \
- WORKER_FACTORY_QUERY_INFORMATION | \
- WORKER_FACTORY_READY_WORKER | \
- WORKER_FACTORY_SHUTDOWN \
- )
-
-// end_rev
-
-// begin_private
-
-typedef enum _WORKERFACTORYINFOCLASS
-{
- WorkerFactoryTimeout, // LARGE_INTEGER
- WorkerFactoryRetryTimeout, // LARGE_INTEGER
- WorkerFactoryIdleTimeout, // s: LARGE_INTEGER
- WorkerFactoryBindingCount, // s: ULONG
- WorkerFactoryThreadMinimum, // s: ULONG
- WorkerFactoryThreadMaximum, // s: ULONG
- WorkerFactoryPaused, // ULONG or BOOLEAN
- WorkerFactoryBasicInformation, // q: WORKER_FACTORY_BASIC_INFORMATION
- WorkerFactoryAdjustThreadGoal,
- WorkerFactoryCallbackType,
- WorkerFactoryStackInformation, // 10
- WorkerFactoryThreadBasePriority, // s: ULONG
- WorkerFactoryTimeoutWaiters, // s: ULONG, since THRESHOLD
- WorkerFactoryFlags, // s: ULONG
- WorkerFactoryThreadSoftMaximum, // s: ULONG
- WorkerFactoryThreadCpuSets, // since REDSTONE5
- MaxWorkerFactoryInfoClass
-} WORKERFACTORYINFOCLASS, *PWORKERFACTORYINFOCLASS;
-
-typedef struct _WORKER_FACTORY_BASIC_INFORMATION
-{
- LARGE_INTEGER Timeout;
- LARGE_INTEGER RetryTimeout;
- LARGE_INTEGER IdleTimeout;
- BOOLEAN Paused;
- BOOLEAN TimerSet;
- BOOLEAN QueuedToExWorker;
- BOOLEAN MayCreate;
- BOOLEAN CreateInProgress;
- BOOLEAN InsertedIntoQueue;
- BOOLEAN Shutdown;
- ULONG BindingCount;
- ULONG ThreadMinimum;
- ULONG ThreadMaximum;
- ULONG PendingWorkerCount;
- ULONG WaitingWorkerCount;
- ULONG TotalWorkerCount;
- ULONG ReleaseCount;
- LONGLONG InfiniteWaitGoal;
- PVOID StartRoutine;
- PVOID StartParameter;
- HANDLE ProcessId;
- SIZE_T StackReserve;
- SIZE_T StackCommit;
- NTSTATUS LastThreadCreationStatus;
-} WORKER_FACTORY_BASIC_INFORMATION, *PWORKER_FACTORY_BASIC_INFORMATION;
-
-// end_private
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateWorkerFactory(
- _Out_ PHANDLE WorkerFactoryHandleReturn,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ HANDLE CompletionPortHandle,
- _In_ HANDLE WorkerProcessHandle,
- _In_ PVOID StartRoutine,
- _In_opt_ PVOID StartParameter,
- _In_opt_ ULONG MaxThreadCount,
- _In_opt_ SIZE_T StackReserve,
- _In_opt_ SIZE_T StackCommit
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryInformationWorkerFactory(
- _In_ HANDLE WorkerFactoryHandle,
- _In_ WORKERFACTORYINFOCLASS WorkerFactoryInformationClass,
- _Out_writes_bytes_(WorkerFactoryInformationLength) PVOID WorkerFactoryInformation,
- _In_ ULONG WorkerFactoryInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetInformationWorkerFactory(
- _In_ HANDLE WorkerFactoryHandle,
- _In_ WORKERFACTORYINFOCLASS WorkerFactoryInformationClass,
- _In_reads_bytes_(WorkerFactoryInformationLength) PVOID WorkerFactoryInformation,
- _In_ ULONG WorkerFactoryInformationLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtShutdownWorkerFactory(
- _In_ HANDLE WorkerFactoryHandle,
- _Inout_ volatile LONG *PendingWorkerCount
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtReleaseWorkerFactoryWorker(
- _In_ HANDLE WorkerFactoryHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtWorkerFactoryWorkerReady(
- _In_ HANDLE WorkerFactoryHandle
- );
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-
-typedef struct _FILE_IO_COMPLETION_INFORMATION *PFILE_IO_COMPLETION_INFORMATION;
-typedef struct _PORT_MESSAGE *PPORT_MESSAGE;
-
-typedef struct _WORKER_FACTORY_DEFERRED_WORK
-{
- PPORT_MESSAGE AlpcSendMessage;
- PVOID AlpcSendMessagePort;
- ULONG AlpcSendMessageFlags;
- ULONG Flags;
-} WORKER_FACTORY_DEFERRED_WORK, *PWORKER_FACTORY_DEFERRED_WORK;
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtWaitForWorkViaWorkerFactory(
- _In_ HANDLE WorkerFactoryHandle,
- _Out_writes_to_(Count, *PacketsReturned) PFILE_IO_COMPLETION_INFORMATION MiniPackets,
- _In_ ULONG Count,
- _Out_ PULONG PacketsReturned,
- _In_ PWORKER_FACTORY_DEFERRED_WORK DeferredWork
- );
-
-#else
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtWaitForWorkViaWorkerFactory(
- _In_ HANDLE WorkerFactoryHandle,
- _Out_ PFILE_IO_COMPLETION_INFORMATION MiniPacket
- );
-
-#endif
-
-#endif
-
-// Time
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQuerySystemTime(
- _Out_ PLARGE_INTEGER SystemTime
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetSystemTime(
- _In_opt_ PLARGE_INTEGER SystemTime,
- _Out_opt_ PLARGE_INTEGER PreviousTime
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryTimerResolution(
- _Out_ PULONG MaximumTime,
- _Out_ PULONG MinimumTime,
- _Out_ PULONG CurrentTime
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetTimerResolution(
- _In_ ULONG DesiredTime,
- _In_ BOOLEAN SetResolution,
- _Out_ PULONG ActualTime
- );
-
-// Performance Counter
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryPerformanceCounter(
- _Out_ PLARGE_INTEGER PerformanceCounter,
- _Out_opt_ PLARGE_INTEGER PerformanceFrequency
- );
-
-#if (PHNT_VERSION >= PHNT_REDSTONE2)
-// rev
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryAuxiliaryCounterFrequency(
- _Out_ PLARGE_INTEGER AuxiliaryCounterFrequency
- );
-
-// rev
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtConvertBetweenAuxiliaryCounterAndPerformanceCounter(
- _In_ BOOLEAN ConvertAuxiliaryToPerformanceCounter,
- _In_ PLARGE_INTEGER PerformanceOrAuxiliaryCounterValue,
- _Out_ PLARGE_INTEGER ConvertedValue,
- _Out_opt_ PLARGE_INTEGER ConversionError
- );
-#endif
-
-// LUIDs
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAllocateLocallyUniqueId(
- _Out_ PLUID Luid
- );
-
-// UUIDs
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetUuidSeed(
- _In_ PCHAR Seed
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAllocateUuids(
- _Out_ PULARGE_INTEGER Time,
- _Out_ PULONG Range,
- _Out_ PULONG Sequence,
- _Out_ PCHAR Seed
- );
-
-// System Information
-
-#endif // (PHNT_MODE != PHNT_MODE_KERNEL)
-
-// rev
-// private
-typedef enum _SYSTEM_INFORMATION_CLASS
-{
- SystemBasicInformation, // q: SYSTEM_BASIC_INFORMATION
- SystemProcessorInformation, // q: SYSTEM_PROCESSOR_INFORMATION
- SystemPerformanceInformation, // q: SYSTEM_PERFORMANCE_INFORMATION
- SystemTimeOfDayInformation, // q: SYSTEM_TIMEOFDAY_INFORMATION
- SystemPathInformation, // not implemented
- SystemProcessInformation, // q: SYSTEM_PROCESS_INFORMATION
- SystemCallCountInformation, // q: SYSTEM_CALL_COUNT_INFORMATION
- SystemDeviceInformation, // q: SYSTEM_DEVICE_INFORMATION
- SystemProcessorPerformanceInformation, // q: SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION (EX in: USHORT ProcessorGroup)
- SystemFlagsInformation, // q: SYSTEM_FLAGS_INFORMATION
- SystemCallTimeInformation, // not implemented // SYSTEM_CALL_TIME_INFORMATION // 10
- SystemModuleInformation, // q: RTL_PROCESS_MODULES
- SystemLocksInformation, // q: RTL_PROCESS_LOCKS
- SystemStackTraceInformation, // q: RTL_PROCESS_BACKTRACES
- SystemPagedPoolInformation, // not implemented
- SystemNonPagedPoolInformation, // not implemented
- SystemHandleInformation, // q: SYSTEM_HANDLE_INFORMATION
- SystemObjectInformation, // q: SYSTEM_OBJECTTYPE_INFORMATION mixed with SYSTEM_OBJECT_INFORMATION
- SystemPageFileInformation, // q: SYSTEM_PAGEFILE_INFORMATION
- SystemVdmInstemulInformation, // q: SYSTEM_VDM_INSTEMUL_INFO
- SystemVdmBopInformation, // not implemented // 20
- SystemFileCacheInformation, // q: SYSTEM_FILECACHE_INFORMATION; s (requires SeIncreaseQuotaPrivilege) (info for WorkingSetTypeSystemCache)
- SystemPoolTagInformation, // q: SYSTEM_POOLTAG_INFORMATION
- SystemInterruptInformation, // q: SYSTEM_INTERRUPT_INFORMATION (EX in: USHORT ProcessorGroup)
- SystemDpcBehaviorInformation, // q: SYSTEM_DPC_BEHAVIOR_INFORMATION; s: SYSTEM_DPC_BEHAVIOR_INFORMATION (requires SeLoadDriverPrivilege)
- SystemFullMemoryInformation, // not implemented // SYSTEM_MEMORY_USAGE_INFORMATION
- SystemLoadGdiDriverInformation, // s (kernel-mode only)
- SystemUnloadGdiDriverInformation, // s (kernel-mode only)
- SystemTimeAdjustmentInformation, // q: SYSTEM_QUERY_TIME_ADJUST_INFORMATION; s: SYSTEM_SET_TIME_ADJUST_INFORMATION (requires SeSystemtimePrivilege)
- SystemSummaryMemoryInformation, // not implemented // SYSTEM_MEMORY_USAGE_INFORMATION
- SystemMirrorMemoryInformation, // s (requires license value "Kernel-MemoryMirroringSupported") (requires SeShutdownPrivilege) // 30
- SystemPerformanceTraceInformation, // q; s: (type depends on EVENT_TRACE_INFORMATION_CLASS)
- SystemObsolete0, // not implemented
- SystemExceptionInformation, // q: SYSTEM_EXCEPTION_INFORMATION
- SystemCrashDumpStateInformation, // s: SYSTEM_CRASH_DUMP_STATE_INFORMATION (requires SeDebugPrivilege)
- SystemKernelDebuggerInformation, // q: SYSTEM_KERNEL_DEBUGGER_INFORMATION
- SystemContextSwitchInformation, // q: SYSTEM_CONTEXT_SWITCH_INFORMATION
- SystemRegistryQuotaInformation, // q: SYSTEM_REGISTRY_QUOTA_INFORMATION; s (requires SeIncreaseQuotaPrivilege)
- SystemExtendServiceTableInformation, // s (requires SeLoadDriverPrivilege) // loads win32k only
- SystemPrioritySeperation, // s (requires SeTcbPrivilege)
- SystemVerifierAddDriverInformation, // s (requires SeDebugPrivilege) // 40
- SystemVerifierRemoveDriverInformation, // s (requires SeDebugPrivilege)
- SystemProcessorIdleInformation, // q: SYSTEM_PROCESSOR_IDLE_INFORMATION (EX in: USHORT ProcessorGroup)
- SystemLegacyDriverInformation, // q: SYSTEM_LEGACY_DRIVER_INFORMATION
- SystemCurrentTimeZoneInformation, // q; s: RTL_TIME_ZONE_INFORMATION
- SystemLookasideInformation, // q: SYSTEM_LOOKASIDE_INFORMATION
- SystemTimeSlipNotification, // s: HANDLE (NtCreateEvent) (requires SeSystemtimePrivilege)
- SystemSessionCreate, // not implemented
- SystemSessionDetach, // not implemented
- SystemSessionInformation, // not implemented (SYSTEM_SESSION_INFORMATION)
- SystemRangeStartInformation, // q: SYSTEM_RANGE_START_INFORMATION // 50
- SystemVerifierInformation, // q: SYSTEM_VERIFIER_INFORMATION; s (requires SeDebugPrivilege)
- SystemVerifierThunkExtend, // s (kernel-mode only)
- SystemSessionProcessInformation, // q: SYSTEM_SESSION_PROCESS_INFORMATION
- SystemLoadGdiDriverInSystemSpace, // s: SYSTEM_GDI_DRIVER_INFORMATION (kernel-mode only) (same as SystemLoadGdiDriverInformation)
- SystemNumaProcessorMap, // q: SYSTEM_NUMA_INFORMATION
- SystemPrefetcherInformation, // q; s: PREFETCHER_INFORMATION // PfSnQueryPrefetcherInformation
- SystemExtendedProcessInformation, // q: SYSTEM_PROCESS_INFORMATION
- SystemRecommendedSharedDataAlignment, // q: ULONG // KeGetRecommendedSharedDataAlignment
- SystemComPlusPackage, // q; s: ULONG
- SystemNumaAvailableMemory, // q: SYSTEM_NUMA_INFORMATION // 60
- SystemProcessorPowerInformation, // q: SYSTEM_PROCESSOR_POWER_INFORMATION (EX in: USHORT ProcessorGroup)
- SystemEmulationBasicInformation, // q: SYSTEM_BASIC_INFORMATION
- SystemEmulationProcessorInformation, // q: SYSTEM_PROCESSOR_INFORMATION
- SystemExtendedHandleInformation, // q: SYSTEM_HANDLE_INFORMATION_EX
- SystemLostDelayedWriteInformation, // q: ULONG
- SystemBigPoolInformation, // q: SYSTEM_BIGPOOL_INFORMATION
- SystemSessionPoolTagInformation, // q: SYSTEM_SESSION_POOLTAG_INFORMATION
- SystemSessionMappedViewInformation, // q: SYSTEM_SESSION_MAPPED_VIEW_INFORMATION
- SystemHotpatchInformation, // q; s: SYSTEM_HOTPATCH_CODE_INFORMATION
- SystemObjectSecurityMode, // q: ULONG // 70
- SystemWatchdogTimerHandler, // s: SYSTEM_WATCHDOG_HANDLER_INFORMATION // (kernel-mode only)
- SystemWatchdogTimerInformation, // q: SYSTEM_WATCHDOG_TIMER_INFORMATION // (kernel-mode only)
- SystemLogicalProcessorInformation, // q: SYSTEM_LOGICAL_PROCESSOR_INFORMATION (EX in: USHORT ProcessorGroup)
- SystemWow64SharedInformationObsolete, // not implemented
- SystemRegisterFirmwareTableInformationHandler, // s: SYSTEM_FIRMWARE_TABLE_HANDLER // (kernel-mode only)
- SystemFirmwareTableInformation, // SYSTEM_FIRMWARE_TABLE_INFORMATION
- SystemModuleInformationEx, // q: RTL_PROCESS_MODULE_INFORMATION_EX
- SystemVerifierTriageInformation, // not implemented
- SystemSuperfetchInformation, // q; s: SUPERFETCH_INFORMATION // PfQuerySuperfetchInformation
- SystemMemoryListInformation, // q: SYSTEM_MEMORY_LIST_INFORMATION; s: SYSTEM_MEMORY_LIST_COMMAND (requires SeProfileSingleProcessPrivilege) // 80
- SystemFileCacheInformationEx, // q: SYSTEM_FILECACHE_INFORMATION; s (requires SeIncreaseQuotaPrivilege) (same as SystemFileCacheInformation)
- SystemThreadPriorityClientIdInformation, // s: SYSTEM_THREAD_CID_PRIORITY_INFORMATION (requires SeIncreaseBasePriorityPrivilege)
- SystemProcessorIdleCycleTimeInformation, // q: SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION[] (EX in: USHORT ProcessorGroup)
- SystemVerifierCancellationInformation, // SYSTEM_VERIFIER_CANCELLATION_INFORMATION // name:wow64:whNT32QuerySystemVerifierCancellationInformation
- SystemProcessorPowerInformationEx, // not implemented
- SystemRefTraceInformation, // q; s: SYSTEM_REF_TRACE_INFORMATION // ObQueryRefTraceInformation
- SystemSpecialPoolInformation, // q; s: SYSTEM_SPECIAL_POOL_INFORMATION (requires SeDebugPrivilege) // MmSpecialPoolTag, then MmSpecialPoolCatchOverruns != 0
- SystemProcessIdInformation, // q: SYSTEM_PROCESS_ID_INFORMATION
- SystemErrorPortInformation, // s (requires SeTcbPrivilege)
- SystemBootEnvironmentInformation, // q: SYSTEM_BOOT_ENVIRONMENT_INFORMATION // 90
- SystemHypervisorInformation, // q: SYSTEM_HYPERVISOR_QUERY_INFORMATION
- SystemVerifierInformationEx, // q; s: SYSTEM_VERIFIER_INFORMATION_EX
- SystemTimeZoneInformation, // q; s: RTL_TIME_ZONE_INFORMATION (requires SeTimeZonePrivilege)
- SystemImageFileExecutionOptionsInformation, // s: SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION (requires SeTcbPrivilege)
- SystemCoverageInformation, // q: COVERAGE_MODULES s: COVERAGE_MODULE_REQUEST // ExpCovQueryInformation (requires SeDebugPrivilege)
- SystemPrefetchPatchInformation, // SYSTEM_PREFETCH_PATCH_INFORMATION
- SystemVerifierFaultsInformation, // s: SYSTEM_VERIFIER_FAULTS_INFORMATION (requires SeDebugPrivilege)
- SystemSystemPartitionInformation, // q: SYSTEM_SYSTEM_PARTITION_INFORMATION
- SystemSystemDiskInformation, // q: SYSTEM_SYSTEM_DISK_INFORMATION
- SystemProcessorPerformanceDistribution, // q: SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION (EX in: USHORT ProcessorGroup) // 100
- SystemNumaProximityNodeInformation, // q; s: SYSTEM_NUMA_PROXIMITY_MAP
- SystemDynamicTimeZoneInformation, // q; s: RTL_DYNAMIC_TIME_ZONE_INFORMATION (requires SeTimeZonePrivilege)
- SystemCodeIntegrityInformation, // q: SYSTEM_CODEINTEGRITY_INFORMATION // SeCodeIntegrityQueryInformation
- SystemProcessorMicrocodeUpdateInformation, // s: SYSTEM_PROCESSOR_MICROCODE_UPDATE_INFORMATION
- SystemProcessorBrandString, // q: CHAR[] // HaliQuerySystemInformation -> HalpGetProcessorBrandString, info class 23
- SystemVirtualAddressInformation, // q: SYSTEM_VA_LIST_INFORMATION[]; s: SYSTEM_VA_LIST_INFORMATION[] (requires SeIncreaseQuotaPrivilege) // MmQuerySystemVaInformation
- SystemLogicalProcessorAndGroupInformation, // q: SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX (EX in: LOGICAL_PROCESSOR_RELATIONSHIP RelationshipType) // since WIN7 // KeQueryLogicalProcessorRelationship
- SystemProcessorCycleTimeInformation, // q: SYSTEM_PROCESSOR_CYCLE_TIME_INFORMATION[] (EX in: USHORT ProcessorGroup)
- SystemStoreInformation, // q; s: SYSTEM_STORE_INFORMATION (requires SeProfileSingleProcessPrivilege) // SmQueryStoreInformation
- SystemRegistryAppendString, // s: SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS // 110
- SystemAitSamplingValue, // s: ULONG (requires SeProfileSingleProcessPrivilege)
- SystemVhdBootInformation, // q: SYSTEM_VHD_BOOT_INFORMATION
- SystemCpuQuotaInformation, // q; s: PS_CPU_QUOTA_QUERY_INFORMATION
- SystemNativeBasicInformation, // q: SYSTEM_BASIC_INFORMATION
- SystemErrorPortTimeouts, // SYSTEM_ERROR_PORT_TIMEOUTS
- SystemLowPriorityIoInformation, // q: SYSTEM_LOW_PRIORITY_IO_INFORMATION
- SystemTpmBootEntropyInformation, // q: TPM_BOOT_ENTROPY_NT_RESULT // ExQueryTpmBootEntropyInformation
- SystemVerifierCountersInformation, // q: SYSTEM_VERIFIER_COUNTERS_INFORMATION
- SystemPagedPoolInformationEx, // q: SYSTEM_FILECACHE_INFORMATION; s (requires SeIncreaseQuotaPrivilege) (info for WorkingSetTypePagedPool)
- SystemSystemPtesInformationEx, // q: SYSTEM_FILECACHE_INFORMATION; s (requires SeIncreaseQuotaPrivilege) (info for WorkingSetTypeSystemPtes) // 120
- SystemNodeDistanceInformation, // q: USHORT[4*NumaNodes] // (EX in: USHORT NodeNumber)
- SystemAcpiAuditInformation, // q: SYSTEM_ACPI_AUDIT_INFORMATION // HaliQuerySystemInformation -> HalpAuditQueryResults, info class 26
- SystemBasicPerformanceInformation, // q: SYSTEM_BASIC_PERFORMANCE_INFORMATION // name:wow64:whNtQuerySystemInformation_SystemBasicPerformanceInformation
- SystemQueryPerformanceCounterInformation, // q: SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION // since WIN7 SP1
- SystemSessionBigPoolInformation, // q: SYSTEM_SESSION_POOLTAG_INFORMATION // since WIN8
- SystemBootGraphicsInformation, // q; s: SYSTEM_BOOT_GRAPHICS_INFORMATION (kernel-mode only)
- SystemScrubPhysicalMemoryInformation, // q; s: MEMORY_SCRUB_INFORMATION
- SystemBadPageInformation,
- SystemProcessorProfileControlArea, // q; s: SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA
- SystemCombinePhysicalMemoryInformation, // s: MEMORY_COMBINE_INFORMATION, MEMORY_COMBINE_INFORMATION_EX, MEMORY_COMBINE_INFORMATION_EX2 // 130
- SystemEntropyInterruptTimingInformation, // q; s: SYSTEM_ENTROPY_TIMING_INFORMATION
- SystemConsoleInformation, // q; s: SYSTEM_CONSOLE_INFORMATION
- SystemPlatformBinaryInformation, // q: SYSTEM_PLATFORM_BINARY_INFORMATION (requires SeTcbPrivilege)
- SystemPolicyInformation, // q: SYSTEM_POLICY_INFORMATION (Warbird/Encrypt/Decrypt/Execute)
- SystemHypervisorProcessorCountInformation, // q: SYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION
- SystemDeviceDataInformation, // q: SYSTEM_DEVICE_DATA_INFORMATION
- SystemDeviceDataEnumerationInformation, // q: SYSTEM_DEVICE_DATA_INFORMATION
- SystemMemoryTopologyInformation, // q: SYSTEM_MEMORY_TOPOLOGY_INFORMATION
- SystemMemoryChannelInformation, // q: SYSTEM_MEMORY_CHANNEL_INFORMATION
- SystemBootLogoInformation, // q: SYSTEM_BOOT_LOGO_INFORMATION // 140
- SystemProcessorPerformanceInformationEx, // q: SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX // (EX in: USHORT ProcessorGroup) // since WINBLUE
- SystemCriticalProcessErrorLogInformation,
- SystemSecureBootPolicyInformation, // q: SYSTEM_SECUREBOOT_POLICY_INFORMATION
- SystemPageFileInformationEx, // q: SYSTEM_PAGEFILE_INFORMATION_EX
- SystemSecureBootInformation, // q: SYSTEM_SECUREBOOT_INFORMATION
- SystemEntropyInterruptTimingRawInformation,
- SystemPortableWorkspaceEfiLauncherInformation, // q: SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION
- SystemFullProcessInformation, // q: SYSTEM_PROCESS_INFORMATION with SYSTEM_PROCESS_INFORMATION_EXTENSION (requires admin)
- SystemKernelDebuggerInformationEx, // q: SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX
- SystemBootMetadataInformation, // 150
- SystemSoftRebootInformation, // q: ULONG
- SystemElamCertificateInformation, // s: SYSTEM_ELAM_CERTIFICATE_INFORMATION
- SystemOfflineDumpConfigInformation, // q: OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2
- SystemProcessorFeaturesInformation, // q: SYSTEM_PROCESSOR_FEATURES_INFORMATION
- SystemRegistryReconciliationInformation, // s: NULL (requires admin) (flushes registry hives)
- SystemEdidInformation, // q: SYSTEM_EDID_INFORMATION
- SystemManufacturingInformation, // q: SYSTEM_MANUFACTURING_INFORMATION // since THRESHOLD
- SystemEnergyEstimationConfigInformation, // q: SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION
- SystemHypervisorDetailInformation, // q: SYSTEM_HYPERVISOR_DETAIL_INFORMATION
- SystemProcessorCycleStatsInformation, // q: SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION (EX in: USHORT ProcessorGroup) // 160
- SystemVmGenerationCountInformation,
- SystemTrustedPlatformModuleInformation, // q: SYSTEM_TPM_INFORMATION
- SystemKernelDebuggerFlags, // SYSTEM_KERNEL_DEBUGGER_FLAGS
- SystemCodeIntegrityPolicyInformation, // q; s: SYSTEM_CODEINTEGRITYPOLICY_INFORMATION
- SystemIsolatedUserModeInformation, // q: SYSTEM_ISOLATED_USER_MODE_INFORMATION
- SystemHardwareSecurityTestInterfaceResultsInformation,
- SystemSingleModuleInformation, // q: SYSTEM_SINGLE_MODULE_INFORMATION
- SystemAllowedCpuSetsInformation, // s: SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION
- SystemVsmProtectionInformation, // q: SYSTEM_VSM_PROTECTION_INFORMATION (previously SystemDmaProtectionInformation)
- SystemInterruptCpuSetsInformation, // q: SYSTEM_INTERRUPT_CPU_SET_INFORMATION // 170
- SystemSecureBootPolicyFullInformation, // q: SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION
- SystemCodeIntegrityPolicyFullInformation,
- SystemAffinitizedInterruptProcessorInformation, // (requires SeIncreaseBasePriorityPrivilege)
- SystemRootSiloInformation, // q: SYSTEM_ROOT_SILO_INFORMATION
- SystemCpuSetInformation, // q: SYSTEM_CPU_SET_INFORMATION // since THRESHOLD2
- SystemCpuSetTagInformation, // q: SYSTEM_CPU_SET_TAG_INFORMATION
- SystemWin32WerStartCallout,
- SystemSecureKernelProfileInformation, // q: SYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION
- SystemCodeIntegrityPlatformManifestInformation, // q: SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION // since REDSTONE
- SystemInterruptSteeringInformation, // q: in: SYSTEM_INTERRUPT_STEERING_INFORMATION_INPUT, out: SYSTEM_INTERRUPT_STEERING_INFORMATION_OUTPUT // NtQuerySystemInformationEx // 180
- SystemSupportedProcessorArchitectures, // p: in opt: HANDLE, out: SYSTEM_SUPPORTED_PROCESSOR_ARCHITECTURES_INFORMATION[] // NtQuerySystemInformationEx
- SystemMemoryUsageInformation, // q: SYSTEM_MEMORY_USAGE_INFORMATION
- SystemCodeIntegrityCertificateInformation, // q: SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION
- SystemPhysicalMemoryInformation, // q: SYSTEM_PHYSICAL_MEMORY_INFORMATION // since REDSTONE2
- SystemControlFlowTransition, // (Warbird/Encrypt/Decrypt/Execute)
- SystemKernelDebuggingAllowed, // s: ULONG
- SystemActivityModerationExeState, // SYSTEM_ACTIVITY_MODERATION_EXE_STATE
- SystemActivityModerationUserSettings, // SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS
- SystemCodeIntegrityPoliciesFullInformation,
- SystemCodeIntegrityUnlockInformation, // SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION // 190
- SystemIntegrityQuotaInformation,
- SystemFlushInformation, // q: SYSTEM_FLUSH_INFORMATION
- SystemProcessorIdleMaskInformation, // q: ULONG_PTR[ActiveGroupCount] // since REDSTONE3
- SystemSecureDumpEncryptionInformation,
- SystemWriteConstraintInformation, // SYSTEM_WRITE_CONSTRAINT_INFORMATION
- SystemKernelVaShadowInformation, // SYSTEM_KERNEL_VA_SHADOW_INFORMATION
- SystemHypervisorSharedPageInformation, // SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION // since REDSTONE4
- SystemFirmwareBootPerformanceInformation,
- SystemCodeIntegrityVerificationInformation, // SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION
- SystemFirmwarePartitionInformation, // SYSTEM_FIRMWARE_PARTITION_INFORMATION // 200
- SystemSpeculationControlInformation, // SYSTEM_SPECULATION_CONTROL_INFORMATION // (CVE-2017-5715) REDSTONE3 and above.
- SystemDmaGuardPolicyInformation, // SYSTEM_DMA_GUARD_POLICY_INFORMATION
- SystemEnclaveLaunchControlInformation, // SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION
- SystemWorkloadAllowedCpuSetsInformation, // SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION // since REDSTONE5
- SystemCodeIntegrityUnlockModeInformation, // SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION
- SystemLeapSecondInformation, // SYSTEM_LEAP_SECOND_INFORMATION
- SystemFlags2Information, // q: SYSTEM_FLAGS_INFORMATION
- SystemSecurityModelInformation, // SYSTEM_SECURITY_MODEL_INFORMATION // since 19H1
- SystemCodeIntegritySyntheticCacheInformation,
- SystemFeatureConfigurationInformation, // SYSTEM_FEATURE_CONFIGURATION_INFORMATION // since 20H1 // 210
- SystemFeatureConfigurationSectionInformation, // SYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION
- SystemFeatureUsageSubscriptionInformation, // SYSTEM_FEATURE_USAGE_SUBSCRIPTION_DETAILS
- SystemSecureSpeculationControlInformation, // SECURE_SPECULATION_CONTROL_INFORMATION
- SystemSpacesBootInformation, // since 20H2
- SystemFwRamdiskInformation, // SYSTEM_FIRMWARE_RAMDISK_INFORMATION
- SystemWheaIpmiHardwareInformation,
- SystemDifSetRuleClassInformation, // SYSTEM_DIF_VOLATILE_INFORMATION
- SystemDifClearRuleClassInformation,
- SystemDifApplyPluginVerificationOnDriver, // SYSTEM_DIF_PLUGIN_DRIVER_INFORMATION
- SystemDifRemovePluginVerificationOnDriver, // SYSTEM_DIF_PLUGIN_DRIVER_INFORMATION // 220
- SystemShadowStackInformation, // SYSTEM_SHADOW_STACK_INFORMATION
- SystemBuildVersionInformation, // q: in: ULONG (LayerNumber), out: SYSTEM_BUILD_VERSION_INFORMATION // NtQuerySystemInformationEx // 222
- SystemPoolLimitInformation, // SYSTEM_POOL_LIMIT_INFORMATION (requires SeIncreaseQuotaPrivilege)
- SystemCodeIntegrityAddDynamicStore,
- SystemCodeIntegrityClearDynamicStores,
- SystemDifPoolTrackingInformation,
- SystemPoolZeroingInformation, // q: SYSTEM_POOL_ZEROING_INFORMATION
- SystemDpcWatchdogInformation, // q; s: SYSTEM_DPC_WATCHDOG_CONFIGURATION_INFORMATION
- SystemDpcWatchdogInformation2, // q; s: SYSTEM_DPC_WATCHDOG_CONFIGURATION_INFORMATION_V2
- SystemSupportedProcessorArchitectures2, // q: in opt: HANDLE, out: SYSTEM_SUPPORTED_PROCESSOR_ARCHITECTURES_INFORMATION[] // NtQuerySystemInformationEx // 230
- SystemSingleProcessorRelationshipInformation, // q: SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX // (EX in: PROCESSOR_NUMBER Processor)
- SystemXfgCheckFailureInformation, // q: SYSTEM_XFG_FAILURE_INFORMATION
- SystemIommuStateInformation, // SYSTEM_IOMMU_STATE_INFORMATION // since 22H1
- SystemHypervisorMinrootInformation, // SYSTEM_HYPERVISOR_MINROOT_INFORMATION
- SystemHypervisorBootPagesInformation, // SYSTEM_HYPERVISOR_BOOT_PAGES_INFORMATION
- SystemPointerAuthInformation, // SYSTEM_POINTER_AUTH_INFORMATION
- SystemSecureKernelDebuggerInformation,
- SystemOriginalImageFeatureInformation, // q: in: SYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_INPUT, out: SYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_OUTPUT // NtQuerySystemInformationEx
- MaxSystemInfoClass
-} SYSTEM_INFORMATION_CLASS;
-
-typedef struct _SYSTEM_BASIC_INFORMATION
-{
- ULONG Reserved;
- ULONG TimerResolution;
- ULONG PageSize;
- ULONG NumberOfPhysicalPages;
- ULONG LowestPhysicalPageNumber;
- ULONG HighestPhysicalPageNumber;
- ULONG AllocationGranularity;
- ULONG_PTR MinimumUserModeAddress;
- ULONG_PTR MaximumUserModeAddress;
- KAFFINITY ActiveProcessorsAffinityMask;
- CCHAR NumberOfProcessors;
-} SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;
-
-typedef struct _SYSTEM_PROCESSOR_INFORMATION
-{
- USHORT ProcessorArchitecture;
- USHORT ProcessorLevel;
- USHORT ProcessorRevision;
- USHORT MaximumProcessors;
- ULONG ProcessorFeatureBits;
-} SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION;
-
-typedef struct _SYSTEM_PERFORMANCE_INFORMATION
-{
- LARGE_INTEGER IdleProcessTime;
- LARGE_INTEGER IoReadTransferCount;
- LARGE_INTEGER IoWriteTransferCount;
- LARGE_INTEGER IoOtherTransferCount;
- ULONG IoReadOperationCount;
- ULONG IoWriteOperationCount;
- ULONG IoOtherOperationCount;
- ULONG AvailablePages;
- ULONG CommittedPages;
- ULONG CommitLimit;
- ULONG PeakCommitment;
- ULONG PageFaultCount;
- ULONG CopyOnWriteCount;
- ULONG TransitionCount;
- ULONG CacheTransitionCount;
- ULONG DemandZeroCount;
- ULONG PageReadCount;
- ULONG PageReadIoCount;
- ULONG CacheReadCount;
- ULONG CacheIoCount;
- ULONG DirtyPagesWriteCount;
- ULONG DirtyWriteIoCount;
- ULONG MappedPagesWriteCount;
- ULONG MappedWriteIoCount;
- ULONG PagedPoolPages;
- ULONG NonPagedPoolPages;
- ULONG PagedPoolAllocs;
- ULONG PagedPoolFrees;
- ULONG NonPagedPoolAllocs;
- ULONG NonPagedPoolFrees;
- ULONG FreeSystemPtes;
- ULONG ResidentSystemCodePage;
- ULONG TotalSystemDriverPages;
- ULONG TotalSystemCodePages;
- ULONG NonPagedPoolLookasideHits;
- ULONG PagedPoolLookasideHits;
- ULONG AvailablePagedPoolPages;
- ULONG ResidentSystemCachePage;
- ULONG ResidentPagedPoolPage;
- ULONG ResidentSystemDriverPage;
- ULONG CcFastReadNoWait;
- ULONG CcFastReadWait;
- ULONG CcFastReadResourceMiss;
- ULONG CcFastReadNotPossible;
- ULONG CcFastMdlReadNoWait;
- ULONG CcFastMdlReadWait;
- ULONG CcFastMdlReadResourceMiss;
- ULONG CcFastMdlReadNotPossible;
- ULONG CcMapDataNoWait;
- ULONG CcMapDataWait;
- ULONG CcMapDataNoWaitMiss;
- ULONG CcMapDataWaitMiss;
- ULONG CcPinMappedDataCount;
- ULONG CcPinReadNoWait;
- ULONG CcPinReadWait;
- ULONG CcPinReadNoWaitMiss;
- ULONG CcPinReadWaitMiss;
- ULONG CcCopyReadNoWait;
- ULONG CcCopyReadWait;
- ULONG CcCopyReadNoWaitMiss;
- ULONG CcCopyReadWaitMiss;
- ULONG CcMdlReadNoWait;
- ULONG CcMdlReadWait;
- ULONG CcMdlReadNoWaitMiss;
- ULONG CcMdlReadWaitMiss;
- ULONG CcReadAheadIos;
- ULONG CcLazyWriteIos;
- ULONG CcLazyWritePages;
- ULONG CcDataFlushes;
- ULONG CcDataPages;
- ULONG ContextSwitches;
- ULONG FirstLevelTbFills;
- ULONG SecondLevelTbFills;
- ULONG SystemCalls;
- ULONGLONG CcTotalDirtyPages; // since THRESHOLD
- ULONGLONG CcDirtyPageThreshold; // since THRESHOLD
- LONGLONG ResidentAvailablePages; // since THRESHOLD
- ULONGLONG SharedCommittedPages; // since THRESHOLD
-} SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION;
-
-typedef struct _SYSTEM_TIMEOFDAY_INFORMATION
-{
- LARGE_INTEGER BootTime;
- LARGE_INTEGER CurrentTime;
- LARGE_INTEGER TimeZoneBias;
- ULONG TimeZoneId;
- ULONG Reserved;
- ULONGLONG BootTimeBias;
- ULONGLONG SleepTimeBias;
-} SYSTEM_TIMEOFDAY_INFORMATION, *PSYSTEM_TIMEOFDAY_INFORMATION;
-
-typedef struct _SYSTEM_THREAD_INFORMATION
-{
- LARGE_INTEGER KernelTime;
- LARGE_INTEGER UserTime;
- LARGE_INTEGER CreateTime;
- ULONG WaitTime;
- ULONG_PTR StartAddress;
- CLIENT_ID ClientId;
- KPRIORITY Priority;
- KPRIORITY BasePriority;
- ULONG ContextSwitches;
- KTHREAD_STATE ThreadState;
- KWAIT_REASON WaitReason;
-} SYSTEM_THREAD_INFORMATION, *PSYSTEM_THREAD_INFORMATION;
-
-typedef struct _TEB *PTEB;
-
-// private
-typedef struct _SYSTEM_EXTENDED_THREAD_INFORMATION
-{
- SYSTEM_THREAD_INFORMATION ThreadInfo;
- PVOID StackBase;
- PVOID StackLimit;
- ULONG_PTR Win32StartAddress;
- PTEB TebBase; // since VISTA
- ULONG_PTR Reserved2;
- ULONG_PTR Reserved3;
- ULONG_PTR Reserved4;
-} SYSTEM_EXTENDED_THREAD_INFORMATION, *PSYSTEM_EXTENDED_THREAD_INFORMATION;
-
-typedef struct _SYSTEM_PROCESS_INFORMATION
-{
- ULONG NextEntryOffset;
- ULONG NumberOfThreads;
- LARGE_INTEGER WorkingSetPrivateSize; // since VISTA
- ULONG HardFaultCount; // since WIN7
- ULONG NumberOfThreadsHighWatermark; // since WIN7
- ULONGLONG CycleTime; // since WIN7
- LARGE_INTEGER CreateTime;
- LARGE_INTEGER UserTime;
- LARGE_INTEGER KernelTime;
- UNICODE_STRING ImageName;
- KPRIORITY BasePriority;
- HANDLE UniqueProcessId;
- HANDLE InheritedFromUniqueProcessId;
- ULONG HandleCount;
- ULONG SessionId;
- ULONG_PTR UniqueProcessKey; // since VISTA (requires SystemExtendedProcessInformation)
- SIZE_T PeakVirtualSize;
- SIZE_T VirtualSize;
- ULONG PageFaultCount;
- SIZE_T PeakWorkingSetSize;
- SIZE_T WorkingSetSize;
- SIZE_T QuotaPeakPagedPoolUsage;
- SIZE_T QuotaPagedPoolUsage;
- SIZE_T QuotaPeakNonPagedPoolUsage;
- SIZE_T QuotaNonPagedPoolUsage;
- SIZE_T PagefileUsage;
- SIZE_T PeakPagefileUsage;
- SIZE_T PrivatePageCount;
- LARGE_INTEGER ReadOperationCount;
- LARGE_INTEGER WriteOperationCount;
- LARGE_INTEGER OtherOperationCount;
- LARGE_INTEGER ReadTransferCount;
- LARGE_INTEGER WriteTransferCount;
- LARGE_INTEGER OtherTransferCount;
- SYSTEM_THREAD_INFORMATION Threads[1]; // SystemProcessInformation
- // SYSTEM_EXTENDED_THREAD_INFORMATION Threads[1]; // SystemExtendedProcessinformation
- // SYSTEM_EXTENDED_THREAD_INFORMATION + SYSTEM_PROCESS_INFORMATION_EXTENSION // SystemFullProcessInformation
-} SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;
-
-typedef struct _SYSTEM_CALL_COUNT_INFORMATION
-{
- ULONG Length;
- ULONG NumberOfTables;
-} SYSTEM_CALL_COUNT_INFORMATION, *PSYSTEM_CALL_COUNT_INFORMATION;
-
-typedef struct _SYSTEM_DEVICE_INFORMATION
-{
- ULONG NumberOfDisks;
- ULONG NumberOfFloppies;
- ULONG NumberOfCdRoms;
- ULONG NumberOfTapes;
- ULONG NumberOfSerialPorts;
- ULONG NumberOfParallelPorts;
-} SYSTEM_DEVICE_INFORMATION, *PSYSTEM_DEVICE_INFORMATION;
-
-typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION
-{
- LARGE_INTEGER IdleTime;
- LARGE_INTEGER KernelTime;
- LARGE_INTEGER UserTime;
- LARGE_INTEGER DpcTime;
- LARGE_INTEGER InterruptTime;
- ULONG InterruptCount;
-} SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION, *PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION;
-
-typedef struct _SYSTEM_FLAGS_INFORMATION
-{
- ULONG Flags; // NtGlobalFlag
-} SYSTEM_FLAGS_INFORMATION, *PSYSTEM_FLAGS_INFORMATION;
-
-// private
-typedef struct _SYSTEM_CALL_TIME_INFORMATION
-{
- ULONG Length;
- ULONG TotalCalls;
- LARGE_INTEGER TimeOfCalls[1];
-} SYSTEM_CALL_TIME_INFORMATION, *PSYSTEM_CALL_TIME_INFORMATION;
-
-// private
-typedef struct _RTL_PROCESS_LOCK_INFORMATION
-{
- PVOID Address;
- USHORT Type;
- USHORT CreatorBackTraceIndex;
- HANDLE OwningThread;
- LONG LockCount;
- ULONG ContentionCount;
- ULONG EntryCount;
- LONG RecursionCount;
- ULONG NumberOfWaitingShared;
- ULONG NumberOfWaitingExclusive;
-} RTL_PROCESS_LOCK_INFORMATION, *PRTL_PROCESS_LOCK_INFORMATION;
-
-// private
-typedef struct _RTL_PROCESS_LOCKS
-{
- ULONG NumberOfLocks;
- _Field_size_(NumberOfLocks) RTL_PROCESS_LOCK_INFORMATION Locks[1];
-} RTL_PROCESS_LOCKS, *PRTL_PROCESS_LOCKS;
-
-// private
-typedef struct _RTL_PROCESS_BACKTRACE_INFORMATION
-{
- PCHAR SymbolicBackTrace;
- ULONG TraceCount;
- USHORT Index;
- USHORT Depth;
- PVOID BackTrace[32];
-} RTL_PROCESS_BACKTRACE_INFORMATION, *PRTL_PROCESS_BACKTRACE_INFORMATION;
-
-// private
-typedef struct _RTL_PROCESS_BACKTRACES
-{
- ULONG CommittedMemory;
- ULONG ReservedMemory;
- ULONG NumberOfBackTraceLookups;
- ULONG NumberOfBackTraces;
- _Field_size_(NumberOfBackTraces) RTL_PROCESS_BACKTRACE_INFORMATION BackTraces[1];
-} RTL_PROCESS_BACKTRACES, *PRTL_PROCESS_BACKTRACES;
-
-typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO
-{
- USHORT UniqueProcessId;
- USHORT CreatorBackTraceIndex;
- UCHAR ObjectTypeIndex;
- UCHAR HandleAttributes;
- USHORT HandleValue;
- PVOID Object;
- ULONG GrantedAccess;
-} SYSTEM_HANDLE_TABLE_ENTRY_INFO, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO;
-
-typedef struct _SYSTEM_HANDLE_INFORMATION
-{
- ULONG NumberOfHandles;
- _Field_size_(NumberOfHandles) SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles[1];
-} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
-
-typedef struct _SYSTEM_OBJECTTYPE_INFORMATION
-{
- ULONG NextEntryOffset;
- ULONG NumberOfObjects;
- ULONG NumberOfHandles;
- ULONG TypeIndex;
- ULONG InvalidAttributes;
- GENERIC_MAPPING GenericMapping;
- ULONG ValidAccessMask;
- ULONG PoolType;
- BOOLEAN SecurityRequired;
- BOOLEAN WaitableObject;
- UNICODE_STRING TypeName;
-} SYSTEM_OBJECTTYPE_INFORMATION, *PSYSTEM_OBJECTTYPE_INFORMATION;
-
-typedef struct _SYSTEM_OBJECT_INFORMATION
-{
- ULONG NextEntryOffset;
- PVOID Object;
- HANDLE CreatorUniqueProcess;
- USHORT CreatorBackTraceIndex;
- USHORT Flags;
- LONG PointerCount;
- LONG HandleCount;
- ULONG PagedPoolCharge;
- ULONG NonPagedPoolCharge;
- HANDLE ExclusiveProcessId;
- PVOID SecurityDescriptor;
- UNICODE_STRING NameInfo;
-} SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION;
-
-typedef struct _SYSTEM_PAGEFILE_INFORMATION
-{
- ULONG NextEntryOffset;
- ULONG TotalSize;
- ULONG TotalInUse;
- ULONG PeakUsage;
- UNICODE_STRING PageFileName;
-} SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION;
-
-typedef struct _SYSTEM_VDM_INSTEMUL_INFO
-{
- ULONG SegmentNotPresent;
- ULONG VdmOpcode0F;
- ULONG OpcodeESPrefix;
- ULONG OpcodeCSPrefix;
- ULONG OpcodeSSPrefix;
- ULONG OpcodeDSPrefix;
- ULONG OpcodeFSPrefix;
- ULONG OpcodeGSPrefix;
- ULONG OpcodeOPER32Prefix;
- ULONG OpcodeADDR32Prefix;
- ULONG OpcodeINSB;
- ULONG OpcodeINSW;
- ULONG OpcodeOUTSB;
- ULONG OpcodeOUTSW;
- ULONG OpcodePUSHF;
- ULONG OpcodePOPF;
- ULONG OpcodeINTnn;
- ULONG OpcodeINTO;
- ULONG OpcodeIRET;
- ULONG OpcodeINBimm;
- ULONG OpcodeINWimm;
- ULONG OpcodeOUTBimm;
- ULONG OpcodeOUTWimm;
- ULONG OpcodeINB;
- ULONG OpcodeINW;
- ULONG OpcodeOUTB;
- ULONG OpcodeOUTW;
- ULONG OpcodeLOCKPrefix;
- ULONG OpcodeREPNEPrefix;
- ULONG OpcodeREPPrefix;
- ULONG OpcodeHLT;
- ULONG OpcodeCLI;
- ULONG OpcodeSTI;
- ULONG BopCount;
-} SYSTEM_VDM_INSTEMUL_INFO, *PSYSTEM_VDM_INSTEMUL_INFO;
-
-#define MM_WORKING_SET_MAX_HARD_ENABLE 0x1
-#define MM_WORKING_SET_MAX_HARD_DISABLE 0x2
-#define MM_WORKING_SET_MIN_HARD_ENABLE 0x4
-#define MM_WORKING_SET_MIN_HARD_DISABLE 0x8
-
-typedef struct _SYSTEM_FILECACHE_INFORMATION
-{
- SIZE_T CurrentSize;
- SIZE_T PeakSize;
- ULONG PageFaultCount;
- SIZE_T MinimumWorkingSet;
- SIZE_T MaximumWorkingSet;
- SIZE_T CurrentSizeIncludingTransitionInPages;
- SIZE_T PeakSizeIncludingTransitionInPages;
- ULONG TransitionRePurposeCount;
- ULONG Flags;
-} SYSTEM_FILECACHE_INFORMATION, *PSYSTEM_FILECACHE_INFORMATION;
-
-// Can be used instead of SYSTEM_FILECACHE_INFORMATION
-typedef struct _SYSTEM_BASIC_WORKING_SET_INFORMATION
-{
- SIZE_T CurrentSize;
- SIZE_T PeakSize;
- ULONG PageFaultCount;
-} SYSTEM_BASIC_WORKING_SET_INFORMATION, *PSYSTEM_BASIC_WORKING_SET_INFORMATION;
-
-typedef struct _SYSTEM_POOLTAG
-{
- union
- {
- UCHAR Tag[4];
- ULONG TagUlong;
- };
- ULONG PagedAllocs;
- ULONG PagedFrees;
- SIZE_T PagedUsed;
- ULONG NonPagedAllocs;
- ULONG NonPagedFrees;
- SIZE_T NonPagedUsed;
-} SYSTEM_POOLTAG, *PSYSTEM_POOLTAG;
-
-typedef struct _SYSTEM_POOLTAG_INFORMATION
-{
- ULONG Count;
- _Field_size_(Count) SYSTEM_POOLTAG TagInfo[1];
-} SYSTEM_POOLTAG_INFORMATION, *PSYSTEM_POOLTAG_INFORMATION;
-
-typedef struct _SYSTEM_INTERRUPT_INFORMATION
-{
- ULONG ContextSwitches;
- ULONG DpcCount;
- ULONG DpcRate;
- ULONG TimeIncrement;
- ULONG DpcBypassCount;
- ULONG ApcBypassCount;
-} SYSTEM_INTERRUPT_INFORMATION, *PSYSTEM_INTERRUPT_INFORMATION;
-
-typedef struct _SYSTEM_DPC_BEHAVIOR_INFORMATION
-{
- ULONG Spare;
- ULONG DpcQueueDepth;
- ULONG MinimumDpcRate;
- ULONG AdjustDpcThreshold;
- ULONG IdealDpcRate;
-} SYSTEM_DPC_BEHAVIOR_INFORMATION, *PSYSTEM_DPC_BEHAVIOR_INFORMATION;
-
-typedef struct _SYSTEM_QUERY_TIME_ADJUST_INFORMATION
-{
- ULONG TimeAdjustment;
- ULONG TimeIncrement;
- BOOLEAN Enable;
-} SYSTEM_QUERY_TIME_ADJUST_INFORMATION, *PSYSTEM_QUERY_TIME_ADJUST_INFORMATION;
-
-typedef struct _SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE
-{
- ULONGLONG TimeAdjustment;
- ULONGLONG TimeIncrement;
- BOOLEAN Enable;
-} SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE, *PSYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE;
-
-typedef struct _SYSTEM_SET_TIME_ADJUST_INFORMATION
-{
- ULONG TimeAdjustment;
- BOOLEAN Enable;
-} SYSTEM_SET_TIME_ADJUST_INFORMATION, *PSYSTEM_SET_TIME_ADJUST_INFORMATION;
-
-typedef struct _SYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE
-{
- ULONGLONG TimeAdjustment;
- BOOLEAN Enable;
-} SYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE, *PSYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE;
-
-#ifndef _TRACEHANDLE_DEFINED
-#define _TRACEHANDLE_DEFINED
-typedef ULONG64 TRACEHANDLE, *PTRACEHANDLE;
-#endif
-
-typedef enum _EVENT_TRACE_INFORMATION_CLASS
-{
- EventTraceKernelVersionInformation, // EVENT_TRACE_VERSION_INFORMATION
- EventTraceGroupMaskInformation, // EVENT_TRACE_GROUPMASK_INFORMATION
- EventTracePerformanceInformation, // EVENT_TRACE_PERFORMANCE_INFORMATION
- EventTraceTimeProfileInformation, // EVENT_TRACE_TIME_PROFILE_INFORMATION
- EventTraceSessionSecurityInformation, // EVENT_TRACE_SESSION_SECURITY_INFORMATION
- EventTraceSpinlockInformation, // EVENT_TRACE_SPINLOCK_INFORMATION
- EventTraceStackTracingInformation, // EVENT_TRACE_STACK_TRACING_INFORMATION
- EventTraceExecutiveResourceInformation, // EVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION
- EventTraceHeapTracingInformation, // EVENT_TRACE_HEAP_TRACING_INFORMATION
- EventTraceHeapSummaryTracingInformation, // EVENT_TRACE_HEAP_TRACING_INFORMATION
- EventTracePoolTagFilterInformation, // EVENT_TRACE_POOLTAG_FILTER_INFORMATION
- EventTracePebsTracingInformation, // EVENT_TRACE_PEBS_TRACING_INFORMATION
- EventTraceProfileConfigInformation, // EVENT_TRACE_PROFILE_CONFIG_INFORMATION
- EventTraceProfileSourceListInformation, // EVENT_TRACE_PROFILE_LIST_INFORMATION
- EventTraceProfileEventListInformation, // EVENT_TRACE_PROFILE_EVENT_INFORMATION
- EventTraceProfileCounterListInformation, // EVENT_TRACE_PROFILE_COUNTER_INFORMATION
- EventTraceStackCachingInformation, // EVENT_TRACE_STACK_CACHING_INFORMATION
- EventTraceObjectTypeFilterInformation, // EVENT_TRACE_OBJECT_TYPE_FILTER_INFORMATION
- EventTraceSoftRestartInformation, // EVENT_TRACE_SOFT_RESTART_INFORMATION
- EventTraceLastBranchConfigurationInformation, // REDSTONE3
- EventTraceLastBranchEventListInformation,
- EventTraceProfileSourceAddInformation, // EVENT_TRACE_PROFILE_ADD_INFORMATION // REDSTONE4
- EventTraceProfileSourceRemoveInformation, // EVENT_TRACE_PROFILE_REMOVE_INFORMATION
- EventTraceProcessorTraceConfigurationInformation,
- EventTraceProcessorTraceEventListInformation,
- EventTraceCoverageSamplerInformation, // EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION
- EventTraceUnifiedStackCachingInformation, // since 21H1
- MaxEventTraceInfoClass
-} EVENT_TRACE_INFORMATION_CLASS;
-
-typedef struct _TRACE_ENABLE_FLAG_EXTENSION
-{
- USHORT Offset; // Offset to the flag array in structure
- UCHAR Length; // Length of flag array in ULONGs
- UCHAR Flag; // Must be set to EVENT_TRACE_FLAG_EXTENSION
-} TRACE_ENABLE_FLAG_EXTENSION, *PTRACE_ENABLE_FLAG_EXTENSION;
-
-typedef struct _TRACE_ENABLE_FLAG_EXT_HEADER
-{
- USHORT Length; // Length in ULONGs
- USHORT Items; // # of items
-} TRACE_ENABLE_FLAG_EXT_HEADER, *PTRACE_ENABLE_FLAG_EXT_HEADER;
-
-typedef struct _TRACE_ENABLE_FLAG_EXT_ITEM
-{
- USHORT Offset; // Offset to the next block
- USHORT Type; // Extension type
-} TRACE_ENABLE_FLAG_EXT_ITEM, *PTRACE_ENABLE_FLAG_EXT_ITEM;
-
-#define EVENT_TRACE_FLAG_EXT_ITEMS 0x80FF0000 // New extension structure
-#define EVENT_TRACE_FLAG_EXT_LEN_NEW_STRUCT 0xFF // Pseudo length to denote new struct format
-
-#define ETW_MINIMUM_CACHED_STACK_LENGTH 4
-#define ETW_SW_ARRAY_SIZE 256 // Frame Count allocated in lookaside list
-#define ETW_STACK_SW_ARRAY_SIZE 192 // Frame Count allocated in stack
-#define ETW_MAX_STACKWALK_FILTER 256 // Max number of HookId's
-#define ETW_MAX_TAG_FILTER 4
-#define ETW_MAX_POOLTAG_FILTER ETW_MAX_TAG_FILTER
-
-#define ETW_EXT_ENABLE_FLAGS 0x0001
-#define ETW_EXT_PIDS 0x0002
-#define ETW_EXT_STACKWALK_FILTER 0x0003
-#define ETW_EXT_POOLTAG_FILTER 0x0004
-#define ETW_EXT_STACK_CACHING 0x0005
-
-// Extended item for configuring stack caching.
-typedef struct _ETW_STACK_CACHING_CONFIG
-{
- ULONG CacheSize;
- ULONG BucketCount;
-} ETW_STACK_CACHING_CONFIG, *PETW_STACK_CACHING_CONFIG;
-
-// The second bit is set if the trace is used by PM & CP (fixed headers)
-// If not, the data block is used by for finer data for performance analysis
-//
-#define TRACE_HEADER_EVENT_TRACE 0x40000000
-//
-// If set, the data block is SYSTEM_TRACE_HEADER
-//
-#define TRACE_HEADER_ENUM_MASK 0x00FF0000
-
-#define PERF_MASK_INDEX (0xe0000000)
-#define PERF_MASK_GROUP (~PERF_MASK_INDEX)
-#define PERF_NUM_MASKS 8
-
-#define PERF_GET_MASK_INDEX(GM) (((GM) & PERF_MASK_INDEX) >> 29)
-#define PERF_GET_MASK_GROUP(GM) ((GM) & PERF_MASK_GROUP)
-#define PERFINFO_OR_GROUP_WITH_GROUPMASK(Group, pGroupMask) \
- (pGroupMask)->Masks[PERF_GET_MASK_INDEX(Group)] |= PERF_GET_MASK_GROUP(Group);
-
-// Masks[0]
-#define PERF_PROCESS EVENT_TRACE_FLAG_PROCESS
-#define PERF_THREAD EVENT_TRACE_FLAG_THREAD
-#define PERF_PROC_THREAD EVENT_TRACE_FLAG_PROCESS | EVENT_TRACE_FLAG_THREAD
-#define PERF_LOADER EVENT_TRACE_FLAG_IMAGE_LOAD
-#define PERF_PERF_COUNTER EVENT_TRACE_FLAG_PROCESS_COUNTERS
-#define PERF_FILENAME EVENT_TRACE_FLAG_DISK_FILE_IO
-#define PERF_DISK_IO EVENT_TRACE_FLAG_DISK_FILE_IO | EVENT_TRACE_FLAG_DISK_IO
-#define PERF_DISK_IO_INIT EVENT_TRACE_FLAG_DISK_IO_INIT
-#define PERF_ALL_FAULTS EVENT_TRACE_FLAG_MEMORY_PAGE_FAULTS
-#define PERF_HARD_FAULTS EVENT_TRACE_FLAG_MEMORY_HARD_FAULTS
-#define PERF_VAMAP EVENT_TRACE_FLAG_VAMAP
-#define PERF_NETWORK EVENT_TRACE_FLAG_NETWORK_TCPIP
-#define PERF_REGISTRY EVENT_TRACE_FLAG_REGISTRY
-#define PERF_DBGPRINT EVENT_TRACE_FLAG_DBGPRINT
-#define PERF_JOB EVENT_TRACE_FLAG_JOB
-#define PERF_ALPC EVENT_TRACE_FLAG_ALPC
-#define PERF_SPLIT_IO EVENT_TRACE_FLAG_SPLIT_IO
-#define PERF_DEBUG_EVENTS EVENT_TRACE_FLAG_DEBUG_EVENTS
-#define PERF_FILE_IO EVENT_TRACE_FLAG_FILE_IO
-#define PERF_FILE_IO_INIT EVENT_TRACE_FLAG_FILE_IO_INIT
-#define PERF_NO_SYSCONFIG EVENT_TRACE_FLAG_NO_SYSCONFIG
-
-// Masks[1]
-#define PERF_MEMORY 0x20000001
-#define PERF_PROFILE 0x20000002 // equivalent to EVENT_TRACE_FLAG_PROFILE
-#define PERF_CONTEXT_SWITCH 0x20000004 // equivalent to EVENT_TRACE_FLAG_CSWITCH
-#define PERF_FOOTPRINT 0x20000008
-#define PERF_DRIVERS 0x20000010 // equivalent to EVENT_TRACE_FLAG_DRIVER
-#define PERF_REFSET 0x20000020
-#define PERF_POOL 0x20000040
-#define PERF_POOLTRACE 0x20000041
-#define PERF_DPC 0x20000080 // equivalent to EVENT_TRACE_FLAG_DPC
-#define PERF_COMPACT_CSWITCH 0x20000100
-#define PERF_DISPATCHER 0x20000200 // equivalent to EVENT_TRACE_FLAG_DISPATCHER
-#define PERF_PMC_PROFILE 0x20000400
-#define PERF_PROFILING 0x20000402
-#define PERF_PROCESS_INSWAP 0x20000800
-#define PERF_AFFINITY 0x20001000
-#define PERF_PRIORITY 0x20002000
-#define PERF_INTERRUPT 0x20004000 // equivalent to EVENT_TRACE_FLAG_INTERRUPT
-#define PERF_VIRTUAL_ALLOC 0x20008000 // equivalent to EVENT_TRACE_FLAG_VIRTUAL_ALLOC
-#define PERF_SPINLOCK 0x20010000
-#define PERF_SYNC_OBJECTS 0x20020000
-#define PERF_DPC_QUEUE 0x20040000
-#define PERF_MEMINFO 0x20080000
-#define PERF_CONTMEM_GEN 0x20100000
-#define PERF_SPINLOCK_CNTRS 0x20200000
-#define PERF_SPININSTR 0x20210000
-#define PERF_SESSION 0x20400000
-#define PERF_PFSECTION 0x20400000
-#define PERF_MEMINFO_WS 0x20800000
-#define PERF_KERNEL_QUEUE 0x21000000
-#define PERF_INTERRUPT_STEER 0x22000000
-#define PERF_SHOULD_YIELD 0x24000000
-#define PERF_WS 0x28000000
-//#define PERF_POOLTRACE (PERF_MEMORY | PERF_POOL)
-//#define PERF_PROFILING (PERF_PROFILE | PERF_PMC_PROFILE)
-//#define PERF_SPININSTR (PERF_SPINLOCK | PERF_SPINLOCK_CNTRS)
-
-// Masks[2]
-#define PERF_ANTI_STARVATION 0x40000001
-#define PERF_PROCESS_FREEZE 0x40000002
-#define PERF_PFN_LIST 0x40000004
-#define PERF_WS_DETAIL 0x40000008
-#define PERF_WS_ENTRY 0x40000010
-#define PERF_HEAP 0x40000020
-#define PERF_SYSCALL 0x40000040 // equivalent to EVENT_TRACE_FLAG_SYSTEMCALL
-#define PERF_UMS 0x40000080
-#define PERF_BACKTRACE 0x40000100
-#define PERF_VULCAN 0x40000200
-#define PERF_OBJECTS 0x40000400
-#define PERF_EVENTS 0x40000800
-#define PERF_FULLTRACE 0x40001000
-#define PERF_DFSS 0x40002000
-#define PERF_PREFETCH 0x40004000
-#define PERF_PROCESSOR_IDLE 0x40008000
-#define PERF_CPU_CONFIG 0x40010000
-#define PERF_TIMER 0x40020000
-#define PERF_CLOCK_INTERRUPT 0x40040000
-#define PERF_LOAD_BALANCER 0x40080000
-#define PERF_CLOCK_TIMER 0x40100000
-#define PERF_IDLE_SELECTION 0x40200000
-#define PERF_IPI 0x40400000
-#define PERF_IO_TIMER 0x40800000
-#define PERF_REG_HIVE 0x41000000
-#define PERF_REG_NOTIF 0x42000000
-#define PERF_PPM_EXIT_LATENCY 0x44000000
-#define PERF_WORKER_THREAD 0x48000000
-
-// Masks[4]
-#define PERF_OPTICAL_IO 0x80000001
-#define PERF_OPTICAL_IO_INIT 0x80000002
-// Reserved 0x80000004
-#define PERF_DLL_INFO 0x80000008
-#define PERF_DLL_FLUSH_WS 0x80000010
-// Reserved 0x80000020
-#define PERF_OB_HANDLE 0x80000040
-#define PERF_OB_OBJECT 0x80000080
-// Reserved 0x80000100
-#define PERF_WAKE_DROP 0x80000200
-#define PERF_WAKE_EVENT 0x80000400
-#define PERF_DEBUGGER 0x80000800
-#define PERF_PROC_ATTACH 0x80001000
-#define PERF_WAKE_COUNTER 0x80002000
-// Reserved 0x80004000
-#define PERF_POWER 0x80008000
-#define PERF_SOFT_TRIM 0x80010000
-#define PERF_CC 0x80020000
-// Reserved 0x80040000
-#define PERF_FLT_IO_INIT 0x80080000
-#define PERF_FLT_IO 0x80100000
-#define PERF_FLT_FASTIO 0x80200000
-#define PERF_FLT_IO_FAILURE 0x80400000
-#define PERF_HV_PROFILE 0x80800000
-#define PERF_WDF_DPC 0x81000000
-#define PERF_WDF_INTERRUPT 0x82000000
-#define PERF_CACHE_FLUSH 0x84000000
-
-// Masks[5]
-#define PERF_HIBER_RUNDOWN 0xA0000001
-
-// Masks[6]
-#define PERF_SYSCFG_SYSTEM 0xC0000001
-#define PERF_SYSCFG_GRAPHICS 0xC0000002
-#define PERF_SYSCFG_STORAGE 0xC0000004
-#define PERF_SYSCFG_NETWORK 0xC0000008
-#define PERF_SYSCFG_SERVICES 0xC0000010
-#define PERF_SYSCFG_PNP 0xC0000020
-#define PERF_SYSCFG_OPTICAL 0xC0000040
-#define PERF_SYSCFG_ALL 0xDFFFFFFF
-
-// Masks[7] - Control Mask. All flags that change system behavior go here.
-#define PERF_CLUSTER_OFF 0xE0000001
-#define PERF_MEMORY_CONTROL 0xE0000002
-
-// The predefined event groups or families for NT subsystems
-#define EVENT_TRACE_GROUP_HEADER 0x0000
-#define EVENT_TRACE_GROUP_IO 0x0100
-#define EVENT_TRACE_GROUP_MEMORY 0x0200
-#define EVENT_TRACE_GROUP_PROCESS 0x0300
-#define EVENT_TRACE_GROUP_FILE 0x0400
-#define EVENT_TRACE_GROUP_THREAD 0x0500
-#define EVENT_TRACE_GROUP_TCPIP 0x0600
-#define EVENT_TRACE_GROUP_JOB 0x0700
-#define EVENT_TRACE_GROUP_UDPIP 0x0800
-#define EVENT_TRACE_GROUP_REGISTRY 0x0900
-#define EVENT_TRACE_GROUP_DBGPRINT 0x0A00
-#define EVENT_TRACE_GROUP_CONFIG 0x0B00
-#define EVENT_TRACE_GROUP_SPARE1 0x0C00 // Spare1
-#define EVENT_TRACE_GROUP_WNF 0x0D00
-#define EVENT_TRACE_GROUP_POOL 0x0E00
-#define EVENT_TRACE_GROUP_PERFINFO 0x0F00
-#define EVENT_TRACE_GROUP_HEAP 0x1000
-#define EVENT_TRACE_GROUP_OBJECT 0x1100
-#define EVENT_TRACE_GROUP_POWER 0x1200
-#define EVENT_TRACE_GROUP_MODBOUND 0x1300
-#define EVENT_TRACE_GROUP_IMAGE 0x1400
-#define EVENT_TRACE_GROUP_DPC 0x1500
-#define EVENT_TRACE_GROUP_CC 0x1600
-#define EVENT_TRACE_GROUP_CRITSEC 0x1700
-#define EVENT_TRACE_GROUP_STACKWALK 0x1800
-#define EVENT_TRACE_GROUP_UMS 0x1900
-#define EVENT_TRACE_GROUP_ALPC 0x1A00
-#define EVENT_TRACE_GROUP_SPLITIO 0x1B00
-#define EVENT_TRACE_GROUP_THREAD_POOL 0x1C00
-#define EVENT_TRACE_GROUP_HYPERVISOR 0x1D00
-#define EVENT_TRACE_GROUP_HYPERVISORX 0x1E00
-
-//
-// Event for header
-//
-#define WMI_LOG_TYPE_HEADER (EVENT_TRACE_GROUP_HEADER | EVENT_TRACE_TYPE_INFO)
-#define WMI_LOG_TYPE_HEADER_EXTENSION (EVENT_TRACE_GROUP_HEADER | EVENT_TRACE_TYPE_EXTENSION)
-#define WMI_LOG_TYPE_RUNDOWN_COMPLETE (EVENT_TRACE_GROUP_HEADER | EVENT_TRACE_TYPE_CHECKPOINT)
-#define WMI_LOG_TYPE_GROUP_MASKS_END (EVENT_TRACE_GROUP_HEADER | 0x20)
-#define WMI_LOG_TYPE_RUNDOWN_BEGIN (EVENT_TRACE_GROUP_HEADER | 0x30)
-#define WMI_LOG_TYPE_RUNDOWN_END (EVENT_TRACE_GROUP_HEADER | 0x31)
-#define WMI_LOG_TYPE_DBGID_RSDS (EVENT_TRACE_GROUP_HEADER | EVENT_TRACE_TYPE_DBGID_RSDS)
-#define WMI_LOG_TYPE_DBGID_NB10 (EVENT_TRACE_GROUP_HEADER | 0x41)
-#define WMI_LOG_TYPE_BUILD_LAB (EVENT_TRACE_GROUP_HEADER | 0x42)
-#define WMI_LOG_TYPE_BINARY_PATH (EVENT_TRACE_GROUP_HEADER | 0x43)
-
-//
-// Event for system config
-//
-#define WMI_LOG_TYPE_CONFIG_CPU (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_CPU)
-#define WMI_LOG_TYPE_CONFIG_PHYSICALDISK (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_PHYSICALDISK)
-#define WMI_LOG_TYPE_CONFIG_LOGICALDISK (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_LOGICALDISK)
-#define WMI_LOG_TYPE_CONFIG_OPTICALMEDIA (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_OPTICALMEDIA)
-#define WMI_LOG_TYPE_CONFIG_NIC (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_NIC)
-#define WMI_LOG_TYPE_CONFIG_VIDEO (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_VIDEO)
-#define WMI_LOG_TYPE_CONFIG_SERVICES (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_SERVICES)
-#define WMI_LOG_TYPE_CONFIG_POWER (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_POWER)
-#define WMI_LOG_TYPE_CONFIG_OSVERSION (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_OSVERSION)
-#define WMI_LOG_TYPE_CONFIG_VISUALTHEME (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_VISUALTHEME)
-#define WMI_LOG_TYPE_CONFIG_SYSTEMRANGE (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_SYSTEMRANGE)
-#define WMI_LOG_TYPE_CONFIG_SYSDLLINFO (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_SYSDLLINFO)
-#define WMI_LOG_TYPE_CONFIG_IRQ (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_IRQ)
-#define WMI_LOG_TYPE_CONFIG_PNP (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_PNP)
-#define WMI_LOG_TYPE_CONFIG_IDECHANNEL (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_IDECHANNEL)
-#define WMI_LOG_TYPE_CONFIG_NUMANODE (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_NUMANODE)
-#define WMI_LOG_TYPE_CONFIG_PLATFORM (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_PLATFORM)
-#define WMI_LOG_TYPE_CONFIG_PROCESSORGROUP (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_PROCESSORGROUP)
-#define WMI_LOG_TYPE_CONFIG_PROCESSORNUMBER (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_PROCESSORNUMBER)
-#define WMI_LOG_TYPE_CONFIG_DPI (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_DPI)
-#define WMI_LOG_TYPE_CONFIG_CODEINTEGRITY (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_CI_INFO)
-#define WMI_LOG_TYPE_CONFIG_MACHINEID (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_MACHINEID)
-
-//
-// Event for Image and File Name
-//
-#define PERFINFO_LOG_TYPE_FILENAME (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_INFO)
-#define PERFINFO_LOG_TYPE_FILENAME_CREATE (EVENT_TRACE_GROUP_FILE | 0x20)
-#define PERFINFO_LOG_TYPE_FILENAME_SAME (EVENT_TRACE_GROUP_FILE | 0x21)
-#define PERFINFO_LOG_TYPE_FILENAME_NULL (EVENT_TRACE_GROUP_FILE | 0x22)
-#define PERFINFO_LOG_TYPE_FILENAME_DELETE (EVENT_TRACE_GROUP_FILE | 0x23)
-#define PERFINFO_LOG_TYPE_FILENAME_RUNDOWN (EVENT_TRACE_GROUP_FILE | 0x24)
-
-#define PERFINFO_LOG_TYPE_MAPFILE (EVENT_TRACE_GROUP_FILE | 0x25)
-#define PERFINFO_LOG_TYPE_UNMAPFILE (EVENT_TRACE_GROUP_FILE | 0x26)
-#define PERFINFO_LOG_TYPE_MAPFILE_DC_START (EVENT_TRACE_GROUP_FILE | 0x27)
-#define PERFINFO_LOG_TYPE_MAPFILE_DC_END (EVENT_TRACE_GROUP_FILE | 0x28)
-
-#define PERFINFO_LOG_TYPE_FILE_IO_CREATE (EVENT_TRACE_GROUP_FILE | 0x40)
-#define PERFINFO_LOG_TYPE_FILE_IO_CLEANUP (EVENT_TRACE_GROUP_FILE | 0x41)
-#define PERFINFO_LOG_TYPE_FILE_IO_CLOSE (EVENT_TRACE_GROUP_FILE | 0x42)
-#define PERFINFO_LOG_TYPE_FILE_IO_READ (EVENT_TRACE_GROUP_FILE | 0x43)
-#define PERFINFO_LOG_TYPE_FILE_IO_WRITE (EVENT_TRACE_GROUP_FILE | 0x44)
-#define PERFINFO_LOG_TYPE_FILE_IO_SET_INFORMATION (EVENT_TRACE_GROUP_FILE | 0x45)
-#define PERFINFO_LOG_TYPE_FILE_IO_DELETE (EVENT_TRACE_GROUP_FILE | 0x46)
-#define PERFINFO_LOG_TYPE_FILE_IO_RENAME (EVENT_TRACE_GROUP_FILE | 0x47)
-#define PERFINFO_LOG_TYPE_FILE_IO_DIRENUM (EVENT_TRACE_GROUP_FILE | 0x48)
-#define PERFINFO_LOG_TYPE_FILE_IO_FLUSH (EVENT_TRACE_GROUP_FILE | 0x49)
-#define PERFINFO_LOG_TYPE_FILE_IO_QUERY_INFORMATION (EVENT_TRACE_GROUP_FILE | 0x4A)
-#define PERFINFO_LOG_TYPE_FILE_IO_FS_CONTROL (EVENT_TRACE_GROUP_FILE | 0x4B)
-#define PERFINFO_LOG_TYPE_FILE_IO_OPERATION_END (EVENT_TRACE_GROUP_FILE | 0x4C)
-#define PERFINFO_LOG_TYPE_FILE_IO_DIRNOTIFY (EVENT_TRACE_GROUP_FILE | 0x4D)
-#define PERFINFO_LOG_TYPE_FILE_IO_CREATE_NEW (EVENT_TRACE_GROUP_FILE | 0x4E)
-#define PERFINFO_LOG_TYPE_FILE_IO_DELETE_PATH (EVENT_TRACE_GROUP_FILE | 0x4F)
-#define PERFINFO_LOG_TYPE_FILE_IO_RENAME_PATH (EVENT_TRACE_GROUP_FILE | 0x50)
-#define PERFINFO_LOG_TYPE_FILE_IO_SETLINK_PATH (EVENT_TRACE_GROUP_FILE | 0x51)
-#define PERFINFO_LOG_TYPE_FILE_IO_SETLINK (EVENT_TRACE_GROUP_FILE | 0x52)
-
-//
-// Event types for minifilter callbacks
-//
-
-#define PERFINFO_LOG_TYPE_FLT_PREOP_INIT (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_FLT_PREOP_INIT)
-#define PERFINFO_LOG_TYPE_FLT_POSTOP_INIT (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_FLT_POSTOP_INIT)
-#define PERFINFO_LOG_TYPE_FLT_PREOP_COMPLETION (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_FLT_PREOP_COMPLETION)
-#define PERFINFO_LOG_TYPE_FLT_POSTOP_COMPLETION (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_FLT_POSTOP_COMPLETION)
-#define PERFINFO_LOG_TYPE_FLT_PREOP_FAILURE (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_FLT_PREOP_FAILURE)
-#define PERFINFO_LOG_TYPE_FLT_POSTOP_FAILURE (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_FLT_POSTOP_FAILURE)
-
-//
-// Event types for Job
-//
-
-#define WMI_LOG_TYPE_JOB_CREATE (EVENT_TRACE_GROUP_JOB | 0x20)
-#define WMI_LOG_TYPE_JOB_TERMINATE (EVENT_TRACE_GROUP_JOB | 0x21)
-#define WMI_LOG_TYPE_JOB_OPEN (EVENT_TRACE_GROUP_JOB | 0x22)
-#define WMI_LOG_TYPE_JOB_ASSIGN_PROCESS (EVENT_TRACE_GROUP_JOB | 0x23)
-#define WMI_LOG_TYPE_JOB_REMOVE_PROCESS (EVENT_TRACE_GROUP_JOB | 0x24)
-#define WMI_LOG_TYPE_JOB_SET (EVENT_TRACE_GROUP_JOB | 0x25)
-#define WMI_LOG_TYPE_JOB_QUERY (EVENT_TRACE_GROUP_JOB | 0x26)
-#define WMI_LOG_TYPE_JOB_SET_FAILED (EVENT_TRACE_GROUP_JOB | 0x27)
-#define WMI_LOG_TYPE_JOB_QUERY_FAILED (EVENT_TRACE_GROUP_JOB | 0x28)
-#define WMI_LOG_TYPE_JOB_SET_NOTIFICATION (EVENT_TRACE_GROUP_JOB | 0x29)
-#define WMI_LOG_TYPE_JOB_SEND_NOTIFICATION (EVENT_TRACE_GROUP_JOB | 0x2A)
-#define WMI_LOG_TYPE_JOB_QUERY_VIOLATION (EVENT_TRACE_GROUP_JOB | 0x2B)
-#define WMI_LOG_TYPE_JOB_SET_CPU_RATE (EVENT_TRACE_GROUP_JOB | 0x2C)
-#define WMI_LOG_TYPE_JOB_SET_NET_RATE (EVENT_TRACE_GROUP_JOB | 0x2D)
-
-//
-// Event types for Process
-//
-
-#define WMI_LOG_TYPE_PROCESS_CREATE (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_START)
-#define WMI_LOG_TYPE_PROCESS_DELETE (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_END)
-#define WMI_LOG_TYPE_PROCESS_DC_START (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_DC_START)
-#define WMI_LOG_TYPE_PROCESS_DC_END (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_DC_END)
-#define WMI_LOG_TYPE_PROCESS_LOAD_IMAGE (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_LOAD)
-#define WMI_LOG_TYPE_PROCESS_TERMINATE (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_TERMINATE)
-
-#define PERFINFO_LOG_TYPE_PROCESS_PERFCTR_END (EVENT_TRACE_GROUP_PROCESS | 0x20)
-#define PERFINFO_LOG_TYPE_PROCESS_PERFCTR_RD (EVENT_TRACE_GROUP_PROCESS | 0x21)
-// Reserved (EVENT_TRACE_GROUP_PROCESS | 0x22)
-#define PERFINFO_LOG_TYPE_INSWAPPROCESS (EVENT_TRACE_GROUP_PROCESS | 0x23)
-#define PERFINFO_LOG_TYPE_PROCESS_FREEZE (EVENT_TRACE_GROUP_PROCESS | 0x24)
-#define PERFINFO_LOG_TYPE_PROCESS_THAW (EVENT_TRACE_GROUP_PROCESS | 0x25)
-#define PERFINFO_LOG_TYPE_BOOT_PHASE_START (EVENT_TRACE_GROUP_PROCESS | 0x26)
-#define PERFINFO_LOG_TYPE_ZOMBIE_PROCESS (EVENT_TRACE_GROUP_PROCESS | 0x27)
-#define PERFINFO_LOG_TYPE_PROCESS_SET_AFFINITY (EVENT_TRACE_GROUP_PROCESS | 0x28)
-
-#define PERFINFO_LOG_TYPE_CHARGE_WAKE_COUNTER_USER (EVENT_TRACE_GROUP_PROCESS | 0x30)
-#define PERFINFO_LOG_TYPE_CHARGE_WAKE_COUNTER_EXECUTION (EVENT_TRACE_GROUP_PROCESS | 0x31)
-#define PERFINFO_LOG_TYPE_CHARGE_WAKE_COUNTER_KERNEL (EVENT_TRACE_GROUP_PROCESS | 0x32)
-#define PERFINFO_LOG_TYPE_CHARGE_WAKE_COUNTER_INSTRUMENTATION (EVENT_TRACE_GROUP_PROCESS | 0x33)
-#define PERFINFO_LOG_TYPE_CHARGE_WAKE_COUNTER_PRESERVE_PROCESS (EVENT_TRACE_GROUP_PROCESS | 0x34)
-
-#define PERFINFO_LOG_TYPE_RELEASE_WAKE_COUNTER_USER (EVENT_TRACE_GROUP_PROCESS | 0x40)
-#define PERFINFO_LOG_TYPE_RELEASE_WAKE_COUNTER_EXECUTION (EVENT_TRACE_GROUP_PROCESS | 0x41)
-#define PERFINFO_LOG_TYPE_RELEASE_WAKE_COUNTER_KERNEL (EVENT_TRACE_GROUP_PROCESS | 0x42)
-#define PERFINFO_LOG_TYPE_RELEASE_WAKE_COUNTER_INSTRUMENTATION (EVENT_TRACE_GROUP_PROCESS | 0x43)
-#define PERFINFO_LOG_TYPE_RELEASE_WAKE_COUNTER_PRESERVE_PROCESS (EVENT_TRACE_GROUP_PROCESS | 0x44)
-
-#define PERFINFO_LOG_TYPE_WAKE_DROP_USER (EVENT_TRACE_GROUP_PROCESS | 0x50)
-#define PERFINFO_LOG_TYPE_WAKE_DROP_EXECUTION (EVENT_TRACE_GROUP_PROCESS | 0x51)
-#define PERFINFO_LOG_TYPE_WAKE_DROP_KERNEL (EVENT_TRACE_GROUP_PROCESS | 0x52)
-#define PERFINFO_LOG_TYPE_WAKE_DROP_INSTRUMENTATION (EVENT_TRACE_GROUP_PROCESS | 0x53)
-#define PERFINFO_LOG_TYPE_WAKE_DROP_PRESERVE_PROCESS (EVENT_TRACE_GROUP_PROCESS | 0x54)
-
-#define PERFINFO_LOG_TYPE_WAKE_EVENT_USER (EVENT_TRACE_GROUP_PROCESS | 0x60)
-#define PERFINFO_LOG_TYPE_WAKE_EVENT_EXECUTION (EVENT_TRACE_GROUP_PROCESS | 0x61)
-#define PERFINFO_LOG_TYPE_WAKE_EVENT_KERNEL (EVENT_TRACE_GROUP_PROCESS | 0x62)
-#define PERFINFO_LOG_TYPE_WAKE_EVENT_INSTRUMENTATION (EVENT_TRACE_GROUP_PROCESS | 0x63)
-#define PERFINFO_LOG_TYPE_WAKE_EVENT_PRESERVE_PROCESS (EVENT_TRACE_GROUP_PROCESS | 0x64)
-
-#define PERFINFO_LOG_TYPE_DEBUG_EVENT (EVENT_TRACE_GROUP_PROCESS | 0x70)
-
-//
-// Event types for Image and Library Loader
-//
-
-#define WMI_LOG_TYPE_IMAGE_LOAD (EVENT_TRACE_GROUP_IMAGE | EVENT_TRACE_TYPE_START) // reserved for future
-#define WMI_LOG_TYPE_IMAGE_UNLOAD (EVENT_TRACE_GROUP_IMAGE | EVENT_TRACE_TYPE_END)
-#define WMI_LOG_TYPE_IMAGE_DC_START (EVENT_TRACE_GROUP_IMAGE | EVENT_TRACE_TYPE_DC_START)
-#define WMI_LOG_TYPE_IMAGE_DC_END (EVENT_TRACE_GROUP_IMAGE | EVENT_TRACE_TYPE_DC_END)
-#define WMI_LOG_TYPE_IMAGE_RELOCATION (EVENT_TRACE_GROUP_IMAGE | 0x20)
-#define WMI_LOG_TYPE_IMAGE_KERNEL_BASE (EVENT_TRACE_GROUP_IMAGE | 0x21)
-#define WMI_LOG_TYPE_IMAGE_HYPERCALL_PAGE (EVENT_TRACE_GROUP_IMAGE | 0x22)
-
-#define PERFINFO_LOG_TYPE_LDR_LOCK_ACQUIRE_ATTEMPT (EVENT_TRACE_GROUP_IMAGE | 0x80) // 128
-#define PERFINFO_LOG_TYPE_LDR_LOCK_ACQUIRE_SUCCESS (EVENT_TRACE_GROUP_IMAGE | 0x81)
-#define PERFINFO_LOG_TYPE_LDR_LOCK_ACQUIRE_FAIL (EVENT_TRACE_GROUP_IMAGE | 0x82)
-#define PERFINFO_LOG_TYPE_LDR_LOCK_ACQUIRE_WAIT (EVENT_TRACE_GROUP_IMAGE | 0x83)
-#define PERFINFO_LOG_TYPE_LDR_PROC_INIT_DONE (EVENT_TRACE_GROUP_IMAGE | 0x84) // 132
-#define PERFINFO_LOG_TYPE_LDR_CREATE_SECTION (EVENT_TRACE_GROUP_IMAGE | 0x85)
-#define PERFINFO_LOG_TYPE_LDR_SECTION_CREATED (EVENT_TRACE_GROUP_IMAGE | 0x86)
-#define PERFINFO_LOG_TYPE_LDR_MAP_VIEW (EVENT_TRACE_GROUP_IMAGE | 0x87)
-
-#define PERFINFO_LOG_TYPE_LDR_RELOCATE_IMAGE (EVENT_TRACE_GROUP_IMAGE | 0x90) // 144
-#define PERFINFO_LOG_TYPE_LDR_IMAGE_RELOCATED (EVENT_TRACE_GROUP_IMAGE | 0x91)
-#define PERFINFO_LOG_TYPE_LDR_HANDLE_OLD_DESCRIPTORS (EVENT_TRACE_GROUP_IMAGE | 0x92)
-#define PERFINFO_LOG_TYPE_LDR_OLD_DESCRIPTORS_HANDLED (EVENT_TRACE_GROUP_IMAGE | 0x93)
-#define PERFINFO_LOG_TYPE_LDR_HANDLE_NEW_DESCRIPTORS (EVENT_TRACE_GROUP_IMAGE | 0x94) // 148
-#define PERFINFO_LOG_TYPE_LDR_NEW_DESCRIPTORS_HANDLED (EVENT_TRACE_GROUP_IMAGE | 0x95)
-#define PERFINFO_LOG_TYPE_LDR_DLLMAIN_EXIT (EVENT_TRACE_GROUP_IMAGE | 0x96)
-
-#define PERFINFO_LOG_TYPE_LDR_FIND_DLL (EVENT_TRACE_GROUP_IMAGE | 0xA0) // 160
-#define PERFINFO_LOG_TYPE_LDR_VIEW_MAPPED (EVENT_TRACE_GROUP_IMAGE | 0xA1)
-#define PERFINFO_LOG_TYPE_LDR_LOCK_RELEASE (EVENT_TRACE_GROUP_IMAGE | 0xA2)
-#define PERFINFO_LOG_TYPE_LDR_DLLMAIN_ENTER (EVENT_TRACE_GROUP_IMAGE | 0xA3)
-#define PERFINFO_LOG_TYPE_LDR_ERROR (EVENT_TRACE_GROUP_IMAGE | 0xA4) // 164
-
-#define PERFINFO_LOG_TYPE_LDR_VIEW_MAPPING (EVENT_TRACE_GROUP_IMAGE | 0xA5) // 165
-#define PERFINFO_LOG_TYPE_LDR_SNAPPING (EVENT_TRACE_GROUP_IMAGE | 0xA6)
-#define PERFINFO_LOG_TYPE_LDR_SNAPPED (EVENT_TRACE_GROUP_IMAGE | 0xA7)
-#define PERFINFO_LOG_TYPE_LDR_LOADING (EVENT_TRACE_GROUP_IMAGE | 0xA8)
-#define PERFINFO_LOG_TYPE_LDR_LOADED (EVENT_TRACE_GROUP_IMAGE | 0xA9)
-#define PERFINFO_LOG_TYPE_LDR_FOUND_KNOWN_DLL (EVENT_TRACE_GROUP_IMAGE | 0xAA) // 170
-#define PERFINFO_LOG_TYPE_LDR_ABNORMAL (EVENT_TRACE_GROUP_IMAGE | 0xAB)
-#define PERFINFO_LOG_TYPE_LDR_PLACEHOLDER (EVENT_TRACE_GROUP_IMAGE | 0xAC)
-#define PERFINFO_LOG_TYPE_LDR_RDY_TO_INIT (EVENT_TRACE_GROUP_IMAGE | 0xAD)
-#define PERFINFO_LOG_TYPE_LDR_RDY_TO_RUN (EVENT_TRACE_GROUP_IMAGE | 0xAE) // 174
-
-
-#define PERFINFO_LOG_TYPE_LDR_NEW_DLL_LOAD (EVENT_TRACE_GROUP_IMAGE | 0xB0) // 176
-#define PERFINFO_LOG_TYPE_LDR_NEW_DLL_AS_DATA (EVENT_TRACE_GROUP_IMAGE | 0xB1) // 177
-
-#define PERFINFO_LOG_TYPE_LDR_EXTERNAL_PATH (EVENT_TRACE_GROUP_IMAGE | 0xC0) // 192
-#define PERFINFO_LOG_TYPE_LDR_GENERATED_PATH (EVENT_TRACE_GROUP_IMAGE | 0xC1)
-
-#define PERFINFO_LOG_TYPE_LDR_APISET_RESOLVING (EVENT_TRACE_GROUP_IMAGE | 0xD0) // 208
-#define PERFINFO_LOG_TYPE_LDR_APISET_HOSTED (EVENT_TRACE_GROUP_IMAGE | 0xD1) // 209
-#define PERFINFO_LOG_TYPE_LDR_APISET_UNHOSTED (EVENT_TRACE_GROUP_IMAGE | 0xD2) // 210
-#define PERFINFO_LOG_TYPE_LDR_APISET_UNRESOLVED (EVENT_TRACE_GROUP_IMAGE | 0xD3) // 211
-
-#define PERFINFO_LOG_TYPE_LDR_SEARCH_SECURITY (EVENT_TRACE_GROUP_IMAGE | 0xD4) // 212
-#define PERFINFO_LOG_TYPE_LDR_SEARCH_PATH_SECURITY (EVENT_TRACE_GROUP_IMAGE | 0xD5) // 213
-
-//
-// Event types for Thread
-//
-
-#define WMI_LOG_TYPE_THREAD_CREATE (EVENT_TRACE_GROUP_THREAD | EVENT_TRACE_TYPE_START)
-#define WMI_LOG_TYPE_THREAD_DELETE (EVENT_TRACE_GROUP_THREAD | EVENT_TRACE_TYPE_END)
-#define WMI_LOG_TYPE_THREAD_DC_START (EVENT_TRACE_GROUP_THREAD | EVENT_TRACE_TYPE_DC_START)
-#define WMI_LOG_TYPE_THREAD_DC_END (EVENT_TRACE_GROUP_THREAD | EVENT_TRACE_TYPE_DC_END)
-
-// Reserved (EVENT_TRACE_GROUP_THREAD | 0x20)
-// Reserved (EVENT_TRACE_GROUP_THREAD | 0x21)
-// Reserved (EVENT_TRACE_GROUP_THREAD | 0x22)
-// Reserved (EVENT_TRACE_GROUP_THREAD | 0x23)
-#define PERFINFO_LOG_TYPE_CONTEXTSWAP (EVENT_TRACE_GROUP_THREAD | 0x24)
-#define PERFINFO_LOG_TYPE_CONTEXTSWAP_BATCH (EVENT_TRACE_GROUP_THREAD | 0x25)
-// Reserved (EVENT_TRACE_GROUP_THREAD | 0x26)
-// Reserved (EVENT_TRACE_GROUP_THREAD | 0x27)
-// Reserved (EVENT_TRACE_GROUP_THREAD | 0x28)
-#define PERFINFO_LOG_TYPE_SPINLOCK (EVENT_TRACE_GROUP_THREAD | 0x29)
-#define PERFINFO_LOG_TYPE_QUEUE (EVENT_TRACE_GROUP_THREAD | 0x2A)
-#define PERFINFO_LOG_TYPE_RESOURCE (EVENT_TRACE_GROUP_THREAD | 0x2B)
-#define PERFINFO_LOG_TYPE_PUSHLOCK (EVENT_TRACE_GROUP_THREAD | 0x2C)
-#define PERFINFO_LOG_TYPE_WAIT_SINGLE (EVENT_TRACE_GROUP_THREAD | 0x2D)
-#define PERFINFO_LOG_TYPE_WAIT_MULTIPLE (EVENT_TRACE_GROUP_THREAD | 0x2E)
-#define PERFINFO_LOG_TYPE_DELAY_EXECUTION (EVENT_TRACE_GROUP_THREAD | 0x2F)
-#define PERFINFO_LOG_TYPE_THREAD_SET_PRIORITY (EVENT_TRACE_GROUP_THREAD | 0x30)
-#define PERFINFO_LOT_TYPE_THREAD_SET_BASE_PRIORITY (EVENT_TRACE_GROUP_THREAD | 0x31)
-#define PERFINFO_LOG_TYPE_THREAD_SET_BASE_PRIORITY (EVENT_TRACE_GROUP_THREAD | 0x31)
-#define PERFINFO_LOG_TYPE_READY_THREAD (EVENT_TRACE_GROUP_THREAD | 0x32)
-#define PERFINFO_LOG_TYPE_THREAD_SET_PAGE_PRIORITY (EVENT_TRACE_GROUP_THREAD | 0x33)
-#define PERFINFO_LOG_TYPE_THREAD_SET_IO_PRIORITY (EVENT_TRACE_GROUP_THREAD | 0x34)
-#define PERFINFO_LOG_TYPE_THREAD_SET_AFFINITY (EVENT_TRACE_GROUP_THREAD | 0x35)
-#define PERFINFO_LOG_TYPE_WORKER_THREAD_ITEM (EVENT_TRACE_GROUP_THREAD | 0x39)
-#define PERFINFO_LOG_TYPE_DFSS_START_NEW_INTERVAL (EVENT_TRACE_GROUP_THREAD | 0x3A)
-#define PERFINFO_LOG_TYPE_DFSS_PROCESS_IDLE_ONLY_QUEUE (EVENT_TRACE_GROUP_THREAD | 0x3B)
-#define PERFINFO_LOG_TYPE_ANTI_STARVATION_BOOST (EVENT_TRACE_GROUP_THREAD | 0x3C)
-#define PERFINFO_LOG_TYPE_THREAD_MIGRATION (EVENT_TRACE_GROUP_THREAD | 0x3D)
-#define PERFINFO_LOG_TYPE_KQUEUE_ENQUEUE (EVENT_TRACE_GROUP_THREAD | 0x3E)
-#define PERFINFO_LOG_TYPE_KQUEUE_DEQUEUE (EVENT_TRACE_GROUP_THREAD | 0x3F)
-#define PERFINFO_LOG_TYPE_WORKER_THREAD_ITEM_START (EVENT_TRACE_GROUP_THREAD | 0x40)
-#define PERFINFO_LOG_TYPE_WORKER_THREAD_ITEM_END (EVENT_TRACE_GROUP_THREAD | 0x41)
-#define PERFINFO_LOG_TYPE_AUTO_BOOST_SET_FLOOR (EVENT_TRACE_GROUP_THREAD | 0x42)
-#define PERFINFO_LOG_TYPE_AUTO_BOOST_CLEAR_FLOOR (EVENT_TRACE_GROUP_THREAD | 0x43)
-#define PERFINFO_LOG_TYPE_AUTO_BOOST_NO_ENTRIES (EVENT_TRACE_GROUP_THREAD | 0x44)
-#define PERFINFO_LOG_TYPE_THREAD_SUBPROCESSTAG_CHANGED (EVENT_TRACE_GROUP_THREAD | 0x45)
-
-//
-// Event types for Network subsystem (TCPIP/UDPIP)
-//
-
-#define WMI_LOG_TYPE_TCPIP_SEND (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_SEND)
-#define WMI_LOG_TYPE_TCPIP_RECEIVE (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_RECEIVE)
-#define WMI_LOG_TYPE_TCPIP_CONNECT (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_CONNECT)
-#define WMI_LOG_TYPE_TCPIP_DISCONNECT (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_DISCONNECT)
-#define WMI_LOG_TYPE_TCPIP_RETRANSMIT (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_RETRANSMIT)
-#define WMI_LOG_TYPE_TCPIP_ACCEPT (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_ACCEPT)
-#define WMI_LOG_TYPE_TCPIP_RECONNECT (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_RECONNECT)
-#define WMI_LOG_TYPE_TCPIP_FAIL (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_CONNFAIL)
-#define WMI_LOG_TYPE_TCPIP_TCPCOPY (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_COPY_TCP)
-#define WMI_LOG_TYPE_TCPIP_ARPCOPY (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_COPY_ARP)
-#define WMI_LOG_TYPE_TCPIP_FULLACK (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_ACKFULL)
-#define WMI_LOG_TYPE_TCPIP_PARTACK (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_ACKPART)
-#define WMI_LOG_TYPE_TCPIP_DUPACK (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_ACKDUP)
-
-#define WMI_LOG_TYPE_UDP_SEND (EVENT_TRACE_GROUP_UDPIP | EVENT_TRACE_TYPE_SEND)
-#define WMI_LOG_TYPE_UDP_RECEIVE (EVENT_TRACE_GROUP_UDPIP | EVENT_TRACE_TYPE_RECEIVE)
-#define WMI_LOG_TYPE_UDP_FAIL (EVENT_TRACE_GROUP_UDPIP | EVENT_TRACE_TYPE_CONNFAIL)
-
-//
-// Network events with IPV6
-//
-#define WMI_LOG_TYPE_TCPIP_SEND_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x1A)
-#define WMI_LOG_TYPE_TCPIP_RECEIVE_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x1B)
-#define WMI_LOG_TYPE_TCPIP_CONNECT_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x1C)
-#define WMI_LOG_TYPE_TCPIP_DISCONNECT_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x1D)
-#define WMI_LOG_TYPE_TCPIP_RETRANSMIT_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x1E)
-#define WMI_LOG_TYPE_TCPIP_ACCEPT_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x1F)
-#define WMI_LOG_TYPE_TCPIP_RECONNECT_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x20)
-#define WMI_LOG_TYPE_TCPIP_FAIL_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x21)
-#define WMI_LOG_TYPE_TCPIP_TCPCOPY_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x22)
-#define WMI_LOG_TYPE_TCPIP_ARPCOPY_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x23)
-#define WMI_LOG_TYPE_TCPIP_FULLACK_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x24)
-#define WMI_LOG_TYPE_TCPIP_PARTACK_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x25)
-#define WMI_LOG_TYPE_TCPIP_DUPACK_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x26)
-
-#define WMI_LOG_TYPE_UDP_SEND_IPV6 (EVENT_TRACE_GROUP_UDPIP | 0x1A)
-#define WMI_LOG_TYPE_UDP_RECEIVE_IPV6 (EVENT_TRACE_GROUP_UDPIP | 0x1B)
-
-//
-// Event types for IO subsystem
-//
-
-#define WMI_LOG_TYPE_IO_READ (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_READ)
-#define WMI_LOG_TYPE_IO_WRITE (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_WRITE)
-#define WMI_LOG_TYPE_IO_READ_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_READ_INIT)
-#define WMI_LOG_TYPE_IO_WRITE_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_WRITE_INIT)
-#define WMI_LOG_TYPE_IO_FLUSH (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_FLUSH)
-#define WMI_LOG_TYPE_IO_FLUSH_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_FLUSH_INIT)
-#define WMI_LOG_TYPE_IO_REDIRECTED_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_REDIRECTED_INIT)
-
-#define PERFINFO_LOG_TYPE_DRIVER_INIT (EVENT_TRACE_GROUP_IO | 0x20)
-#define PERFINFO_LOG_TYPE_DRIVER_INIT_COMPLETE (EVENT_TRACE_GROUP_IO | 0x21)
-#define PERFINFO_LOG_TYPE_DRIVER_MAJORFUNCTION_CALL (EVENT_TRACE_GROUP_IO | 0x22)
-#define PERFINFO_LOG_TYPE_DRIVER_MAJORFUNCTION_RETURN (EVENT_TRACE_GROUP_IO | 0x23)
-#define PERFINFO_LOG_TYPE_DRIVER_COMPLETIONROUTINE_CALL (EVENT_TRACE_GROUP_IO | 0x24)
-#define PERFINFO_LOG_TYPE_DRIVER_COMPLETIONROUTINE_RETURN (EVENT_TRACE_GROUP_IO | 0x25)
-#define PERFINFO_LOG_TYPE_DRIVER_ADD_DEVICE_CALL (EVENT_TRACE_GROUP_IO | 0x26)
-#define PERFINFO_LOG_TYPE_DRIVER_ADD_DEVICE_RETURN (EVENT_TRACE_GROUP_IO | 0x27)
-#define PERFINFO_LOG_TYPE_DRIVER_STARTIO_CALL (EVENT_TRACE_GROUP_IO | 0x28)
-#define PERFINFO_LOG_TYPE_DRIVER_STARTIO_RETURN (EVENT_TRACE_GROUP_IO | 0x29)
-// Reserved (EVENT_TRACE_GROUP_IO | 0x2a)
-// Reserved (EVENT_TRACE_GROUP_IO | 0x2b)
-// Reserved (EVENT_TRACE_GROUP_IO | 0x2c)
-// Reserved (EVENT_TRACE_GROUP_IO | 0x2d)
-// Reserved (EVENT_TRACE_GROUP_IO | 0x2e)
-// Reserved (EVENT_TRACE_GROUP_IO | 0x2f)
-#define PERFINFO_LOG_TYPE_PREFETCH_ACTION (EVENT_TRACE_GROUP_IO | 0x30)
-#define PERFINFO_LOG_TYPE_PREFETCH_REQUEST (EVENT_TRACE_GROUP_IO | 0x31)
-#define PERFINFO_LOG_TYPE_PREFETCH_READLIST (EVENT_TRACE_GROUP_IO | 0x32)
-#define PERFINFO_LOG_TYPE_PREFETCH_READ (EVENT_TRACE_GROUP_IO | 0x33)
-#define PERFINFO_LOG_TYPE_DRIVER_COMPLETE_REQUEST (EVENT_TRACE_GROUP_IO | 0x34)
-#define PERFINFO_LOG_TYPE_DRIVER_COMPLETE_REQUEST_RETURN (EVENT_TRACE_GROUP_IO | 0x35)
-#define PERFINFO_LOG_TYPE_BOOT_PREFETCH_INFORMATION (EVENT_TRACE_GROUP_IO | 0x36)
-#define PERFINFO_LOG_TYPE_OPTICAL_IO_READ (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_OPTICAL_IO_READ)
-#define PERFINFO_LOG_TYPE_OPTICAL_IO_WRITE (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_OPTICAL_IO_WRITE)
-#define PERFINFO_LOG_TYPE_OPTICAL_IO_FLUSH (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_OPTICAL_IO_FLUSH)
-#define PERFINFO_LOG_TYPE_OPTICAL_IO_READ_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_OPTICAL_IO_READ_INIT)
-#define PERFINFO_LOG_TYPE_OPTICAL_IO_WRITE_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_OPTICAL_IO_WRITE_INIT)
-#define PERFINFO_LOG_TYPE_OPTICAL_IO_FLUSH_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_OPTICAL_IO_FLUSH_INIT)
-
-//
-// Event types for Memory subsystem
-//
-#define WMI_LOG_TYPE_PAGE_FAULT_TRANSITION (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_TF)
-#define WMI_LOG_TYPE_PAGE_FAULT_DEMAND_ZERO (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_DZF)
-#define WMI_LOG_TYPE_PAGE_FAULT_COPY_ON_WRITE (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_COW)
-#define WMI_LOG_TYPE_PAGE_FAULT_GUARD_PAGE (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_GPF)
-#define WMI_LOG_TYPE_PAGE_FAULT_HARD_PAGE_FAULT (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_HPF)
-#define WMI_LOG_TYPE_PAGE_FAULT_ACCESS_VIOLATION (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_AV)
-
-#define PERFINFO_LOG_TYPE_HARDFAULT (EVENT_TRACE_GROUP_MEMORY | 0x20)
-#define PERFINFO_LOG_TYPE_REMOVEPAGEBYCOLOR (EVENT_TRACE_GROUP_MEMORY | 0x21)
-#define PERFINFO_LOG_TYPE_REMOVEPAGEFROMLIST (EVENT_TRACE_GROUP_MEMORY | 0x22)
-#define PERFINFO_LOG_TYPE_PAGEINMEMORY (EVENT_TRACE_GROUP_MEMORY | 0x23)
-#define PERFINFO_LOG_TYPE_INSERTINFREELIST (EVENT_TRACE_GROUP_MEMORY | 0x24)
-#define PERFINFO_LOG_TYPE_INSERTINMODIFIEDLIST (EVENT_TRACE_GROUP_MEMORY | 0x25)
-#define PERFINFO_LOG_TYPE_INSERTINLIST (EVENT_TRACE_GROUP_MEMORY | 0x26)
-#define PERFINFO_LOG_TYPE_INSERTATFRONT (EVENT_TRACE_GROUP_MEMORY | 0x28)
-#define PERFINFO_LOG_TYPE_UNLINKFROMSTANDBY (EVENT_TRACE_GROUP_MEMORY | 0x29)
-#define PERFINFO_LOG_TYPE_UNLINKFFREEORZERO (EVENT_TRACE_GROUP_MEMORY | 0x2a)
-#define PERFINFO_LOG_TYPE_WORKINGSETMANAGER (EVENT_TRACE_GROUP_MEMORY | 0x2b)
-#define PERFINFO_LOG_TYPE_TRIMPROCESS (EVENT_TRACE_GROUP_MEMORY | 0x2c)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x2d)
-#define PERFINFO_LOG_TYPE_ZEROSHARECOUNT (EVENT_TRACE_GROUP_MEMORY | 0x2e)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x2f)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x30)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x31)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x32)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x33)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x34)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x35)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x36)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x37)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x38)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x39)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x3a)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x3b)
-#define PERFINFO_LOG_TYPE_WSINFOPROCESS (EVENT_TRACE_GROUP_MEMORY | 0x3c)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x3d)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x3e)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x3f)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x40)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x41)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x42)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x43)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x44)
-#define PERFINFO_LOG_TYPE_FAULTADDR_WITH_IP (EVENT_TRACE_GROUP_MEMORY | 0x45)
-#define PERFINFO_LOG_TYPE_TRIMSESSION (EVENT_TRACE_GROUP_MEMORY | 0x46)
-#define PERFINFO_LOG_TYPE_MEMORYSNAPLITE (EVENT_TRACE_GROUP_MEMORY | 0x47)
-#define PERFINFO_LOG_TYPE_PFMAPPED_SECTION_RUNDOWN (EVENT_TRACE_GROUP_MEMORY | 0x48)
-#define PERFINFO_LOG_TYPE_PFMAPPED_SECTION_CREATE (EVENT_TRACE_GROUP_MEMORY | 0x49)
-#define PERFINFO_LOG_TYPE_WSINFOSESSION (EVENT_TRACE_GROUP_MEMORY | 0x4a)
-#define PERFINFO_LOG_TYPE_CREATE_SESSION (EVENT_TRACE_GROUP_MEMORY | 0x4b)
-#define PERFINFO_LOG_TYPE_SESSION_RUNDOWN_DC_END (EVENT_TRACE_GROUP_MEMORY | 0x4c)
-#define PERFINFO_LOG_TYPE_SESSION_RUNDOWN_DC_START (EVENT_TRACE_GROUP_MEMORY | 0x4d)
-#define PERFINFO_LOG_TYPE_SESSION_DELETE (EVENT_TRACE_GROUP_MEMORY | 0x4e)
-#define PERFINFO_LOG_TYPE_PFMAPPED_SECTION_DELETE (EVENT_TRACE_GROUP_MEMORY | 0x4f)
-
-#define PERFINFO_LOG_TYPE_VIRTUAL_ALLOC (EVENT_TRACE_GROUP_MEMORY | 0x62)
-#define PERFINFO_LOG_TYPE_VIRTUAL_FREE (EVENT_TRACE_GROUP_MEMORY | 0x63)
-#define PERFINFO_LOG_TYPE_HEAP_RANGE_RUNDOWN (EVENT_TRACE_GROUP_MEMORY | 0x64)
-#define PERFINFO_LOG_TYPE_HEAP_RANGE_CREATE (EVENT_TRACE_GROUP_MEMORY | 0x65)
-#define PERFINFO_LOG_TYPE_HEAP_RANGE_RESERVE (EVENT_TRACE_GROUP_MEMORY | 0x66)
-#define PERFINFO_LOG_TYPE_HEAP_RANGE_RELEASE (EVENT_TRACE_GROUP_MEMORY | 0x67)
-#define PERFINFO_LOG_TYPE_HEAP_RANGE_DESTROY (EVENT_TRACE_GROUP_MEMORY | 0x68)
-
-#define PERFINFO_LOG_TYPE_PAGEFILE_BACK (EVENT_TRACE_GROUP_MEMORY | 0x69)
-#define PERFINFO_LOG_TYPE_MEMINFO (EVENT_TRACE_GROUP_MEMORY | 0x70)
-#define PERFINFO_LOG_TYPE_CONTMEM_GENERATE (EVENT_TRACE_GROUP_MEMORY | 0x71)
-#define PERFINFO_LOG_TYPE_FILE_STORE_FAULT (EVENT_TRACE_GROUP_MEMORY | 0x72)
-#define PERFINFO_LOG_TYPE_INMEMORY_STORE_FAULT (EVENT_TRACE_GROUP_MEMORY | 0x73)
-#define PERFINFO_LOG_TYPE_COMPRESSED_PAGE (EVENT_TRACE_GROUP_MEMORY | 0x74)
-#define PERFINFO_LOG_TYPE_PAGEINMEMORY_ACTIVE (EVENT_TRACE_GROUP_MEMORY | 0x75)
-#define PERFINFO_LOG_TYPE_PAGE_ACCESS (EVENT_TRACE_GROUP_MEMORY | 0x76)
-#define PERFINFO_LOG_TYPE_PAGE_RELEASE (EVENT_TRACE_GROUP_MEMORY | 0x77)
-#define PERFINFO_LOG_TYPE_PAGE_RANGE_ACCESS (EVENT_TRACE_GROUP_MEMORY | 0x78)
-#define PERFINFO_LOG_TYPE_PAGE_RANGE_RELEASE (EVENT_TRACE_GROUP_MEMORY | 0x79)
-#define PERFINFO_LOG_TYPE_PAGE_COMBINE (EVENT_TRACE_GROUP_MEMORY | 0x7a)
-#define PERFINFO_LOG_TYPE_KERNEL_MEMUSAGE (EVENT_TRACE_GROUP_MEMORY | 0x7b)
-#define PERFINFO_LOG_TYPE_MM_STATS (EVENT_TRACE_GROUP_MEMORY | 0x7c)
-#define PERFINFO_LOG_TYPE_MEMINFOEX_WS (EVENT_TRACE_GROUP_MEMORY | 0x7d)
-#define PERFINFO_LOG_TYPE_MEMINFOEX_SESSIONWS (EVENT_TRACE_GROUP_MEMORY | 0x7e)
-
-#define PERFINFO_LOG_TYPE_VIRTUAL_ROTATE (EVENT_TRACE_GROUP_MEMORY | 0x7f)
-#define PERFINFO_LOG_TYPE_VIRTUAL_ALLOC_DC_START (EVENT_TRACE_GROUP_MEMORY | 0x80)
-#define PERFINFO_LOG_TYPE_VIRTUAL_ALLOC_DC_END (EVENT_TRACE_GROUP_MEMORY | 0x81)
-
-#define PERFINFO_LOG_TYPE_PAGE_ACCESS_EX (EVENT_TRACE_GROUP_MEMORY | 0x82)
-#define PERFINFO_LOG_TYPE_REMOVEFROMWS (EVENT_TRACE_GROUP_MEMORY | 0x83)
-#define PERFINFO_LOG_TYPE_WSSHAREABLE_RUNDOWN (EVENT_TRACE_GROUP_MEMORY | 0x84)
-#define PERFINFO_LOG_TYPE_INMEMORYACTIVE_RUNDOWN (EVENT_TRACE_GROUP_MEMORY | 0x85)
-
-#define PERFINFO_LOG_TYPE_MEM_RESET_INFO (EVENT_TRACE_GROUP_MEMORY | 0x86)
-#define PERFINFO_LOG_TYPE_PFMAPPED_SECTION_OBJECT_CREATE (EVENT_TRACE_GROUP_MEMORY | 0x87)
-#define PERFINFO_LOG_TYPE_PFMAPPED_SECTION_OBJECT_DELETE (EVENT_TRACE_GROUP_MEMORY | 0x88)
-
-//
-//
-// Event types for Registry subsystem
-//
-#define WMI_LOG_TYPE_REG_RUNDOWNBEGIN (EVENT_TRACE_GROUP_REGISTRY | EVENT_TRACE_TYPE_REGKCBRUNDOWNBEGIN)
-#define WMI_LOG_TYPE_REG_RUNDOWNEND (EVENT_TRACE_GROUP_REGISTRY | EVENT_TRACE_TYPE_REGKCBRUNDOWNEND)
-
-#define PERFINFO_LOG_TYPE_CMCELLREFERRED (EVENT_TRACE_GROUP_REGISTRY | 0x20)
-#define PERFINFO_LOG_TYPE_REG_SET_VALUE (EVENT_TRACE_GROUP_REGISTRY | 0x21)
-#define PERFINFO_LOG_TYPE_REG_COUNTERS (EVENT_TRACE_GROUP_REGISTRY | 0x22)
-#define PERFINFO_LOG_TYPE_REG_CONFIG (EVENT_TRACE_GROUP_REGISTRY | 0x23)
-#define PERFINFO_LOG_TYPE_REG_HIVE_INITIALIZE (EVENT_TRACE_GROUP_REGISTRY | 0x24)
-#define PERFINFO_LOG_TYPE_REG_HIVE_DESTROY (EVENT_TRACE_GROUP_REGISTRY | 0x25)
-#define PERFINFO_LOG_TYPE_REG_HIVE_LINK (EVENT_TRACE_GROUP_REGISTRY | 0x26)
-#define PERFINFO_LOG_TYPE_REG_HIVE_RUNDOWN_DC_END (EVENT_TRACE_GROUP_REGISTRY | 0x27)
-#define PERFINFO_LOG_TYPE_REG_HIVE_DIRTY (EVENT_TRACE_GROUP_REGISTRY | 0x28)
-// Reserved
-#define PERFINFO_LOG_TYPE_REG_NOTIF_REGISTER (EVENT_TRACE_GROUP_REGISTRY | 0x30)
-#define PERFINFO_LOG_TYPE_REG_NOTIF_DELIVER (EVENT_TRACE_GROUP_REGISTRY | 0x31)
-
-//
-// Event types for PERF tracing specific subsystem
-//
-#define PERFINFO_LOG_TYPE_RUNDOWN_CHECKPOINT (EVENT_TRACE_GROUP_PERFINFO | 0x20)
-// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x21)
-#define PERFINFO_LOG_TYPE_MARK (EVENT_TRACE_GROUP_PERFINFO | 0x22)
-// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x23)
-#define PERFINFO_LOG_TYPE_ASYNCMARK (EVENT_TRACE_GROUP_PERFINFO | 0x24)
-// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x25)
-#define PERFINFO_LOG_TYPE_IMAGENAME (EVENT_TRACE_GROUP_PERFINFO | 0x26)
-#define PERFINFO_LOG_TYPE_DELAYS_CC_CAN_I_WRITE (EVENT_TRACE_GROUP_PERFINFO | 0x27)
-// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x28)
-// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x29)
-// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x2a)
-// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x2b)
-// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x2c)
-// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x2d)
-#define PERFINFO_LOG_TYPE_SAMPLED_PROFILE (EVENT_TRACE_GROUP_PERFINFO | 0x2e)
-#define PERFINFO_LOG_TYPE_PMC_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x2f)
-#define PERFINFO_LOG_TYPE_PMC_CONFIG (EVENT_TRACE_GROUP_PERFINFO | 0x30)
-// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x31)
-#define PERFINFO_LOG_TYPE_MSI_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x32)
-#define PERFINFO_LOG_TYPE_SYSCALL_ENTER (EVENT_TRACE_GROUP_PERFINFO | 0x33)
-#define PERFINFO_LOG_TYPE_SYSCALL_EXIT (EVENT_TRACE_GROUP_PERFINFO | 0x34)
-#define PERFINFO_LOG_TYPE_BACKTRACE (EVENT_TRACE_GROUP_PERFINFO | 0x35)
-#define PERFINFO_LOG_TYPE_BACKTRACE_USERSTACK (EVENT_TRACE_GROUP_PERFINFO | 0x36)
-#define PERFINFO_LOG_TYPE_SAMPLED_PROFILE_CACHE (EVENT_TRACE_GROUP_PERFINFO | 0x37)
-#define PERFINFO_LOG_TYPE_EXCEPTION_STACK (EVENT_TRACE_GROUP_PERFINFO | 0x38)
-#define PERFINFO_LOG_TYPE_BRANCH_TRACE (EVENT_TRACE_GROUP_PERFINFO | 0x39)
-#define PERFINFO_LOG_TYPE_DEBUGGER_ENABLED (EVENT_TRACE_GROUP_PERFINFO | 0x3a)
-#define PERFINFO_LOG_TYPE_DEBUGGER_EXIT (EVENT_TRACE_GROUP_PERFINFO | 0x3b)
-#define PERFINFO_LOG_TYPE_BRANCH_TRACE_DEBUG (EVENT_TRACE_GROUP_PERFINFO | 0x40)
-#define PERFINFO_LOG_TYPE_BRANCH_ADDRESS_DEBUG (EVENT_TRACE_GROUP_PERFINFO | 0x41)
-#define PERFINFO_LOG_TYPE_THREADED_DPC (EVENT_TRACE_GROUP_PERFINFO | 0x42)
-#define PERFINFO_LOG_TYPE_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x43)
-#define PERFINFO_LOG_TYPE_DPC (EVENT_TRACE_GROUP_PERFINFO | 0x44)
-#define PERFINFO_LOG_TYPE_TIMERDPC (EVENT_TRACE_GROUP_PERFINFO | 0x45)
-#define PERFINFO_LOG_TYPE_IOTIMER_EXPIRATION (EVENT_TRACE_GROUP_PERFINFO | 0x46)
-#define PERFINFO_LOG_TYPE_SAMPLED_PROFILE_NMI (EVENT_TRACE_GROUP_PERFINFO | 0x47)
-#define PERFINFO_LOG_TYPE_SAMPLED_PROFILE_SET_INTERVAL (EVENT_TRACE_GROUP_PERFINFO | 0x48)
-#define PERFINFO_LOG_TYPE_SAMPLED_PROFILE_DC_START (EVENT_TRACE_GROUP_PERFINFO | 0x49)
-#define PERFINFO_LOG_TYPE_SAMPLED_PROFILE_DC_END (EVENT_TRACE_GROUP_PERFINFO | 0x4a)
-#define PERFINFO_LOG_TYPE_SPINLOCK_DC_START (EVENT_TRACE_GROUP_PERFINFO | 0x4b)
-#define PERFINFO_LOG_TYPE_SPINLOCK_DC_END (EVENT_TRACE_GROUP_PERFINFO | 0x4c)
-#define PERFINFO_LOG_TYPE_ERESOURCE_DC_START (EVENT_TRACE_GROUP_PERFINFO | 0x4d)
-#define PERFINFO_LOG_TYPE_ERESOURCE_DC_END (EVENT_TRACE_GROUP_PERFINFO | 0x4e)
-#define PERFINFO_LOG_TYPE_CLOCK_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x4f)
-#define PERFINFO_LOG_TYPE_TIMER_EXPIRATION_START (EVENT_TRACE_GROUP_PERFINFO | 0x50)
-#define PERFINFO_LOG_TYPE_TIMER_EXPIRATION (EVENT_TRACE_GROUP_PERFINFO | 0x51)
-#define PERFINFO_LOG_TYPE_TIMER_SET_PERIODIC (EVENT_TRACE_GROUP_PERFINFO | 0x52)
-#define PERFINFO_LOG_TYPE_TIMER_SET_ONE_SHOT (EVENT_TRACE_GROUP_PERFINFO | 0x53)
-#define PERFINFO_LOG_TYPE_TIMER_SET_THREAD (EVENT_TRACE_GROUP_PERFINFO | 0x54)
-#define PERFINFO_LOG_TYPE_TIMER_CANCEL (EVENT_TRACE_GROUP_PERFINFO | 0x55)
-#define PERFINFO_LOG_TYPE_TIME_ADJUSTMENT (EVENT_TRACE_GROUP_PERFINFO | 0x56)
-#define PERFINFO_LOG_TYPE_CLOCK_MODE_SWITCH (EVENT_TRACE_GROUP_PERFINFO | 0x57)
-#define PERFINFO_LOG_TYPE_CLOCK_TIME_UPDATE (EVENT_TRACE_GROUP_PERFINFO | 0x58)
-#define PERFINFO_LOG_TYPE_CLOCK_DYNAMIC_TICK_VETO (EVENT_TRACE_GROUP_PERFINFO | 0x59)
-#define PERFINFO_LOG_TYPE_CLOCK_CONFIGURATION (EVENT_TRACE_GROUP_PERFINFO | 0x5a)
-#define PERFINFO_LOG_TYPE_IPI (EVENT_TRACE_GROUP_PERFINFO | 0x5b)
-#define PERFINFO_LOG_TYPE_UNEXPECTED_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x5c)
-#define PERFINFO_LOG_TYPE_IOTIMER_START (EVENT_TRACE_GROUP_PERFINFO | 0x5d)
-#define PERFINFO_LOG_TYPE_IOTIMER_STOP (EVENT_TRACE_GROUP_PERFINFO | 0x5e)
-#define PERFINFO_LOG_TYPE_PASSIVE_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x5f)
-#define PERFINFO_LOG_TYPE_WDF_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x60)
-#define PERFINFO_LOG_TYPE_WDF_PASSIVE_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x61)
-#define PERFINFO_LOG_TYPE_WDF_DPC (EVENT_TRACE_GROUP_PERFINFO | 0x62)
-#define PERFINFO_LOG_TYPE_CPU_CACHE_FLUSH (EVENT_TRACE_GROUP_PERFINFO | 0x63)
-#define PERFINFO_LOG_TYPE_DPC_ENQUEUE (EVENT_TRACE_GROUP_PERFINFO | 0x64)
-#define PERFINFO_LOG_TYPE_DPC_EXECUTION (EVENT_TRACE_GROUP_PERFINFO | 0x65)
-#define PERFINFO_LOG_TYPE_INTERRUPT_STEERING (EVENT_TRACE_GROUP_PERFINFO | 0x66)
-#define PERFINFO_LOG_TYPE_WDF_WORK_ITEM (EVENT_TRACE_GROUP_PERFINFO | 0x67)
-#define PERFINFO_LOG_TYPE_KTIMER2_SET (EVENT_TRACE_GROUP_PERFINFO | 0x68)
-#define PERFINFO_LOG_TYPE_KTIMER2_EXPIRATION (EVENT_TRACE_GROUP_PERFINFO | 0x69)
-#define PERFINFO_LOG_TYPE_KTIMER2_CANCEL (EVENT_TRACE_GROUP_PERFINFO | 0x6a)
-#define PERFINFO_LOG_TYPE_KTIMER2_DISABLE (EVENT_TRACE_GROUP_PERFINFO | 0x6b)
-#define PERFINFO_LOG_TYPE_KTIMER2_FINALIZATION (EVENT_TRACE_GROUP_PERFINFO | 0x6c)
-#define PERFINFO_LOG_TYPE_SHOULD_YIELD_PROCESSOR (EVENT_TRACE_GROUP_PERFINFO | 0x6d)
-
-//
-// Event types for ICE.
-//
-
-#define PERFINFO_LOG_TYPE_FUNCTION_CALL (EVENT_TRACE_GROUP_PERFINFO | 0x80)
-#define PERFINFO_LOG_TYPE_FUNCTION_RETURN (EVENT_TRACE_GROUP_PERFINFO | 0x81)
-#define PERFINFO_LOG_TYPE_FUNCTION_ENTER (EVENT_TRACE_GROUP_PERFINFO | 0x82)
-#define PERFINFO_LOG_TYPE_FUNCTION_EXIT (EVENT_TRACE_GROUP_PERFINFO | 0x83)
-#define PERFINFO_LOG_TYPE_TAILCALL (EVENT_TRACE_GROUP_PERFINFO | 0x84)
-#define PERFINFO_LOG_TYPE_TRAP (EVENT_TRACE_GROUP_PERFINFO | 0x85)
-#define PERFINFO_LOG_TYPE_SPINLOCK_ACQUIRE (EVENT_TRACE_GROUP_PERFINFO | 0x86)
-#define PERFINFO_LOG_TYPE_SPINLOCK_RELEASE (EVENT_TRACE_GROUP_PERFINFO | 0x87)
-#define PERFINFO_LOG_TYPE_CAP_COMMENT (EVENT_TRACE_GROUP_PERFINFO | 0x88)
-#define PERFINFO_LOG_TYPE_CAP_RUNDOWN (EVENT_TRACE_GROUP_PERFINFO | 0x89)
-
-//
-// Event types for Debugger subsystem.
-//
-
-#define PERFINFO_LOG_TYPE_DEBUG_PRINT (EVENT_TRACE_GROUP_DBGPRINT | 0x20)
-
-//
-// Event types for WNF facility
-//
-
-#define PERFINFO_LOG_TYPE_WNF_SUBSCRIBE (EVENT_TRACE_GROUP_WNF | 0x20)
-#define PERFINFO_LOG_TYPE_WNF_UNSUBSCRIBE (EVENT_TRACE_GROUP_WNF | 0x21)
-#define PERFINFO_LOG_TYPE_WNF_CALLBACK (EVENT_TRACE_GROUP_WNF | 0x22)
-#define PERFINFO_LOG_TYPE_WNF_PUBLISH (EVENT_TRACE_GROUP_WNF | 0x23)
-#define PERFINFO_LOG_TYPE_WNF_NAME_SUB_RUNDOWN (EVENT_TRACE_GROUP_WNF | 0x24)
-
-//
-// Event types for Pool subsystem.
-//
-
-#define PERFINFO_LOG_TYPE_ALLOCATEPOOL (EVENT_TRACE_GROUP_POOL | 0x20)
-#define PERFINFO_LOG_TYPE_ALLOCATEPOOL_SESSION (EVENT_TRACE_GROUP_POOL | 0x21)
-#define PERFINFO_LOG_TYPE_FREEPOOL (EVENT_TRACE_GROUP_POOL | 0x22)
-#define PERFINFO_LOG_TYPE_FREEPOOL_SESSION (EVENT_TRACE_GROUP_POOL | 0x23)
-#define PERFINFO_LOG_TYPE_ADDPOOLPAGE (EVENT_TRACE_GROUP_POOL | 0x24)
-#define PERFINFO_LOG_TYPE_ADDPOOLPAGE_SESSION (EVENT_TRACE_GROUP_POOL | 0x25)
-#define PERFINFO_LOG_TYPE_BIGPOOLPAGE (EVENT_TRACE_GROUP_POOL | 0x26)
-#define PERFINFO_LOG_TYPE_BIGPOOLPAGE_SESSION (EVENT_TRACE_GROUP_POOL | 0x27)
-#define PERFINFO_LOG_TYPE_POOLSNAP_DC_START (EVENT_TRACE_GROUP_POOL | 0x28)
-#define PERFINFO_LOG_TYPE_POOLSNAP_DC_END (EVENT_TRACE_GROUP_POOL | 0x29)
-#define PERFINFO_LOG_TYPE_BIGPOOLSNAP_DC_START (EVENT_TRACE_GROUP_POOL | 0x2a)
-#define PERFINFO_LOG_TYPE_BIGPOOLSNAP_DC_END (EVENT_TRACE_GROUP_POOL | 0x2b)
-#define PERFINFO_LOG_TYPE_POOLSNAP_SESSION_DC_START (EVENT_TRACE_GROUP_POOL | 0x2c)
-#define PERFINFO_LOG_TYPE_POOLSNAP_SESSION_DC_END (EVENT_TRACE_GROUP_POOL | 0x2d)
-#define PERFINFO_LOG_TYPE_SESSIONBIGPOOLSNAP_DC_START (EVENT_TRACE_GROUP_POOL | 0x2e)
-#define PERFINFO_LOG_TYPE_SESSIONBIGPOOLSNAP_DC_END (EVENT_TRACE_GROUP_POOL | 0x2f)
-
-//
-// Event types for Heap subsystem
-//
-#define PERFINFO_LOG_TYPE_HEAP_CREATE (EVENT_TRACE_GROUP_HEAP | 0x20)
-#define PERFINFO_LOG_TYPE_HEAP_ALLOC (EVENT_TRACE_GROUP_HEAP | 0x21)
-#define PERFINFO_LOG_TYPE_HEAP_REALLOC (EVENT_TRACE_GROUP_HEAP | 0x22)
-#define PERFINFO_LOG_TYPE_HEAP_DESTROY (EVENT_TRACE_GROUP_HEAP | 0x23)
-#define PERFINFO_LOG_TYPE_HEAP_FREE (EVENT_TRACE_GROUP_HEAP | 0x24)
-#define PERFINFO_LOG_TYPE_HEAP_EXTEND (EVENT_TRACE_GROUP_HEAP | 0x25)
-#define PERFINFO_LOG_TYPE_HEAP_SNAPSHOT (EVENT_TRACE_GROUP_HEAP | 0x26)
-#define PERFINFO_LOG_TYPE_HEAP_CREATE_SNAPSHOT (EVENT_TRACE_GROUP_HEAP | 0x27)
-#define PERFINFO_LOG_TYPE_HEAP_DESTROY_SNAPSHOT (EVENT_TRACE_GROUP_HEAP | 0x28)
-#define PERFINFO_LOG_TYPE_HEAP_EXTEND_SNAPSHOT (EVENT_TRACE_GROUP_HEAP | 0x29)
-#define PERFINFO_LOG_TYPE_HEAP_CONTRACT (EVENT_TRACE_GROUP_HEAP | 0x2a)
-#define PERFINFO_LOG_TYPE_HEAP_LOCK (EVENT_TRACE_GROUP_HEAP | 0x2b)
-#define PERFINFO_LOG_TYPE_HEAP_UNLOCK (EVENT_TRACE_GROUP_HEAP | 0x2c)
-#define PERFINFO_LOG_TYPE_HEAP_VALIDATE (EVENT_TRACE_GROUP_HEAP | 0x2d)
-#define PERFINFO_LOG_TYPE_HEAP_WALK (EVENT_TRACE_GROUP_HEAP | 0x2e)
-
-#define PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_ALLOC (EVENT_TRACE_GROUP_HEAP | 0x2f)
-#define PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_FREE (EVENT_TRACE_GROUP_HEAP | 0x30)
-#define PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_ALLOC_CACHE (EVENT_TRACE_GROUP_HEAP | 0x31)
-#define PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_FREE_CACHE (EVENT_TRACE_GROUP_HEAP | 0x32)
-#define PERFINFO_LOG_TYPE_HEAP_COMMIT (EVENT_TRACE_GROUP_HEAP | 0x33)
-#define PERFINFO_LOG_TYPE_HEAP_DECOMMIT (EVENT_TRACE_GROUP_HEAP | 0x34)
-#define PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_INIT (EVENT_TRACE_GROUP_HEAP | 0x35)
-#define PERFINFO_LOG_TYPE_HEAP_AFFINITY_ENABLE (EVENT_TRACE_GROUP_HEAP | 0x36)
-//Reserved (EVENT_TRACE_GROUP_HEAP | 0x37)
-#define PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_ACTIVATED (EVENT_TRACE_GROUP_HEAP | 0x38)
-#define PERFINFO_LOG_TYPE_HEAP_AFFINITY_ASSIGN (EVENT_TRACE_GROUP_HEAP | 0x39)
-#define PERFINFO_LOG_TYPE_HEAP_REUSE_THRESHOLD_ACTIVATED (EVENT_TRACE_GROUP_HEAP | 0x3a)
-
-//
-// Event Types for Critical Section Subsystem
-//
-
-#define PERFINFO_LOG_TYPE_CRITSEC_ENTER (EVENT_TRACE_GROUP_CRITSEC | 0x20)
-#define PERFINFO_LOG_TYPE_CRITSEC_LEAVE (EVENT_TRACE_GROUP_CRITSEC | 0x21)
-#define PERFINFO_LOG_TYPE_CRITSEC_COLLISION (EVENT_TRACE_GROUP_CRITSEC | 0x22)
-#define PERFINFO_LOG_TYPE_CRITSEC_INITIALIZE (EVENT_TRACE_GROUP_CRITSEC | 0x23)
-
-//
-// Event types for Stackwalk subsystem
-//
-
-#define PERFINFO_LOG_TYPE_STACKWALK (EVENT_TRACE_GROUP_STACKWALK | 0x20)
-//Reserved (EVENT_TRACE_GROUP_STACKWALK | 0x21)
-#define PERFINFO_LOG_TYPE_STACKTRACE_CREATE (EVENT_TRACE_GROUP_STACKWALK | 0x22)
-#define PERFINFO_LOG_TYPE_STACKTRACE_DELETE (EVENT_TRACE_GROUP_STACKWALK | 0x23)
-#define PERFINFO_LOG_TYPE_STACKTRACE_RUNDOWN (EVENT_TRACE_GROUP_STACKWALK | 0x24)
-#define PERFINFO_LOG_TYPE_STACKTRACE_KEY_KERNEL (EVENT_TRACE_GROUP_STACKWALK | 0x25)
-#define PERFINFO_LOG_TYPE_STACKTRACE_KEY_USER (EVENT_TRACE_GROUP_STACKWALK | 0x26)
-
-//
-// Event types for ALPC
-//
-
-#define WMI_LOG_TYPE_ALPC_SEND_MESSAGE (EVENT_TRACE_GROUP_ALPC | 0x21)
-#define WMI_LOG_TYPE_ALPC_RECEIVE_MESSAGE (EVENT_TRACE_GROUP_ALPC | 0x22)
-#define WMI_LOG_TYPE_ALPC_WAIT_FOR_REPLY (EVENT_TRACE_GROUP_ALPC | 0x23)
-#define WMI_LOG_TYPE_ALPC_WAIT_FOR_NEW_MESSAGE (EVENT_TRACE_GROUP_ALPC | 0x24)
-#define WMI_LOG_TYPE_ALPC_UNWAIT (EVENT_TRACE_GROUP_ALPC | 0x25)
-#define WMI_LOG_TYPE_ALPC_CONNECT_REQUEST (EVENT_TRACE_GROUP_ALPC | 0x26)
-#define WMI_LOG_TYPE_ALPC_CONNECT_SUCCESS (EVENT_TRACE_GROUP_ALPC | 0x27)
-#define WMI_LOG_TYPE_ALPC_CONNECT_FAIL (EVENT_TRACE_GROUP_ALPC | 0x28)
-#define WMI_LOG_TYPE_ALPC_CLOSE_PORT (EVENT_TRACE_GROUP_ALPC | 0x29)
-
-
-//
-// Event types for Object Manager subsystem
-//
-
-#define PERFINFO_LOG_TYPE_CREATE_HANDLE (EVENT_TRACE_GROUP_OBJECT | 0x20)
-#define PERFINFO_LOG_TYPE_CLOSE_HANDLE (EVENT_TRACE_GROUP_OBJECT | 0x21)
-#define PERFINFO_LOG_TYPE_DUPLICATE_HANDLE (EVENT_TRACE_GROUP_OBJECT | 0x22)
-//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x23)
-#define PERFINFO_LOG_TYPE_OBJECT_TYPE_DC_START (EVENT_TRACE_GROUP_OBJECT | 0x24)
-#define PERFINFO_LOG_TYPE_OBJECT_TYPE_DC_END (EVENT_TRACE_GROUP_OBJECT | 0x25)
-#define PERFINFO_LOG_TYPE_OBJECT_HANDLE_DC_START (EVENT_TRACE_GROUP_OBJECT | 0x26)
-#define PERFINFO_LOG_TYPE_OBJECT_HANDLE_DC_END (EVENT_TRACE_GROUP_OBJECT | 0x27)
-//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x28)
-//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x29)
-//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x2a)
-//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x2b)
-//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x2c)
-//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x2d)
-//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x2e)
-//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x2f)
-#define PERFINFO_LOG_TYPE_CREATE_OBJECT (EVENT_TRACE_GROUP_OBJECT | 0x30)
-#define PERFINFO_LOG_TYPE_DELETE_OBJECT (EVENT_TRACE_GROUP_OBJECT | 0x31)
-#define PERFINFO_LOG_TYPE_REFERENCE_OBJECT (EVENT_TRACE_GROUP_OBJECT | 0x32)
-#define PERFINFO_LOG_TYPE_DEREFERENCE_OBJECT (EVENT_TRACE_GROUP_OBJECT | 0x33)
-
-//
-// Event types for Power subsystem
-//
-
-#define PERFINFO_LOG_TYPE_BATTERY_LIFE_INFO (EVENT_TRACE_GROUP_POWER | 0x20)
-#define PERFINFO_LOG_TYPE_IDLE_STATE_CHANGE (EVENT_TRACE_GROUP_POWER | 0x21)
-#define PERFINFO_LOG_TYPE_SET_POWER_ACTION (EVENT_TRACE_GROUP_POWER | 0x22)
-#define PERFINFO_LOG_TYPE_SET_POWER_ACTION_RET (EVENT_TRACE_GROUP_POWER | 0x23)
-#define PERFINFO_LOG_TYPE_SET_DEVICES_STATE (EVENT_TRACE_GROUP_POWER | 0x24)
-#define PERFINFO_LOG_TYPE_SET_DEVICES_STATE_RET (EVENT_TRACE_GROUP_POWER | 0x25)
-#define PERFINFO_LOG_TYPE_PO_NOTIFY_DEVICE (EVENT_TRACE_GROUP_POWER | 0x26)
-#define PERFINFO_LOG_TYPE_PO_NOTIFY_DEVICE_COMPLETE (EVENT_TRACE_GROUP_POWER | 0x27)
-#define PERFINFO_LOG_TYPE_PO_SESSION_CALLOUT (EVENT_TRACE_GROUP_POWER | 0x28)
-#define PERFINFO_LOG_TYPE_PO_SESSION_CALLOUT_RET (EVENT_TRACE_GROUP_POWER | 0x29)
-#define PERFINFO_LOG_TYPE_PO_PRESLEEP (EVENT_TRACE_GROUP_POWER | 0x30)
-#define PERFINFO_LOG_TYPE_PO_POSTSLEEP (EVENT_TRACE_GROUP_POWER | 0x31)
-#define PERFINFO_LOG_TYPE_PO_CALIBRATED_PERFCOUNTER (EVENT_TRACE_GROUP_POWER | 0x32)
-#define PERFINFO_LOG_TYPE_PPM_PERF_STATE_CHANGE (EVENT_TRACE_GROUP_POWER | 0x33)
-#define PERFINFO_LOG_TYPE_PPM_THROTTLE_STATE_CHANGE (EVENT_TRACE_GROUP_POWER | 0x34)
-#define PERFINFO_LOG_TYPE_PPM_IDLE_STATE_CHANGE (EVENT_TRACE_GROUP_POWER | 0x35)
-#define PERFINFO_LOG_TYPE_PPM_THERMAL_CONSTRAINT (EVENT_TRACE_GROUP_POWER | 0x36)
-#define PERFINFO_LOG_TYPE_PO_SIGNAL_RESUME_UI (EVENT_TRACE_GROUP_POWER | 0x37)
-#define PERFINFO_LOG_TYPE_PO_SIGNAL_VIDEO_ON (EVENT_TRACE_GROUP_POWER | 0x38)
-#define PERFINFO_LOG_TYPE_PPM_IDLE_STATE_ENTER (EVENT_TRACE_GROUP_POWER | 0x39)
-#define PERFINFO_LOG_TYPE_PPM_IDLE_STATE_EXIT (EVENT_TRACE_GROUP_POWER | 0x3a)
-#define PERFINFO_LOG_TYPE_PPM_PLATFORM_IDLE_STATE_ENTER (EVENT_TRACE_GROUP_POWER | 0x3b)
-#define PERFINFO_LOG_TYPE_PPM_IDLE_EXIT_LATENCY (EVENT_TRACE_GROUP_POWER | 0x3c)
-#define PERFINFO_LOG_TYPE_PPM_IDLE_PROCESSOR_SELECTION (EVENT_TRACE_GROUP_POWER | 0x3d)
-#define PERFINFO_LOG_TYPE_PPM_IDLE_PLATFORM_SELECTION (EVENT_TRACE_GROUP_POWER | 0x3e)
-#define PERFINFO_LOG_TYPE_PPM_COORDINATED_IDLE_ENTER (EVENT_TRACE_GROUP_POWER | 0x3f)
-#define PERFINFO_LOG_TYPE_PPM_COORDINATED_IDLE_EXIT (EVENT_TRACE_GROUP_POWER | 0x40)
-
-//
-// Event types for MODBound subsystem
-//
-#define PERFINFO_LOG_TYPE_COWHEADER (EVENT_TRACE_GROUP_MODBOUND | 0x18)
-#define PERFINFO_LOG_TYPE_COWBLOB (EVENT_TRACE_GROUP_MODBOUND | 0x19)
-#define PERFINFO_LOG_TYPE_COWBLOB_CLOSED (EVENT_TRACE_GROUP_MODBOUND | 0x1a)
-#define PERFINFO_LOG_TYPE_MODULEBOUND_ENT (EVENT_TRACE_GROUP_MODBOUND | 0x20)
-#define PERFINFO_LOG_TYPE_MODULEBOUND_JUMP (EVENT_TRACE_GROUP_MODBOUND | 0x21)
-#define PERFINFO_LOG_TYPE_MODULEBOUND_RET (EVENT_TRACE_GROUP_MODBOUND | 0x22)
-#define PERFINFO_LOG_TYPE_MODULEBOUND_CALL (EVENT_TRACE_GROUP_MODBOUND | 0x23)
-#define PERFINFO_LOG_TYPE_MODULEBOUND_CALLRET (EVENT_TRACE_GROUP_MODBOUND | 0x24)
-#define PERFINFO_LOG_TYPE_MODULEBOUND_INT2E (EVENT_TRACE_GROUP_MODBOUND | 0x25)
-#define PERFINFO_LOG_TYPE_MODULEBOUND_INT2B (EVENT_TRACE_GROUP_MODBOUND | 0x26)
-#define PERFINFO_LOG_TYPE_MODULEBOUND_FULLTRACE (EVENT_TRACE_GROUP_MODBOUND | 0x27)
-
-//
-// Event types for the thread class scheduler
-//
-// TODO: Because MMCSS is a DLL it doesn't need to use UMGL.
-//
-#define PERFINFO_LOG_TYPE_MMCSS_START (0x20)
-#define PERFINFO_LOG_TYPE_MMCSS_STOP (0x21)
-#define PERFINFO_LOG_TYPE_MMCSS_SCHEDULER_EVENT (0x22)
-#define PERFINFO_LOG_TYPE_MMCSS_SCHEDULER_WAKEUP (0x23)
-#define PERFINFO_LOG_TYPE_MMCSS_SCHEDULER_SLEEP (0x24)
-#define PERFINFO_LOG_TYPE_MMCSS_SCHEDULER_SLEEP_RESP (0x25)
-
-
-//
-// Event types for SplitIo
-//
-
-#define PERFINFO_LOG_TYPE_SPLITIO_VOLMGR (EVENT_TRACE_GROUP_SPLITIO | 0x20)
-
-// Event types for ThreadPool
-#define PERFINFO_LOG_TYPE_TP_CALLBACK_ENQUEUE (EVENT_TRACE_GROUP_THREAD_POOL | 0x20)
-#define PERFINFO_LOG_TYPE_TP_CALLBACK_DEQUEUE (EVENT_TRACE_GROUP_THREAD_POOL | 0x21)
-#define PERFINFO_LOG_TYPE_TP_CALLBACK_START (EVENT_TRACE_GROUP_THREAD_POOL | 0x22)
-#define PERFINFO_LOG_TYPE_TP_CALLBACK_STOP (EVENT_TRACE_GROUP_THREAD_POOL | 0x23)
-#define PERFINFO_LOG_TYPE_TP_CALLBACK_CANCEL (EVENT_TRACE_GROUP_THREAD_POOL | 0x24)
-#define PERFINFO_LOG_TYPE_TP_POOL_CREATE (EVENT_TRACE_GROUP_THREAD_POOL | 0x25)
-#define PERFINFO_LOG_TYPE_TP_POOL_CLOSE (EVENT_TRACE_GROUP_THREAD_POOL | 0x26)
-#define PERFINFO_LOG_TYPE_TP_POOL_TH_MIN_SET (EVENT_TRACE_GROUP_THREAD_POOL | 0x27)
-#define PERFINFO_LOG_TYPE_TP_POOL_TH_MAX_SET (EVENT_TRACE_GROUP_THREAD_POOL | 0x28)
-#define PERFINFO_LOG_TYPE_TP_WORKER_NUMANODE_SWITCH (EVENT_TRACE_GROUP_THREAD_POOL | 0x29)
-#define PERFINFO_LOG_TYPE_TP_TIMER_SET (EVENT_TRACE_GROUP_THREAD_POOL | 0x2a)
-#define PERFINFO_LOG_TYPE_TP_TIMER_CANCELLED (EVENT_TRACE_GROUP_THREAD_POOL | 0x2b)
-#define PERFINFO_LOG_TYPE_TP_TIMER_SET_NTTIMER (EVENT_TRACE_GROUP_THREAD_POOL | 0x2c)
-#define PERFINFO_LOG_TYPE_TP_TIMER_CANCEL_NTTIMER (EVENT_TRACE_GROUP_THREAD_POOL | 0x2d)
-#define PERFINFO_LOG_TYPE_TP_TIMER_EXPIRATION_BEGIN (EVENT_TRACE_GROUP_THREAD_POOL | 0x2e)
-#define PERFINFO_LOG_TYPE_TP_TIMER_EXPIRATION_END (EVENT_TRACE_GROUP_THREAD_POOL | 0x2f)
-#define PERFINFO_LOG_TYPE_TP_TIMER_EXPIRATION (EVENT_TRACE_GROUP_THREAD_POOL | 0x30)
-
-// Event types for UMS
-#define PERFINFO_LOG_TYPE_UMS_DIRECTED_SWITCH_START (EVENT_TRACE_GROUP_UMS | 0x20)
-#define PERFINFO_LOG_TYPE_UMS_DIRECTED_SWITCH_END (EVENT_TRACE_GROUP_UMS | 0x21)
-#define PERFINFO_LOG_TYPE_UMS_PARK (EVENT_TRACE_GROUP_UMS | 0x22)
-#define PERFINFO_LOG_TYPE_UMS_DISASSOCIATE (EVENT_TRACE_GROUP_UMS | 0x23)
-#define PERFINFO_LOG_TYPE_UMS_CONTEXT_SWITCH (EVENT_TRACE_GROUP_UMS | 0x24)
-
-// Event types for Cache manager
-#define PERFINFO_LOG_TYPE_CC_WORKITEM_ENQUEUE (EVENT_TRACE_GROUP_CC | 0x00)
-#define PERFINFO_LOG_TYPE_CC_WORKITEM_DEQUEUE (EVENT_TRACE_GROUP_CC | 0x01)
-#define PERFINFO_LOG_TYPE_CC_WORKITEM_COMPLETE (EVENT_TRACE_GROUP_CC | 0x02)
-#define PERFINFO_LOG_TYPE_CC_READ_AHEAD (EVENT_TRACE_GROUP_CC | 0x03)
-#define PERFINFO_LOG_TYPE_CC_WRITE_BEHIND (EVENT_TRACE_GROUP_CC | 0x04)
-#define PERFINFO_LOG_TYPE_CC_LAZY_WRITE_SCAN (EVENT_TRACE_GROUP_CC | 0x05)
-#define PERFINFO_LOG_TYPE_CC_CAN_I_WRITE_FAIL (EVENT_TRACE_GROUP_CC | 0x06)
-//#define PERFINFO_LOG_TYPE_CC_MAP_VIEW (EVENT_TRACE_GROUP_CC | 0x07)
-//#define PERFINFO_LOG_TYPE_CC_UNMAP_VIEW (EVENT_TRACE_GROUP_CC | 0x08)
-#define PERFINFO_LOG_TYPE_CC_FLUSH_CACHE (EVENT_TRACE_GROUP_CC | 0x09)
-#define PERFINFO_LOG_TYPE_CC_FLUSH_SECTION (EVENT_TRACE_GROUP_CC | 0x0a)
-#define PERFINFO_LOG_TYPE_CC_READ_AHEAD_PREFETCH (EVENT_TRACE_GROUP_CC | 0x0b)
-#define PERFINFO_LOG_TYPE_CC_SCHEDULE_READ_AHEAD (EVENT_TRACE_GROUP_CC | 0x0c)
-#define PERFINFO_LOG_TYPE_CC_LOGGED_STREAM_INFO (EVENT_TRACE_GROUP_CC | 0x0d)
-#define PERFINFO_LOG_TYPE_CC_EXTRA_WRITEBEHIND_THREAD (EVENT_TRACE_GROUP_CC | 0x0e)
-
-typedef ULONG PERFINFO_MASK;
-
-typedef struct _PERFINFO_GROUPMASK
-{
- ULONG Masks[PERF_NUM_MASKS];
-} PERFINFO_GROUPMASK, *PPERFINFO_GROUPMASK;
-
-typedef struct _EVENT_TRACE_VERSION_INFORMATION
-{
- EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
- ULONG EventTraceKernelVersion;
-} EVENT_TRACE_VERSION_INFORMATION, *PEVENT_TRACE_VERSION_INFORMATION;
-
-typedef struct _EVENT_TRACE_GROUPMASK_INFORMATION
-{
- EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
- TRACEHANDLE TraceHandle;
- PERFINFO_GROUPMASK EventTraceGroupMasks;
-} EVENT_TRACE_GROUPMASK_INFORMATION, *PEVENT_TRACE_GROUPMASK_INFORMATION;
-
-typedef struct _EVENT_TRACE_PERFORMANCE_INFORMATION
-{
- EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
- LARGE_INTEGER LogfileBytesWritten;
-} EVENT_TRACE_PERFORMANCE_INFORMATION, *PEVENT_TRACE_PERFORMANCE_INFORMATION;
-
-typedef struct _EVENT_TRACE_TIME_PROFILE_INFORMATION
-{
- EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
- ULONG ProfileInterval;
-} EVENT_TRACE_TIME_PROFILE_INFORMATION, *PEVENT_TRACE_TIME_PROFILE_INFORMATION;
-
-typedef struct _EVENT_TRACE_SESSION_SECURITY_INFORMATION
-{
- EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
- ULONG SecurityInformation;
- TRACEHANDLE TraceHandle;
- UCHAR SecurityDescriptor[1];
-} EVENT_TRACE_SESSION_SECURITY_INFORMATION, *PEVENT_TRACE_SESSION_SECURITY_INFORMATION;
-
-typedef struct _EVENT_TRACE_SPINLOCK_INFORMATION
-{
- EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
- ULONG SpinLockSpinThreshold;
- ULONG SpinLockAcquireSampleRate;
- ULONG SpinLockContentionSampleRate;
- ULONG SpinLockHoldThreshold;
-} EVENT_TRACE_SPINLOCK_INFORMATION, *PEVENT_TRACE_SPINLOCK_INFORMATION;
-
-typedef struct _EVENT_TRACE_SYSTEM_EVENT_INFORMATION
-{
- EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
- TRACEHANDLE TraceHandle;
- ULONG HookId[1];
-} EVENT_TRACE_SYSTEM_EVENT_INFORMATION, *PEVENT_TRACE_SYSTEM_EVENT_INFORMATION;
-
-typedef EVENT_TRACE_SYSTEM_EVENT_INFORMATION EVENT_TRACE_STACK_TRACING_INFORMATION, *PEVENT_TRACE_STACK_TRACING_INFORMATION;
-typedef EVENT_TRACE_SYSTEM_EVENT_INFORMATION EVENT_TRACE_PEBS_TRACING_INFORMATION, *PEVENT_TRACE_PEBS_TRACING_INFORMATION;
-typedef EVENT_TRACE_SYSTEM_EVENT_INFORMATION EVENT_TRACE_PROFILE_EVENT_INFORMATION, *PEVENT_TRACE_PROFILE_EVENT_INFORMATION;
-
-typedef struct _EVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION
-{
- EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
- ULONG ReleaseSamplingRate;
- ULONG ContentionSamplingRate;
- ULONG NumberOfExcessiveTimeouts;
-} EVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION, *PEVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION;
-
-typedef struct _EVENT_TRACE_HEAP_TRACING_INFORMATION
-{
- EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
- ULONG ProcessId[1];
-} EVENT_TRACE_HEAP_TRACING_INFORMATION, *PEVENT_TRACE_HEAP_TRACING_INFORMATION;
-
-typedef struct _EVENT_TRACE_TAG_FILTER_INFORMATION
-{
- EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
- TRACEHANDLE TraceHandle;
- ULONG Filter[1];
-} EVENT_TRACE_TAG_FILTER_INFORMATION, *PEVENT_TRACE_TAG_FILTER_INFORMATION;
-
-typedef EVENT_TRACE_TAG_FILTER_INFORMATION EVENT_TRACE_POOLTAG_FILTER_INFORMATION, *PEVENT_TRACE_POOLTAG_FILTER_INFORMATION;
-typedef EVENT_TRACE_TAG_FILTER_INFORMATION EVENT_TRACE_OBJECT_TYPE_FILTER_INFORMATION, *PEVENT_TRACE_OBJECT_TYPE_FILTER_INFORMATION;
-
-// ProfileSource
-#define ETW_MAX_PROFILING_SOURCES 4
-#define ETW_MAX_PMC_EVENTS 4
-#define ETW_MAX_PMC_COUNTERS 4
-
-typedef struct _EVENT_TRACE_PROFILE_COUNTER_INFORMATION
-{
- EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
- TRACEHANDLE TraceHandle;
- ULONG ProfileSource[1];
-} EVENT_TRACE_PROFILE_COUNTER_INFORMATION, *PEVENT_TRACE_PROFILE_COUNTER_INFORMATION;
-
-typedef EVENT_TRACE_PROFILE_COUNTER_INFORMATION EVENT_TRACE_PROFILE_CONFIG_INFORMATION, *PEVENT_TRACE_PROFILE_CONFIG_INFORMATION;
-
-//typedef struct _PROFILE_SOURCE_INFO
-//{
-// ULONG NextEntryOffset;
-// ULONG Source;
-// ULONG MinInterval;
-// ULONG MaxInterval;
-// PVOID Reserved;
-// WCHAR Description[1];
-//} PROFILE_SOURCE_INFO, *PPROFILE_SOURCE_INFO;
-
-typedef struct _PROFILE_SOURCE_INFO *PPROFILE_SOURCE_INFO;
-
-typedef struct _EVENT_TRACE_PROFILE_LIST_INFORMATION
-{
- EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
- ULONG Spare;
- PPROFILE_SOURCE_INFO Profile[1];
-} EVENT_TRACE_PROFILE_LIST_INFORMATION, *PEVENT_TRACE_PROFILE_LIST_INFORMATION;
-
-typedef struct _EVENT_TRACE_STACK_CACHING_INFORMATION
-{
- EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
- TRACEHANDLE TraceHandle;
- BOOLEAN Enabled;
- UCHAR Reserved[3];
- ULONG CacheSize;
- ULONG BucketCount;
-} EVENT_TRACE_STACK_CACHING_INFORMATION, *PEVENT_TRACE_STACK_CACHING_INFORMATION;
-
-typedef struct _EVENT_TRACE_SOFT_RESTART_INFORMATION
-{
- EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
- TRACEHANDLE TraceHandle;
- BOOLEAN PersistTraceBuffers;
- WCHAR FileName[1];
-} EVENT_TRACE_SOFT_RESTART_INFORMATION, *PEVENT_TRACE_SOFT_RESTART_INFORMATION;
-
-typedef struct _EVENT_TRACE_PROFILE_ADD_INFORMATION
-{
- EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
- BOOLEAN PerfEvtEventSelect;
- BOOLEAN PerfEvtUnitSelect;
- ULONG PerfEvtType;
- ULONG CpuInfoHierarchy[0x3];
- ULONG InitialInterval;
- BOOLEAN AllowsHalt;
- BOOLEAN Persist;
- WCHAR ProfileSourceDescription[0x1];
-} EVENT_TRACE_PROFILE_ADD_INFORMATION, *PEVENT_TRACE_PROFILE_ADD_INFORMATION;
-
-typedef struct _EVENT_TRACE_PROFILE_REMOVE_INFORMATION
-{
- EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
- KPROFILE_SOURCE ProfileSource;
- ULONG CpuInfoHierarchy[0x3];
-} EVENT_TRACE_PROFILE_REMOVE_INFORMATION, *PEVENT_TRACE_PROFILE_REMOVE_INFORMATION;
-
-typedef struct _EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION
-{
- EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
- UCHAR CoverageSamplerInformationClass;
- UCHAR MajorVersion;
- UCHAR MinorVersion;
- UCHAR Reserved;
- HANDLE SamplerHandle;
-} EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION, *PEVENT_TRACE_COVERAGE_SAMPLER_INFORMATION;
-
-typedef struct _SYSTEM_EXCEPTION_INFORMATION
-{
- ULONG AlignmentFixupCount;
- ULONG ExceptionDispatchCount;
- ULONG FloatingEmulationCount;
- ULONG ByteWordEmulationCount;
-} SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION;
-
-typedef enum _SYSTEM_CRASH_DUMP_CONFIGURATION_CLASS
-{
- SystemCrashDumpDisable,
- SystemCrashDumpReconfigure,
- SystemCrashDumpInitializationComplete
-} SYSTEM_CRASH_DUMP_CONFIGURATION_CLASS, *PSYSTEM_CRASH_DUMP_CONFIGURATION_CLASS;
-
-typedef struct _SYSTEM_CRASH_DUMP_STATE_INFORMATION
-{
- SYSTEM_CRASH_DUMP_CONFIGURATION_CLASS CrashDumpConfigurationClass;
-} SYSTEM_CRASH_DUMP_STATE_INFORMATION, *PSYSTEM_CRASH_DUMP_STATE_INFORMATION;
-
-typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION
-{
- BOOLEAN KernelDebuggerEnabled;
- BOOLEAN KernelDebuggerNotPresent;
-} SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION;
-
-typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION
-{
- ULONG ContextSwitches;
- ULONG FindAny;
- ULONG FindLast;
- ULONG FindIdeal;
- ULONG IdleAny;
- ULONG IdleCurrent;
- ULONG IdleLast;
- ULONG IdleIdeal;
- ULONG PreemptAny;
- ULONG PreemptCurrent;
- ULONG PreemptLast;
- ULONG SwitchToIdle;
-} SYSTEM_CONTEXT_SWITCH_INFORMATION, *PSYSTEM_CONTEXT_SWITCH_INFORMATION;
-
-typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION
-{
- ULONG RegistryQuotaAllowed;
- ULONG RegistryQuotaUsed;
- SIZE_T PagedPoolSize;
-} SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION;
-
-typedef struct _SYSTEM_PROCESSOR_IDLE_INFORMATION
-{
- ULONGLONG IdleTime;
- ULONGLONG C1Time;
- ULONGLONG C2Time;
- ULONGLONG C3Time;
- ULONG C1Transitions;
- ULONG C2Transitions;
- ULONG C3Transitions;
- ULONG Padding;
-} SYSTEM_PROCESSOR_IDLE_INFORMATION, *PSYSTEM_PROCESSOR_IDLE_INFORMATION;
-
-typedef struct _SYSTEM_LEGACY_DRIVER_INFORMATION
-{
- ULONG VetoType;
- UNICODE_STRING VetoList;
-} SYSTEM_LEGACY_DRIVER_INFORMATION, *PSYSTEM_LEGACY_DRIVER_INFORMATION;
-
-typedef struct _SYSTEM_LOOKASIDE_INFORMATION
-{
- USHORT CurrentDepth;
- USHORT MaximumDepth;
- ULONG TotalAllocates;
- ULONG AllocateMisses;
- ULONG TotalFrees;
- ULONG FreeMisses;
- ULONG Type;
- ULONG Tag;
- ULONG Size;
-} SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION;
-
-// private
-typedef struct _SYSTEM_RANGE_START_INFORMATION
-{
- ULONG_PTR SystemRangeStart;
-} SYSTEM_RANGE_START_INFORMATION, *PSYSTEM_RANGE_START_INFORMATION;
-
-typedef struct _SYSTEM_VERIFIER_INFORMATION_LEGACY // pre-19H1
-{
- ULONG NextEntryOffset;
- ULONG Level;
- UNICODE_STRING DriverName;
-
- ULONG RaiseIrqls;
- ULONG AcquireSpinLocks;
- ULONG SynchronizeExecutions;
- ULONG AllocationsAttempted;
-
- ULONG AllocationsSucceeded;
- ULONG AllocationsSucceededSpecialPool;
- ULONG AllocationsWithNoTag;
- ULONG TrimRequests;
-
- ULONG Trims;
- ULONG AllocationsFailed;
- ULONG AllocationsFailedDeliberately;
- ULONG Loads;
-
- ULONG Unloads;
- ULONG UnTrackedPool;
- ULONG CurrentPagedPoolAllocations;
- ULONG CurrentNonPagedPoolAllocations;
-
- ULONG PeakPagedPoolAllocations;
- ULONG PeakNonPagedPoolAllocations;
-
- SIZE_T PagedPoolUsageInBytes;
- SIZE_T NonPagedPoolUsageInBytes;
- SIZE_T PeakPagedPoolUsageInBytes;
- SIZE_T PeakNonPagedPoolUsageInBytes;
-} SYSTEM_VERIFIER_INFORMATION_LEGACY, *PSYSTEM_VERIFIER_INFORMATION_LEGACY;
-
-typedef struct _SYSTEM_VERIFIER_INFORMATION
-{
- ULONG NextEntryOffset;
- ULONG Level;
- ULONG RuleClasses[2];
- ULONG TriageContext;
- ULONG AreAllDriversBeingVerified;
-
- UNICODE_STRING DriverName;
-
- ULONG RaiseIrqls;
- ULONG AcquireSpinLocks;
- ULONG SynchronizeExecutions;
- ULONG AllocationsAttempted;
-
- ULONG AllocationsSucceeded;
- ULONG AllocationsSucceededSpecialPool;
- ULONG AllocationsWithNoTag;
- ULONG TrimRequests;
-
- ULONG Trims;
- ULONG AllocationsFailed;
- ULONG AllocationsFailedDeliberately;
- ULONG Loads;
-
- ULONG Unloads;
- ULONG UnTrackedPool;
- ULONG CurrentPagedPoolAllocations;
- ULONG CurrentNonPagedPoolAllocations;
-
- ULONG PeakPagedPoolAllocations;
- ULONG PeakNonPagedPoolAllocations;
-
- SIZE_T PagedPoolUsageInBytes;
- SIZE_T NonPagedPoolUsageInBytes;
- SIZE_T PeakPagedPoolUsageInBytes;
- SIZE_T PeakNonPagedPoolUsageInBytes;
-} SYSTEM_VERIFIER_INFORMATION, *PSYSTEM_VERIFIER_INFORMATION;
-
-// private
-typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
-{
- ULONG SessionId;
- ULONG SizeOfBuf;
- PVOID Buffer;
-} SYSTEM_SESSION_PROCESS_INFORMATION, *PSYSTEM_SESSION_PROCESS_INFORMATION;
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-typedef struct _IMAGE_EXPORT_DIRECTORY *PIMAGE_EXPORT_DIRECTORY; // from ntrtl.h
-
-// private
-typedef struct _SYSTEM_GDI_DRIVER_INFORMATION
-{
- UNICODE_STRING DriverName;
- PVOID ImageAddress;
- PVOID SectionPointer;
- PVOID EntryPoint;
- PIMAGE_EXPORT_DIRECTORY ExportSectionPointer;
- ULONG ImageLength;
-} SYSTEM_GDI_DRIVER_INFORMATION, *PSYSTEM_GDI_DRIVER_INFORMATION;
-#endif
-
-// geoffchappell
-#ifdef _WIN64
-#define MAXIMUM_NODE_COUNT 0x40
-#else
-#define MAXIMUM_NODE_COUNT 0x10
-#endif
-
-// private
-typedef struct _SYSTEM_NUMA_INFORMATION
-{
- ULONG HighestNodeNumber;
- ULONG Reserved;
- union
- {
- GROUP_AFFINITY ActiveProcessorsGroupAffinity[MAXIMUM_NODE_COUNT];
- ULONGLONG AvailableMemory[MAXIMUM_NODE_COUNT];
- ULONGLONG Pad[MAXIMUM_NODE_COUNT * 2];
- };
-} SYSTEM_NUMA_INFORMATION, *PSYSTEM_NUMA_INFORMATION;
-
-typedef struct _SYSTEM_PROCESSOR_POWER_INFORMATION
-{
- UCHAR CurrentFrequency;
- UCHAR ThermalLimitFrequency;
- UCHAR ConstantThrottleFrequency;
- UCHAR DegradedThrottleFrequency;
- UCHAR LastBusyFrequency;
- UCHAR LastC3Frequency;
- UCHAR LastAdjustedBusyFrequency;
- UCHAR ProcessorMinThrottle;
- UCHAR ProcessorMaxThrottle;
- ULONG NumberOfFrequencies;
- ULONG PromotionCount;
- ULONG DemotionCount;
- ULONG ErrorCount;
- ULONG RetryCount;
- ULONGLONG CurrentFrequencyTime;
- ULONGLONG CurrentProcessorTime;
- ULONGLONG CurrentProcessorIdleTime;
- ULONGLONG LastProcessorTime;
- ULONGLONG LastProcessorIdleTime;
- ULONGLONG Energy;
-} SYSTEM_PROCESSOR_POWER_INFORMATION, *PSYSTEM_PROCESSOR_POWER_INFORMATION;
-
-typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX
-{
- PVOID Object;
- ULONG_PTR UniqueProcessId;
- ULONG_PTR HandleValue;
- ULONG GrantedAccess;
- USHORT CreatorBackTraceIndex;
- USHORT ObjectTypeIndex;
- ULONG HandleAttributes;
- ULONG Reserved;
-} SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO_EX;
-
-typedef struct _SYSTEM_HANDLE_INFORMATION_EX
-{
- ULONG_PTR NumberOfHandles;
- ULONG_PTR Reserved;
- _Field_size_(NumberOfHandles) SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX Handles[1];
-} SYSTEM_HANDLE_INFORMATION_EX, *PSYSTEM_HANDLE_INFORMATION_EX;
-
-typedef struct _SYSTEM_BIGPOOL_ENTRY
-{
- union
- {
- PVOID VirtualAddress;
- ULONG_PTR NonPaged : 1;
- };
- SIZE_T SizeInBytes;
- union
- {
- UCHAR Tag[4];
- ULONG TagUlong;
- };
-} SYSTEM_BIGPOOL_ENTRY, *PSYSTEM_BIGPOOL_ENTRY;
-
-typedef struct _SYSTEM_BIGPOOL_INFORMATION
-{
- ULONG Count;
- _Field_size_(Count) SYSTEM_BIGPOOL_ENTRY AllocatedInfo[1];
-} SYSTEM_BIGPOOL_INFORMATION, *PSYSTEM_BIGPOOL_INFORMATION;
-
-typedef struct _SYSTEM_POOL_ENTRY
-{
- BOOLEAN Allocated;
- BOOLEAN Spare0;
- USHORT AllocatorBackTraceIndex;
- ULONG Size;
- union
- {
- UCHAR Tag[4];
- ULONG TagUlong;
- PVOID ProcessChargedQuota;
- };
-} SYSTEM_POOL_ENTRY, *PSYSTEM_POOL_ENTRY;
-
-typedef struct _SYSTEM_POOL_INFORMATION
-{
- SIZE_T TotalSize;
- PVOID FirstEntry;
- USHORT EntryOverhead;
- BOOLEAN PoolTagPresent;
- BOOLEAN Spare0;
- ULONG NumberOfEntries;
- _Field_size_(NumberOfEntries) SYSTEM_POOL_ENTRY Entries[1];
-} SYSTEM_POOL_INFORMATION, *PSYSTEM_POOL_INFORMATION;
-
-typedef struct _SYSTEM_SESSION_POOLTAG_INFORMATION
-{
- SIZE_T NextEntryOffset;
- ULONG SessionId;
- ULONG Count;
- _Field_size_(Count) SYSTEM_POOLTAG TagInfo[1];
-} SYSTEM_SESSION_POOLTAG_INFORMATION, *PSYSTEM_SESSION_POOLTAG_INFORMATION;
-
-typedef struct _SYSTEM_SESSION_MAPPED_VIEW_INFORMATION
-{
- SIZE_T NextEntryOffset;
- ULONG SessionId;
- ULONG ViewFailures;
- SIZE_T NumberOfBytesAvailable;
- SIZE_T NumberOfBytesAvailableContiguous;
-} SYSTEM_SESSION_MAPPED_VIEW_INFORMATION, *PSYSTEM_SESSION_MAPPED_VIEW_INFORMATION;
-
-typedef enum _WATCHDOG_HANDLER_ACTION
-{
- WdActionSetTimeoutValue,
- WdActionQueryTimeoutValue,
- WdActionResetTimer,
- WdActionStopTimer,
- WdActionStartTimer,
- WdActionSetTriggerAction,
- WdActionQueryTriggerAction,
- WdActionQueryState
-} WATCHDOG_HANDLER_ACTION;
-
-typedef NTSTATUS (NTAPI *PSYSTEM_WATCHDOG_HANDLER)(_In_ WATCHDOG_HANDLER_ACTION Action, _In_ PVOID Context, _Inout_ PULONG DataValue, _In_ BOOLEAN NoLocks);
-
-// private
-typedef struct _SYSTEM_WATCHDOG_HANDLER_INFORMATION
-{
- PSYSTEM_WATCHDOG_HANDLER WdHandler;
- PVOID Context;
-} SYSTEM_WATCHDOG_HANDLER_INFORMATION, *PSYSTEM_WATCHDOG_HANDLER_INFORMATION;
-
-typedef enum _WATCHDOG_INFORMATION_CLASS
-{
- WdInfoTimeoutValue = 0,
- WdInfoResetTimer = 1,
- WdInfoStopTimer = 2,
- WdInfoStartTimer = 3,
- WdInfoTriggerAction = 4,
- WdInfoState = 5,
- WdInfoTriggerReset = 6,
- WdInfoNop = 7,
- WdInfoGeneratedLastReset = 8,
- WdInfoInvalid = 9,
-} WATCHDOG_INFORMATION_CLASS;
-
-// private
-typedef struct _SYSTEM_WATCHDOG_TIMER_INFORMATION
-{
- WATCHDOG_INFORMATION_CLASS WdInfoClass;
- ULONG DataValue;
-} SYSTEM_WATCHDOG_TIMER_INFORMATION, *PSYSTEM_WATCHDOG_TIMER_INFORMATION;
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-// private
-typedef enum _SYSTEM_FIRMWARE_TABLE_ACTION
-{
- SystemFirmwareTableEnumerate,
- SystemFirmwareTableGet,
- SystemFirmwareTableMax
-} SYSTEM_FIRMWARE_TABLE_ACTION;
-
-// private
-typedef struct _SYSTEM_FIRMWARE_TABLE_INFORMATION
-{
- ULONG ProviderSignature; // (same as the GetSystemFirmwareTable function)
- SYSTEM_FIRMWARE_TABLE_ACTION Action;
- ULONG TableID;
- ULONG TableBufferLength;
- _Field_size_bytes_(TableBufferLength) UCHAR TableBuffer[1];
-} SYSTEM_FIRMWARE_TABLE_INFORMATION, *PSYSTEM_FIRMWARE_TABLE_INFORMATION;
-#endif
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-// private
-typedef NTSTATUS (__cdecl* PFNFTH)(
- _Inout_ PSYSTEM_FIRMWARE_TABLE_INFORMATION SystemFirmwareTableInfo
- );
-
-// private
-typedef struct _SYSTEM_FIRMWARE_TABLE_HANDLER
-{
- ULONG ProviderSignature;
- BOOLEAN Register;
- PFNFTH FirmwareTableHandler;
- PVOID DriverObject;
-} SYSTEM_FIRMWARE_TABLE_HANDLER, *PSYSTEM_FIRMWARE_TABLE_HANDLER;
-#endif
-
-// private
-typedef struct _SYSTEM_MEMORY_LIST_INFORMATION
-{
- ULONG_PTR ZeroPageCount;
- ULONG_PTR FreePageCount;
- ULONG_PTR ModifiedPageCount;
- ULONG_PTR ModifiedNoWritePageCount;
- ULONG_PTR BadPageCount;
- ULONG_PTR PageCountByPriority[8];
- ULONG_PTR RepurposedPagesByPriority[8];
- ULONG_PTR ModifiedPageCountPageFile;
-} SYSTEM_MEMORY_LIST_INFORMATION, *PSYSTEM_MEMORY_LIST_INFORMATION;
-
-// private
-typedef enum _SYSTEM_MEMORY_LIST_COMMAND
-{
- MemoryCaptureAccessedBits,
- MemoryCaptureAndResetAccessedBits,
- MemoryEmptyWorkingSets,
- MemoryFlushModifiedList,
- MemoryPurgeStandbyList,
- MemoryPurgeLowPriorityStandbyList,
- MemoryCommandMax
-} SYSTEM_MEMORY_LIST_COMMAND;
-
-// private
-typedef struct _SYSTEM_THREAD_CID_PRIORITY_INFORMATION
-{
- CLIENT_ID ClientId;
- KPRIORITY Priority;
-} SYSTEM_THREAD_CID_PRIORITY_INFORMATION, *PSYSTEM_THREAD_CID_PRIORITY_INFORMATION;
-
-// private
-typedef struct _SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION
-{
- ULONGLONG CycleTime;
-} SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION, *PSYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION;
-
-// private
-typedef struct _SYSTEM_VERIFIER_ISSUE
-{
- ULONGLONG IssueType;
- PVOID Address;
- ULONGLONG Parameters[2];
-} SYSTEM_VERIFIER_ISSUE, *PSYSTEM_VERIFIER_ISSUE;
-
-// private
-typedef struct _SYSTEM_VERIFIER_CANCELLATION_INFORMATION
-{
- ULONG CancelProbability;
- ULONG CancelThreshold;
- ULONG CompletionThreshold;
- ULONG CancellationVerifierDisabled;
- ULONG AvailableIssues;
- SYSTEM_VERIFIER_ISSUE Issues[128];
-} SYSTEM_VERIFIER_CANCELLATION_INFORMATION, *PSYSTEM_VERIFIER_CANCELLATION_INFORMATION;
-
-// private
-typedef struct _SYSTEM_REF_TRACE_INFORMATION
-{
- BOOLEAN TraceEnable;
- BOOLEAN TracePermanent;
- UNICODE_STRING TraceProcessName;
- UNICODE_STRING TracePoolTags;
-} SYSTEM_REF_TRACE_INFORMATION, *PSYSTEM_REF_TRACE_INFORMATION;
-
-// private
-typedef struct _SYSTEM_SPECIAL_POOL_INFORMATION
-{
- ULONG PoolTag;
- ULONG Flags;
-} SYSTEM_SPECIAL_POOL_INFORMATION, *PSYSTEM_SPECIAL_POOL_INFORMATION;
-
-// private
-typedef struct _SYSTEM_PROCESS_ID_INFORMATION
-{
- HANDLE ProcessId;
- UNICODE_STRING ImageName;
-} SYSTEM_PROCESS_ID_INFORMATION, *PSYSTEM_PROCESS_ID_INFORMATION;
-
-// private
-typedef struct _SYSTEM_HYPERVISOR_QUERY_INFORMATION
-{
- BOOLEAN HypervisorConnected;
- BOOLEAN HypervisorDebuggingEnabled;
- BOOLEAN HypervisorPresent;
- BOOLEAN Spare0[5];
- ULONGLONG EnabledEnlightenments;
-} SYSTEM_HYPERVISOR_QUERY_INFORMATION, *PSYSTEM_HYPERVISOR_QUERY_INFORMATION;
-
-// private
-typedef struct _SYSTEM_BOOT_ENVIRONMENT_INFORMATION
-{
- GUID BootIdentifier;
- FIRMWARE_TYPE FirmwareType;
- union
- {
- ULONGLONG BootFlags;
- struct
- {
- ULONGLONG DbgMenuOsSelection : 1; // REDSTONE4
- ULONGLONG DbgHiberBoot : 1;
- ULONGLONG DbgSoftBoot : 1;
- ULONGLONG DbgMeasuredLaunch : 1;
- ULONGLONG DbgMeasuredLaunchCapable : 1; // 19H1
- ULONGLONG DbgSystemHiveReplace : 1;
- ULONGLONG DbgMeasuredLaunchSmmProtections : 1;
- ULONGLONG DbgMeasuredLaunchSmmLevel : 7; // 20H1
- };
- };
-} SYSTEM_BOOT_ENVIRONMENT_INFORMATION, *PSYSTEM_BOOT_ENVIRONMENT_INFORMATION;
-
-// private
-typedef struct _SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION
-{
- ULONG FlagsToEnable;
- ULONG FlagsToDisable;
-} SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION, *PSYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION;
-
-// private
-typedef enum _COVERAGE_REQUEST_CODES
-{
- CoverageAllModules = 0,
- CoverageSearchByHash = 1,
- CoverageSearchByName = 2
-} COVERAGE_REQUEST_CODES;
-
-// private
-typedef struct _COVERAGE_MODULE_REQUEST
-{
- COVERAGE_REQUEST_CODES RequestType;
- union
- {
- UCHAR MD5Hash[16];
- UNICODE_STRING ModuleName;
- } SearchInfo;
-} COVERAGE_MODULE_REQUEST, *PCOVERAGE_MODULE_REQUEST;
-
-// private
-typedef struct _COVERAGE_MODULE_INFO
-{
- ULONG ModuleInfoSize;
- ULONG IsBinaryLoaded;
- UNICODE_STRING ModulePathName;
- ULONG CoverageSectionSize;
- UCHAR CoverageSection[1];
-} COVERAGE_MODULE_INFO, *PCOVERAGE_MODULE_INFO;
-
-// private
-typedef struct _COVERAGE_MODULES
-{
- ULONG ListAndReset;
- ULONG NumberOfModules;
- COVERAGE_MODULE_REQUEST ModuleRequestInfo;
- COVERAGE_MODULE_INFO Modules[1];
-} COVERAGE_MODULES, *PCOVERAGE_MODULES;
-
-// private
-typedef struct _SYSTEM_PREFETCH_PATCH_INFORMATION
-{
- ULONG PrefetchPatchCount;
-} SYSTEM_PREFETCH_PATCH_INFORMATION, *PSYSTEM_PREFETCH_PATCH_INFORMATION;
-
-// private
-typedef struct _SYSTEM_VERIFIER_FAULTS_INFORMATION
-{
- ULONG Probability;
- ULONG MaxProbability;
- UNICODE_STRING PoolTags;
- UNICODE_STRING Applications;
-} SYSTEM_VERIFIER_FAULTS_INFORMATION, *PSYSTEM_VERIFIER_FAULTS_INFORMATION;
-
-// private
-typedef struct _SYSTEM_VERIFIER_INFORMATION_EX
-{
- ULONG VerifyMode;
- ULONG OptionChanges;
- UNICODE_STRING PreviousBucketName;
- ULONG IrpCancelTimeoutMsec;
- ULONG VerifierExtensionEnabled;
-#ifdef _WIN64
- ULONG Reserved[1];
-#else
- ULONG Reserved[3];
-#endif
-} SYSTEM_VERIFIER_INFORMATION_EX, *PSYSTEM_VERIFIER_INFORMATION_EX;
-
-// private
-typedef struct _SYSTEM_SYSTEM_PARTITION_INFORMATION
-{
- UNICODE_STRING SystemPartition;
-} SYSTEM_SYSTEM_PARTITION_INFORMATION, *PSYSTEM_SYSTEM_PARTITION_INFORMATION;
-
-// private
-typedef struct _SYSTEM_SYSTEM_DISK_INFORMATION
-{
- UNICODE_STRING SystemDisk;
-} SYSTEM_SYSTEM_DISK_INFORMATION, *PSYSTEM_SYSTEM_DISK_INFORMATION;
-
-// private
-typedef struct _SYSTEM_NUMA_PROXIMITY_MAP
-{
- ULONG NodeProximityId;
- USHORT NodeNumber;
-} SYSTEM_NUMA_PROXIMITY_MAP, *PSYSTEM_NUMA_PROXIMITY_MAP;
-
-// private (Windows 8.1 and above)
-typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT
-{
- ULONGLONG Hits;
- UCHAR PercentFrequency;
-} SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT, *PSYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT;
-
-// private (Windows 7 and Windows 8)
-typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8
-{
- ULONG Hits;
- UCHAR PercentFrequency;
-} SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8, *PSYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8;
-
-// private
-typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION
-{
- ULONG ProcessorNumber;
- ULONG StateCount;
- _Field_size_(StateCount) SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT States[1];
-} SYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION, *PSYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION;
-
-// private
-typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION
-{
- ULONG ProcessorCount;
- ULONG Offsets[1];
-} SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION, *PSYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION;
-
-#define CODEINTEGRITY_OPTION_ENABLED 0x01
-#define CODEINTEGRITY_OPTION_TESTSIGN 0x02
-#define CODEINTEGRITY_OPTION_UMCI_ENABLED 0x04
-#define CODEINTEGRITY_OPTION_UMCI_AUDITMODE_ENABLED 0x08
-#define CODEINTEGRITY_OPTION_UMCI_EXCLUSIONPATHS_ENABLED 0x10
-#define CODEINTEGRITY_OPTION_TEST_BUILD 0x20
-#define CODEINTEGRITY_OPTION_PREPRODUCTION_BUILD 0x40
-#define CODEINTEGRITY_OPTION_DEBUGMODE_ENABLED 0x80
-#define CODEINTEGRITY_OPTION_FLIGHT_BUILD 0x100
-#define CODEINTEGRITY_OPTION_FLIGHTING_ENABLED 0x200
-#define CODEINTEGRITY_OPTION_HVCI_KMCI_ENABLED 0x400
-#define CODEINTEGRITY_OPTION_HVCI_KMCI_AUDITMODE_ENABLED 0x800
-#define CODEINTEGRITY_OPTION_HVCI_KMCI_STRICTMODE_ENABLED 0x1000
-#define CODEINTEGRITY_OPTION_HVCI_IUM_ENABLED 0x2000
-#define CODEINTEGRITY_OPTION_WHQL_ENFORCEMENT_ENABLED 0x4000
-#define CODEINTEGRITY_OPTION_WHQL_AUDITMODE_ENABLED 0x8000
-
-// private
-typedef struct _SYSTEM_CODEINTEGRITY_INFORMATION
-{
- ULONG Length;
- ULONG CodeIntegrityOptions;
-} SYSTEM_CODEINTEGRITY_INFORMATION, *PSYSTEM_CODEINTEGRITY_INFORMATION;
-
-// private
-typedef struct _SYSTEM_PROCESSOR_MICROCODE_UPDATE_INFORMATION
-{
- ULONG Operation;
-} SYSTEM_PROCESSOR_MICROCODE_UPDATE_INFORMATION, *PSYSTEM_PROCESSOR_MICROCODE_UPDATE_INFORMATION;
-
-// private
-typedef enum _SYSTEM_VA_TYPE
-{
- SystemVaTypeAll,
- SystemVaTypeNonPagedPool,
- SystemVaTypePagedPool,
- SystemVaTypeSystemCache,
- SystemVaTypeSystemPtes,
- SystemVaTypeSessionSpace,
- SystemVaTypeMax
-} SYSTEM_VA_TYPE, *PSYSTEM_VA_TYPE;
-
-// private
-typedef struct _SYSTEM_VA_LIST_INFORMATION
-{
- SIZE_T VirtualSize;
- SIZE_T VirtualPeak;
- SIZE_T VirtualLimit;
- SIZE_T AllocationFailures;
-} SYSTEM_VA_LIST_INFORMATION, *PSYSTEM_VA_LIST_INFORMATION;
-
-// rev
-typedef enum _STORE_INFORMATION_CLASS
-{
- StorePageRequest = 1,
- StoreStatsRequest = 2, // q: SM_STATS_REQUEST // SmProcessStatsRequest
- StoreCreateRequest = 3, // s: SM_CREATE_REQUEST (requires SeProfileSingleProcessPrivilege)
- StoreDeleteRequest = 4, // s: SM_DELETE_REQUEST (requires SeProfileSingleProcessPrivilege)
- StoreListRequest = 5, // q: SM_STORE_LIST_REQUEST / SM_STORE_LIST_REQUEST_EX // SmProcessListRequest
- Available1 = 6,
- StoreEmptyRequest = 7,
- CacheListRequest = 8, // q: SMC_CACHE_LIST_REQUEST // SmcProcessListRequest
- CacheCreateRequest = 9, // s: SMC_CACHE_CREATE_REQUEST (requires SeProfileSingleProcessPrivilege)
- CacheDeleteRequest = 10, // s: SMC_CACHE_DELETE_REQUEST (requires SeProfileSingleProcessPrivilege)
- CacheStoreCreateRequest = 11, // s: SMC_STORE_CREATE_REQUEST (requires SeProfileSingleProcessPrivilege)
- CacheStoreDeleteRequest = 12, // s: SMC_STORE_DELETE_REQUEST (requires SeProfileSingleProcessPrivilege)
- CacheStatsRequest = 13, // q: SMC_CACHE_STATS_REQUEST // SmcProcessStatsRequest
- Available2 = 14,
- RegistrationRequest = 15, // q: SM_REGISTRATION_REQUEST (requires SeProfileSingleProcessPrivilege) // SmProcessRegistrationRequest
- GlobalCacheStatsRequest = 16,
- StoreResizeRequest = 17, // s: SM_STORE_RESIZE_REQUEST (requires SeProfileSingleProcessPrivilege)
- CacheStoreResizeRequest = 18, // s: SMC_STORE_RESIZE_REQUEST (requires SeProfileSingleProcessPrivilege)
- SmConfigRequest = 19, // s: SM_CONFIG_REQUEST (requires SeProfileSingleProcessPrivilege)
- StoreHighMemoryPriorityRequest = 20, // s: SM_STORE_HIGH_MEM_PRIORITY_REQUEST (requires SeProfileSingleProcessPrivilege)
- SystemStoreTrimRequest = 21, // s: SM_SYSTEM_STORE_TRIM_REQUEST (requires SeProfileSingleProcessPrivilege)
- MemCompressionInfoRequest = 22, // q: SM_MEM_COMPRESSION_INFO_REQUEST // SmProcessCompressionInfoRequest
- ProcessStoreInfoRequest = 23, // SmProcessProcessStoreInfoRequest
- StoreInformationMax
-} STORE_INFORMATION_CLASS;
-
-// rev
-#define SYSTEM_STORE_INFORMATION_VERSION 1
-
-// rev
-typedef struct _SYSTEM_STORE_INFORMATION
-{
- _In_ ULONG Version;
- _In_ STORE_INFORMATION_CLASS StoreInformationClass;
- _Inout_ PVOID Data;
- _Inout_ ULONG Length;
-} SYSTEM_STORE_INFORMATION, *PSYSTEM_STORE_INFORMATION;
-
-#define SYSTEM_STORE_STATS_INFORMATION_VERSION 2
-
-typedef enum _ST_STATS_LEVEL
-{
- StStatsLevelBasic = 0,
- StStatsLevelIoStats = 1,
- StStatsLevelRegionSpace = 2, // requires SeProfileSingleProcessPrivilege
- StStatsLevelSpaceBitmap = 3, // requires SeProfileSingleProcessPrivilege
- StStatsLevelMax = 4
-} ST_STATS_LEVEL;
-
-typedef struct _SM_STATS_REQUEST
-{
- ULONG Version : 8; // SYSTEM_STORE_STATS_INFORMATION_VERSION
- ULONG DetailLevel : 8; // ST_STATS_LEVEL
- ULONG StoreId : 16;
- ULONG BufferSize;
- PVOID Buffer; // PST_STATS
-} SM_STATS_REQUEST, *PSM_STATS_REQUEST;
-
-typedef struct _ST_DATA_MGR_STATS
-{
- ULONG RegionCount;
- ULONG PagesStored;
- ULONG UniquePagesStored;
- ULONG LazyCleanupRegionCount;
- struct {
- ULONG RegionsInUse;
- ULONG SpaceUsed;
- } Space[8];
-} ST_DATA_MGR_STATS, *PST_DATA_MGR_STATS;
-
-typedef struct _ST_IO_STATS_PERIOD
-{
- ULONG PageCounts[5];
-} ST_IO_STATS_PERIOD, *PST_IO_STATS_PERIOD;
-
-typedef struct _ST_IO_STATS
-{
- ULONG PeriodCount;
- ST_IO_STATS_PERIOD Periods[64];
-} ST_IO_STATS, *PST_IO_STATS;
-
-typedef struct _ST_READ_LATENCY_BUCKET
-{
- ULONG LatencyUs;
- ULONG Count;
-} ST_READ_LATENCY_BUCKET, *PST_READ_LATENCY_BUCKET;
-
-typedef struct _ST_READ_LATENCY_STATS
-{
- ST_READ_LATENCY_BUCKET Buckets[8];
-} ST_READ_LATENCY_STATS, *PST_READ_LATENCY_STATS;
-
-// rev
-typedef struct _ST_STATS_REGION_INFO
-{
- USHORT SpaceUsed;
- UCHAR Priority;
- UCHAR Spare;
-} ST_STATS_REGION_INFO, *PST_STATS_REGION_INFO;
-
-// rev
-typedef struct _ST_STATS_SPACE_BITMAP
-{
- SIZE_T CompressedBytes;
- ULONG BytesPerBit;
- UCHAR StoreBitmap[1];
-} ST_STATS_SPACE_BITMAP, *PST_STATS_SPACE_BITMAP;
-
-// rev
-typedef struct _ST_STATS
-{
- ULONG Version : 8;
- ULONG Level : 4;
- ULONG StoreType : 4;
- ULONG NoDuplication : 1;
- ULONG NoCompression : 1;
- ULONG EncryptionStrength : 12;
- ULONG VirtualRegions : 1;
- ULONG Spare0 : 1;
- ULONG Size;
- USHORT CompressionFormat;
- USHORT Spare;
-
- struct
- {
- ULONG RegionSize;
- ULONG RegionCount;
- ULONG RegionCountMax;
- ULONG Granularity;
- ST_DATA_MGR_STATS UserData;
- ST_DATA_MGR_STATS Metadata;
- } Basic;
-
- struct
- {
- ST_IO_STATS IoStats;
- ST_READ_LATENCY_STATS ReadLatencyStats;
- } Io;
-
- // ST_STATS_REGION_INFO[RegionCountMax]
- // ST_STATS_SPACE_BITMAP
-} ST_STATS, *PST_STATS;
-
-#define SYSTEM_STORE_CREATE_INFORMATION_VERSION 6
-
-typedef enum _SM_STORE_TYPE
-{
- StoreTypeInMemory=0,
- StoreTypeFile=1,
- StoreTypeMax=2
-} SM_STORE_TYPE;
-
-typedef struct _SM_STORE_BASIC_PARAMS
-{
- union
- {
- struct
- {
- ULONG StoreType : 8; // SM_STORE_TYPE
- ULONG NoDuplication : 1;
- ULONG FailNoCompression : 1;
- ULONG NoCompression : 1 ;
- ULONG NoEncryption : 1;
- ULONG NoEvictOnAdd : 1;
- ULONG PerformsFileIo : 1;
- ULONG VdlNotSet : 1 ;
- ULONG UseIntermediateAddBuffer : 1;
- ULONG CompressNoHuff : 1;
- ULONG LockActiveRegions : 1;
- ULONG VirtualRegions : 1;
- ULONG Spare : 13;
- };
- ULONG StoreFlags;
- };
- ULONG Granularity;
- ULONG RegionSize;
- ULONG RegionCountMax;
-} SM_STORE_BASIC_PARAMS, *PSM_STORE_BASIC_PARAMS;
-
-typedef struct _SMKM_REGION_EXTENT
-{
- ULONG RegionCount;
- SIZE_T ByteOffset;
-} SMKM_REGION_EXTENT, *PSMKM_REGION_EXTENT;
-
-typedef struct _FILE_OBJECT *PFILE_OBJECT;
-typedef struct _DEVICE_OBJECT *PDEVICE_OBJECT;
-typedef struct _IRP *PIRP;
-typedef struct _RTL_BITMAP *PRTL_BITMAP;
-
-typedef struct _SMKM_FILE_INFO
-{
- HANDLE FileHandle;
- PFILE_OBJECT FileObject;
- PFILE_OBJECT VolumeFileObject;
- PDEVICE_OBJECT VolumeDeviceObject;
- HANDLE VolumePnpHandle;
- PIRP UsageNotificationIrp;
- PSMKM_REGION_EXTENT Extents;
- ULONG ExtentCount;
-} SMKM_FILE_INFO, *PSMKM_FILE_INFO;
-
-typedef struct _SM_STORE_CACHE_BACKED_PARAMS
-{
- ULONG SectorSize;
- PCHAR EncryptionKey;
- ULONG EncryptionKeySize;
- PSMKM_FILE_INFO FileInfo;
- PVOID EtaContext;
- PRTL_BITMAP StoreRegionBitmap;
-} SM_STORE_CACHE_BACKED_PARAMS, *PSM_STORE_CACHE_BACKED_PARAMS;
-
-typedef struct _SM_STORE_PARAMETERS
-{
- SM_STORE_BASIC_PARAMS Store;
- ULONG Priority;
- ULONG Flags;
- SM_STORE_CACHE_BACKED_PARAMS CacheBacked;
-} SM_STORE_PARAMETERS, *PSM_STORE_PARAMETERS;
-
-typedef struct _SM_CREATE_REQUEST
-{
- ULONG Version : 8; // SYSTEM_STORE_CREATE_INFORMATION_VERSION
- ULONG AcquireReference : 1;
- ULONG KeyedStore : 1;
- ULONG Spare : 22;
- SM_STORE_PARAMETERS Params;
- ULONG StoreId;
-} SM_CREATE_REQUEST, *PSM_CREATE_REQUEST;
-
-#define SYSTEM_STORE_DELETE_INFORMATION_VERSION 1
-
-typedef struct _SM_DELETE_REQUEST
-{
- ULONG Version : 8; // SYSTEM_STORE_DELETE_INFORMATION_VERSION
- ULONG Spare : 24;
- ULONG StoreId;
-} SM_DELETE_REQUEST, *PSM_DELETE_REQUEST;
-
-#define SYSTEM_STORE_LIST_INFORMATION_VERSION 2
-
-typedef struct _SM_STORE_LIST_REQUEST
-{
- ULONG Version : 8; // SYSTEM_STORE_LIST_INFORMATION_VERSION
- ULONG StoreCount : 8; // = 0
- ULONG ExtendedRequest : 1; // SM_STORE_LIST_REQUEST_EX if set
- ULONG Spare : 15;
- ULONG StoreId[32];
-} SM_STORE_LIST_REQUEST, *PSM_STORE_LIST_REQUEST;
-
-typedef struct _SM_STORE_LIST_REQUEST_EX
-{
- SM_STORE_LIST_REQUEST Request;
- WCHAR NameBuffer[32][64];
-} SM_STORE_LIST_REQUEST_EX, *PSM_STORE_LIST_REQUEST_EX;
-
-#define SYSTEM_CACHE_LIST_INFORMATION_VERSION 2
-
-typedef struct _SMC_CACHE_LIST_REQUEST
-{
- ULONG Version : 8; // SYSTEM_CACHE_LIST_INFORMATION_VERSION
- ULONG CacheCount : 8; // = 0
- ULONG Spare : 16;
- ULONG CacheId[16];
-} SMC_CACHE_LIST_REQUEST, *PSMC_CACHE_LIST_REQUEST;
-
-#define SYSTEM_CACHE_CREATE_INFORMATION_VERSION 3
-
-typedef struct _SMC_CACHE_PARAMETERS
-{
- SIZE_T CacheFileSize;
- ULONG StoreAlignment;
- ULONG PerformsFileIo : 1;
- ULONG VdlNotSet : 1;
- ULONG Spare : 30;
- ULONG CacheFlags;
- ULONG Priority;
-} SMC_CACHE_PARAMETERS, *PSMC_CACHE_PARAMETERS;
-
-typedef struct _SMC_CACHE_CREATE_PARAMETERS
-{
- SMC_CACHE_PARAMETERS CacheParameters;
- WCHAR TemplateFilePath[512];
-} SMC_CACHE_CREATE_PARAMETERS, *PSMC_CACHE_CREATE_PARAMETERS;
-
-typedef struct _SMC_CACHE_CREATE_REQUEST
-{
- ULONG Version : 8; // SYSTEM_CACHE_CREATE_INFORMATION_VERSION
- ULONG Spare : 24;
- ULONG CacheId;
- SMC_CACHE_CREATE_PARAMETERS CacheCreateParams;
-} SMC_CACHE_CREATE_REQUEST, *PSMC_CACHE_CREATE_REQUEST;
-
-#define SYSTEM_CACHE_DELETE_INFORMATION_VERSION 1
-
-typedef struct _SMC_CACHE_DELETE_REQUEST
-{
- ULONG Version : 8; // SYSTEM_CACHE_DELETE_INFORMATION_VERSION
- ULONG Spare : 24;
- ULONG CacheId;
-} SMC_CACHE_DELETE_REQUEST, *PSMC_CACHE_DELETE_REQUEST;
-
-#define SYSTEM_CACHE_STORE_CREATE_INFORMATION_VERSION 2
-
-typedef enum _SM_STORE_MANAGER_TYPE
-{
- SmStoreManagerTypePhysical=0,
- SmStoreManagerTypeVirtual=1,
- SmStoreManagerTypeMax=2
-} SM_STORE_MANAGER_TYPE;
-
-typedef struct _SMC_STORE_CREATE_REQUEST
-{
- ULONG Version : 8; // SYSTEM_CACHE_STORE_CREATE_INFORMATION_VERSION
- ULONG Spare : 24;
- SM_STORE_BASIC_PARAMS StoreParams;
- ULONG CacheId;
- SM_STORE_MANAGER_TYPE StoreManagerType;
- ULONG StoreId;
-} SMC_STORE_CREATE_REQUEST, *PSMC_STORE_CREATE_REQUEST;
-
-#define SYSTEM_CACHE_STORE_DELETE_INFORMATION_VERSION 1
-
-typedef struct _SMC_STORE_DELETE_REQUEST
-{
- ULONG Version : 8; // SYSTEM_CACHE_STORE_DELETE_INFORMATION_VERSION
- ULONG Spare : 24;
- ULONG CacheId;
- SM_STORE_MANAGER_TYPE StoreManagerType;
- ULONG StoreId;
-} SMC_STORE_DELETE_REQUEST, *PSMC_STORE_DELETE_REQUEST;
-
-#define SYSTEM_CACHE_STATS_INFORMATION_VERSION 3
-
-typedef struct _SMC_CACHE_STATS
-{
- SIZE_T TotalFileSize;
- ULONG StoreCount;
- ULONG RegionCount;
- ULONG RegionSizeBytes;
- ULONG FileCount : 6;
- ULONG PerformsFileIo : 1;
- ULONG Spare : 25;
- ULONG StoreIds[16];
- ULONG PhysicalStoreBitmap;
- ULONG Priority;
- WCHAR TemplateFilePath[512];
-} SMC_CACHE_STATS, *PSMC_CACHE_STATS;
-
-typedef struct _SMC_CACHE_STATS_REQUEST
-{
- ULONG Version : 8; // SYSTEM_CACHE_STATS_INFORMATION_VERSION
- ULONG NoFilePath : 1;
- ULONG Spare : 23;
- ULONG CacheId;
- SMC_CACHE_STATS CacheStats;
-} SMC_CACHE_STATS_REQUEST, *PSMC_CACHE_STATS_REQUEST;
-
-#define SYSTEM_STORE_REGISTRATION_INFORMATION_VERSION 2
-
-typedef struct _SM_REGISTRATION_INFO
-{
- HANDLE CachesUpdatedEvent;
-} SM_REGISTRATION_INFO, *PSM_REGISTRATION_INFO;
-
-typedef struct _SM_REGISTRATION_REQUEST
-{
- ULONG Version : 8; // SYSTEM_STORE_REGISTRATION_INFORMATION_VERSION
- ULONG Spare : 24;
- SM_REGISTRATION_INFO RegInfo;
-} SM_REGISTRATION_REQUEST, *PSM_REGISTRATION_REQUEST;
-
-typedef struct _RTL_BITMAP *PRTL_BITMAP;
-
-#define SYSTEM_STORE_RESIZE_INFORMATION_VERSION 6
-
-typedef struct _SM_STORE_RESIZE_REQUEST
-{
- ULONG Version : 8; // SYSTEM_STORE_RESIZE_INFORMATION_VERSION
- ULONG AddRegions : 1;
- ULONG Spare : 23;
- ULONG StoreId;
- ULONG NumberOfRegions;
- PRTL_BITMAP RegionBitmap;
-} SM_STORE_RESIZE_REQUEST, *PSM_STORE_RESIZE_REQUEST;
-
-#define SYSTEM_CACHE_STORE_RESIZE_INFORMATION_VERSION 1
-
-typedef struct _SMC_STORE_RESIZE_REQUEST
-{
- ULONG Version : 8; // SYSTEM_CACHE_STORE_RESIZE_INFORMATION_VERSION
- ULONG AddRegions : 1;
- ULONG Spare : 23;
- ULONG CacheId;
- ULONG StoreId;
- SM_STORE_MANAGER_TYPE StoreManagerType;
- ULONG RegionCount;
-} SMC_STORE_RESIZE_REQUEST, *PSMC_STORE_RESIZE_REQUEST;
-
-#define SYSTEM_STORE_CONFIG_INFORMATION_VERSION 4
-
-typedef enum _SM_CONFIG_TYPE
-{
- SmConfigDirtyPageCompression = 0,
- SmConfigAsyncInswap = 1,
- SmConfigPrefetchSeekThreshold = 2,
- SmConfigTypeMax = 3
-} SM_CONFIG_TYPE;
-
-typedef struct _SM_CONFIG_REQUEST
-{
- ULONG Version : 8; // SYSTEM_STORE_CONFIG_INFORMATION_VERSION
- ULONG Spare : 16;
- ULONG ConfigType : 8; // SM_CONFIG_TYPE
- ULONG ConfigValue;
-} SM_CONFIG_REQUEST, *PSM_CONFIG_REQUEST;
-
-#define SYSTEM_STORE_HIGH_MEM_PRIORITY_INFORMATION_VERSION 1
-
-// rev
-typedef struct _SM_STORE_HIGH_MEM_PRIORITY_REQUEST
-{
- ULONG Version : 8; // SYSTEM_STORE_HIGH_MEM_PRIORITY_INFORMATION_VERSION
- ULONG SetHighMemoryPriority : 1;
- ULONG Spare : 23;
- HANDLE ProcessHandle;
-} SM_STORE_HIGH_MEM_PRIORITY_REQUEST, *PSM_STORE_HIGH_MEM_PRIORITY_REQUEST;
-
-#define SYSTEM_STORE_TRIM_INFORMATION_VERSION 1
-
-// rev
-typedef struct _SM_SYSTEM_STORE_TRIM_REQUEST
-{
- ULONG Version : 8; // SYSTEM_STORE_TRIM_INFORMATION_VERSION
- ULONG Spare : 24;
- SIZE_T PagesToTrim; // ULONG?
-} SM_SYSTEM_STORE_TRIM_REQUEST, *PSM_SYSTEM_STORE_TRIM_REQUEST;
-
-// rev
-#define SYSTEM_STORE_COMPRESSION_INFORMATION_VERSION 3
-
-// rev
-typedef struct _SM_MEM_COMPRESSION_INFO_REQUEST
-{
- ULONG Version : 8; // SYSTEM_STORE_COMPRESSION_INFORMATION_VERSION
- ULONG Spare : 24;
- ULONG CompressionPid;
- ULONG WorkingSetSize;
- SIZE_T TotalDataCompressed;
- SIZE_T TotalCompressedSize;
- SIZE_T TotalUniqueDataCompressed;
-} SM_MEM_COMPRESSION_INFO_REQUEST, *PSM_MEM_COMPRESSION_INFO_REQUEST;
-
-// private
-typedef struct _SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS
-{
- HANDLE KeyHandle;
- PUNICODE_STRING ValueNamePointer;
- PULONG RequiredLengthPointer;
- PUCHAR Buffer;
- ULONG BufferLength;
- ULONG Type;
- PUCHAR AppendBuffer;
- ULONG AppendBufferLength;
- BOOLEAN CreateIfDoesntExist;
- BOOLEAN TruncateExistingValue;
-} SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS, *PSYSTEM_REGISTRY_APPEND_STRING_PARAMETERS;
-
-// msdn
-typedef struct _SYSTEM_VHD_BOOT_INFORMATION
-{
- BOOLEAN OsDiskIsVhd;
- ULONG OsVhdFilePathOffset;
- WCHAR OsVhdParentVolume[1];
-} SYSTEM_VHD_BOOT_INFORMATION, *PSYSTEM_VHD_BOOT_INFORMATION;
-
-// private
-typedef struct _PS_CPU_QUOTA_QUERY_ENTRY
-{
- ULONG SessionId;
- ULONG Weight;
-} PS_CPU_QUOTA_QUERY_ENTRY, *PPS_CPU_QUOTA_QUERY_ENTRY;
-
-// private
-typedef struct _PS_CPU_QUOTA_QUERY_INFORMATION
-{
- ULONG SessionCount;
- PS_CPU_QUOTA_QUERY_ENTRY SessionInformation[1];
-} PS_CPU_QUOTA_QUERY_INFORMATION, *PPS_CPU_QUOTA_QUERY_INFORMATION;
-
-// private
-typedef struct _SYSTEM_ERROR_PORT_TIMEOUTS
-{
- ULONG StartTimeout;
- ULONG CommTimeout;
-} SYSTEM_ERROR_PORT_TIMEOUTS, *PSYSTEM_ERROR_PORT_TIMEOUTS;
-
-// private
-typedef struct _SYSTEM_LOW_PRIORITY_IO_INFORMATION
-{
- ULONG LowPriReadOperations;
- ULONG LowPriWriteOperations;
- ULONG KernelBumpedToNormalOperations;
- ULONG LowPriPagingReadOperations;
- ULONG KernelPagingReadsBumpedToNormal;
- ULONG LowPriPagingWriteOperations;
- ULONG KernelPagingWritesBumpedToNormal;
- ULONG BoostedIrpCount;
- ULONG BoostedPagingIrpCount;
- ULONG BlanketBoostCount;
-} SYSTEM_LOW_PRIORITY_IO_INFORMATION, *PSYSTEM_LOW_PRIORITY_IO_INFORMATION;
-
-// symbols
-typedef enum _TPM_BOOT_ENTROPY_RESULT_CODE
-{
- TpmBootEntropyStructureUninitialized,
- TpmBootEntropyDisabledByPolicy,
- TpmBootEntropyNoTpmFound,
- TpmBootEntropyTpmError,
- TpmBootEntropySuccess
-} TPM_BOOT_ENTROPY_RESULT_CODE;
-
-// Contents of KeLoaderBlock->Extension->TpmBootEntropyResult (TPM_BOOT_ENTROPY_LDR_RESULT).
-// EntropyData is truncated to 40 bytes.
-
-// private
-typedef struct _TPM_BOOT_ENTROPY_NT_RESULT
-{
- ULONGLONG Policy;
- TPM_BOOT_ENTROPY_RESULT_CODE ResultCode;
- NTSTATUS ResultStatus;
- ULONGLONG Time;
- ULONG EntropyLength;
- UCHAR EntropyData[40];
-} TPM_BOOT_ENTROPY_NT_RESULT, *PTPM_BOOT_ENTROPY_NT_RESULT;
-
-// private
-typedef struct _SYSTEM_VERIFIER_COUNTERS_INFORMATION
-{
- SYSTEM_VERIFIER_INFORMATION Legacy;
- ULONG RaiseIrqls;
- ULONG AcquireSpinLocks;
- ULONG SynchronizeExecutions;
- ULONG AllocationsWithNoTag;
- ULONG AllocationsFailed;
- ULONG AllocationsFailedDeliberately;
- SIZE_T LockedBytes;
- SIZE_T PeakLockedBytes;
- SIZE_T MappedLockedBytes;
- SIZE_T PeakMappedLockedBytes;
- SIZE_T MappedIoSpaceBytes;
- SIZE_T PeakMappedIoSpaceBytes;
- SIZE_T PagesForMdlBytes;
- SIZE_T PeakPagesForMdlBytes;
- SIZE_T ContiguousMemoryBytes;
- SIZE_T PeakContiguousMemoryBytes;
- ULONG ExecutePoolTypes; // REDSTONE2
- ULONG ExecutePageProtections;
- ULONG ExecutePageMappings;
- ULONG ExecuteWriteSections;
- ULONG SectionAlignmentFailures;
- ULONG UnsupportedRelocs;
- ULONG IATInExecutableSection;
-} SYSTEM_VERIFIER_COUNTERS_INFORMATION, *PSYSTEM_VERIFIER_COUNTERS_INFORMATION;
-
-// private
-typedef struct _SYSTEM_ACPI_AUDIT_INFORMATION
-{
- ULONG RsdpCount;
- ULONG SameRsdt : 1;
- ULONG SlicPresent : 1;
- ULONG SlicDifferent : 1;
-} SYSTEM_ACPI_AUDIT_INFORMATION, *PSYSTEM_ACPI_AUDIT_INFORMATION;
-
-// private
-typedef struct _SYSTEM_BASIC_PERFORMANCE_INFORMATION
-{
- SIZE_T AvailablePages;
- SIZE_T CommittedPages;
- SIZE_T CommitLimit;
- SIZE_T PeakCommitment;
-} SYSTEM_BASIC_PERFORMANCE_INFORMATION, *PSYSTEM_BASIC_PERFORMANCE_INFORMATION;
-
-// begin_msdn
-
-typedef struct _QUERY_PERFORMANCE_COUNTER_FLAGS
-{
- union
- {
- struct
- {
- ULONG KernelTransition : 1;
- ULONG Reserved : 31;
- };
- ULONG ul;
- };
-} QUERY_PERFORMANCE_COUNTER_FLAGS;
-
-typedef struct _SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION
-{
- ULONG Version;
- QUERY_PERFORMANCE_COUNTER_FLAGS Flags;
- QUERY_PERFORMANCE_COUNTER_FLAGS ValidFlags;
-} SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION, *PSYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION;
-
-// end_msdn
-
-// private
-typedef enum _SYSTEM_PIXEL_FORMAT
-{
- SystemPixelFormatUnknown,
- SystemPixelFormatR8G8B8,
- SystemPixelFormatR8G8B8X8,
- SystemPixelFormatB8G8R8,
- SystemPixelFormatB8G8R8X8
-} SYSTEM_PIXEL_FORMAT;
-
-// private
-typedef struct _SYSTEM_BOOT_GRAPHICS_INFORMATION
-{
- LARGE_INTEGER FrameBuffer;
- ULONG Width;
- ULONG Height;
- ULONG PixelStride;
- ULONG Flags;
- SYSTEM_PIXEL_FORMAT Format;
- ULONG DisplayRotation;
-} SYSTEM_BOOT_GRAPHICS_INFORMATION, *PSYSTEM_BOOT_GRAPHICS_INFORMATION;
-
-// private
-typedef struct _MEMORY_SCRUB_INFORMATION
-{
- HANDLE Handle;
- ULONG PagesScrubbed;
-} MEMORY_SCRUB_INFORMATION, *PMEMORY_SCRUB_INFORMATION;
-
-// private
-typedef struct _PEBS_DS_SAVE_AREA32
-{
- ULONG BtsBufferBase;
- ULONG BtsIndex;
- ULONG BtsAbsoluteMaximum;
- ULONG BtsInterruptThreshold;
- ULONG PebsBufferBase;
- ULONG PebsIndex;
- ULONG PebsAbsoluteMaximum;
- ULONG PebsInterruptThreshold;
- ULONG PebsGpCounterReset[8];
- ULONG PebsFixedCounterReset[4];
-} PEBS_DS_SAVE_AREA32, *PPEBS_DS_SAVE_AREA32;
-
-// private
-typedef struct _PEBS_DS_SAVE_AREA64
-{
- ULONGLONG BtsBufferBase;
- ULONGLONG BtsIndex;
- ULONGLONG BtsAbsoluteMaximum;
- ULONGLONG BtsInterruptThreshold;
- ULONGLONG PebsBufferBase;
- ULONGLONG PebsIndex;
- ULONGLONG PebsAbsoluteMaximum;
- ULONGLONG PebsInterruptThreshold;
- ULONGLONG PebsGpCounterReset[8];
- ULONGLONG PebsFixedCounterReset[4];
-} PEBS_DS_SAVE_AREA64, *PPEBS_DS_SAVE_AREA64;
-
-// private
-typedef union _PEBS_DS_SAVE_AREA
-{
- PEBS_DS_SAVE_AREA32 As32Bit;
- PEBS_DS_SAVE_AREA64 As64Bit;
-} PEBS_DS_SAVE_AREA, *PPEBS_DS_SAVE_AREA;
-
-// private
-typedef struct _PROCESSOR_PROFILE_CONTROL_AREA
-{
- PEBS_DS_SAVE_AREA PebsDsSaveArea;
-} PROCESSOR_PROFILE_CONTROL_AREA, *PPROCESSOR_PROFILE_CONTROL_AREA;
-
-// private
-typedef struct _SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA
-{
- PROCESSOR_PROFILE_CONTROL_AREA ProcessorProfileControlArea;
- BOOLEAN Allocate;
-} SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA, *PSYSTEM_PROCESSOR_PROFILE_CONTROL_AREA;
-
-// private
-typedef struct _MEMORY_COMBINE_INFORMATION
-{
- HANDLE Handle;
- ULONG_PTR PagesCombined;
-} MEMORY_COMBINE_INFORMATION, *PMEMORY_COMBINE_INFORMATION;
-
-// rev
-#define MEMORY_COMBINE_FLAGS_COMMON_PAGES_ONLY 0x4
-
-// private
-typedef struct _MEMORY_COMBINE_INFORMATION_EX
-{
- HANDLE Handle;
- ULONG_PTR PagesCombined;
- ULONG Flags;
-} MEMORY_COMBINE_INFORMATION_EX, *PMEMORY_COMBINE_INFORMATION_EX;
-
-// private
-typedef struct _MEMORY_COMBINE_INFORMATION_EX2
-{
- HANDLE Handle;
- ULONG_PTR PagesCombined;
- ULONG Flags;
- HANDLE ProcessHandle;
-} MEMORY_COMBINE_INFORMATION_EX2, *PMEMORY_COMBINE_INFORMATION_EX2;
-
-// private
-typedef struct _SYSTEM_ENTROPY_TIMING_INFORMATION
-{
- VOID (NTAPI *EntropyRoutine)(PVOID, ULONG);
- VOID (NTAPI *InitializationRoutine)(PVOID, ULONG, PVOID);
- PVOID InitializationContext;
-} SYSTEM_ENTROPY_TIMING_INFORMATION, *PSYSTEM_ENTROPY_TIMING_INFORMATION;
-
-// private
-typedef struct _SYSTEM_CONSOLE_INFORMATION
-{
- ULONG DriverLoaded : 1;
- ULONG Spare : 31;
-} SYSTEM_CONSOLE_INFORMATION, *PSYSTEM_CONSOLE_INFORMATION;
-
-// private
-typedef struct _SYSTEM_PLATFORM_BINARY_INFORMATION
-{
- ULONG64 PhysicalAddress;
- PVOID HandoffBuffer;
- PVOID CommandLineBuffer;
- ULONG HandoffBufferSize;
- ULONG CommandLineBufferSize;
-} SYSTEM_PLATFORM_BINARY_INFORMATION, *PSYSTEM_PLATFORM_BINARY_INFORMATION;
-
-// private
-typedef struct _SYSTEM_POLICY_INFORMATION
-{
- PVOID InputData;
- PVOID OutputData;
- ULONG InputDataSize;
- ULONG OutputDataSize;
- ULONG Version;
-} SYSTEM_POLICY_INFORMATION, *PSYSTEM_POLICY_INFORMATION;
-
-// private
-typedef struct _SYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION
-{
- ULONG NumberOfLogicalProcessors;
- ULONG NumberOfCores;
-} SYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION, *PSYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION;
-
-// private
-typedef struct _SYSTEM_DEVICE_DATA_INFORMATION
-{
- UNICODE_STRING DeviceId;
- UNICODE_STRING DataName;
- ULONG DataType;
- ULONG DataBufferLength;
- PVOID DataBuffer;
-} SYSTEM_DEVICE_DATA_INFORMATION, *PSYSTEM_DEVICE_DATA_INFORMATION;
-
-// private
-typedef struct _PHYSICAL_CHANNEL_RUN
-{
- ULONG NodeNumber;
- ULONG ChannelNumber;
- ULONGLONG BasePage;
- ULONGLONG PageCount;
- ULONG Flags;
-} PHYSICAL_CHANNEL_RUN, *PPHYSICAL_CHANNEL_RUN;
-
-// private
-typedef struct _SYSTEM_MEMORY_TOPOLOGY_INFORMATION
-{
- ULONGLONG NumberOfRuns;
- ULONG NumberOfNodes;
- ULONG NumberOfChannels;
- PHYSICAL_CHANNEL_RUN Run[1];
-} SYSTEM_MEMORY_TOPOLOGY_INFORMATION, *PSYSTEM_MEMORY_TOPOLOGY_INFORMATION;
-
-// private
-typedef struct _SYSTEM_MEMORY_CHANNEL_INFORMATION
-{
- ULONG ChannelNumber;
- ULONG ChannelHeatIndex;
- ULONGLONG TotalPageCount;
- ULONGLONG ZeroPageCount;
- ULONGLONG FreePageCount;
- ULONGLONG StandbyPageCount;
-} SYSTEM_MEMORY_CHANNEL_INFORMATION, *PSYSTEM_MEMORY_CHANNEL_INFORMATION;
-
-// private
-typedef struct _SYSTEM_BOOT_LOGO_INFORMATION
-{
- ULONG Flags;
- ULONG BitmapOffset;
-} SYSTEM_BOOT_LOGO_INFORMATION, *PSYSTEM_BOOT_LOGO_INFORMATION;
-
-// private
-typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX
-{
- LARGE_INTEGER IdleTime;
- LARGE_INTEGER KernelTime;
- LARGE_INTEGER UserTime;
- LARGE_INTEGER DpcTime;
- LARGE_INTEGER InterruptTime;
- ULONG InterruptCount;
- ULONG Spare0;
- LARGE_INTEGER AvailableTime;
- LARGE_INTEGER Spare1;
- LARGE_INTEGER Spare2;
-} SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX, *PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX;
-
-// private
-typedef struct _SYSTEM_SECUREBOOT_POLICY_INFORMATION
-{
- GUID PolicyPublisher;
- ULONG PolicyVersion;
- ULONG PolicyOptions;
-} SYSTEM_SECUREBOOT_POLICY_INFORMATION, *PSYSTEM_SECUREBOOT_POLICY_INFORMATION;
-
-// private
-typedef struct _SYSTEM_PAGEFILE_INFORMATION_EX
-{
- union // HACK union declaration for convenience (dmex)
- {
- SYSTEM_PAGEFILE_INFORMATION Info;
- struct
- {
- ULONG NextEntryOffset;
- ULONG TotalSize;
- ULONG TotalInUse;
- ULONG PeakUsage;
- UNICODE_STRING PageFileName;
- };
- };
-
- ULONG MinimumSize;
- ULONG MaximumSize;
-} SYSTEM_PAGEFILE_INFORMATION_EX, *PSYSTEM_PAGEFILE_INFORMATION_EX;
-
-// private
-typedef struct _SYSTEM_SECUREBOOT_INFORMATION
-{
- BOOLEAN SecureBootEnabled;
- BOOLEAN SecureBootCapable;
-} SYSTEM_SECUREBOOT_INFORMATION, *PSYSTEM_SECUREBOOT_INFORMATION;
-
-// private
-typedef struct _PROCESS_DISK_COUNTERS
-{
- ULONGLONG BytesRead;
- ULONGLONG BytesWritten;
- ULONGLONG ReadOperationCount;
- ULONGLONG WriteOperationCount;
- ULONGLONG FlushOperationCount;
-} PROCESS_DISK_COUNTERS, *PPROCESS_DISK_COUNTERS;
-
-// private
-typedef union _ENERGY_STATE_DURATION
-{
- ULONGLONG Value;
- struct
- {
- ULONG LastChangeTime;
- ULONG Duration : 31;
- ULONG IsInState : 1;
- };
-} ENERGY_STATE_DURATION, *PENERGY_STATE_DURATION;
-
-typedef struct _PROCESS_ENERGY_VALUES
-{
- ULONGLONG Cycles[4][2];
- ULONGLONG DiskEnergy;
- ULONGLONG NetworkTailEnergy;
- ULONGLONG MBBTailEnergy;
- ULONGLONG NetworkTxRxBytes;
- ULONGLONG MBBTxRxBytes;
- union
- {
- ENERGY_STATE_DURATION Durations[3];
- struct
- {
- ENERGY_STATE_DURATION ForegroundDuration;
- ENERGY_STATE_DURATION DesktopVisibleDuration;
- ENERGY_STATE_DURATION PSMForegroundDuration;
- };
- };
- ULONG CompositionRendered;
- ULONG CompositionDirtyGenerated;
- ULONG CompositionDirtyPropagated;
- ULONG Reserved1;
- ULONGLONG AttributedCycles[4][2];
- ULONGLONG WorkOnBehalfCycles[4][2];
-} PROCESS_ENERGY_VALUES, *PPROCESS_ENERGY_VALUES;
-
-typedef union _TIMELINE_BITMAP
-{
- ULONGLONG Value;
- struct
- {
- ULONG EndTime;
- ULONG Bitmap;
- };
-} TIMELINE_BITMAP, *PTIMELINE_BITMAP;
-
-typedef struct _PROCESS_ENERGY_VALUES_EXTENSION
-{
- union
- {
- TIMELINE_BITMAP Timelines[14]; // 9 for REDSTONE2, 14 for REDSTONE3/4/5
- struct
- {
- TIMELINE_BITMAP CpuTimeline;
- TIMELINE_BITMAP DiskTimeline;
- TIMELINE_BITMAP NetworkTimeline;
- TIMELINE_BITMAP MBBTimeline;
- TIMELINE_BITMAP ForegroundTimeline;
- TIMELINE_BITMAP DesktopVisibleTimeline;
- TIMELINE_BITMAP CompositionRenderedTimeline;
- TIMELINE_BITMAP CompositionDirtyGeneratedTimeline;
- TIMELINE_BITMAP CompositionDirtyPropagatedTimeline;
- TIMELINE_BITMAP InputTimeline; // REDSTONE3
- TIMELINE_BITMAP AudioInTimeline;
- TIMELINE_BITMAP AudioOutTimeline;
- TIMELINE_BITMAP DisplayRequiredTimeline;
- TIMELINE_BITMAP KeyboardInputTimeline;
- };
- };
-
- union // REDSTONE3
- {
- ENERGY_STATE_DURATION Durations[5];
- struct
- {
- ENERGY_STATE_DURATION InputDuration;
- ENERGY_STATE_DURATION AudioInDuration;
- ENERGY_STATE_DURATION AudioOutDuration;
- ENERGY_STATE_DURATION DisplayRequiredDuration;
- ENERGY_STATE_DURATION PSMBackgroundDuration;
- };
- };
-
- ULONG KeyboardInput;
- ULONG MouseInput;
-} PROCESS_ENERGY_VALUES_EXTENSION, *PPROCESS_ENERGY_VALUES_EXTENSION;
-
-typedef struct _PROCESS_EXTENDED_ENERGY_VALUES
-{
- PROCESS_ENERGY_VALUES Base;
- PROCESS_ENERGY_VALUES_EXTENSION Extension;
-} PROCESS_EXTENDED_ENERGY_VALUES, *PPROCESS_EXTENDED_ENERGY_VALUES;
-
-// private
-typedef enum _SYSTEM_PROCESS_CLASSIFICATION
-{
- SystemProcessClassificationNormal,
- SystemProcessClassificationSystem,
- SystemProcessClassificationSecureSystem,
- SystemProcessClassificationMemCompression,
- SystemProcessClassificationRegistry, // REDSTONE4
- SystemProcessClassificationMaximum
-} SYSTEM_PROCESS_CLASSIFICATION;
-
-// private
-typedef struct _SYSTEM_PROCESS_INFORMATION_EXTENSION
-{
- PROCESS_DISK_COUNTERS DiskCounters;
- ULONGLONG ContextSwitches;
- union
- {
- ULONG Flags;
- struct
- {
- ULONG HasStrongId : 1;
- ULONG Classification : 4; // SYSTEM_PROCESS_CLASSIFICATION
- ULONG BackgroundActivityModerated : 1;
- ULONG Spare : 26;
- };
- };
- ULONG UserSidOffset;
- ULONG PackageFullNameOffset; // since THRESHOLD
- PROCESS_ENERGY_VALUES EnergyValues; // since THRESHOLD
- ULONG AppIdOffset; // since THRESHOLD
- SIZE_T SharedCommitCharge; // since THRESHOLD2
- ULONG JobObjectId; // since REDSTONE
- ULONG SpareUlong; // since REDSTONE
- ULONGLONG ProcessSequenceNumber;
-} SYSTEM_PROCESS_INFORMATION_EXTENSION, *PSYSTEM_PROCESS_INFORMATION_EXTENSION;
-
-// private
-typedef struct _SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION
-{
- BOOLEAN EfiLauncherEnabled;
-} SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION, *PSYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION;
-
-// private
-typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX
-{
- BOOLEAN DebuggerAllowed;
- BOOLEAN DebuggerEnabled;
- BOOLEAN DebuggerPresent;
-} SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION_EX;
-
-// private
-typedef struct _SYSTEM_ELAM_CERTIFICATE_INFORMATION
-{
- HANDLE ElamDriverFile;
-} SYSTEM_ELAM_CERTIFICATE_INFORMATION, *PSYSTEM_ELAM_CERTIFICATE_INFORMATION;
-
-// private
-typedef struct _OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2
-{
- ULONG Version;
- ULONG AbnormalResetOccurred;
- ULONG OfflineMemoryDumpCapable;
- LARGE_INTEGER ResetDataAddress;
- ULONG ResetDataSize;
-} OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2, *POFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2;
-
-// private
-typedef struct _OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V1
-{
- ULONG Version;
- ULONG AbnormalResetOccurred;
- ULONG OfflineMemoryDumpCapable;
-} OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V1, *POFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V1;
-
-// private
-typedef struct _SYSTEM_PROCESSOR_FEATURES_INFORMATION
-{
- ULONGLONG ProcessorFeatureBits;
- ULONGLONG Reserved[3];
-} SYSTEM_PROCESSOR_FEATURES_INFORMATION, *PSYSTEM_PROCESSOR_FEATURES_INFORMATION;
-
-// EDID v1.4 standard data format
-typedef struct _SYSTEM_EDID_INFORMATION
-{
- UCHAR Edid[128];
-} SYSTEM_EDID_INFORMATION, *PSYSTEM_EDID_INFORMATION;
-
-// private
-typedef struct _SYSTEM_MANUFACTURING_INFORMATION
-{
- ULONG Options;
- UNICODE_STRING ProfileName;
-} SYSTEM_MANUFACTURING_INFORMATION, *PSYSTEM_MANUFACTURING_INFORMATION;
-
-// private
-typedef struct _SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION
-{
- BOOLEAN Enabled;
-} SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION, *PSYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION;
-
-// private
-typedef struct _HV_DETAILS
-{
- ULONG Data[4];
-} HV_DETAILS, *PHV_DETAILS;
-
-// private
-typedef struct _SYSTEM_HYPERVISOR_DETAIL_INFORMATION
-{
- HV_DETAILS HvVendorAndMaxFunction;
- HV_DETAILS HypervisorInterface;
- HV_DETAILS HypervisorVersion;
- HV_DETAILS HvFeatures;
- HV_DETAILS HwFeatures;
- HV_DETAILS EnlightenmentInfo;
- HV_DETAILS ImplementationLimits;
-} SYSTEM_HYPERVISOR_DETAIL_INFORMATION, *PSYSTEM_HYPERVISOR_DETAIL_INFORMATION;
-
-// private
-typedef struct _SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION
-{
- ULONGLONG Cycles[4][2];
-} SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION, *PSYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION;
-
-// private
-typedef struct _SYSTEM_TPM_INFORMATION
-{
- ULONG Flags;
-} SYSTEM_TPM_INFORMATION, *PSYSTEM_TPM_INFORMATION;
-
-// private
-typedef struct _SYSTEM_VSM_PROTECTION_INFORMATION
-{
- BOOLEAN DmaProtectionsAvailable;
- BOOLEAN DmaProtectionsInUse;
- BOOLEAN HardwareMbecAvailable; // REDSTONE4 (CVE-2018-3639)
- BOOLEAN ApicVirtualizationAvailable; // 20H1
-} SYSTEM_VSM_PROTECTION_INFORMATION, *PSYSTEM_VSM_PROTECTION_INFORMATION;
-
-// private
-typedef struct _SYSTEM_KERNEL_DEBUGGER_FLAGS
-{
- BOOLEAN KernelDebuggerIgnoreUmExceptions;
-} SYSTEM_KERNEL_DEBUGGER_FLAGS, *PSYSTEM_KERNEL_DEBUGGER_FLAGS;
-
-// SYSTEM_CODEINTEGRITYPOLICY_INFORMATION Options
-#define CODEINTEGRITYPOLICY_OPTION_ENABLED 0x01
-#define CODEINTEGRITYPOLICY_OPTION_AUDIT 0x02
-#define CODEINTEGRITYPOLICY_OPTION_REQUIRE_WHQL 0x04
-#define CODEINTEGRITYPOLICY_OPTION_DISABLED_FLIGHTSIGNING 0x08
-#define CODEINTEGRITYPOLICY_OPTION_ENABLED_UMCI 0x10
-#define CODEINTEGRITYPOLICY_OPTION_ENABLED_UPDATE_POLICY_NOREBOOT 0x20
-#define CODEINTEGRITYPOLICY_OPTION_ENABLED_SECURE_SETTING_POLICY 0x40
-#define CODEINTEGRITYPOLICY_OPTION_ENABLED_UNSIGNED_SYSTEMINTEGRITY_POLICY 0x80
-#define CODEINTEGRITYPOLICY_OPTION_DYNAMIC_CODE_POLICY_ENABLED 0x100
-#define CODEINTEGRITYPOLICY_OPTION_RELOAD_POLICY_NO_REBOOT 0x10000000 // NtSetSystemInformation reloads SiPolicy.p7b
-#define CODEINTEGRITYPOLICY_OPTION_CONDITIONAL_LOCKDOWN 0x20000000
-#define CODEINTEGRITYPOLICY_OPTION_NOLOCKDOWN 0x40000000
-#define CODEINTEGRITYPOLICY_OPTION_LOCKDOWN 0x80000000
-
-// SYSTEM_CODEINTEGRITYPOLICY_INFORMATION HVCIOptions
-#define CODEINTEGRITYPOLICY_HVCIOPTION_ENABLED 0x01
-#define CODEINTEGRITYPOLICY_HVCIOPTION_STRICT 0x02
-#define CODEINTEGRITYPOLICY_HVCIOPTION_DEBUG 0x04
-
-// private
-typedef struct _SYSTEM_CODEINTEGRITYPOLICY_INFORMATION
-{
- ULONG Options;
- ULONG HVCIOptions;
- ULONGLONG Version;
- GUID PolicyGuid;
-} SYSTEM_CODEINTEGRITYPOLICY_INFORMATION, *PSYSTEM_CODEINTEGRITYPOLICY_INFORMATION;
-
-// private
-typedef struct _SYSTEM_ISOLATED_USER_MODE_INFORMATION
-{
- BOOLEAN SecureKernelRunning : 1;
- BOOLEAN HvciEnabled : 1;
- BOOLEAN HvciStrictMode : 1;
- BOOLEAN DebugEnabled : 1;
- BOOLEAN FirmwarePageProtection : 1;
- BOOLEAN EncryptionKeyAvailable : 1;
- BOOLEAN SpareFlags : 2;
- BOOLEAN TrustletRunning : 1;
- BOOLEAN HvciDisableAllowed : 1;
- BOOLEAN SpareFlags2 : 6;
- BOOLEAN Spare0[6];
- ULONGLONG Spare1;
-} SYSTEM_ISOLATED_USER_MODE_INFORMATION, *PSYSTEM_ISOLATED_USER_MODE_INFORMATION;
-
-// private
-typedef struct _SYSTEM_SINGLE_MODULE_INFORMATION
-{
- PVOID TargetModuleAddress;
- RTL_PROCESS_MODULE_INFORMATION_EX ExInfo;
-} SYSTEM_SINGLE_MODULE_INFORMATION, *PSYSTEM_SINGLE_MODULE_INFORMATION;
-
-// private
-typedef struct _SYSTEM_INTERRUPT_CPU_SET_INFORMATION
-{
- ULONG Gsiv;
- USHORT Group;
- ULONGLONG CpuSets;
-} SYSTEM_INTERRUPT_CPU_SET_INFORMATION, *PSYSTEM_INTERRUPT_CPU_SET_INFORMATION;
-
-// private
-typedef struct _SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION
-{
- SYSTEM_SECUREBOOT_POLICY_INFORMATION PolicyInformation;
- ULONG PolicySize;
- UCHAR Policy[1];
-} SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION, *PSYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION;
-
-// private
-typedef struct _SYSTEM_ROOT_SILO_INFORMATION
-{
- ULONG NumberOfSilos;
- ULONG SiloIdList[1];
-} SYSTEM_ROOT_SILO_INFORMATION, *PSYSTEM_ROOT_SILO_INFORMATION;
-
-// private
-typedef struct _SYSTEM_CPU_SET_TAG_INFORMATION
-{
- ULONGLONG Tag;
- ULONGLONG CpuSets[1];
-} SYSTEM_CPU_SET_TAG_INFORMATION, *PSYSTEM_CPU_SET_TAG_INFORMATION;
-
-// private
-typedef struct _SYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION
-{
- ULONG ExtentCount;
- ULONG ValidStructureSize;
- ULONG NextExtentIndex;
- ULONG ExtentRestart;
- ULONG CycleCount;
- ULONG TimeoutCount;
- ULONGLONG CycleTime;
- ULONGLONG CycleTimeMax;
- ULONGLONG ExtentTime;
- ULONG ExtentTimeIndex;
- ULONG ExtentTimeMaxIndex;
- ULONGLONG ExtentTimeMax;
- ULONGLONG HyperFlushTimeMax;
- ULONGLONG TranslateVaTimeMax;
- ULONGLONG DebugExemptionCount;
- ULONGLONG TbHitCount;
- ULONGLONG TbMissCount;
- ULONGLONG VinaPendingYield;
- ULONGLONG HashCycles;
- ULONG HistogramOffset;
- ULONG HistogramBuckets;
- ULONG HistogramShift;
- ULONG Reserved1;
- ULONGLONG PageNotPresentCount;
-} SYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION, *PSYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION;
-
-// private
-typedef struct _SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION
-{
- ULONG PlatformManifestSize;
- UCHAR PlatformManifest[1];
-} SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION, *PSYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION;
-
-// private
-typedef struct _SYSTEM_INTERRUPT_STEERING_INFORMATION_INPUT
-{
- ULONG Gsiv;
- UCHAR ControllerInterrupt;
- UCHAR EdgeInterrupt;
- UCHAR IsPrimaryInterrupt;
- GROUP_AFFINITY TargetAffinity;
-} SYSTEM_INTERRUPT_STEERING_INFORMATION_INPUT, *PSYSTEM_INTERRUPT_STEERING_INFORMATION_INPUT;
-
-// private
-typedef union _SYSTEM_INTERRUPT_STEERING_INFORMATION_OUTPUT
-{
- ULONG AsULONG;
- struct
- {
- ULONG Enabled : 1;
- ULONG Reserved : 31;
- };
-} SYSTEM_INTERRUPT_STEERING_INFORMATION_OUTPUT, *PSYSTEM_INTERRUPT_STEERING_INFORMATION_OUTPUT;
-
-#if !defined(NTDDI_WIN10_FE) || (NTDDI_VERSION < NTDDI_WIN10_FE)
-// private
-typedef struct _SYSTEM_SUPPORTED_PROCESSOR_ARCHITECTURES_INFORMATION
-{
- ULONG Machine : 16;
- ULONG KernelMode : 1;
- ULONG UserMode : 1;
- ULONG Native : 1;
- ULONG Process : 1;
- ULONG WoW64Container : 1;
- ULONG ReservedZero0 : 11;
-} SYSTEM_SUPPORTED_PROCESSOR_ARCHITECTURES_INFORMATION, *PSYSTEM_SUPPORTED_PROCESSOR_ARCHITECTURES_INFORMATION;
-#endif
-
-// private
-typedef struct _SYSTEM_MEMORY_USAGE_INFORMATION
-{
- ULONGLONG TotalPhysicalBytes;
- ULONGLONG AvailableBytes;
- LONGLONG ResidentAvailableBytes;
- ULONGLONG CommittedBytes;
- ULONGLONG SharedCommittedBytes;
- ULONGLONG CommitLimitBytes;
- ULONGLONG PeakCommitmentBytes;
-} SYSTEM_MEMORY_USAGE_INFORMATION, *PSYSTEM_MEMORY_USAGE_INFORMATION;
-
-// private
-typedef struct _SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION
-{
- HANDLE ImageFile;
- ULONG Type; // REDSTONE4
-} SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION, *PSYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION;
-
-// private
-typedef struct _SYSTEM_PHYSICAL_MEMORY_INFORMATION
-{
- ULONGLONG TotalPhysicalBytes;
- ULONGLONG LowestPhysicalAddress;
- ULONGLONG HighestPhysicalAddress;
-} SYSTEM_PHYSICAL_MEMORY_INFORMATION, *PSYSTEM_PHYSICAL_MEMORY_INFORMATION;
-
-// private
-typedef enum _SYSTEM_ACTIVITY_MODERATION_STATE
-{
- SystemActivityModerationStateSystemManaged,
- SystemActivityModerationStateUserManagedAllowThrottling,
- SystemActivityModerationStateUserManagedDisableThrottling,
- MaxSystemActivityModerationState
-} SYSTEM_ACTIVITY_MODERATION_STATE;
-
-// private - REDSTONE2
-typedef struct _SYSTEM_ACTIVITY_MODERATION_EXE_STATE // REDSTONE3: Renamed SYSTEM_ACTIVITY_MODERATION_INFO
-{
- UNICODE_STRING ExePathNt;
- SYSTEM_ACTIVITY_MODERATION_STATE ModerationState;
-} SYSTEM_ACTIVITY_MODERATION_EXE_STATE, *PSYSTEM_ACTIVITY_MODERATION_EXE_STATE;
-
-typedef enum _SYSTEM_ACTIVITY_MODERATION_APP_TYPE
-{
- SystemActivityModerationAppTypeClassic,
- SystemActivityModerationAppTypePackaged,
- MaxSystemActivityModerationAppType
-} SYSTEM_ACTIVITY_MODERATION_APP_TYPE;
-
-// private - REDSTONE3
-typedef struct _SYSTEM_ACTIVITY_MODERATION_INFO
-{
- UNICODE_STRING Identifier;
- SYSTEM_ACTIVITY_MODERATION_STATE ModerationState;
- SYSTEM_ACTIVITY_MODERATION_APP_TYPE AppType;
-} SYSTEM_ACTIVITY_MODERATION_INFO, *PSYSTEM_ACTIVITY_MODERATION_INFO;
-
-// private
-typedef struct _SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS
-{
- HANDLE UserKeyHandle;
-} SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS, *PSYSTEM_ACTIVITY_MODERATION_USER_SETTINGS;
-
-// private
-typedef struct _SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION
-{
- union
- {
- ULONG Flags;
- struct
- {
- ULONG Locked : 1;
- ULONG UnlockApplied : 1; // Unlockable field removed 19H1
- ULONG UnlockIdValid : 1;
- ULONG Reserved : 29;
- };
- };
- UCHAR UnlockId[32]; // REDSTONE4
-} SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION, *PSYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION;
-
-// private
-typedef struct _SYSTEM_FLUSH_INFORMATION
-{
- ULONG SupportedFlushMethods;
- ULONG ProcessorCacheFlushSize;
- ULONGLONG SystemFlushCapabilities;
- ULONGLONG Reserved[2];
-} SYSTEM_FLUSH_INFORMATION, *PSYSTEM_FLUSH_INFORMATION;
-
-// private
-typedef struct _SYSTEM_WRITE_CONSTRAINT_INFORMATION
-{
- ULONG WriteConstraintPolicy;
- ULONG Reserved;
-} SYSTEM_WRITE_CONSTRAINT_INFORMATION, *PSYSTEM_WRITE_CONSTRAINT_INFORMATION;
-
-// private
-typedef struct _SYSTEM_KERNEL_VA_SHADOW_INFORMATION
-{
- union
- {
- ULONG KvaShadowFlags;
- struct
- {
- ULONG KvaShadowEnabled : 1;
- ULONG KvaShadowUserGlobal : 1;
- ULONG KvaShadowPcid : 1;
- ULONG KvaShadowInvpcid : 1;
- ULONG KvaShadowRequired : 1; // REDSTONE4
- ULONG KvaShadowRequiredAvailable : 1;
- ULONG InvalidPteBit : 6;
- ULONG L1DataCacheFlushSupported : 1;
- ULONG L1TerminalFaultMitigationPresent : 1;
- ULONG Reserved : 18;
- };
- };
-} SYSTEM_KERNEL_VA_SHADOW_INFORMATION, *PSYSTEM_KERNEL_VA_SHADOW_INFORMATION;
-
-// private
-typedef struct _SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION
-{
- HANDLE FileHandle;
- ULONG ImageSize;
- PVOID Image;
-} SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION, *PSYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION;
-
-// private
-typedef struct _SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION
-{
- PVOID HypervisorSharedUserVa;
-} SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION, *PSYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION;
-
-// private
-typedef struct _SYSTEM_FIRMWARE_PARTITION_INFORMATION
-{
- UNICODE_STRING FirmwarePartition;
-} SYSTEM_FIRMWARE_PARTITION_INFORMATION, *PSYSTEM_FIRMWARE_PARTITION_INFORMATION;
-
-// private
-typedef struct _SYSTEM_SPECULATION_CONTROL_INFORMATION
-{
- union
- {
- ULONG Flags;
- struct
- {
- ULONG BpbEnabled : 1;
- ULONG BpbDisabledSystemPolicy : 1;
- ULONG BpbDisabledNoHardwareSupport : 1;
- ULONG SpecCtrlEnumerated : 1;
- ULONG SpecCmdEnumerated : 1;
- ULONG IbrsPresent : 1;
- ULONG StibpPresent : 1;
- ULONG SmepPresent : 1;
- ULONG SpeculativeStoreBypassDisableAvailable : 1; // REDSTONE4 (CVE-2018-3639)
- ULONG SpeculativeStoreBypassDisableSupported : 1;
- ULONG SpeculativeStoreBypassDisabledSystemWide : 1;
- ULONG SpeculativeStoreBypassDisabledKernel : 1;
- ULONG SpeculativeStoreBypassDisableRequired : 1;
- ULONG BpbDisabledKernelToUser : 1;
- ULONG SpecCtrlRetpolineEnabled : 1;
- ULONG SpecCtrlImportOptimizationEnabled : 1;
- ULONG EnhancedIbrs : 1; // since 19H1
- ULONG HvL1tfStatusAvailable : 1;
- ULONG HvL1tfProcessorNotAffected : 1;
- ULONG HvL1tfMigitationEnabled : 1;
- ULONG HvL1tfMigitationNotEnabled_Hardware : 1;
- ULONG HvL1tfMigitationNotEnabled_LoadOption : 1;
- ULONG HvL1tfMigitationNotEnabled_CoreScheduler : 1;
- ULONG EnhancedIbrsReported : 1;
- ULONG MdsHardwareProtected : 1; // since 19H2
- ULONG MbClearEnabled : 1;
- ULONG MbClearReported : 1;
- ULONG ReservedTaa : 4;
- ULONG Reserved : 1;
- };
- } SpeculationControlFlags;
- union
- {
- ULONG Flags; // Since KB4074629 (2023)
- struct
- {
- ULONG Reserved1 : 5;
- ULONG BhbEnabled : 1;
- ULONG BhbDisabledSystemPolicy : 1;
- ULONG BhbDisabledNoHardwareSupport : 1;
- ULONG Reserved2 : 3;
- ULONG RdclHardwareProtectedReported : 1;
- ULONG RdclHardwareProtected : 1;
- ULONG Reserved3 : 4;
- ULONG Reserved4 : 3;
- ULONG Reserved : 12;
- };
- } SpeculationControlFlags2;
-} SYSTEM_SPECULATION_CONTROL_INFORMATION, *PSYSTEM_SPECULATION_CONTROL_INFORMATION;
-
-// private
-typedef struct _SYSTEM_DMA_GUARD_POLICY_INFORMATION
-{
- BOOLEAN DmaGuardPolicyEnabled;
-} SYSTEM_DMA_GUARD_POLICY_INFORMATION, *PSYSTEM_DMA_GUARD_POLICY_INFORMATION;
-
-// private
-typedef struct _SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION
-{
- UCHAR EnclaveLaunchSigner[32];
-} SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION, *PSYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION;
-
-// private
-typedef struct _SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION
-{
- ULONGLONG WorkloadClass;
- ULONGLONG CpuSets[1];
-} SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION, *PSYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION;
-
-// private
-typedef struct _SYSTEM_SECURITY_MODEL_INFORMATION
-{
- union
- {
- ULONG SecurityModelFlags;
- struct
- {
- ULONG SModeAdminlessEnabled : 1;
- ULONG AllowDeviceOwnerProtectionDowngrade : 1;
- ULONG Reserved : 30;
- };
- };
-} SYSTEM_SECURITY_MODEL_INFORMATION, *PSYSTEM_SECURITY_MODEL_INFORMATION;
-
-typedef struct _RTL_FEATURE_CONFIGURATION *PRTL_FEATURE_CONFIGURATION; // from ntrtl.h
-
-// private
-typedef struct _SYSTEM_FEATURE_CONFIGURATION_INFORMATION
-{
- ULONGLONG ChangeStamp;
- PRTL_FEATURE_CONFIGURATION Configuration;
-} SYSTEM_FEATURE_CONFIGURATION_INFORMATION, *PSYSTEM_FEATURE_CONFIGURATION_INFORMATION;
-
-// private
-typedef struct _SYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION_ENTRY
-{
- ULONGLONG ChangeStamp;
- PVOID Section;
- ULONGLONG Size;
-} SYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION_ENTRY, *PSYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION_ENTRY;
-
-// private
-typedef struct _SYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION
-{
- ULONGLONG OverallChangeStamp;
- SYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION_ENTRY Descriptors[3];
-} SYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION, *PSYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION;
-
-// private
-typedef struct _RTL_FEATURE_USAGE_SUBSCRIPTION_TARGET
-{
- ULONG Data[2];
-} RTL_FEATURE_USAGE_SUBSCRIPTION_TARGET, *PRTL_FEATURE_USAGE_SUBSCRIPTION_TARGET;
-
-// private
-typedef struct _SYSTEM_FEATURE_USAGE_SUBSCRIPTION_DETAILS
-{
- ULONG FeatureId;
- USHORT ReportingKind;
- USHORT ReportingOptions;
- RTL_FEATURE_USAGE_SUBSCRIPTION_TARGET ReportingTarget;
-} SYSTEM_FEATURE_USAGE_SUBSCRIPTION_DETAILS, *PSYSTEM_FEATURE_USAGE_SUBSCRIPTION_DETAILS;
-
-// private
-typedef union _SECURE_SPECULATION_CONTROL_INFORMATION
-{
- ULONG KvaShadowSupported : 1;
- ULONG KvaShadowEnabled : 1;
- ULONG KvaShadowUserGlobal : 1;
- ULONG KvaShadowPcid : 1;
- ULONG MbClearEnabled : 1;
- ULONG L1TFMitigated : 1; // since 20H2
- ULONG BpbEnabled : 1;
- ULONG IbrsPresent : 1;
- ULONG EnhancedIbrs : 1;
- ULONG StibpPresent : 1;
- ULONG SsbdSupported : 1;
- ULONG SsbdRequired : 1;
- ULONG BpbKernelToUser : 1;
- ULONG BpbUserToKernel : 1;
- ULONG ReturnSpeculate : 1;
- ULONG BranchConfusionSafe : 1;
- ULONG Reserved : 16;
-} SECURE_SPECULATION_CONTROL_INFORMATION, *PSECURE_SPECULATION_CONTROL_INFORMATION;
-
-// private
-typedef struct _SYSTEM_FIRMWARE_RAMDISK_INFORMATION
-{
- ULONG Version;
- ULONG BlockSize;
- ULONG_PTR BaseAddress;
- SIZE_T Size;
-} SYSTEM_FIRMWARE_RAMDISK_INFORMATION, *PSYSTEM_FIRMWARE_RAMDISK_INFORMATION;
-
-// private
-typedef struct _SYSTEM_SHADOW_STACK_INFORMATION
-{
- union
- {
- ULONG Flags;
- struct
- {
- ULONG CetCapable : 1;
- ULONG UserCetAllowed : 1;
- ULONG ReservedForUserCet : 6;
- ULONG KernelCetEnabled : 1;
- ULONG KernelCetAuditModeEnabled : 1;
- ULONG ReservedForKernelCet : 6; // since Windows 10 build 21387
- ULONG Reserved : 16;
- };
- };
-} SYSTEM_SHADOW_STACK_INFORMATION, *PSYSTEM_SHADOW_STACK_INFORMATION;
-
-// private
-typedef union _SYSTEM_BUILD_VERSION_INFORMATION_FLAGS
-{
- ULONG Value32;
- struct
- {
- ULONG IsTopLevel : 1;
- ULONG IsChecked : 1;
- };
-} SYSTEM_BUILD_VERSION_INFORMATION_FLAGS, *PSYSTEM_BUILD_VERSION_INFORMATION_FLAGS;
-
-// private
-typedef struct _SYSTEM_BUILD_VERSION_INFORMATION
-{
- USHORT LayerNumber;
- USHORT LayerCount;
- ULONG OsMajorVersion;
- ULONG OsMinorVersion;
- ULONG NtBuildNumber;
- ULONG NtBuildQfe;
- UCHAR LayerName[128];
- UCHAR NtBuildBranch[128];
- UCHAR NtBuildLab[128];
- UCHAR NtBuildLabEx[128];
- UCHAR NtBuildStamp[26];
- UCHAR NtBuildArch[16];
- SYSTEM_BUILD_VERSION_INFORMATION_FLAGS Flags;
-} SYSTEM_BUILD_VERSION_INFORMATION, *PSYSTEM_BUILD_VERSION_INFORMATION;
-
-// private
-typedef struct _SYSTEM_POOL_LIMIT_MEM_INFO
-{
- ULONGLONG MemoryLimit;
- ULONGLONG NotificationLimit;
-} SYSTEM_POOL_LIMIT_MEM_INFO, *PSYSTEM_POOL_LIMIT_MEM_INFO;
-
-// private
-typedef struct _SYSTEM_POOL_LIMIT_INFO
-{
- ULONG PoolTag;
- SYSTEM_POOL_LIMIT_MEM_INFO MemLimits[2];
- WNF_STATE_NAME NotificationHandle;
-} SYSTEM_POOL_LIMIT_INFO, *PSYSTEM_POOL_LIMIT_INFO;
-
-// private
-typedef struct _SYSTEM_POOL_LIMIT_INFORMATION
-{
- ULONG Version;
- ULONG EntryCount;
- _Field_size_(EntryCount) SYSTEM_POOL_LIMIT_INFO LimitEntries[1];
-} SYSTEM_POOL_LIMIT_INFORMATION, *PSYSTEM_POOL_LIMIT_INFORMATION;
-
-// private
-//typedef struct _SYSTEM_POOL_ZEROING_INFORMATION
-//{
-// BOOLEAN PoolZeroingSupportPresent;
-//} SYSTEM_POOL_ZEROING_INFORMATION, *PSYSTEM_POOL_ZEROING_INFORMATION;
-
-// private
-typedef struct _HV_MINROOT_NUMA_LPS
-{
- ULONG NodeIndex;
- ULONG_PTR Mask[16];
-} HV_MINROOT_NUMA_LPS, *PHV_MINROOT_NUMA_LPS;
-
-// private
-typedef struct _SYSTEM_XFG_FAILURE_INFORMATION
-{
- PVOID ReturnAddress;
- PVOID TargetAddress;
- ULONG DispatchMode;
- ULONGLONG XfgValue;
-} SYSTEM_XFG_FAILURE_INFORMATION, *PSYSTEM_XFG_FAILURE_INFORMATION;
-
-// private
-typedef enum _SYSTEM_IOMMU_STATE
-{
- IommuStateBlock,
- IommuStateUnblock
-} SYSTEM_IOMMU_STATE;
-
-// private
-typedef struct _SYSTEM_IOMMU_STATE_INFORMATION
-{
- SYSTEM_IOMMU_STATE State;
- PVOID Pdo;
-} SYSTEM_IOMMU_STATE_INFORMATION, *PSYSTEM_IOMMU_STATE_INFORMATION;
-
-// private
-typedef struct _SYSTEM_HYPERVISOR_MINROOT_INFORMATION
-{
- ULONG NumProc;
- ULONG RootProc;
- ULONG RootProcNumaNodesSpecified;
- USHORT RootProcNumaNodes[64];
- ULONG RootProcPerCore;
- ULONG RootProcPerNode;
- ULONG RootProcNumaNodesLpsSpecified;
- HV_MINROOT_NUMA_LPS RootProcNumaNodeLps[64];
-} SYSTEM_HYPERVISOR_MINROOT_INFORMATION, *PSYSTEM_HYPERVISOR_MINROOT_INFORMATION;
-
-// private
-typedef struct _SYSTEM_HYPERVISOR_BOOT_PAGES_INFORMATION
-{
- ULONG RangeCount;
- ULONG_PTR RangeArray[1];
-} SYSTEM_HYPERVISOR_BOOT_PAGES_INFORMATION, *PSYSTEM_HYPERVISOR_BOOT_PAGES_INFORMATION;
-
-// private
-typedef struct _SYSTEM_POINTER_AUTH_INFORMATION
-{
- union
- {
- USHORT SupportedFlags;
- struct
- {
- USHORT AddressAuthSupported : 1;
- USHORT AddressAuthQarma : 1;
- USHORT GenericAuthSupported : 1;
- USHORT GenericAuthQarma : 1;
- USHORT SupportedReserved : 12;
- };
- };
- union
- {
- USHORT EnabledFlags;
- struct
- {
- USHORT UserPerProcessIpAuthEnabled : 1;
- USHORT UserGlobalIpAuthEnabled : 1;
- USHORT UserEnabledReserved : 6;
- USHORT KernelIpAuthEnabled : 1;
- USHORT KernelEnabledReserved : 7;
- };
- };
-} SYSTEM_POINTER_AUTH_INFORMATION, *PSYSTEM_POINTER_AUTH_INFORMATION;
-
-// private
-typedef struct _SYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_INPUT
-{
- ULONG Version;
- PWSTR FeatureName;
- ULONG BornOnVersion;
-} SYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_INPUT, *PSYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_INPUT;
-
-// private
-typedef struct _SYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_OUTPUT
-{
- ULONG Version;
- BOOLEAN FeatureIsEnabled;
-} SYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_OUTPUT, *PSYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_OUTPUT;
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQuerySystemInformation(
- _In_ SYSTEM_INFORMATION_CLASS SystemInformationClass,
- _Out_writes_bytes_opt_(SystemInformationLength) PVOID SystemInformation,
- _In_ ULONG SystemInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQuerySystemInformationEx(
- _In_ SYSTEM_INFORMATION_CLASS SystemInformationClass,
- _In_reads_bytes_(InputBufferLength) PVOID InputBuffer,
- _In_ ULONG InputBufferLength,
- _Out_writes_bytes_opt_(SystemInformationLength) PVOID SystemInformation,
- _In_ ULONG SystemInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetSystemInformation(
- _In_ SYSTEM_INFORMATION_CLASS SystemInformationClass,
- _In_reads_bytes_opt_(SystemInformationLength) PVOID SystemInformation,
- _In_ ULONG SystemInformationLength
- );
-
-// SysDbg APIs
-
-// private
-typedef enum _SYSDBG_COMMAND
-{
- SysDbgQueryModuleInformation,
- SysDbgQueryTraceInformation,
- SysDbgSetTracepoint,
- SysDbgSetSpecialCall, // PVOID
- SysDbgClearSpecialCalls, // void
- SysDbgQuerySpecialCalls,
- SysDbgBreakPoint,
- SysDbgQueryVersion, // DBGKD_GET_VERSION64
- SysDbgReadVirtual, // SYSDBG_VIRTUAL
- SysDbgWriteVirtual, // SYSDBG_VIRTUAL
- SysDbgReadPhysical, // SYSDBG_PHYSICAL // 10
- SysDbgWritePhysical, // SYSDBG_PHYSICAL
- SysDbgReadControlSpace, // SYSDBG_CONTROL_SPACE
- SysDbgWriteControlSpace, // SYSDBG_CONTROL_SPACE
- SysDbgReadIoSpace, // SYSDBG_IO_SPACE
- SysDbgWriteIoSpace, // SYSDBG_IO_SPACE
- SysDbgReadMsr, // SYSDBG_MSR
- SysDbgWriteMsr, // SYSDBG_MSR
- SysDbgReadBusData, // SYSDBG_BUS_DATA
- SysDbgWriteBusData, // SYSDBG_BUS_DATA
- SysDbgCheckLowMemory, // 20
- SysDbgEnableKernelDebugger,
- SysDbgDisableKernelDebugger,
- SysDbgGetAutoKdEnable,
- SysDbgSetAutoKdEnable,
- SysDbgGetPrintBufferSize,
- SysDbgSetPrintBufferSize,
- SysDbgGetKdUmExceptionEnable,
- SysDbgSetKdUmExceptionEnable,
- SysDbgGetTriageDump, // SYSDBG_TRIAGE_DUMP
- SysDbgGetKdBlockEnable, // 30
- SysDbgSetKdBlockEnable,
- SysDbgRegisterForUmBreakInfo,
- SysDbgGetUmBreakPid,
- SysDbgClearUmBreakPid,
- SysDbgGetUmAttachPid,
- SysDbgClearUmAttachPid,
- SysDbgGetLiveKernelDump, // SYSDBG_LIVEDUMP_CONTROL
- SysDbgKdPullRemoteFile, // SYSDBG_KD_PULL_REMOTE_FILE
- SysDbgMaxInfoClass
-} SYSDBG_COMMAND, *PSYSDBG_COMMAND;
-
-typedef struct _SYSDBG_VIRTUAL
-{
- PVOID Address;
- PVOID Buffer;
- ULONG Request;
-} SYSDBG_VIRTUAL, *PSYSDBG_VIRTUAL;
-
-typedef struct _SYSDBG_PHYSICAL
-{
- PHYSICAL_ADDRESS Address;
- PVOID Buffer;
- ULONG Request;
-} SYSDBG_PHYSICAL, *PSYSDBG_PHYSICAL;
-
-typedef struct _SYSDBG_CONTROL_SPACE
-{
- ULONG64 Address;
- PVOID Buffer;
- ULONG Request;
- ULONG Processor;
-} SYSDBG_CONTROL_SPACE, *PSYSDBG_CONTROL_SPACE;
-
-enum _INTERFACE_TYPE;
-
-typedef struct _SYSDBG_IO_SPACE
-{
- ULONG64 Address;
- PVOID Buffer;
- ULONG Request;
- enum _INTERFACE_TYPE InterfaceType;
- ULONG BusNumber;
- ULONG AddressSpace;
-} SYSDBG_IO_SPACE, *PSYSDBG_IO_SPACE;
-
-typedef struct _SYSDBG_MSR
-{
- ULONG Msr;
- ULONG64 Data;
-} SYSDBG_MSR, *PSYSDBG_MSR;
-
-enum _BUS_DATA_TYPE;
-
-typedef struct _SYSDBG_BUS_DATA
-{
- ULONG Address;
- PVOID Buffer;
- ULONG Request;
- enum _BUS_DATA_TYPE BusDataType;
- ULONG BusNumber;
- ULONG SlotNumber;
-} SYSDBG_BUS_DATA, *PSYSDBG_BUS_DATA;
-
-// private
-typedef struct _SYSDBG_TRIAGE_DUMP
-{
- ULONG Flags;
- ULONG BugCheckCode;
- ULONG_PTR BugCheckParam1;
- ULONG_PTR BugCheckParam2;
- ULONG_PTR BugCheckParam3;
- ULONG_PTR BugCheckParam4;
- ULONG ProcessHandles;
- ULONG ThreadHandles;
- PHANDLE Handles;
-} SYSDBG_TRIAGE_DUMP, *PSYSDBG_TRIAGE_DUMP;
-
-// private
-typedef union _SYSDBG_LIVEDUMP_CONTROL_FLAGS
-{
- struct
- {
- ULONG UseDumpStorageStack : 1;
- ULONG CompressMemoryPagesData : 1;
- ULONG IncludeUserSpaceMemoryPages : 1;
- ULONG AbortIfMemoryPressure : 1; // REDSTONE4
- ULONG SelectiveDump : 1; // WIN11
- ULONG Reserved : 27;
- };
- ULONG AsUlong;
-} SYSDBG_LIVEDUMP_CONTROL_FLAGS, *PSYSDBG_LIVEDUMP_CONTROL_FLAGS;
-
-// private
-typedef union _SYSDBG_LIVEDUMP_CONTROL_ADDPAGES
-{
- struct
- {
- ULONG HypervisorPages : 1;
- ULONG NonEssentialHypervisorPages : 1; // since WIN11
- ULONG Reserved : 30;
- };
- ULONG AsUlong;
-} SYSDBG_LIVEDUMP_CONTROL_ADDPAGES, *PSYSDBG_LIVEDUMP_CONTROL_ADDPAGES;
-
-#define SYSDBG_LIVEDUMP_SELECTIVE_CONTROL_VERSION 1
-
-// rev
-typedef struct _SYSDBG_LIVEDUMP_SELECTIVE_CONTROL
-{
- ULONG Version;
- ULONG Size;
- union
- {
- ULONGLONG Flags;
- struct
- {
- ULONGLONG ThreadKernelStacks : 1;
- ULONGLONG ReservedFlags : 63;
- };
- };
- ULONGLONG Reserved[4];
-} SYSDBG_LIVEDUMP_SELECTIVE_CONTROL, *PSYSDBG_LIVEDUMP_SELECTIVE_CONTROL;
-
-#define SYSDBG_LIVEDUMP_CONTROL_VERSION_1 1
-#define SYSDBG_LIVEDUMP_CONTROL_VERSION_2 2
-#define SYSDBG_LIVEDUMP_CONTROL_VERSION SYSDBG_LIVEDUMP_CONTROL_VERSION_2
-
-// private
-typedef struct _SYSDBG_LIVEDUMP_CONTROL
-{
- ULONG Version;
- ULONG BugCheckCode;
- ULONG_PTR BugCheckParam1;
- ULONG_PTR BugCheckParam2;
- ULONG_PTR BugCheckParam3;
- ULONG_PTR BugCheckParam4;
- HANDLE DumpFileHandle;
- HANDLE CancelEventHandle;
- SYSDBG_LIVEDUMP_CONTROL_FLAGS Flags;
- SYSDBG_LIVEDUMP_CONTROL_ADDPAGES AddPagesControl;
- PSYSDBG_LIVEDUMP_SELECTIVE_CONTROL SelectiveControl; // since WIN11
-} SYSDBG_LIVEDUMP_CONTROL, *PSYSDBG_LIVEDUMP_CONTROL;
-
-// private
-typedef struct _SYSDBG_KD_PULL_REMOTE_FILE
-{
- UNICODE_STRING ImageFileName;
-} SYSDBG_KD_PULL_REMOTE_FILE, *PSYSDBG_KD_PULL_REMOTE_FILE;
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSystemDebugControl(
- _In_ SYSDBG_COMMAND Command,
- _Inout_updates_bytes_opt_(InputBufferLength) PVOID InputBuffer,
- _In_ ULONG InputBufferLength,
- _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
- _In_ ULONG OutputBufferLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-// Hard errors
-
-typedef enum _HARDERROR_RESPONSE_OPTION
-{
- OptionAbortRetryIgnore,
- OptionOk,
- OptionOkCancel,
- OptionRetryCancel,
- OptionYesNo,
- OptionYesNoCancel,
- OptionShutdownSystem,
- OptionOkNoWait,
- OptionCancelTryContinue
-} HARDERROR_RESPONSE_OPTION;
-
-typedef enum _HARDERROR_RESPONSE
-{
- ResponseReturnToCaller,
- ResponseNotHandled,
- ResponseAbort,
- ResponseCancel,
- ResponseIgnore,
- ResponseNo,
- ResponseOk,
- ResponseRetry,
- ResponseYes,
- ResponseTryAgain,
- ResponseContinue
-} HARDERROR_RESPONSE;
-
-#define HARDERROR_OVERRIDE_ERRORMODE 0x10000000
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtRaiseHardError(
- _In_ NTSTATUS ErrorStatus,
- _In_ ULONG NumberOfParameters,
- _In_ ULONG UnicodeStringParameterMask,
- _In_reads_(NumberOfParameters) PULONG_PTR Parameters,
- _In_ ULONG ValidResponseOptions,
- _Out_ PULONG Response
- );
-
-//
-// Kernel-user shared data
-//
-
-typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
-{
- StandardDesign,
- NEC98x86,
- EndAlternatives
-} ALTERNATIVE_ARCHITECTURE_TYPE;
-
-#define PROCESSOR_FEATURE_MAX 64
-
-#define MAX_WOW64_SHARED_ENTRIES 16
-
-//
-// Define NX support policy values.
-//
-
-#define NX_SUPPORT_POLICY_ALWAYSOFF 0
-#define NX_SUPPORT_POLICY_ALWAYSON 1
-#define NX_SUPPORT_POLICY_OPTIN 2
-#define NX_SUPPORT_POLICY_OPTOUT 3
-
-//
-// SEH chain validation policies.
-//
-
-#define SEH_VALIDATION_POLICY_ON 0
-#define SEH_VALIDATION_POLICY_OFF 1
-#define SEH_VALIDATION_POLICY_TELEMETRY 2
-#define SEH_VALIDATION_POLICY_DEFER 3
-
-//
-// Global shared data flags and manipulation macros.
-//
-
-#define SHARED_GLOBAL_FLAGS_ERROR_PORT_V 0x0
-#define SHARED_GLOBAL_FLAGS_ERROR_PORT \
- (1UL << SHARED_GLOBAL_FLAGS_ERROR_PORT_V)
-
-#define SHARED_GLOBAL_FLAGS_ELEVATION_ENABLED_V 0x1
-#define SHARED_GLOBAL_FLAGS_ELEVATION_ENABLED \
- (1UL << SHARED_GLOBAL_FLAGS_ELEVATION_ENABLED_V)
-
-#define SHARED_GLOBAL_FLAGS_VIRT_ENABLED_V 0x2
-#define SHARED_GLOBAL_FLAGS_VIRT_ENABLED \
- (1UL << SHARED_GLOBAL_FLAGS_VIRT_ENABLED_V)
-
-#define SHARED_GLOBAL_FLAGS_INSTALLER_DETECT_ENABLED_V 0x3
-#define SHARED_GLOBAL_FLAGS_INSTALLER_DETECT_ENABLED \
- (1UL << SHARED_GLOBAL_FLAGS_INSTALLER_DETECT_ENABLED_V)
-
-#define SHARED_GLOBAL_FLAGS_LKG_ENABLED_V 0x4
-#define SHARED_GLOBAL_FLAGS_LKG_ENABLED \
- (1UL << SHARED_GLOBAL_FLAGS_LKG_ENABLED_V)
-
-#define SHARED_GLOBAL_FLAGS_DYNAMIC_PROC_ENABLED_V 0x5
-#define SHARED_GLOBAL_FLAGS_DYNAMIC_PROC_ENABLED \
- (1UL << SHARED_GLOBAL_FLAGS_DYNAMIC_PROC_ENABLED_V)
-
-#define SHARED_GLOBAL_FLAGS_CONSOLE_BROKER_ENABLED_V 0x6
-#define SHARED_GLOBAL_FLAGS_CONSOLE_BROKER_ENABLED \
- (1UL << SHARED_GLOBAL_FLAGS_CONSOLE_BROKER_ENABLED_V)
-
-#define SHARED_GLOBAL_FLAGS_SECURE_BOOT_ENABLED_V 0x7
-#define SHARED_GLOBAL_FLAGS_SECURE_BOOT_ENABLED \
- (1UL << SHARED_GLOBAL_FLAGS_SECURE_BOOT_ENABLED_V)
-
-#define SHARED_GLOBAL_FLAGS_MULTI_SESSION_SKU_V 0x8
-#define SHARED_GLOBAL_FLAGS_MULTI_SESSION_SKU \
- (1UL << SHARED_GLOBAL_FLAGS_MULTI_SESSION_SKU_V)
-
-#define SHARED_GLOBAL_FLAGS_MULTIUSERS_IN_SESSION_SKU_V 0x9
-#define SHARED_GLOBAL_FLAGS_MULTIUSERS_IN_SESSION_SKU \
- (1UL << SHARED_GLOBAL_FLAGS_MULTIUSERS_IN_SESSION_SKU_V)
-
-#define SHARED_GLOBAL_FLAGS_STATE_SEPARATION_ENABLED_V 0xA
-#define SHARED_GLOBAL_FLAGS_STATE_SEPARATION_ENABLED \
- (1UL << SHARED_GLOBAL_FLAGS_STATE_SEPARATION_ENABLED_V)
-
-#define SHARED_GLOBAL_FLAGS_SET_GLOBAL_DATA_FLAG 0x40000000
-#define SHARED_GLOBAL_FLAGS_CLEAR_GLOBAL_DATA_FLAG 0x80000000
-
-//
-// Define legal values for the SystemCall member.
-//
-
-#define SYSTEM_CALL_SYSCALL 0
-#define SYSTEM_CALL_INT_2E 1
-
-//
-// Define flags for QPC bypass information. None of these flags may be set
-// unless bypass is enabled. This is for compat with existing code which
-// compares this value to zero to detect bypass enablement.
-//
-
-#define SHARED_GLOBAL_FLAGS_QPC_BYPASS_ENABLED (0x01)
-#define SHARED_GLOBAL_FLAGS_QPC_BYPASS_USE_HV_PAGE (0x02)
-#define SHARED_GLOBAL_FLAGS_QPC_BYPASS_DISABLE_32BIT (0x04)
-#define SHARED_GLOBAL_FLAGS_QPC_BYPASS_USE_MFENCE (0x10)
-#define SHARED_GLOBAL_FLAGS_QPC_BYPASS_USE_LFENCE (0x20)
-#define SHARED_GLOBAL_FLAGS_QPC_BYPASS_A73_ERRATA (0x40)
-#define SHARED_GLOBAL_FLAGS_QPC_BYPASS_USE_RDTSCP (0x80)
-
-
-typedef struct _KUSER_SHARED_DATA
-{
- //
- // Current low 32-bit of tick count and tick count multiplier.
- //
- // N.B. The tick count is updated each time the clock ticks.
- //
-
- ULONG TickCountLowDeprecated;
- ULONG TickCountMultiplier;
-
- //
- // Current 64-bit interrupt time in 100ns units.
- //
-
- volatile KSYSTEM_TIME InterruptTime;
-
- //
- // Current 64-bit system time in 100ns units.
- //
-
- volatile KSYSTEM_TIME SystemTime;
-
- //
- // Current 64-bit time zone bias.
- //
-
- volatile KSYSTEM_TIME TimeZoneBias;
-
- //
- // Support image magic number range for the host system.
- //
- // N.B. This is an inclusive range.
- //
-
- USHORT ImageNumberLow;
- USHORT ImageNumberHigh;
-
- //
- // Copy of system root in unicode.
- //
- // N.B. This field must be accessed via the RtlGetNtSystemRoot API for
- // an accurate result.
- //
-
- WCHAR NtSystemRoot[260];
-
- //
- // Maximum stack trace depth if tracing enabled.
- //
-
- ULONG MaxStackTraceDepth;
-
- //
- // Crypto exponent value.
- //
-
- ULONG CryptoExponent;
-
- //
- // Time zone ID.
- //
-
- ULONG TimeZoneId;
- ULONG LargePageMinimum;
-
- //
- // This value controls the AIT Sampling rate.
- //
-
- ULONG AitSamplingValue;
-
- //
- // This value controls switchback processing.
- //
-
- ULONG AppCompatFlag;
-
- //
- // Current Kernel Root RNG state seed version
- //
-
- ULONGLONG RNGSeedVersion;
-
- //
- // This value controls assertion failure handling.
- //
-
- ULONG GlobalValidationRunlevel;
-
- volatile LONG TimeZoneBiasStamp;
-
- //
- // The shared collective build number undecorated with C or F.
- // GetVersionEx hides the real number
- //
-
- ULONG NtBuildNumber;
-
- //
- // Product type.
- //
- // N.B. This field must be accessed via the RtlGetNtProductType API for
- // an accurate result.
- //
-
- NT_PRODUCT_TYPE NtProductType;
- BOOLEAN ProductTypeIsValid;
- BOOLEAN Reserved0[1];
- USHORT NativeProcessorArchitecture;
-
- //
- // The NT Version.
- //
- // N. B. Note that each process sees a version from its PEB, but if the
- // process is running with an altered view of the system version,
- // the following two fields are used to correctly identify the
- // version
- //
-
- ULONG NtMajorVersion;
- ULONG NtMinorVersion;
-
- //
- // Processor features.
- //
-
- BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX];
-
- //
- // Reserved fields - do not use.
- //
-
- ULONG Reserved1;
- ULONG Reserved3;
-
- //
- // Time slippage while in debugger.
- //
-
- volatile ULONG TimeSlip;
-
- //
- // Alternative system architecture, e.g., NEC PC98xx on x86.
- //
-
- ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture;
-
- //
- // Boot sequence, incremented for each boot attempt by the OS loader.
- //
-
- ULONG BootId;
-
- //
- // If the system is an evaluation unit, the following field contains the
- // date and time that the evaluation unit expires. A value of 0 indicates
- // that there is no expiration. A non-zero value is the UTC absolute time
- // that the system expires.
- //
-
- LARGE_INTEGER SystemExpirationDate;
-
- //
- // Suite support.
- //
- // N.B. This field must be accessed via the RtlGetSuiteMask API for
- // an accurate result.
- //
-
- ULONG SuiteMask;
-
- //
- // TRUE if a kernel debugger is connected/enabled.
- //
-
- BOOLEAN KdDebuggerEnabled;
-
- //
- // Mitigation policies.
- //
-
- union
- {
- UCHAR MitigationPolicies;
- struct
- {
- UCHAR NXSupportPolicy : 2;
- UCHAR SEHValidationPolicy : 2;
- UCHAR CurDirDevicesSkippedForDlls : 2;
- UCHAR Reserved : 2;
- };
- };
-
- //
- // Measured duration of a single processor yield, in cycles. This is used by
- // lock packages to determine how many times to spin waiting for a state
- // change before blocking.
- //
-
- USHORT CyclesPerYield;
-
- //
- // Current console session Id. Always zero on non-TS systems.
- //
- // N.B. This field must be accessed via the RtlGetActiveConsoleId API for an
- // accurate result.
- //
-
- volatile ULONG ActiveConsoleId;
-
- //
- // Force-dismounts cause handles to become invalid. Rather than always
- // probe handles, a serial number of dismounts is maintained that clients
- // can use to see if they need to probe handles.
- //
-
- volatile ULONG DismountCount;
-
- //
- // This field indicates the status of the 64-bit COM+ package on the
- // system. It indicates whether the Itermediate Language (IL) COM+
- // images need to use the 64-bit COM+ runtime or the 32-bit COM+ runtime.
- //
-
- ULONG ComPlusPackage;
-
- //
- // Time in tick count for system-wide last user input across all terminal
- // sessions. For MP performance, it is not updated all the time (e.g. once
- // a minute per session). It is used for idle detection.
- //
-
- ULONG LastSystemRITEventTickCount;
-
- //
- // Number of physical pages in the system. This can dynamically change as
- // physical memory can be added or removed from a running system.
- //
-
- ULONG NumberOfPhysicalPages;
-
- //
- // True if the system was booted in safe boot mode.
- //
-
- BOOLEAN SafeBootMode;
-
- //
- // Virtualization flags.
- //
-
- union
- {
- UCHAR VirtualizationFlags;
-
-#if defined(_ARM64_)
-
- //
- // N.B. Keep this bitfield in sync with the one in arc.w.
- //
-
- struct
- {
- UCHAR ArchStartedInEl2 : 1;
- UCHAR QcSlIsSupported : 1;
- UCHAR : 6;
- };
-
-#endif
-
- };
-
- //
- // Reserved (available for reuse).
- //
-
- UCHAR Reserved12[2];
-
- //
- // This is a packed bitfield that contains various flags concerning
- // the system state. They must be manipulated using interlocked
- // operations.
- //
- // N.B. DbgMultiSessionSku must be accessed via the RtlIsMultiSessionSku
- // API for an accurate result
- //
-
- union
- {
- ULONG SharedDataFlags;
- struct
- {
- //
- // The following bit fields are for the debugger only. Do not use.
- // Use the bit definitions instead.
- //
-
- ULONG DbgErrorPortPresent : 1;
- ULONG DbgElevationEnabled : 1;
- ULONG DbgVirtEnabled : 1;
- ULONG DbgInstallerDetectEnabled : 1;
- ULONG DbgLkgEnabled : 1;
- ULONG DbgDynProcessorEnabled : 1;
- ULONG DbgConsoleBrokerEnabled : 1;
- ULONG DbgSecureBootEnabled : 1;
- ULONG DbgMultiSessionSku : 1;
- ULONG DbgMultiUsersInSessionSku : 1;
- ULONG DbgStateSeparationEnabled : 1;
- ULONG SpareBits : 21;
- } DUMMYSTRUCTNAME2;
- } DUMMYUNIONNAME2;
-
- ULONG DataFlagsPad[1];
-
- //
- // Depending on the processor, the code for fast system call will differ,
- // Stub code is provided pointers below to access the appropriate code.
- //
- // N.B. The following field is only used on 32-bit systems.
- //
-
- ULONGLONG TestRetInstruction;
- LONGLONG QpcFrequency;
-
- //
- // On AMD64, this value is initialized to a nonzero value if the system
- // operates with an altered view of the system service call mechanism.
- //
-
- ULONG SystemCall;
-
- //
- // Reserved field - do not use. Used to be UserCetAvailableEnvironments.
- //
-
- ULONG Reserved2;
-
- //
- // Reserved, available for reuse.
- //
-
- ULONGLONG SystemCallPad[2];
-
- //
- // The 64-bit tick count.
- //
-
- union
- {
- volatile KSYSTEM_TIME TickCount;
- volatile ULONG64 TickCountQuad;
- struct
- {
- ULONG ReservedTickCountOverlay[3];
- ULONG TickCountPad[1];
- } DUMMYSTRUCTNAME;
- } DUMMYUNIONNAME3;
-
- //
- // Cookie for encoding pointers system wide.
- //
-
- ULONG Cookie;
- ULONG CookiePad[1];
-
- //
- // Client id of the process having the focus in the current
- // active console session id.
- //
- // N.B. This field must be accessed via the
- // RtlGetConsoleSessionForegroundProcessId API for an accurate result.
- //
-
- LONGLONG ConsoleSessionForegroundProcessId;
-
- //
- // N.B. The following data is used to implement the precise time
- // services. It is aligned on a 64-byte cache-line boundary and
- // arranged in the order of typical accesses.
- //
- // Placeholder for the (internal) time update lock.
- //
-
- ULONGLONG TimeUpdateLock;
-
- //
- // The performance counter value used to establish the current system time.
- //
-
- ULONGLONG BaselineSystemTimeQpc;
-
- //
- // The performance counter value used to compute the last interrupt time.
- //
-
- ULONGLONG BaselineInterruptTimeQpc;
-
- //
- // The scaled number of system time seconds represented by a single
- // performance count (this value may vary to achieve time synchronization).
- //
-
- ULONGLONG QpcSystemTimeIncrement;
-
- //
- // The scaled number of interrupt time seconds represented by a single
- // performance count (this value is constant after the system is booted).
- //
-
- ULONGLONG QpcInterruptTimeIncrement;
-
- //
- // The scaling shift count applied to the performance counter system time
- // increment.
- //
-
- UCHAR QpcSystemTimeIncrementShift;
-
- //
- // The scaling shift count applied to the performance counter interrupt time
- // increment.
- //
-
- UCHAR QpcInterruptTimeIncrementShift;
-
- //
- // The count of unparked processors.
- //
-
- USHORT UnparkedProcessorCount;
-
- //
- // A bitmask of enclave features supported on this system.
- //
- // N.B. This field must be accessed via the RtlIsEnclaveFeaturePresent API for an
- // accurate result.
- //
-
- ULONG EnclaveFeatureMask[4];
-
- //
- // Current coverage round for telemetry based coverage.
- //
-
- ULONG TelemetryCoverageRound;
-
- //
- // The following field is used for ETW user mode global logging
- // (UMGL).
- //
-
- USHORT UserModeGlobalLogger[16];
-
- //
- // Settings that can enable the use of Image File Execution Options
- // from HKCU in addition to the original HKLM.
- //
-
- ULONG ImageFileExecutionOptions;
-
- //
- // Generation of the kernel structure holding system language information
- //
-
- ULONG LangGenerationCount;
-
- //
- // Reserved (available for reuse).
- //
-
- ULONGLONG Reserved4;
-
- //
- // Current 64-bit interrupt time bias in 100ns units.
- //
-
- volatile ULONGLONG InterruptTimeBias;
-
- //
- // Current 64-bit performance counter bias, in performance counter units
- // before the shift is applied.
- //
-
- volatile ULONGLONG QpcBias;
-
- //
- // Number of active processors and groups.
- //
-
- ULONG ActiveProcessorCount;
- volatile UCHAR ActiveGroupCount;
-
- //
- // Reserved (available for re-use).
- //
-
- UCHAR Reserved9;
-
- union
- {
- USHORT QpcData;
- struct
- {
- //
- // A boolean indicating whether performance counter queries
- // can read the counter directly (bypassing the system call).
- //
-
- volatile UCHAR QpcBypassEnabled;
-
- //
- // Shift applied to the raw counter value to derive the
- // QPC count.
- //
-
- UCHAR QpcShift;
- };
- };
-
- LARGE_INTEGER TimeZoneBiasEffectiveStart;
- LARGE_INTEGER TimeZoneBiasEffectiveEnd;
-
- //
- // Extended processor state configuration
- //
-
- XSTATE_CONFIGURATION XState;
-
- KSYSTEM_TIME FeatureConfigurationChangeStamp;
- ULONG Spare;
-
- ULONG64 UserPointerAuthMask;
-
-} KUSER_SHARED_DATA, *PKUSER_SHARED_DATA;
-
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TickCountLowDeprecated) == 0x0);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TickCountMultiplier) == 0x4);
-C_ASSERT(__alignof(KSYSTEM_TIME) == 4);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, InterruptTime) == 0x08);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, SystemTime) == 0x014);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TimeZoneBias) == 0x020);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, ImageNumberLow) == 0x02c);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, ImageNumberHigh) == 0x02e);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, NtSystemRoot) == 0x030);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, MaxStackTraceDepth) == 0x238);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, CryptoExponent) == 0x23c);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TimeZoneId) == 0x240);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, LargePageMinimum) == 0x244);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, AitSamplingValue) == 0x248);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, AppCompatFlag) == 0x24c);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, RNGSeedVersion) == 0x250);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, GlobalValidationRunlevel) == 0x258);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TimeZoneBiasStamp) == 0x25c);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, NtBuildNumber) == 0x260);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, NtProductType) == 0x264);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, ProductTypeIsValid) == 0x268);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, NativeProcessorArchitecture) == 0x26a);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, NtMajorVersion) == 0x26c);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, NtMinorVersion) == 0x270);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, ProcessorFeatures) == 0x274);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, Reserved1) == 0x2b4);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, Reserved3) == 0x2b8);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TimeSlip) == 0x2bc);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, AlternativeArchitecture) == 0x2c0);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, SystemExpirationDate) == 0x2c8);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, SuiteMask) == 0x2d0);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, KdDebuggerEnabled) == 0x2d4);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, MitigationPolicies) == 0x2d5);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, CyclesPerYield) == 0x2d6);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, ActiveConsoleId) == 0x2d8);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, DismountCount) == 0x2dc);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, ComPlusPackage) == 0x2e0);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, LastSystemRITEventTickCount) == 0x2e4);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, NumberOfPhysicalPages) == 0x2e8);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, SafeBootMode) == 0x2ec);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, VirtualizationFlags) == 0x2ed);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, Reserved12) == 0x2ee);
-#if defined(_MSC_EXTENSIONS)
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, SharedDataFlags) == 0x2f0);
-#endif
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TestRetInstruction) == 0x2f8);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, QpcFrequency) == 0x300);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, SystemCall) == 0x308);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, Reserved2) == 0x30c);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, SystemCallPad) == 0x310);
-#if defined(_MSC_EXTENSIONS)
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TickCount) == 0x320);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TickCountQuad) == 0x320);
-#endif
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, Cookie) == 0x330);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, ConsoleSessionForegroundProcessId) == 0x338);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TimeUpdateLock) == 0x340);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, BaselineSystemTimeQpc) == 0x348);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, BaselineInterruptTimeQpc) == 0x350);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, QpcSystemTimeIncrement) == 0x358);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, QpcInterruptTimeIncrement) == 0x360);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, QpcSystemTimeIncrementShift) == 0x368);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, QpcInterruptTimeIncrementShift) == 0x369);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, UnparkedProcessorCount) == 0x36a);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, EnclaveFeatureMask) == 0x36c);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TelemetryCoverageRound) == 0x37c);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, UserModeGlobalLogger) == 0x380);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, ImageFileExecutionOptions) == 0x3a0);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, LangGenerationCount) == 0x3a4);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, Reserved4) == 0x3a8);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, InterruptTimeBias) == 0x3b0);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, QpcBias) == 0x3b8);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, ActiveProcessorCount) == 0x3c0);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, ActiveGroupCount) == 0x3c4);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, Reserved9) == 0x3c5);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, QpcData) == 0x3c6);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, QpcBypassEnabled) == 0x3c6);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, QpcShift) == 0x3c7);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TimeZoneBiasEffectiveStart) == 0x3c8);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TimeZoneBiasEffectiveEnd) == 0x3d0);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, XState) == 0x3d8);
-#if !defined(NTDDI_WIN10_FE) || (NTDDI_VERSION < NTDDI_WIN10_FE)
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, FeatureConfigurationChangeStamp) == 0x710);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, UserPointerAuthMask) == 0x720);
-#if !defined(WINDOWS_IGNORE_PACKING_MISMATCH)
-C_ASSERT(sizeof(KUSER_SHARED_DATA) == 0x728);
-#endif
-#else
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, FeatureConfigurationChangeStamp) == 0x720);
-C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, UserPointerAuthMask) == 0x730);
-#if !defined(WINDOWS_IGNORE_PACKING_MISMATCH)
-C_ASSERT(sizeof(KUSER_SHARED_DATA) == 0x738);
-#endif
-#endif
-
-#define USER_SHARED_DATA ((KUSER_SHARED_DATA * const)0x7ffe0000)
-
-FORCEINLINE
-ULONGLONG
-NtGetTickCount64(
- VOID
- )
-{
- ULARGE_INTEGER tickCount;
-
-#ifdef _WIN64
-
- tickCount.QuadPart = USER_SHARED_DATA->TickCountQuad;
-
-#else
-
- while (TRUE)
- {
- tickCount.HighPart = (ULONG)USER_SHARED_DATA->TickCount.High1Time;
- tickCount.LowPart = USER_SHARED_DATA->TickCount.LowPart;
-
- if (tickCount.HighPart == (ULONG)USER_SHARED_DATA->TickCount.High2Time)
- break;
-
- YieldProcessor();
- }
-
-#endif
-
- return (UInt32x32To64(tickCount.LowPart, USER_SHARED_DATA->TickCountMultiplier) >> 24) +
- (UInt32x32To64(tickCount.HighPart, USER_SHARED_DATA->TickCountMultiplier) << 8);
-}
-
-FORCEINLINE
-ULONG
-NtGetTickCount(
- VOID
- )
-{
-#ifdef _WIN64
-
- return (ULONG)((USER_SHARED_DATA->TickCountQuad * USER_SHARED_DATA->TickCountMultiplier) >> 24);
-
-#else
-
- ULARGE_INTEGER tickCount;
-
- while (TRUE)
- {
- tickCount.HighPart = (ULONG)USER_SHARED_DATA->TickCount.High1Time;
- tickCount.LowPart = USER_SHARED_DATA->TickCount.LowPart;
-
- if (tickCount.HighPart == (ULONG)USER_SHARED_DATA->TickCount.High2Time)
- break;
-
- YieldProcessor();
- }
-
- return (ULONG)((UInt32x32To64(tickCount.LowPart, USER_SHARED_DATA->TickCountMultiplier) >> 24) +
- UInt32x32To64((tickCount.HighPart << 8) & 0xffffffff, USER_SHARED_DATA->TickCountMultiplier));
-
-#endif
-}
-
-// Locale
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryDefaultLocale(
- _In_ BOOLEAN UserProfile,
- _Out_ PLCID DefaultLocaleId
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetDefaultLocale(
- _In_ BOOLEAN UserProfile,
- _In_ LCID DefaultLocaleId
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryInstallUILanguage(
- _Out_ LANGID *InstallUILanguageId
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtFlushInstallUILanguage(
- _In_ LANGID InstallUILanguage,
- _In_ ULONG SetComittedFlag
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryDefaultUILanguage(
- _Out_ LANGID *DefaultUILanguageId
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetDefaultUILanguage(
- _In_ LANGID DefaultUILanguageId
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtIsUILanguageComitted(
- VOID
- );
-#endif
-
-// NLS
-
-// begin_private
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtInitializeNlsFiles(
- _Out_ PVOID *BaseAddress,
- _Out_ PLCID DefaultLocaleId,
- _Out_ PLARGE_INTEGER DefaultCasingTableSize,
- _Out_opt_ PULONG CurrentNLSVersion
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtGetNlsSectionPtr(
- _In_ ULONG SectionType,
- _In_ ULONG SectionData,
- _In_ PVOID ContextData,
- _Out_ PVOID *SectionPointer,
- _Out_ PULONG SectionSize
- );
-
-#if (PHNT_VERSION < PHNT_WIN7)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAcquireCMFViewOwnership(
- _Out_ PULONGLONG TimeStamp,
- _Out_ PBOOLEAN tokenTaken,
- _In_ BOOLEAN replaceExisting
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtReleaseCMFViewOwnership(
- VOID
- );
-
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtMapCMFModule(
- _In_ ULONG What,
- _In_ ULONG Index,
- _Out_opt_ PULONG CacheIndexOut,
- _Out_opt_ PULONG CacheFlagsOut,
- _Out_opt_ PULONG ViewSizeOut,
- _Out_opt_ PVOID *BaseAddress
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtGetMUIRegistryInfo(
- _In_ ULONG Flags,
- _Inout_ PULONG DataSize,
- _Out_ PVOID Data
- );
-
-#endif
-
-// end_private
-
-// Global atoms
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAddAtom(
- _In_reads_bytes_opt_(Length) PWSTR AtomName,
- _In_ ULONG Length,
- _Out_opt_ PRTL_ATOM Atom
- );
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-
-#define ATOM_FLAG_GLOBAL 0x2
-
-// rev
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAddAtomEx(
- _In_reads_bytes_opt_(Length) PWSTR AtomName,
- _In_ ULONG Length,
- _Out_opt_ PRTL_ATOM Atom,
- _In_ ULONG Flags
- );
-
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtFindAtom(
- _In_reads_bytes_opt_(Length) PWSTR AtomName,
- _In_ ULONG Length,
- _Out_opt_ PRTL_ATOM Atom
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtDeleteAtom(
- _In_ RTL_ATOM Atom
- );
-
-typedef enum _ATOM_INFORMATION_CLASS
-{
- AtomBasicInformation,
- AtomTableInformation
-} ATOM_INFORMATION_CLASS;
-
-typedef struct _ATOM_BASIC_INFORMATION
-{
- USHORT UsageCount;
- USHORT Flags;
- USHORT NameLength;
- _Field_size_bytes_(NameLength) WCHAR Name[1];
-} ATOM_BASIC_INFORMATION, *PATOM_BASIC_INFORMATION;
-
-typedef struct _ATOM_TABLE_INFORMATION
-{
- ULONG NumberOfAtoms;
- _Field_size_(NumberOfAtoms) RTL_ATOM Atoms[1];
-} ATOM_TABLE_INFORMATION, *PATOM_TABLE_INFORMATION;
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryInformationAtom(
- _In_ RTL_ATOM Atom,
- _In_ ATOM_INFORMATION_CLASS AtomInformationClass,
- _Out_writes_bytes_(AtomInformationLength) PVOID AtomInformation,
- _In_ ULONG AtomInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-// Global flags
-
-#define FLG_STOP_ON_EXCEPTION 0x00000001 // uk
-#define FLG_SHOW_LDR_SNAPS 0x00000002 // uk
-#define FLG_DEBUG_INITIAL_COMMAND 0x00000004 // k
-#define FLG_STOP_ON_HUNG_GUI 0x00000008 // k
-
-#define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010 // u
-#define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020 // u
-#define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040 // u
-#define FLG_HEAP_VALIDATE_ALL 0x00000080 // u
-
-#define FLG_APPLICATION_VERIFIER 0x00000100 // u
-#define FLG_MONITOR_SILENT_PROCESS_EXIT 0x00000200 // uk
-#define FLG_POOL_ENABLE_TAGGING 0x00000400 // k
-#define FLG_HEAP_ENABLE_TAGGING 0x00000800 // u
-
-#define FLG_USER_STACK_TRACE_DB 0x00001000 // u,32
-#define FLG_KERNEL_STACK_TRACE_DB 0x00002000 // k,32
-#define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000 // k
-#define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000 // u
-
-#define FLG_DISABLE_STACK_EXTENSION 0x00010000 // u
-#define FLG_ENABLE_CSRDEBUG 0x00020000 // k
-#define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000 // k
-#define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000 // k
-
-#define FLG_ENABLE_SYSTEM_CRIT_BREAKS 0x00100000 // u
-#define FLG_HEAP_DISABLE_COALESCING 0x00200000 // u
-#define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000 // k
-#define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000 // k
-
-#define FLG_ENABLE_HANDLE_TYPE_TAGGING 0x01000000 // k
-#define FLG_HEAP_PAGE_ALLOCS 0x02000000 // u
-#define FLG_DEBUG_INITIAL_COMMAND_EX 0x04000000 // k
-#define FLG_DISABLE_DBGPRINT 0x08000000 // k
-
-#define FLG_CRITSEC_EVENT_CREATION 0x10000000 // u
-#define FLG_STOP_ON_UNHANDLED_EXCEPTION 0x20000000 // u,64
-#define FLG_ENABLE_HANDLE_EXCEPTIONS 0x40000000 // k
-#define FLG_DISABLE_PROTDLLS 0x80000000 // u
-
-#define FLG_VALID_BITS 0xfffffdff
-
-#define FLG_USERMODE_VALID_BITS (FLG_STOP_ON_EXCEPTION | \
- FLG_SHOW_LDR_SNAPS | \
- FLG_HEAP_ENABLE_TAIL_CHECK | \
- FLG_HEAP_ENABLE_FREE_CHECK | \
- FLG_HEAP_VALIDATE_PARAMETERS | \
- FLG_HEAP_VALIDATE_ALL | \
- FLG_APPLICATION_VERIFIER | \
- FLG_HEAP_ENABLE_TAGGING | \
- FLG_USER_STACK_TRACE_DB | \
- FLG_HEAP_ENABLE_TAG_BY_DLL | \
- FLG_DISABLE_STACK_EXTENSION | \
- FLG_ENABLE_SYSTEM_CRIT_BREAKS | \
- FLG_HEAP_DISABLE_COALESCING | \
- FLG_DISABLE_PROTDLLS | \
- FLG_HEAP_PAGE_ALLOCS | \
- FLG_CRITSEC_EVENT_CREATION | \
- FLG_LDR_TOP_DOWN)
-
-#define FLG_BOOTONLY_VALID_BITS (FLG_KERNEL_STACK_TRACE_DB | \
- FLG_MAINTAIN_OBJECT_TYPELIST | \
- FLG_ENABLE_CSRDEBUG | \
- FLG_DEBUG_INITIAL_COMMAND | \
- FLG_DEBUG_INITIAL_COMMAND_EX | \
- FLG_DISABLE_PAGE_KERNEL_STACKS)
-
-#define FLG_KERNELMODE_VALID_BITS (FLG_STOP_ON_EXCEPTION | \
- FLG_SHOW_LDR_SNAPS | \
- FLG_STOP_ON_HUNG_GUI | \
- FLG_POOL_ENABLE_TAGGING | \
- FLG_ENABLE_KDEBUG_SYMBOL_LOAD | \
- FLG_ENABLE_CLOSE_EXCEPTIONS | \
- FLG_ENABLE_EXCEPTION_LOGGING | \
- FLG_ENABLE_HANDLE_TYPE_TAGGING | \
- FLG_DISABLE_DBGPRINT | \
- FLG_ENABLE_HANDLE_EXCEPTIONS)
-
-// Licensing
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryLicenseValue(
- _In_ PUNICODE_STRING ValueName,
- _Out_opt_ PULONG Type,
- _Out_writes_bytes_to_opt_(DataSize, *ResultDataSize) PVOID Data,
- _In_ ULONG DataSize,
- _Out_ PULONG ResultDataSize
- );
-
-// Misc.
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetDefaultHardErrorPort(
- _In_ HANDLE DefaultHardErrorPort
- );
-
-typedef enum _SHUTDOWN_ACTION
-{
- ShutdownNoReboot,
- ShutdownReboot,
- ShutdownPowerOff,
- ShutdownRebootForRecovery // since WIN11
-} SHUTDOWN_ACTION;
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtShutdownSystem(
- _In_ SHUTDOWN_ACTION Action
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtDisplayString(
- _In_ PUNICODE_STRING String
- );
-
-// Boot graphics
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-// rev
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtDrawText(
- _In_ PUNICODE_STRING Text
- );
-#endif
-
-#endif // (PHNT_MODE != PHNT_MODE_KERNEL)
-
-#endif
diff --git a/deps/phnt-nightly/ntgdi.h b/deps/phnt-nightly/ntgdi.h
deleted file mode 100644
index bf70b71..0000000
--- a/deps/phnt-nightly/ntgdi.h
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * Graphics device interface support
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTGDI_H
-#define _NTGDI_H
-
-#define GDI_MAX_HANDLE_COUNT 0xFFFF // 0x4000
-
-#define GDI_HANDLE_INDEX_SHIFT 0
-#define GDI_HANDLE_INDEX_BITS 16
-#define GDI_HANDLE_INDEX_MASK 0xffff
-
-#define GDI_HANDLE_TYPE_SHIFT 16
-#define GDI_HANDLE_TYPE_BITS 5
-#define GDI_HANDLE_TYPE_MASK 0x1f
-
-#define GDI_HANDLE_ALTTYPE_SHIFT 21
-#define GDI_HANDLE_ALTTYPE_BITS 2
-#define GDI_HANDLE_ALTTYPE_MASK 0x3
-
-#define GDI_HANDLE_STOCK_SHIFT 23
-#define GDI_HANDLE_STOCK_BITS 1
-#define GDI_HANDLE_STOCK_MASK 0x1
-
-#define GDI_HANDLE_UNIQUE_SHIFT 24
-#define GDI_HANDLE_UNIQUE_BITS 8
-#define GDI_HANDLE_UNIQUE_MASK 0xff
-
-#define GDI_HANDLE_INDEX(Handle) ((ULONG)(Handle) & GDI_HANDLE_INDEX_MASK)
-#define GDI_HANDLE_TYPE(Handle) (((ULONG)(Handle) >> GDI_HANDLE_TYPE_SHIFT) & GDI_HANDLE_TYPE_MASK)
-#define GDI_HANDLE_ALTTYPE(Handle) (((ULONG)(Handle) >> GDI_HANDLE_ALTTYPE_SHIFT) & GDI_HANDLE_ALTTYPE_MASK)
-#define GDI_HANDLE_STOCK(Handle) (((ULONG)(Handle) >> GDI_HANDLE_STOCK_SHIFT)) & GDI_HANDLE_STOCK_MASK)
-
-#define GDI_MAKE_HANDLE(Index, Unique) ((ULONG)(((ULONG)(Unique) << GDI_HANDLE_INDEX_BITS) | (ULONG)(Index)))
-
-// GDI server-side types
-
-#define GDI_DEF_TYPE 0 // invalid handle
-#define GDI_DC_TYPE 1
-#define GDI_DD_DIRECTDRAW_TYPE 2
-#define GDI_DD_SURFACE_TYPE 3
-#define GDI_RGN_TYPE 4
-#define GDI_SURF_TYPE 5
-#define GDI_CLIENTOBJ_TYPE 6
-#define GDI_PATH_TYPE 7
-#define GDI_PAL_TYPE 8
-#define GDI_ICMLCS_TYPE 9
-#define GDI_LFONT_TYPE 10
-#define GDI_RFONT_TYPE 11
-#define GDI_PFE_TYPE 12
-#define GDI_PFT_TYPE 13
-#define GDI_ICMCXF_TYPE 14
-#define GDI_ICMDLL_TYPE 15
-#define GDI_BRUSH_TYPE 16
-#define GDI_PFF_TYPE 17 // unused
-#define GDI_CACHE_TYPE 18 // unused
-#define GDI_SPACE_TYPE 19
-#define GDI_DBRUSH_TYPE 20 // unused
-#define GDI_META_TYPE 21
-#define GDI_EFSTATE_TYPE 22
-#define GDI_BMFD_TYPE 23 // unused
-#define GDI_VTFD_TYPE 24 // unused
-#define GDI_TTFD_TYPE 25 // unused
-#define GDI_RC_TYPE 26 // unused
-#define GDI_TEMP_TYPE 27 // unused
-#define GDI_DRVOBJ_TYPE 28
-#define GDI_DCIOBJ_TYPE 29 // unused
-#define GDI_SPOOL_TYPE 30
-
-// GDI client-side types
-
-#define GDI_CLIENT_TYPE_FROM_HANDLE(Handle) ((ULONG)(Handle) & ((GDI_HANDLE_ALTTYPE_MASK << GDI_HANDLE_ALTTYPE_SHIFT) | \
- (GDI_HANDLE_TYPE_MASK << GDI_HANDLE_TYPE_SHIFT)))
-#define GDI_CLIENT_TYPE_FROM_UNIQUE(Unique) GDI_CLIENT_TYPE_FROM_HANDLE((ULONG)(Unique) << 16)
-
-#define GDI_ALTTYPE_1 (1 << GDI_HANDLE_ALTTYPE_SHIFT)
-#define GDI_ALTTYPE_2 (2 << GDI_HANDLE_ALTTYPE_SHIFT)
-#define GDI_ALTTYPE_3 (3 << GDI_HANDLE_ALTTYPE_SHIFT)
-
-#define GDI_CLIENT_BITMAP_TYPE (GDI_SURF_TYPE << GDI_HANDLE_TYPE_SHIFT)
-#define GDI_CLIENT_BRUSH_TYPE (GDI_BRUSH_TYPE << GDI_HANDLE_TYPE_SHIFT)
-#define GDI_CLIENT_CLIENTOBJ_TYPE (GDI_CLIENTOBJ_TYPE << GDI_HANDLE_TYPE_SHIFT)
-#define GDI_CLIENT_DC_TYPE (GDI_DC_TYPE << GDI_HANDLE_TYPE_SHIFT)
-#define GDI_CLIENT_FONT_TYPE (GDI_LFONT_TYPE << GDI_HANDLE_TYPE_SHIFT)
-#define GDI_CLIENT_PALETTE_TYPE (GDI_PAL_TYPE << GDI_HANDLE_TYPE_SHIFT)
-#define GDI_CLIENT_REGION_TYPE (GDI_RGN_TYPE << GDI_HANDLE_TYPE_SHIFT)
-
-#define GDI_CLIENT_ALTDC_TYPE (GDI_CLIENT_DC_TYPE | GDI_ALTTYPE_1)
-#define GDI_CLIENT_DIBSECTION_TYPE (GDI_CLIENT_BITMAP_TYPE | GDI_ALTTYPE_1)
-#define GDI_CLIENT_EXTPEN_TYPE (GDI_CLIENT_BRUSH_TYPE | GDI_ALTTYPE_2)
-#define GDI_CLIENT_METADC16_TYPE (GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_3)
-#define GDI_CLIENT_METAFILE_TYPE (GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_2)
-#define GDI_CLIENT_METAFILE16_TYPE (GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_1)
-#define GDI_CLIENT_PEN_TYPE (GDI_CLIENT_BRUSH_TYPE | GDI_ALTTYPE_1)
-
-typedef struct _GDI_HANDLE_ENTRY
-{
- union
- {
- PVOID Object;
- PVOID NextFree;
- };
- union
- {
- struct
- {
- USHORT ProcessId;
- USHORT Lock : 1;
- USHORT Count : 15;
- };
- ULONG Value;
- } Owner;
- USHORT Unique;
- UCHAR Type;
- UCHAR Flags;
- PVOID UserPointer;
-} GDI_HANDLE_ENTRY, *PGDI_HANDLE_ENTRY;
-
-typedef struct _GDI_SHARED_MEMORY
-{
- GDI_HANDLE_ENTRY Handles[GDI_MAX_HANDLE_COUNT];
-} GDI_SHARED_MEMORY, *PGDI_SHARED_MEMORY;
-
-#endif
diff --git a/deps/phnt-nightly/ntimage.h b/deps/phnt-nightly/ntimage.h
deleted file mode 100644
index 8007a99..0000000
--- a/deps/phnt-nightly/ntimage.h
+++ /dev/null
@@ -1,211 +0,0 @@
-/*
- * PE format support
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTIMAGE_H
-#define _NTIMAGE_H
-
-#include
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-#define IMAGE_FILE_MACHINE_CHPE_X86 0x3A64
-#define IMAGE_FILE_MACHINE_ARM64EC 0xA641
-#define IMAGE_FILE_MACHINE_ARM64X 0xA64E
-#endif
-
-typedef struct _IMAGE_DEBUG_POGO_ENTRY
-{
- ULONG Rva;
- ULONG Size;
- CHAR Name[1];
-} IMAGE_DEBUG_POGO_ENTRY, *PIMAGE_DEBUG_POGO_ENTRY;
-
-typedef struct _IMAGE_DEBUG_POGO_SIGNATURE
-{
- ULONG Signature;
-} IMAGE_DEBUG_POGO_SIGNATURE, *PIMAGE_DEBUG_POGO_SIGNATURE;
-
-#define IMAGE_DEBUG_POGO_SIGNATURE_LTCG 'LTCG' // coffgrp LTCG (0x4C544347)
-#define IMAGE_DEBUG_POGO_SIGNATURE_PGU 'PGU\0' // coffgrp PGU (0x50475500)
-
-typedef struct _IMAGE_RELOCATION_RECORD
-{
- USHORT Offset : 12;
- USHORT Type : 4;
-} IMAGE_RELOCATION_RECORD, *PIMAGE_RELOCATION_RECORD;
-
-typedef struct _IMAGE_CHPE_METADATA_X86
-{
- ULONG Version;
- ULONG CHPECodeAddressRangeOffset;
- ULONG CHPECodeAddressRangeCount;
- ULONG WowA64ExceptionHandlerFunctionPointer;
- ULONG WowA64DispatchCallFunctionPointer;
- ULONG WowA64DispatchIndirectCallFunctionPointer;
- ULONG WowA64DispatchIndirectCallCfgFunctionPointer;
- ULONG WowA64DispatchRetFunctionPointer;
- ULONG WowA64DispatchRetLeafFunctionPointer;
- ULONG WowA64DispatchJumpFunctionPointer;
- ULONG CompilerIATPointer; // Present if Version >= 2
- ULONG WowA64RdtscFunctionPointer; // Present if Version >= 3
-} IMAGE_CHPE_METADATA_X86, *PIMAGE_CHPE_METADATA_X86;
-
-typedef struct _IMAGE_CHPE_RANGE_ENTRY
-{
- union
- {
- ULONG StartOffset;
- struct
- {
- ULONG NativeCode : 1;
- ULONG AddressBits : 31;
- } DUMMYSTRUCTNAME;
- } DUMMYUNIONNAME;
-
- ULONG Length;
-} IMAGE_CHPE_RANGE_ENTRY, *PIMAGE_CHPE_RANGE_ENTRY;
-
-typedef struct _IMAGE_ARM64EC_METADATA
-{
- ULONG Version;
- ULONG CodeMap;
- ULONG CodeMapCount;
- ULONG CodeRangesToEntryPoints;
- ULONG RedirectionMetadata;
- ULONG tbd__os_arm64x_dispatch_call_no_redirect;
- ULONG tbd__os_arm64x_dispatch_ret;
- ULONG tbd__os_arm64x_dispatch_call;
- ULONG tbd__os_arm64x_dispatch_icall;
- ULONG tbd__os_arm64x_dispatch_icall_cfg;
- ULONG AlternateEntryPoint;
- ULONG AuxiliaryIAT;
- ULONG CodeRangesToEntryPointsCount;
- ULONG RedirectionMetadataCount;
- ULONG GetX64InformationFunctionPointer;
- ULONG SetX64InformationFunctionPointer;
- ULONG ExtraRFETable;
- ULONG ExtraRFETableSize;
- ULONG __os_arm64x_dispatch_fptr;
- ULONG AuxiliaryIATCopy;
-} IMAGE_ARM64EC_METADATA, *PIMAGE_ARM64EC_METADATA;
-
-// rev
-#define IMAGE_ARM64EC_CODE_MAP_TYPE_ARM64 0
-#define IMAGE_ARM64EC_CODE_MAP_TYPE_ARM64EC 1
-#define IMAGE_ARM64EC_CODE_MAP_TYPE_AMD64 2
-
-// rev
-typedef struct _IMAGE_ARM64EC_CODE_MAP_ENTRY
-{
- union
- {
- ULONG StartOffset;
- struct
- {
- ULONG Type : 2;
- ULONG AddressBits : 30;
- } DUMMYSTRUCTNAME;
- } DUMMYUNIONNAME;
-
- ULONG Length;
-} IMAGE_ARM64EC_CODE_MAP_ENTRY, *PIMAGE_ARM64EC_CODE_MAP_ENTRY;
-
-typedef struct _IMAGE_ARM64EC_REDIRECTION_ENTRY
-{
- ULONG Source;
- ULONG Destination;
-} IMAGE_ARM64EC_REDIRECTION_ENTRY, *PIMAGE_ARM64EC_REDIRECTION_ENTRY;
-
-typedef struct _IMAGE_ARM64EC_CODE_RANGE_ENTRY_POINT
-{
- ULONG StartRva;
- ULONG EndRva;
- ULONG EntryPoint;
-} IMAGE_ARM64EC_CODE_RANGE_ENTRY_POINT, *PIMAGE_ARM64EC_CODE_RANGE_ENTRY_POINT;
-
-#define IMAGE_DVRT_ARM64X_FIXUP_TYPE_ZEROFILL 0
-#define IMAGE_DVRT_ARM64X_FIXUP_TYPE_VALUE 1
-#define IMAGE_DVRT_ARM64X_FIXUP_TYPE_DELTA 2
-
-#define IMAGE_DVRT_ARM64X_FIXUP_SIZE_2BYTES 1
-#define IMAGE_DVRT_ARM64X_FIXUP_SIZE_4BYTES 2
-#define IMAGE_DVRT_ARM64X_FIXUP_SIZE_8BYTES 3
-
-typedef struct _IMAGE_DVRT_ARM64X_FIXUP_RECORD
-{
- USHORT Offset : 12;
- USHORT Type : 2;
- USHORT Size : 2;
- // Value of variable Size when IMAGE_DVRT_ARM64X_FIXUP_TYPE_VALUE
-} IMAGE_DVRT_ARM64X_FIXUP_RECORD, *PIMAGE_DVRT_ARM64X_FIXUP_RECORD;
-
-typedef struct _IMAGE_DVRT_ARM64X_DELTA_FIXUP_RECORD
-{
- USHORT Offset : 12;
- USHORT Type : 2; // IMAGE_DVRT_ARM64X_FIXUP_TYPE_DELTA
- USHORT Sign : 1; // 1 = -, 0 = +
- USHORT Scale : 1; // 1 = 8, 0 = 4
- // USHORT Value; // Delta = Value * Scale * Sign
-} IMAGE_DVRT_ARM64X_DELTA_FIXUP_RECORD, *PIMAGE_DVRT_ARM64X_DELTA_FIXUP_RECORD;
-
-#include
-
-#define IMAGE_DYNAMIC_RELOCATION_ARM64X 0x00000006
-#define IMAGE_DYNAMIC_RELOCATION_MM_SHARED_USER_DATA_VA 0x7FFE0000
-#define IMAGE_DYNAMIC_RELOCATION_KI_USER_SHARED_DATA64 0xFFFFF78000000000UI64
-
-// Note: The Windows SDK defines UNALIGNED for PIMAGE_IMPORT_DESCRIPTOR but
-// doesn't include UNALIGNED for PIMAGE_THUNK_DATA (See GH#1694) (dmex)
-typedef IMAGE_THUNK_DATA32 UNALIGNED *UNALIGNED_PIMAGE_THUNK_DATA32;
-typedef IMAGE_THUNK_DATA64 UNALIGNED *UNALIGNED_PIMAGE_THUNK_DATA64;
-
-// Note: Required for legacy SDK support (dmex)
-#if !defined(NTDDI_WIN10_NI) || (NTDDI_VERSION < NTDDI_WIN10_NI)
-#define IMAGE_DYNAMIC_RELOCATION_GUARD_RF_PROLOGUE 0x00000001
-#define IMAGE_DYNAMIC_RELOCATION_GUARD_RF_EPILOGUE 0x00000002
-#define IMAGE_DYNAMIC_RELOCATION_GUARD_IMPORT_CONTROL_TRANSFER 0x00000003
-#define IMAGE_DYNAMIC_RELOCATION_GUARD_INDIR_CONTROL_TRANSFER 0x00000004
-#define IMAGE_DYNAMIC_RELOCATION_GUARD_SWITCHTABLE_BRANCH 0x00000005
-#define IMAGE_DYNAMIC_RELOCATION_FUNCTION_OVERRIDE 0x00000007
-
-typedef struct _IMAGE_FUNCTION_OVERRIDE_HEADER {
- ULONG FuncOverrideSize;
- // IMAGE_FUNCTION_OVERRIDE_DYNAMIC_RELOCATION FuncOverrideInfo[ANYSIZE_ARRAY]; // FuncOverrideSize bytes in size
- // IMAGE_BDD_INFO BDDInfo; // BDD region, size in bytes: DVRTEntrySize - sizeof(IMAGE_FUNCTION_OVERRIDE_HEADER) - FuncOverrideSize
-} IMAGE_FUNCTION_OVERRIDE_HEADER;
-typedef IMAGE_FUNCTION_OVERRIDE_HEADER UNALIGNED *PIMAGE_FUNCTION_OVERRIDE_HEADER;
-
-typedef struct _IMAGE_BDD_INFO {
- ULONG Version; // decides the semantics of serialized BDD
- ULONG BDDSize;
- // IMAGE_BDD_DYNAMIC_RELOCATION BDDNodes[ANYSIZE_ARRAY]; // BDDSize size in bytes.
-} IMAGE_BDD_INFO, *PIMAGE_BDD_INFO;
-
-typedef struct _IMAGE_FUNCTION_OVERRIDE_DYNAMIC_RELOCATION {
- ULONG OriginalRva; // RVA of original function
- ULONG BDDOffset; // Offset into the BDD region
- ULONG RvaSize; // Size in bytes taken by RVAs. Must be multiple of sizeof(DWORD).
- ULONG BaseRelocSize; // Size in bytes taken by BaseRelocs
- // DWORD RVAs[RvaSize / sizeof(DWORD)]; // Array containing overriding func RVAs.
- // IMAGE_BASE_RELOCATION BaseRelocs[ANYSIZE_ARRAY];
- // ^Base relocations (RVA + Size + TO)
- // ^Padded with extra TOs for 4B alignment
- // ^BaseRelocSize size in bytes
-} IMAGE_FUNCTION_OVERRIDE_DYNAMIC_RELOCATION, *PIMAGE_FUNCTION_OVERRIDE_DYNAMIC_RELOCATION;
-
-typedef struct _IMAGE_BDD_DYNAMIC_RELOCATION {
- USHORT Left; // Index of FALSE edge in BDD array
- USHORT Right; // Index of TRUE edge in BDD array
- ULONG Value; // Either FeatureNumber or Index into RVAs array
-} IMAGE_BDD_DYNAMIC_RELOCATION, *PIMAGE_BDD_DYNAMIC_RELOCATION;
-
-// Function override relocation types in DVRT records.
-#define IMAGE_FUNCTION_OVERRIDE_INVALID 0
-#define IMAGE_FUNCTION_OVERRIDE_X64_REL32 1 // 32-bit relative address from byte following reloc
-#define IMAGE_FUNCTION_OVERRIDE_ARM64_BRANCH26 2 // 26 bit offset << 2 & sign ext. for B & BL
-#define IMAGE_FUNCTION_OVERRIDE_ARM64_THUNK 3
-#endif
-
-#endif
diff --git a/deps/phnt-nightly/ntioapi.h b/deps/phnt-nightly/ntioapi.h
deleted file mode 100644
index a926860..0000000
--- a/deps/phnt-nightly/ntioapi.h
+++ /dev/null
@@ -1,2948 +0,0 @@
-/*
- * File management support
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTIOAPI_H
-#define _NTIOAPI_H
-
-// Create disposition
-
-#define FILE_SUPERSEDE 0x00000000
-#define FILE_OPEN 0x00000001
-#define FILE_CREATE 0x00000002
-#define FILE_OPEN_IF 0x00000003
-#define FILE_OVERWRITE 0x00000004
-#define FILE_OVERWRITE_IF 0x00000005
-#define FILE_MAXIMUM_DISPOSITION 0x00000005
-
-// Create/open flags
-
-#define FILE_DIRECTORY_FILE 0x00000001
-#define FILE_WRITE_THROUGH 0x00000002
-#define FILE_SEQUENTIAL_ONLY 0x00000004
-#define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008
-
-#define FILE_SYNCHRONOUS_IO_ALERT 0x00000010
-#define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020
-#define FILE_NON_DIRECTORY_FILE 0x00000040
-#define FILE_CREATE_TREE_CONNECTION 0x00000080
-
-#if (PHNT_VERSION >= PHNT_REDSTONE5)
-#define TREE_CONNECT_NO_CLIENT_BUFFERING 0x00000008
-#define TREE_CONNECT_WRITE_THROUGH 0x00000002
-#endif
-
-#define FILE_COMPLETE_IF_OPLOCKED 0x00000100
-#define FILE_NO_EA_KNOWLEDGE 0x00000200
-#define FILE_OPEN_REMOTE_INSTANCE 0x00000400
-#define FILE_RANDOM_ACCESS 0x00000800
-
-#define FILE_DELETE_ON_CLOSE 0x00001000
-#define FILE_OPEN_BY_FILE_ID 0x00002000
-#define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000
-#define FILE_NO_COMPRESSION 0x00008000
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-#define FILE_OPEN_REQUIRING_OPLOCK 0x00010000
-#define FILE_DISALLOW_EXCLUSIVE 0x00020000
-#endif
-#if (PHNT_VERSION >= PHNT_WIN8)
-#define FILE_SESSION_AWARE 0x00040000
-#endif
-
-#define FILE_RESERVE_OPFILTER 0x00100000
-#define FILE_OPEN_REPARSE_POINT 0x00200000
-#define FILE_OPEN_NO_RECALL 0x00400000
-#define FILE_OPEN_FOR_FREE_SPACE_QUERY 0x00800000
-
-// Extended create/open flags
-
-#define FILE_CONTAINS_EXTENDED_CREATE_INFORMATION 0x10000000
-#define FILE_VALID_EXTENDED_OPTION_FLAGS 0x10000000
-
-#if (PHNT_VERSION >= PHNT_WIN11)
-typedef struct _EXTENDED_CREATE_INFORMATION
-{
- LONGLONG ExtendedCreateFlags;
- PVOID EaBuffer;
- ULONG EaLength;
-} EXTENDED_CREATE_INFORMATION, *PEXTENDED_CREATE_INFORMATION;
-
-typedef struct _EXTENDED_CREATE_INFORMATION_32
-{
- LONGLONG ExtendedCreateFlags;
- void* POINTER_32 EaBuffer;
- ULONG EaLength;
-} EXTENDED_CREATE_INFORMATION_32, *PEXTENDED_CREATE_INFORMATION_32;
-
-#define EX_CREATE_FLAG_FILE_SOURCE_OPEN_FOR_COPY 0x00000001
-#define EX_CREATE_FLAG_FILE_DEST_OPEN_FOR_COPY 0x00000002
-#endif
-
-#define FILE_VALID_OPTION_FLAGS 0x00ffffff
-#define FILE_VALID_PIPE_OPTION_FLAGS 0x00000032
-#define FILE_VALID_MAILSLOT_OPTION_FLAGS 0x00000032
-#define FILE_VALID_SET_FLAGS 0x00000036
-
-#define FILE_COPY_STRUCTURED_STORAGE 0x00000041
-#define FILE_STRUCTURED_STORAGE 0x00000441
-
-// I/O status information values for NtCreateFile/NtOpenFile
-
-#define FILE_SUPERSEDED 0x00000000
-#define FILE_OPENED 0x00000001
-#define FILE_CREATED 0x00000002
-#define FILE_OVERWRITTEN 0x00000003
-#define FILE_EXISTS 0x00000004
-#define FILE_DOES_NOT_EXIST 0x00000005
-
-// Special ByteOffset parameters
-
-#define FILE_WRITE_TO_END_OF_FILE 0xffffffff
-#define FILE_USE_FILE_POINTER_POSITION 0xfffffffe
-
-// Alignment requirement values
-
-#define FILE_BYTE_ALIGNMENT 0x00000000
-#define FILE_WORD_ALIGNMENT 0x00000001
-#define FILE_LONG_ALIGNMENT 0x00000003
-#define FILE_QUAD_ALIGNMENT 0x00000007
-#define FILE_OCTA_ALIGNMENT 0x0000000f
-#define FILE_32_BYTE_ALIGNMENT 0x0000001f
-#define FILE_64_BYTE_ALIGNMENT 0x0000003f
-#define FILE_128_BYTE_ALIGNMENT 0x0000007f
-#define FILE_256_BYTE_ALIGNMENT 0x000000ff
-#define FILE_512_BYTE_ALIGNMENT 0x000001ff
-
-// Maximum length of a filename string
-
-#define DOS_MAX_COMPONENT_LENGTH 255
-#define DOS_MAX_PATH_LENGTH (DOS_MAX_COMPONENT_LENGTH + 5)
-
-#define MAXIMUM_FILENAME_LENGTH 256
-
-// Extended attributes
-
-#define FILE_NEED_EA 0x00000080
-
-#define FILE_EA_TYPE_BINARY 0xfffe
-#define FILE_EA_TYPE_ASCII 0xfffd
-#define FILE_EA_TYPE_BITMAP 0xfffb
-#define FILE_EA_TYPE_METAFILE 0xfffa
-#define FILE_EA_TYPE_ICON 0xfff9
-#define FILE_EA_TYPE_EA 0xffee
-#define FILE_EA_TYPE_MVMT 0xffdf
-#define FILE_EA_TYPE_MVST 0xffde
-#define FILE_EA_TYPE_ASN1 0xffdd
-#define FILE_EA_TYPE_FAMILY_IDS 0xff01
-
-// Device characteristics
-
-#define FILE_REMOVABLE_MEDIA 0x00000001
-#define FILE_READ_ONLY_DEVICE 0x00000002
-#define FILE_FLOPPY_DISKETTE 0x00000004
-#define FILE_WRITE_ONCE_MEDIA 0x00000008
-#define FILE_REMOTE_DEVICE 0x00000010
-#define FILE_DEVICE_IS_MOUNTED 0x00000020
-#define FILE_VIRTUAL_VOLUME 0x00000040
-#define FILE_AUTOGENERATED_DEVICE_NAME 0x00000080
-#define FILE_DEVICE_SECURE_OPEN 0x00000100
-#define FILE_CHARACTERISTIC_PNP_DEVICE 0x00000800
-#define FILE_CHARACTERISTIC_TS_DEVICE 0x00001000
-#define FILE_CHARACTERISTIC_WEBDAV_DEVICE 0x00002000
-#define FILE_CHARACTERISTIC_CSV 0x00010000
-#define FILE_DEVICE_ALLOW_APPCONTAINER_TRAVERSAL 0x00020000
-#define FILE_PORTABLE_DEVICE 0x00040000
-#define FILE_REMOTE_DEVICE_VSMB 0x00080000
-#define FILE_DEVICE_REQUIRE_SECURITY_CHECK 0x00100000
-
-// Named pipe values
-
-// NamedPipeType for NtCreateNamedPipeFile
-#define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
-#define FILE_PIPE_MESSAGE_TYPE 0x00000001
-#define FILE_PIPE_ACCEPT_REMOTE_CLIENTS 0x00000000
-#define FILE_PIPE_REJECT_REMOTE_CLIENTS 0x00000002
-#define FILE_PIPE_TYPE_VALID_MASK 0x00000003
-
-// CompletionMode for NtCreateNamedPipeFile
-#define FILE_PIPE_QUEUE_OPERATION 0x00000000
-#define FILE_PIPE_COMPLETE_OPERATION 0x00000001
-
-// ReadMode for NtCreateNamedPipeFile
-#define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
-#define FILE_PIPE_MESSAGE_MODE 0x00000001
-
-// NamedPipeConfiguration for NtQueryInformationFile
-#define FILE_PIPE_INBOUND 0x00000000
-#define FILE_PIPE_OUTBOUND 0x00000001
-#define FILE_PIPE_FULL_DUPLEX 0x00000002
-
-// NamedPipeState for NtQueryInformationFile
-#define FILE_PIPE_DISCONNECTED_STATE 0x00000001
-#define FILE_PIPE_LISTENING_STATE 0x00000002
-#define FILE_PIPE_CONNECTED_STATE 0x00000003
-#define FILE_PIPE_CLOSING_STATE 0x00000004
-
-// NamedPipeEnd for NtQueryInformationFile
-#define FILE_PIPE_CLIENT_END 0x00000000
-#define FILE_PIPE_SERVER_END 0x00000001
-
-// Win32 pipe instance limit (0xff)
-#define FILE_PIPE_UNLIMITED_INSTANCES 0xffffffff
-
-// Mailslot values
-
-#define MAILSLOT_SIZE_AUTO 0
-
-typedef struct _IO_STATUS_BLOCK
-{
- union
- {
- NTSTATUS Status;
- PVOID Pointer;
- };
- ULONG_PTR Information;
-} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
-
-typedef VOID (NTAPI *PIO_APC_ROUTINE)(
- _In_ PVOID ApcContext,
- _In_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_ ULONG Reserved
- );
-
-// private
-typedef struct _FILE_IO_COMPLETION_INFORMATION
-{
- PVOID KeyContext;
- PVOID ApcContext;
- IO_STATUS_BLOCK IoStatusBlock;
-} FILE_IO_COMPLETION_INFORMATION, *PFILE_IO_COMPLETION_INFORMATION;
-
-typedef enum _FILE_INFORMATION_CLASS
-{
- FileDirectoryInformation = 1, // q: FILE_DIRECTORY_INFORMATION (requires FILE_LIST_DIRECTORY) (NtQueryDirectoryFile[Ex])
- FileFullDirectoryInformation, // q: FILE_FULL_DIR_INFORMATION (requires FILE_LIST_DIRECTORY) (NtQueryDirectoryFile[Ex])
- FileBothDirectoryInformation, // q: FILE_BOTH_DIR_INFORMATION (requires FILE_LIST_DIRECTORY) (NtQueryDirectoryFile[Ex])
- FileBasicInformation, // q; s: FILE_BASIC_INFORMATION (q: requires FILE_READ_ATTRIBUTES; s: requires FILE_WRITE_ATTRIBUTES)
- FileStandardInformation, // q: FILE_STANDARD_INFORMATION, FILE_STANDARD_INFORMATION_EX
- FileInternalInformation, // q: FILE_INTERNAL_INFORMATION
- FileEaInformation, // q: FILE_EA_INFORMATION
- FileAccessInformation, // q: FILE_ACCESS_INFORMATION
- FileNameInformation, // q: FILE_NAME_INFORMATION
- FileRenameInformation, // s: FILE_RENAME_INFORMATION (requires DELETE) // 10
- FileLinkInformation, // s: FILE_LINK_INFORMATION
- FileNamesInformation, // q: FILE_NAMES_INFORMATION (requires FILE_LIST_DIRECTORY) (NtQueryDirectoryFile[Ex])
- FileDispositionInformation, // s: FILE_DISPOSITION_INFORMATION (requires DELETE)
- FilePositionInformation, // q; s: FILE_POSITION_INFORMATION
- FileFullEaInformation, // FILE_FULL_EA_INFORMATION
- FileModeInformation, // q; s: FILE_MODE_INFORMATION
- FileAlignmentInformation, // q: FILE_ALIGNMENT_INFORMATION
- FileAllInformation, // q: FILE_ALL_INFORMATION (requires FILE_READ_ATTRIBUTES)
- FileAllocationInformation, // s: FILE_ALLOCATION_INFORMATION (requires FILE_WRITE_DATA)
- FileEndOfFileInformation, // s: FILE_END_OF_FILE_INFORMATION (requires FILE_WRITE_DATA) // 20
- FileAlternateNameInformation, // q: FILE_NAME_INFORMATION
- FileStreamInformation, // q: FILE_STREAM_INFORMATION
- FilePipeInformation, // q; s: FILE_PIPE_INFORMATION (q: requires FILE_READ_ATTRIBUTES; s: requires FILE_WRITE_ATTRIBUTES)
- FilePipeLocalInformation, // q: FILE_PIPE_LOCAL_INFORMATION (requires FILE_READ_ATTRIBUTES)
- FilePipeRemoteInformation, // q; s: FILE_PIPE_REMOTE_INFORMATION (q: requires FILE_READ_ATTRIBUTES; s: requires FILE_WRITE_ATTRIBUTES)
- FileMailslotQueryInformation, // q: FILE_MAILSLOT_QUERY_INFORMATION
- FileMailslotSetInformation, // s: FILE_MAILSLOT_SET_INFORMATION
- FileCompressionInformation, // q: FILE_COMPRESSION_INFORMATION
- FileObjectIdInformation, // q: FILE_OBJECTID_INFORMATION (requires FILE_LIST_DIRECTORY) (NtQueryDirectoryFile[Ex])
- FileCompletionInformation, // s: FILE_COMPLETION_INFORMATION // 30
- FileMoveClusterInformation, // s: FILE_MOVE_CLUSTER_INFORMATION (requires FILE_WRITE_DATA)
- FileQuotaInformation, // q: FILE_QUOTA_INFORMATION (requires FILE_LIST_DIRECTORY) (NtQueryDirectoryFile[Ex])
- FileReparsePointInformation, // q: FILE_REPARSE_POINT_INFORMATION (requires FILE_LIST_DIRECTORY) (NtQueryDirectoryFile[Ex])
- FileNetworkOpenInformation, // q: FILE_NETWORK_OPEN_INFORMATION (requires FILE_READ_ATTRIBUTES)
- FileAttributeTagInformation, // q: FILE_ATTRIBUTE_TAG_INFORMATION (requires FILE_READ_ATTRIBUTES)
- FileTrackingInformation, // s: FILE_TRACKING_INFORMATION (requires FILE_WRITE_DATA)
- FileIdBothDirectoryInformation, // q: FILE_ID_BOTH_DIR_INFORMATION (requires FILE_LIST_DIRECTORY) (NtQueryDirectoryFile[Ex])
- FileIdFullDirectoryInformation, // q: FILE_ID_FULL_DIR_INFORMATION (requires FILE_LIST_DIRECTORY) (NtQueryDirectoryFile[Ex])
- FileValidDataLengthInformation, // s: FILE_VALID_DATA_LENGTH_INFORMATION (requires FILE_WRITE_DATA and/or SeManageVolumePrivilege)
- FileShortNameInformation, // s: FILE_NAME_INFORMATION (requires DELETE) // 40
- FileIoCompletionNotificationInformation, // q; s: FILE_IO_COMPLETION_NOTIFICATION_INFORMATION (q: requires FILE_READ_ATTRIBUTES) // since VISTA
- FileIoStatusBlockRangeInformation, // s: FILE_IOSTATUSBLOCK_RANGE_INFORMATION (requires SeLockMemoryPrivilege)
- FileIoPriorityHintInformation, // q; s: FILE_IO_PRIORITY_HINT_INFORMATION, FILE_IO_PRIORITY_HINT_INFORMATION_EX (q: requires FILE_READ_DATA)
- FileSfioReserveInformation, // q; s: FILE_SFIO_RESERVE_INFORMATION (q: requires FILE_READ_DATA)
- FileSfioVolumeInformation, // q: FILE_SFIO_VOLUME_INFORMATION (requires FILE_READ_ATTRIBUTES)
- FileHardLinkInformation, // q: FILE_LINKS_INFORMATION
- FileProcessIdsUsingFileInformation, // q: FILE_PROCESS_IDS_USING_FILE_INFORMATION (requires FILE_READ_ATTRIBUTES)
- FileNormalizedNameInformation, // q: FILE_NAME_INFORMATION
- FileNetworkPhysicalNameInformation, // q: FILE_NETWORK_PHYSICAL_NAME_INFORMATION
- FileIdGlobalTxDirectoryInformation, // q: FILE_ID_GLOBAL_TX_DIR_INFORMATION (requires FILE_LIST_DIRECTORY) (NtQueryDirectoryFile[Ex]) // since WIN7 // 50
- FileIsRemoteDeviceInformation, // q: FILE_IS_REMOTE_DEVICE_INFORMATION (requires FILE_READ_ATTRIBUTES)
- FileUnusedInformation,
- FileNumaNodeInformation, // q: FILE_NUMA_NODE_INFORMATION
- FileStandardLinkInformation, // q: FILE_STANDARD_LINK_INFORMATION
- FileRemoteProtocolInformation, // q: FILE_REMOTE_PROTOCOL_INFORMATION
- FileRenameInformationBypassAccessCheck, // (kernel-mode only); s: FILE_RENAME_INFORMATION // since WIN8
- FileLinkInformationBypassAccessCheck, // (kernel-mode only); s: FILE_LINK_INFORMATION
- FileVolumeNameInformation, // q: FILE_VOLUME_NAME_INFORMATION
- FileIdInformation, // q: FILE_ID_INFORMATION
- FileIdExtdDirectoryInformation, // q: FILE_ID_EXTD_DIR_INFORMATION (requires FILE_LIST_DIRECTORY) (NtQueryDirectoryFile[Ex]) // 60
- FileReplaceCompletionInformation, // s: FILE_COMPLETION_INFORMATION // since WINBLUE
- FileHardLinkFullIdInformation, // q: FILE_LINK_ENTRY_FULL_ID_INFORMATION // FILE_LINKS_FULL_ID_INFORMATION
- FileIdExtdBothDirectoryInformation, // q: FILE_ID_EXTD_BOTH_DIR_INFORMATION (requires FILE_LIST_DIRECTORY) (NtQueryDirectoryFile[Ex]) // since THRESHOLD
- FileDispositionInformationEx, // s: FILE_DISPOSITION_INFO_EX (requires DELETE) // since REDSTONE
- FileRenameInformationEx, // s: FILE_RENAME_INFORMATION_EX
- FileRenameInformationExBypassAccessCheck, // (kernel-mode only); s: FILE_RENAME_INFORMATION_EX
- FileDesiredStorageClassInformation, // q; s: FILE_DESIRED_STORAGE_CLASS_INFORMATION (q: requires FILE_READ_ATTRIBUTES; s: requires FILE_WRITE_ATTRIBUTES) // since REDSTONE2
- FileStatInformation, // q: FILE_STAT_INFORMATION (requires FILE_READ_ATTRIBUTES)
- FileMemoryPartitionInformation, // s: FILE_MEMORY_PARTITION_INFORMATION // since REDSTONE3
- FileStatLxInformation, // q: FILE_STAT_LX_INFORMATION (requires FILE_READ_ATTRIBUTES and FILE_READ_EA) // since REDSTONE4 // 70
- FileCaseSensitiveInformation, // q; s: FILE_CASE_SENSITIVE_INFORMATION (q: requires FILE_READ_ATTRIBUTES; s: requires FILE_WRITE_ATTRIBUTES)
- FileLinkInformationEx, // s: FILE_LINK_INFORMATION_EX // since REDSTONE5
- FileLinkInformationExBypassAccessCheck, // (kernel-mode only); s: FILE_LINK_INFORMATION_EX
- FileStorageReserveIdInformation, // q; s: FILE_STORAGE_RESERVE_ID_INFORMATION (q: requires FILE_READ_ATTRIBUTES; s: requires FILE_WRITE_ATTRIBUTES)
- FileCaseSensitiveInformationForceAccessCheck, // q; s: FILE_CASE_SENSITIVE_INFORMATION
- FileKnownFolderInformation, // q; s: FILE_KNOWN_FOLDER_INFORMATION (q: requires FILE_READ_ATTRIBUTES; s: requires FILE_WRITE_ATTRIBUTES) // since WIN11
- FileStatBasicInformation, // since 23H2
- FileId64ExtdDirectoryInformation,
- FileId64ExtdBothDirectoryInformation,
- FileIdAllExtdDirectoryInformation,
- FileIdAllExtdBothDirectoryInformation,
- FileMaximumInformation
-} FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
-
-// NtQueryInformationFile/NtSetInformationFile types
-
-typedef struct _FILE_BASIC_INFORMATION
-{
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- ULONG FileAttributes;
-} FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
-
-typedef struct _FILE_STANDARD_INFORMATION
-{
- LARGE_INTEGER AllocationSize;
- LARGE_INTEGER EndOfFile;
- ULONG NumberOfLinks;
- BOOLEAN DeletePending;
- BOOLEAN Directory;
-} FILE_STANDARD_INFORMATION, *PFILE_STANDARD_INFORMATION;
-
-//#if (PHNT_VERSION >= PHNT_THRESHOLD)
-typedef struct _FILE_STANDARD_INFORMATION_EX
-{
- LARGE_INTEGER AllocationSize;
- LARGE_INTEGER EndOfFile;
- ULONG NumberOfLinks;
- BOOLEAN DeletePending;
- BOOLEAN Directory;
- BOOLEAN AlternateStream;
- BOOLEAN MetadataAttribute;
-} FILE_STANDARD_INFORMATION_EX, *PFILE_STANDARD_INFORMATION_EX;
-//#endif
-
-typedef struct _FILE_INTERNAL_INFORMATION
-{
- union
- {
- LARGE_INTEGER IndexNumber;
- struct
- {
- LONGLONG MftRecordIndex : 48; // rev
- LONGLONG SequenceNumber : 16; // rev
- };
- };
-} FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
-
-typedef struct _FILE_EA_INFORMATION
-{
- ULONG EaSize;
-} FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
-
-typedef struct _FILE_ACCESS_INFORMATION
-{
- ACCESS_MASK AccessFlags;
-} FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
-
-typedef struct _FILE_POSITION_INFORMATION
-{
- LARGE_INTEGER CurrentByteOffset;
-} FILE_POSITION_INFORMATION, *PFILE_POSITION_INFORMATION;
-
-typedef struct _FILE_MODE_INFORMATION
-{
- ULONG Mode;
-} FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
-
-typedef struct _FILE_ALIGNMENT_INFORMATION
-{
- ULONG AlignmentRequirement;
-} FILE_ALIGNMENT_INFORMATION, *PFILE_ALIGNMENT_INFORMATION;
-
-typedef struct _FILE_NAME_INFORMATION
-{
- ULONG FileNameLength;
- _Field_size_bytes_(FileNameLength) WCHAR FileName[1];
-} FILE_NAME_INFORMATION, *PFILE_NAME_INFORMATION;
-
-typedef struct _FILE_ALL_INFORMATION
-{
- FILE_BASIC_INFORMATION BasicInformation;
- FILE_STANDARD_INFORMATION StandardInformation;
- FILE_INTERNAL_INFORMATION InternalInformation;
- FILE_EA_INFORMATION EaInformation;
- FILE_ACCESS_INFORMATION AccessInformation;
- FILE_POSITION_INFORMATION PositionInformation;
- FILE_MODE_INFORMATION ModeInformation;
- FILE_ALIGNMENT_INFORMATION AlignmentInformation;
- FILE_NAME_INFORMATION NameInformation;
-} FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
-
-typedef struct _FILE_NETWORK_OPEN_INFORMATION
-{
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER AllocationSize;
- LARGE_INTEGER EndOfFile;
- ULONG FileAttributes;
-} FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION;
-
-typedef struct _FILE_ATTRIBUTE_TAG_INFORMATION
-{
- ULONG FileAttributes;
- ULONG ReparseTag;
-} FILE_ATTRIBUTE_TAG_INFORMATION, *PFILE_ATTRIBUTE_TAG_INFORMATION;
-
-typedef struct _FILE_ALLOCATION_INFORMATION
-{
- LARGE_INTEGER AllocationSize;
-} FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
-
-typedef struct _FILE_COMPRESSION_INFORMATION
-{
- LARGE_INTEGER CompressedFileSize;
- USHORT CompressionFormat;
- UCHAR CompressionUnitShift;
- UCHAR ChunkShift;
- UCHAR ClusterShift;
- UCHAR Reserved[3];
-} FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
-
-typedef struct _FILE_DISPOSITION_INFORMATION
-{
- BOOLEAN DeleteFile;
-} FILE_DISPOSITION_INFORMATION, *PFILE_DISPOSITION_INFORMATION;
-
-typedef struct _FILE_END_OF_FILE_INFORMATION
-{
- LARGE_INTEGER EndOfFile;
-} FILE_END_OF_FILE_INFORMATION, *PFILE_END_OF_FILE_INFORMATION;
-
-//#if (PHNT_VERSION >= PHNT_REDSTONE5)
-#define FLAGS_END_OF_FILE_INFO_EX_EXTEND_PAGING 0x00000001
-#define FLAGS_END_OF_FILE_INFO_EX_NO_EXTRA_PAGING_EXTEND 0x00000002
-#define FLAGS_END_OF_FILE_INFO_EX_TIME_CONSTRAINED 0x00000004
-#define FLAGS_DELAY_REASONS_LOG_FILE_FULL 0x00000001
-#define FLAGS_DELAY_REASONS_BITMAP_SCANNED 0x00000002
-
-typedef struct _FILE_END_OF_FILE_INFORMATION_EX
-{
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER PagingFileSizeInMM;
- LARGE_INTEGER PagingFileMaxSize;
- ULONG Flags;
-} FILE_END_OF_FILE_INFORMATION_EX, *PFILE_END_OF_FILE_INFORMATION_EX;
-//#endif
-
-typedef struct _FILE_VALID_DATA_LENGTH_INFORMATION
-{
- LARGE_INTEGER ValidDataLength;
-} FILE_VALID_DATA_LENGTH_INFORMATION, *PFILE_VALID_DATA_LENGTH_INFORMATION;
-
-#define FILE_LINK_REPLACE_IF_EXISTS 0x00000001 // since RS5
-#define FILE_LINK_POSIX_SEMANTICS 0x00000002
-
-#define FILE_LINK_SUPPRESS_STORAGE_RESERVE_INHERITANCE 0x00000008
-#define FILE_LINK_NO_INCREASE_AVAILABLE_SPACE 0x00000010
-#define FILE_LINK_NO_DECREASE_AVAILABLE_SPACE 0x00000020
-#define FILE_LINK_PRESERVE_AVAILABLE_SPACE 0x00000030
-#define FILE_LINK_IGNORE_READONLY_ATTRIBUTE 0x00000040
-#define FILE_LINK_FORCE_RESIZE_TARGET_SR 0x00000080 // since 19H1
-#define FILE_LINK_FORCE_RESIZE_SOURCE_SR 0x00000100
-#define FILE_LINK_FORCE_RESIZE_SR 0x00000180
-
-typedef struct _FILE_LINK_INFORMATION
-{
- BOOLEAN ReplaceIfExists;
- HANDLE RootDirectory;
- ULONG FileNameLength;
- _Field_size_bytes_(FileNameLength) WCHAR FileName[1];
-} FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
-
-typedef struct _FILE_LINK_INFORMATION_EX
-{
- ULONG Flags;
- HANDLE RootDirectory;
- ULONG FileNameLength;
- _Field_size_bytes_(FileNameLength) WCHAR FileName[1];
-} FILE_LINK_INFORMATION_EX, *PFILE_LINK_INFORMATION_EX;
-
-typedef struct _FILE_MOVE_CLUSTER_INFORMATION
-{
- ULONG ClusterCount;
- HANDLE RootDirectory;
- ULONG FileNameLength;
- _Field_size_bytes_(FileNameLength) WCHAR FileName[1];
-} FILE_MOVE_CLUSTER_INFORMATION, *PFILE_MOVE_CLUSTER_INFORMATION;
-
-typedef struct _FILE_RENAME_INFORMATION
-{
- BOOLEAN ReplaceIfExists;
- HANDLE RootDirectory;
- ULONG FileNameLength;
- _Field_size_bytes_(FileNameLength) WCHAR FileName[1];
-} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
-
-#define FILE_RENAME_REPLACE_IF_EXISTS 0x00000001 // since REDSTONE
-#define FILE_RENAME_POSIX_SEMANTICS 0x00000002
-#define FILE_RENAME_SUPPRESS_PIN_STATE_INHERITANCE 0x00000004 // since REDSTONE3
-#define FILE_RENAME_SUPPRESS_STORAGE_RESERVE_INHERITANCE 0x00000008 // since REDSTONE5
-#define FILE_RENAME_NO_INCREASE_AVAILABLE_SPACE 0x00000010
-#define FILE_RENAME_NO_DECREASE_AVAILABLE_SPACE 0x00000020
-#define FILE_RENAME_PRESERVE_AVAILABLE_SPACE 0x00000030
-#define FILE_RENAME_IGNORE_READONLY_ATTRIBUTE 0x00000040
-#define FILE_RENAME_FORCE_RESIZE_TARGET_SR 0x00000080 // since 19H1
-#define FILE_RENAME_FORCE_RESIZE_SOURCE_SR 0x00000100
-#define FILE_RENAME_FORCE_RESIZE_SR 0x00000180
-
-typedef struct _FILE_RENAME_INFORMATION_EX
-{
- ULONG Flags;
- HANDLE RootDirectory;
- ULONG FileNameLength;
- _Field_size_bytes_(FileNameLength) WCHAR FileName[1];
-} FILE_RENAME_INFORMATION_EX, *PFILE_RENAME_INFORMATION_EX;
-
-typedef struct _FILE_STREAM_INFORMATION
-{
- ULONG NextEntryOffset;
- ULONG StreamNameLength;
- LARGE_INTEGER StreamSize;
- LARGE_INTEGER StreamAllocationSize;
- _Field_size_bytes_(StreamNameLength) WCHAR StreamName[1];
-} FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
-
-typedef struct _FILE_TRACKING_INFORMATION
-{
- HANDLE DestinationFile;
- ULONG ObjectInformationLength;
- _Field_size_bytes_(ObjectInformationLength) CHAR ObjectInformation[1];
-} FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION;
-
-typedef struct _FILE_COMPLETION_INFORMATION
-{
- HANDLE Port;
- PVOID Key;
-} FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION;
-
-typedef struct _FILE_PIPE_INFORMATION
-{
- ULONG ReadMode;
- ULONG CompletionMode;
-} FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;
-
-typedef struct _FILE_PIPE_LOCAL_INFORMATION
-{
- ULONG NamedPipeType;
- ULONG NamedPipeConfiguration;
- ULONG MaximumInstances;
- ULONG CurrentInstances;
- ULONG InboundQuota;
- ULONG ReadDataAvailable;
- ULONG OutboundQuota;
- ULONG WriteQuotaAvailable;
- ULONG NamedPipeState;
- ULONG NamedPipeEnd;
-} FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
-
-typedef struct _FILE_PIPE_REMOTE_INFORMATION
-{
- LARGE_INTEGER CollectDataTime;
- ULONG MaximumCollectionCount;
-} FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION;
-
-typedef struct _FILE_MAILSLOT_QUERY_INFORMATION
-{
- ULONG MaximumMessageSize;
- ULONG MailslotQuota;
- ULONG NextMessageSize;
- ULONG MessagesAvailable;
- LARGE_INTEGER ReadTimeout;
-} FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;
-
-typedef struct _FILE_MAILSLOT_SET_INFORMATION
-{
- PLARGE_INTEGER ReadTimeout;
-} FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
-
-typedef struct _FILE_REPARSE_POINT_INFORMATION
-{
- LONGLONG FileReference;
- ULONG Tag;
-} FILE_REPARSE_POINT_INFORMATION, *PFILE_REPARSE_POINT_INFORMATION;
-
-typedef struct _FILE_LINK_ENTRY_INFORMATION
-{
- ULONG NextEntryOffset;
- LONGLONG ParentFileId; // LARGE_INTEGER
- ULONG FileNameLength;
- _Field_size_bytes_(FileNameLength) WCHAR FileName[1];
-} FILE_LINK_ENTRY_INFORMATION, *PFILE_LINK_ENTRY_INFORMATION;
-
-typedef struct _FILE_LINKS_INFORMATION
-{
- ULONG BytesNeeded;
- ULONG EntriesReturned;
- FILE_LINK_ENTRY_INFORMATION Entry;
-} FILE_LINKS_INFORMATION, *PFILE_LINKS_INFORMATION;
-
-typedef struct _FILE_NETWORK_PHYSICAL_NAME_INFORMATION
-{
- ULONG FileNameLength;
- _Field_size_bytes_(FileNameLength) WCHAR FileName[1];
-} FILE_NETWORK_PHYSICAL_NAME_INFORMATION, *PFILE_NETWORK_PHYSICAL_NAME_INFORMATION;
-
-typedef struct _FILE_STANDARD_LINK_INFORMATION
-{
- ULONG NumberOfAccessibleLinks;
- ULONG TotalNumberOfLinks;
- BOOLEAN DeletePending;
- BOOLEAN Directory;
-} FILE_STANDARD_LINK_INFORMATION, *PFILE_STANDARD_LINK_INFORMATION;
-
-typedef struct _FILE_SFIO_RESERVE_INFORMATION
-{
- ULONG RequestsPerPeriod;
- ULONG Period;
- BOOLEAN RetryFailures;
- BOOLEAN Discardable;
- ULONG RequestSize;
- ULONG NumOutstandingRequests;
-} FILE_SFIO_RESERVE_INFORMATION, *PFILE_SFIO_RESERVE_INFORMATION;
-
-typedef struct _FILE_SFIO_VOLUME_INFORMATION
-{
- ULONG MaximumRequestsPerPeriod;
- ULONG MinimumPeriod;
- ULONG MinimumTransferSize;
-} FILE_SFIO_VOLUME_INFORMATION, *PFILE_SFIO_VOLUME_INFORMATION;
-
-typedef enum _IO_PRIORITY_HINT
-{
- IoPriorityVeryLow = 0, // Defragging, content indexing and other background I/Os.
- IoPriorityLow, // Prefetching for applications.
- IoPriorityNormal, // Normal I/Os.
- IoPriorityHigh, // Used by filesystems for checkpoint I/O.
- IoPriorityCritical, // Used by memory manager. Not available for applications.
- MaxIoPriorityTypes
-} IO_PRIORITY_HINT;
-
-typedef struct DECLSPEC_ALIGN(8) _FILE_IO_PRIORITY_HINT_INFORMATION
-{
- IO_PRIORITY_HINT PriorityHint;
-} FILE_IO_PRIORITY_HINT_INFORMATION, *PFILE_IO_PRIORITY_HINT_INFORMATION;
-
-typedef struct _FILE_IO_PRIORITY_HINT_INFORMATION_EX
-{
- IO_PRIORITY_HINT PriorityHint;
- BOOLEAN BoostOutstanding;
-} FILE_IO_PRIORITY_HINT_INFORMATION_EX, *PFILE_IO_PRIORITY_HINT_INFORMATION_EX;
-
-#define FILE_SKIP_COMPLETION_PORT_ON_SUCCESS 0x1
-#define FILE_SKIP_SET_EVENT_ON_HANDLE 0x2
-#define FILE_SKIP_SET_USER_EVENT_ON_FAST_IO 0x4
-
-typedef struct _FILE_IO_COMPLETION_NOTIFICATION_INFORMATION
-{
- ULONG Flags;
-} FILE_IO_COMPLETION_NOTIFICATION_INFORMATION, *PFILE_IO_COMPLETION_NOTIFICATION_INFORMATION;
-
-typedef struct _FILE_PROCESS_IDS_USING_FILE_INFORMATION
-{
- ULONG NumberOfProcessIdsInList;
- _Field_size_(NumberOfProcessIdsInList) ULONG_PTR ProcessIdList[1];
-} FILE_PROCESS_IDS_USING_FILE_INFORMATION, *PFILE_PROCESS_IDS_USING_FILE_INFORMATION;
-
-typedef struct _FILE_IS_REMOTE_DEVICE_INFORMATION
-{
- BOOLEAN IsRemote;
-} FILE_IS_REMOTE_DEVICE_INFORMATION, *PFILE_IS_REMOTE_DEVICE_INFORMATION;
-
-typedef struct _FILE_NUMA_NODE_INFORMATION
-{
- USHORT NodeNumber;
-} FILE_NUMA_NODE_INFORMATION, *PFILE_NUMA_NODE_INFORMATION;
-
-typedef struct _FILE_IOSTATUSBLOCK_RANGE_INFORMATION
-{
- PUCHAR IoStatusBlockRange;
- ULONG Length;
-} FILE_IOSTATUSBLOCK_RANGE_INFORMATION, *PFILE_IOSTATUSBLOCK_RANGE_INFORMATION;
-
-// Win32 FILE_REMOTE_PROTOCOL_INFO
-typedef struct _FILE_REMOTE_PROTOCOL_INFORMATION
-{
- // Structure Version
- USHORT StructureVersion; // 1 for Win7, 2 for Win8 SMB3, 3 for Blue SMB3, 4 for RS5
- USHORT StructureSize; // sizeof(FILE_REMOTE_PROTOCOL_INFORMATION)
-
- ULONG Protocol; // Protocol (WNNC_NET_*) defined in winnetwk.h or ntifs.h.
-
- // Protocol Version & Type
- USHORT ProtocolMajorVersion;
- USHORT ProtocolMinorVersion;
- USHORT ProtocolRevision;
-
- USHORT Reserved;
-
- // Protocol-Generic Information
- ULONG Flags;
-
- struct
- {
- ULONG Reserved[8];
- } GenericReserved;
-
- // Protocol specific information
-
-#if (_WIN32_WINNT < PHNT_WIN8)
- struct
- {
- ULONG Reserved[16];
- } ProtocolSpecificReserved;
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN8)
- union
- {
- struct
- {
- struct
- {
- ULONG Capabilities;
- } Server;
- struct
- {
- ULONG Capabilities;
-#if (PHNT_VERSION >= PHNT_21H1)
- ULONG ShareFlags;
-#else
- ULONG CachingFlags;
-#endif
-#if (PHNT_VERSION >= PHNT_REDSTONE5)
- UCHAR ShareType;
- UCHAR Reserved0[3];
- ULONG Reserved1;
-#endif
- } Share;
- } Smb2;
- ULONG Reserved[16];
- } ProtocolSpecific;
-#endif
-} FILE_REMOTE_PROTOCOL_INFORMATION, *PFILE_REMOTE_PROTOCOL_INFORMATION;
-
-#define CHECKSUM_ENFORCEMENT_OFF 0x00000001
-
-typedef struct _FILE_INTEGRITY_STREAM_INFORMATION
-{
- USHORT ChecksumAlgorithm;
- UCHAR ChecksumChunkShift;
- UCHAR ClusterShift;
- ULONG Flags;
-} FILE_INTEGRITY_STREAM_INFORMATION, *PFILE_INTEGRITY_STREAM_INFORMATION;
-
-typedef struct _FILE_VOLUME_NAME_INFORMATION
-{
- ULONG DeviceNameLength;
- _Field_size_bytes_(DeviceNameLength) WCHAR DeviceName[1];
-} FILE_VOLUME_NAME_INFORMATION, *PFILE_VOLUME_NAME_INFORMATION;
-
-#ifndef FILE_INVALID_FILE_ID
-#define FILE_INVALID_FILE_ID ((LONGLONG)-1LL)
-#endif
-
-#define FILE_ID_IS_INVALID(FID) ((FID).QuadPart == FILE_INVALID_FILE_ID)
-
-#define FILE_ID_128_IS_INVALID(FID128) \
- (((FID128).Identifier[0] == (UCHAR)-1) && \
- ((FID128).Identifier[1] == (UCHAR)-1) && \
- ((FID128).Identifier[2] == (UCHAR)-1) && \
- ((FID128).Identifier[3] == (UCHAR)-1) && \
- ((FID128).Identifier[4] == (UCHAR)-1) && \
- ((FID128).Identifier[5] == (UCHAR)-1) && \
- ((FID128).Identifier[6] == (UCHAR)-1) && \
- ((FID128).Identifier[7] == (UCHAR)-1) && \
- ((FID128).Identifier[8] == (UCHAR)-1) && \
- ((FID128).Identifier[9] == (UCHAR)-1) && \
- ((FID128).Identifier[10] == (UCHAR)-1) && \
- ((FID128).Identifier[11] == (UCHAR)-1) && \
- ((FID128).Identifier[12] == (UCHAR)-1) && \
- ((FID128).Identifier[13] == (UCHAR)-1) && \
- ((FID128).Identifier[14] == (UCHAR)-1) && \
- ((FID128).Identifier[15] == (UCHAR)-1))
-
-#define MAKE_INVALID_FILE_ID_128(FID128) { \
- ((FID128).Identifier[0] = (UCHAR)-1); \
- ((FID128).Identifier[1] = (UCHAR)-1); \
- ((FID128).Identifier[2] = (UCHAR)-1); \
- ((FID128).Identifier[3] = (UCHAR)-1); \
- ((FID128).Identifier[4] = (UCHAR)-1); \
- ((FID128).Identifier[5] = (UCHAR)-1); \
- ((FID128).Identifier[6] = (UCHAR)-1); \
- ((FID128).Identifier[7] = (UCHAR)-1); \
- ((FID128).Identifier[8] = (UCHAR)-1); \
- ((FID128).Identifier[9] = (UCHAR)-1); \
- ((FID128).Identifier[10] = (UCHAR)-1); \
- ((FID128).Identifier[11] = (UCHAR)-1); \
- ((FID128).Identifier[12] = (UCHAR)-1); \
- ((FID128).Identifier[13] = (UCHAR)-1); \
- ((FID128).Identifier[14] = (UCHAR)-1); \
- ((FID128).Identifier[15] = (UCHAR)-1); \
-}
-
-typedef struct _FILE_ID_INFORMATION
-{
- ULONGLONG VolumeSerialNumber;
- union
- {
- FILE_ID_128 FileId;
- struct
- {
- LONGLONG FileIdLowPart : 64; // rev
- LONGLONG FileIdHighPart : 64; // rev
- };
- };
-} FILE_ID_INFORMATION, *PFILE_ID_INFORMATION;
-
-typedef struct _FILE_ID_EXTD_DIR_INFORMATION
-{
- ULONG NextEntryOffset;
- ULONG FileIndex;
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER AllocationSize;
- ULONG FileAttributes;
- ULONG FileNameLength;
- ULONG EaSize;
- ULONG ReparsePointTag;
- FILE_ID_128 FileId;
- _Field_size_bytes_(FileNameLength) WCHAR FileName[1];
-} FILE_ID_EXTD_DIR_INFORMATION, *PFILE_ID_EXTD_DIR_INFORMATION;
-
-typedef struct _FILE_LINK_ENTRY_FULL_ID_INFORMATION
-{
- ULONG NextEntryOffset;
- FILE_ID_128 ParentFileId;
- ULONG FileNameLength;
- _Field_size_bytes_(FileNameLength) WCHAR FileName[1];
-} FILE_LINK_ENTRY_FULL_ID_INFORMATION, *PFILE_LINK_ENTRY_FULL_ID_INFORMATION;
-
-typedef struct _FILE_LINKS_FULL_ID_INFORMATION
-{
- ULONG BytesNeeded;
- ULONG EntriesReturned;
- FILE_LINK_ENTRY_FULL_ID_INFORMATION Entry;
-} FILE_LINKS_FULL_ID_INFORMATION, *PFILE_LINKS_FULL_ID_INFORMATION;
-
-typedef struct _FILE_ID_EXTD_BOTH_DIR_INFORMATION
-{
- ULONG NextEntryOffset;
- ULONG FileIndex;
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER AllocationSize;
- ULONG FileAttributes;
- ULONG FileNameLength;
- ULONG EaSize;
- ULONG ReparsePointTag;
- FILE_ID_128 FileId;
- CCHAR ShortNameLength;
- WCHAR ShortName[12];
- _Field_size_bytes_(FileNameLength) WCHAR FileName[1];
-} FILE_ID_EXTD_BOTH_DIR_INFORMATION, *PFILE_ID_EXTD_BOTH_DIR_INFORMATION;
-
-typedef struct _FILE_STAT_INFORMATION
-{
- LARGE_INTEGER FileId;
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER AllocationSize;
- LARGE_INTEGER EndOfFile;
- ULONG FileAttributes;
- ULONG ReparseTag;
- ULONG NumberOfLinks;
- ACCESS_MASK EffectiveAccess;
-} FILE_STAT_INFORMATION, *PFILE_STAT_INFORMATION;
-
-typedef struct _FILE_MEMORY_PARTITION_INFORMATION
-{
- HANDLE OwnerPartitionHandle;
- union
- {
- struct
- {
- UCHAR NoCrossPartitionAccess;
- UCHAR Spare[3];
- };
- ULONG AllFlags;
- } Flags;
-} FILE_MEMORY_PARTITION_INFORMATION, *PFILE_MEMORY_PARTITION_INFORMATION;
-
-// LxFlags
-#define LX_FILE_METADATA_HAS_UID 0x1
-#define LX_FILE_METADATA_HAS_GID 0x2
-#define LX_FILE_METADATA_HAS_MODE 0x4
-#define LX_FILE_METADATA_HAS_DEVICE_ID 0x8
-#define LX_FILE_CASE_SENSITIVE_DIR 0x10
-
-typedef struct _FILE_STAT_LX_INFORMATION
-{
- LARGE_INTEGER FileId;
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER AllocationSize;
- LARGE_INTEGER EndOfFile;
- ULONG FileAttributes;
- ULONG ReparseTag;
- ULONG NumberOfLinks;
- ACCESS_MASK EffectiveAccess;
- ULONG LxFlags;
- ULONG LxUid;
- ULONG LxGid;
- ULONG LxMode;
- ULONG LxDeviceIdMajor;
- ULONG LxDeviceIdMinor;
-} FILE_STAT_LX_INFORMATION, *PFILE_STAT_LX_INFORMATION;
-
-typedef struct _FILE_STORAGE_RESERVE_ID_INFORMATION {
- STORAGE_RESERVE_ID StorageReserveId;
-} FILE_STORAGE_RESERVE_ID_INFORMATION, *PFILE_STORAGE_RESERVE_ID_INFORMATION;
-
-#define FILE_CS_FLAG_CASE_SENSITIVE_DIR 0x00000001
-
-typedef struct _FILE_CASE_SENSITIVE_INFORMATION
-{
- ULONG Flags;
-} FILE_CASE_SENSITIVE_INFORMATION, *PFILE_CASE_SENSITIVE_INFORMATION;
-
-typedef enum _FILE_KNOWN_FOLDER_TYPE
-{
- KnownFolderNone,
- KnownFolderDesktop,
- KnownFolderDocuments,
- KnownFolderDownloads,
- KnownFolderMusic,
- KnownFolderPictures,
- KnownFolderVideos,
- KnownFolderOther,
- KnownFolderMax = 7
-} FILE_KNOWN_FOLDER_TYPE;
-
-typedef struct _FILE_KNOWN_FOLDER_INFORMATION
-{
- FILE_KNOWN_FOLDER_TYPE Type;
-} FILE_KNOWN_FOLDER_INFORMATION, *PFILE_KNOWN_FOLDER_INFORMATION;
-
-// NtQueryDirectoryFile types
-
-typedef struct _FILE_DIRECTORY_INFORMATION
-{
- ULONG NextEntryOffset;
- ULONG FileIndex;
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER AllocationSize;
- ULONG FileAttributes;
- ULONG FileNameLength;
- _Field_size_bytes_(FileNameLength) WCHAR FileName[1];
-} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
-
-typedef struct _FILE_FULL_DIR_INFORMATION
-{
- ULONG NextEntryOffset;
- ULONG FileIndex;
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER AllocationSize;
- ULONG FileAttributes;
- ULONG FileNameLength;
- ULONG EaSize;
- _Field_size_bytes_(FileNameLength) WCHAR FileName[1];
-} FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;
-
-typedef struct _FILE_ID_FULL_DIR_INFORMATION
-{
- ULONG NextEntryOffset;
- ULONG FileIndex;
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER AllocationSize;
- ULONG FileAttributes;
- ULONG FileNameLength;
- ULONG EaSize;
- LARGE_INTEGER FileId;
- _Field_size_bytes_(FileNameLength) WCHAR FileName[1];
-} FILE_ID_FULL_DIR_INFORMATION, *PFILE_ID_FULL_DIR_INFORMATION;
-
-typedef struct _FILE_BOTH_DIR_INFORMATION
-{
- ULONG NextEntryOffset;
- ULONG FileIndex;
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER AllocationSize;
- ULONG FileAttributes;
- ULONG FileNameLength;
- ULONG EaSize;
- CCHAR ShortNameLength;
- WCHAR ShortName[12];
- _Field_size_bytes_(FileNameLength) WCHAR FileName[1];
-} FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
-
-typedef struct _FILE_ID_BOTH_DIR_INFORMATION
-{
- ULONG NextEntryOffset;
- ULONG FileIndex;
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER AllocationSize;
- ULONG FileAttributes;
- ULONG FileNameLength;
- ULONG EaSize;
- CCHAR ShortNameLength;
- WCHAR ShortName[12];
- LARGE_INTEGER FileId;
- _Field_size_bytes_(FileNameLength) WCHAR FileName[1];
-} FILE_ID_BOTH_DIR_INFORMATION, *PFILE_ID_BOTH_DIR_INFORMATION;
-
-typedef struct _FILE_NAMES_INFORMATION
-{
- ULONG NextEntryOffset;
- ULONG FileIndex;
- ULONG FileNameLength;
- _Field_size_bytes_(FileNameLength) WCHAR FileName[1];
-} FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
-
-typedef struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION
-{
- ULONG NextEntryOffset;
- ULONG FileIndex;
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER AllocationSize;
- ULONG FileAttributes;
- ULONG FileNameLength;
- LARGE_INTEGER FileId;
- GUID LockingTransactionId;
- ULONG TxInfoFlags;
- _Field_size_bytes_(FileNameLength) WCHAR FileName[1];
-} FILE_ID_GLOBAL_TX_DIR_INFORMATION, *PFILE_ID_GLOBAL_TX_DIR_INFORMATION;
-
-#define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_WRITELOCKED 0x00000001
-#define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_TO_TX 0x00000002
-#define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_OUTSIDE_TX 0x00000004
-
-typedef struct _FILE_OBJECTID_INFORMATION
-{
- LONGLONG FileReference;
- UCHAR ObjectId[16]; // GUID
- union
- {
- struct
- {
- UCHAR BirthVolumeId[16];
- UCHAR BirthObjectId[16];
- UCHAR DomainId[16];
- };
- UCHAR ExtendedInfo[48];
- };
-} FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION;
-
-typedef struct _FILE_DIRECTORY_NEXT_INFORMATION
-{
- ULONG NextEntryOffset;
-} FILE_DIRECTORY_NEXT_INFORMATION, *PFILE_DIRECTORY_NEXT_INFORMATION;
-
-// NtQueryEaFile/NtSetEaFile types
-
-typedef struct _FILE_FULL_EA_INFORMATION
-{
- ULONG NextEntryOffset;
- UCHAR Flags;
- UCHAR EaNameLength;
- USHORT EaValueLength;
- _Field_size_bytes_(EaNameLength) CHAR EaName[1];
- // ...
- // UCHAR EaValue[1]
-} FILE_FULL_EA_INFORMATION, *PFILE_FULL_EA_INFORMATION;
-
-typedef struct _FILE_GET_EA_INFORMATION
-{
- ULONG NextEntryOffset;
- UCHAR EaNameLength;
- _Field_size_bytes_(EaNameLength) CHAR EaName[1];
-} FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
-
-// NtQueryQuotaInformationFile/NtSetQuotaInformationFile types
-
-typedef struct _FILE_GET_QUOTA_INFORMATION
-{
- ULONG NextEntryOffset;
- ULONG SidLength;
- _Field_size_bytes_(SidLength) SID Sid;
-} FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION;
-
-typedef struct _FILE_QUOTA_INFORMATION
-{
- ULONG NextEntryOffset;
- ULONG SidLength;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER QuotaUsed;
- LARGE_INTEGER QuotaThreshold;
- LARGE_INTEGER QuotaLimit;
- _Field_size_bytes_(SidLength) SID Sid;
-} FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
-
-typedef enum _FSINFOCLASS
-{
- FileFsVolumeInformation = 1, // q: FILE_FS_VOLUME_INFORMATION
- FileFsLabelInformation, // s: FILE_FS_LABEL_INFORMATION (requires FILE_WRITE_DATA to volume)
- FileFsSizeInformation, // q: FILE_FS_SIZE_INFORMATION
- FileFsDeviceInformation, // q: FILE_FS_DEVICE_INFORMATION
- FileFsAttributeInformation, // q: FILE_FS_ATTRIBUTE_INFORMATION
- FileFsControlInformation, // q, s: FILE_FS_CONTROL_INFORMATION (q: requires FILE_READ_DATA; s: requires FILE_WRITE_DATA to volume)
- FileFsFullSizeInformation, // q: FILE_FS_FULL_SIZE_INFORMATION
- FileFsObjectIdInformation, // q; s: FILE_FS_OBJECTID_INFORMATION (s: requires FILE_WRITE_DATA to volume)
- FileFsDriverPathInformation, // q: FILE_FS_DRIVER_PATH_INFORMATION
- FileFsVolumeFlagsInformation, // q; s: FILE_FS_VOLUME_FLAGS_INFORMATION (q: requires FILE_READ_ATTRIBUTES; s: requires FILE_WRITE_ATTRIBUTES to volume) // 10
- FileFsSectorSizeInformation, // q: FILE_FS_SECTOR_SIZE_INFORMATION // since WIN8
- FileFsDataCopyInformation, // q: FILE_FS_DATA_COPY_INFORMATION
- FileFsMetadataSizeInformation, // q: FILE_FS_METADATA_SIZE_INFORMATION // since THRESHOLD
- FileFsFullSizeInformationEx, // q: FILE_FS_FULL_SIZE_INFORMATION_EX // since REDSTONE5
- FileFsGuidInformation, // q: FILE_FS_GUID_INFORMATION // since 23H2
- FileFsMaximumInformation
-} FSINFOCLASS, *PFSINFOCLASS;
-typedef enum _FSINFOCLASS FS_INFORMATION_CLASS;
-
-// NtQueryVolumeInformation/NtSetVolumeInformation types
-
-typedef struct _FILE_FS_VOLUME_INFORMATION
-{
- LARGE_INTEGER VolumeCreationTime;
- ULONG VolumeSerialNumber;
- ULONG VolumeLabelLength;
- BOOLEAN SupportsObjects;
- _Field_size_bytes_(VolumeLabelLength) WCHAR VolumeLabel[1];
-} FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;
-
-typedef struct _FILE_FS_LABEL_INFORMATION
-{
- ULONG VolumeLabelLength;
- _Field_size_bytes_(VolumeLabelLength) WCHAR VolumeLabel[1];
-} FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION;
-
-typedef struct _FILE_FS_SIZE_INFORMATION
-{
- LARGE_INTEGER TotalAllocationUnits;
- LARGE_INTEGER AvailableAllocationUnits;
- ULONG SectorsPerAllocationUnit;
- ULONG BytesPerSector;
-} FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;
-
-// FileSystemControlFlags
-#define FILE_VC_QUOTA_NONE 0x00000000
-#define FILE_VC_QUOTA_TRACK 0x00000001
-#define FILE_VC_QUOTA_ENFORCE 0x00000002
-#define FILE_VC_QUOTA_MASK 0x00000003
-#define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
-#define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
-#define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
-#define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
-#define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
-#define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
-#define FILE_VC_QUOTAS_REBUILDING 0x00000200
-#define FILE_VC_VALID_MASK 0x000003ff
-
-typedef struct _FILE_FS_CONTROL_INFORMATION
-{
- LARGE_INTEGER FreeSpaceStartFiltering;
- LARGE_INTEGER FreeSpaceThreshold;
- LARGE_INTEGER FreeSpaceStopFiltering;
- LARGE_INTEGER DefaultQuotaThreshold;
- LARGE_INTEGER DefaultQuotaLimit;
- ULONG FileSystemControlFlags; // FILE_VC_*
-} FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION;
-
-typedef struct _FILE_FS_FULL_SIZE_INFORMATION
-{
- LARGE_INTEGER TotalAllocationUnits;
- LARGE_INTEGER CallerAvailableAllocationUnits;
- LARGE_INTEGER ActualAvailableAllocationUnits;
- ULONG SectorsPerAllocationUnit;
- ULONG BytesPerSector;
-} FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION;
-
-typedef struct _FILE_FS_OBJECTID_INFORMATION
-{
- UCHAR ObjectId[16];
- union
- {
- struct
- {
- UCHAR BirthVolumeId[16];
- UCHAR BirthObjectId[16];
- UCHAR DomainId[16];
- };
- UCHAR ExtendedInfo[48];
- };
-} FILE_FS_OBJECTID_INFORMATION, *PFILE_FS_OBJECTID_INFORMATION;
-
-typedef struct _FILE_FS_DEVICE_INFORMATION
-{
- DEVICE_TYPE DeviceType;
- ULONG Characteristics;
-} FILE_FS_DEVICE_INFORMATION, *PFILE_FS_DEVICE_INFORMATION;
-
-typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
-{
- ULONG FileSystemAttributes;
- LONG MaximumComponentNameLength;
- ULONG FileSystemNameLength;
- _Field_size_bytes_(FileSystemNameLength) WCHAR FileSystemName[1];
-} FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
-
-typedef struct _FILE_FS_DRIVER_PATH_INFORMATION
-{
- BOOLEAN DriverInPath;
- ULONG DriverNameLength;
- _Field_size_bytes_(DriverNameLength) WCHAR DriverName[1];
-} FILE_FS_DRIVER_PATH_INFORMATION, *PFILE_FS_DRIVER_PATH_INFORMATION;
-
-typedef struct _FILE_FS_VOLUME_FLAGS_INFORMATION
-{
- ULONG Flags;
-} FILE_FS_VOLUME_FLAGS_INFORMATION, *PFILE_FS_VOLUME_FLAGS_INFORMATION;
-
-#define SSINFO_FLAGS_ALIGNED_DEVICE 0x00000001
-#define SSINFO_FLAGS_PARTITION_ALIGNED_ON_DEVICE 0x00000002
-#define SSINFO_FLAGS_NO_SEEK_PENALTY 0x00000004
-#define SSINFO_FLAGS_TRIM_ENABLED 0x00000008
-#define SSINFO_FLAGS_BYTE_ADDRESSABLE 0x00000010 // since REDSTONE
-
-// If set for Sector and Partition fields, alignment is not known.
-#define SSINFO_OFFSET_UNKNOWN 0xffffffff
-
-typedef struct _FILE_FS_SECTOR_SIZE_INFORMATION
-{
- ULONG LogicalBytesPerSector;
- ULONG PhysicalBytesPerSectorForAtomicity;
- ULONG PhysicalBytesPerSectorForPerformance;
- ULONG FileSystemEffectivePhysicalBytesPerSectorForAtomicity;
- ULONG Flags; // SSINFO_FLAGS_*
- ULONG ByteOffsetForSectorAlignment;
- ULONG ByteOffsetForPartitionAlignment;
-} FILE_FS_SECTOR_SIZE_INFORMATION, *PFILE_FS_SECTOR_SIZE_INFORMATION;
-
-typedef struct _FILE_FS_DATA_COPY_INFORMATION
-{
- ULONG NumberOfCopies;
-} FILE_FS_DATA_COPY_INFORMATION, *PFILE_FS_DATA_COPY_INFORMATION;
-
-typedef struct _FILE_FS_METADATA_SIZE_INFORMATION
-{
- LARGE_INTEGER TotalMetadataAllocationUnits;
- ULONG SectorsPerAllocationUnit;
- ULONG BytesPerSector;
-} FILE_FS_METADATA_SIZE_INFORMATION, *PFILE_FS_METADATA_SIZE_INFORMATION;
-
-typedef struct _FILE_FS_FULL_SIZE_INFORMATION_EX
-{
- ULONGLONG ActualTotalAllocationUnits;
- ULONGLONG ActualAvailableAllocationUnits;
- ULONGLONG ActualPoolUnavailableAllocationUnits;
- ULONGLONG CallerTotalAllocationUnits;
- ULONGLONG CallerAvailableAllocationUnits;
- ULONGLONG CallerPoolUnavailableAllocationUnits;
- ULONGLONG UsedAllocationUnits;
- ULONGLONG TotalReservedAllocationUnits;
- ULONGLONG VolumeStorageReserveAllocationUnits;
- ULONGLONG AvailableCommittedAllocationUnits;
- ULONGLONG PoolAvailableAllocationUnits;
- ULONG SectorsPerAllocationUnit;
- ULONG BytesPerSector;
-} FILE_FS_FULL_SIZE_INFORMATION_EX, *PFILE_FS_FULL_SIZE_INFORMATION_EX;
-
-typedef struct _FILE_FS_GUID_INFORMATION
-{
- GUID FsGuid;
-} FILE_FS_GUID_INFORMATION, *PFILE_FS_GUID_INFORMATION;
-
-// System calls
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateFile(
- _Out_ PHANDLE FileHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_opt_ PLARGE_INTEGER AllocationSize,
- _In_ ULONG FileAttributes,
- _In_ ULONG ShareAccess,
- _In_ ULONG CreateDisposition,
- _In_ ULONG CreateOptions,
- _In_reads_bytes_opt_(EaLength) PVOID EaBuffer,
- _In_ ULONG EaLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateNamedPipeFile(
- _Out_ PHANDLE FileHandle,
- _In_ ULONG DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_ ULONG ShareAccess,
- _In_ ULONG CreateDisposition,
- _In_ ULONG CreateOptions,
- _In_ ULONG NamedPipeType,
- _In_ ULONG ReadMode,
- _In_ ULONG CompletionMode,
- _In_ ULONG MaximumInstances,
- _In_ ULONG InboundQuota,
- _In_ ULONG OutboundQuota,
- _In_ PLARGE_INTEGER DefaultTimeout
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateMailslotFile(
- _Out_ PHANDLE FileHandle,
- _In_ ULONG DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_ ULONG CreateOptions,
- _In_ ULONG MailslotQuota,
- _In_ ULONG MaximumMessageSize,
- _In_ PLARGE_INTEGER ReadTimeout
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenFile(
- _Out_ PHANDLE FileHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_ ULONG ShareAccess,
- _In_ ULONG OpenOptions
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtDeleteFile(
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtFlushBuffersFile(
- _In_ HANDLE FileHandle,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock
- );
-
-#define FLUSH_FLAGS_FILE_DATA_ONLY 0x00000001
-#define FLUSH_FLAGS_NO_SYNC 0x00000002
-#define FLUSH_FLAGS_FILE_DATA_SYNC_ONLY 0x00000004 // REDSTONE1
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtFlushBuffersFileEx(
- _In_ HANDLE FileHandle,
- _In_ ULONG Flags,
- _In_reads_bytes_(ParametersSize) PVOID Parameters,
- _In_ ULONG ParametersSize,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryInformationFile(
- _In_ HANDLE FileHandle,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _Out_writes_bytes_(Length) PVOID FileInformation,
- _In_ ULONG Length,
- _In_ FILE_INFORMATION_CLASS FileInformationClass
- );
-
-#if (PHNT_VERSION >= PHNT_REDSTONE2)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryInformationByName(
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _Out_writes_bytes_(Length) PVOID FileInformation,
- _In_ ULONG Length,
- _In_ FILE_INFORMATION_CLASS FileInformationClass
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetInformationFile(
- _In_ HANDLE FileHandle,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_reads_bytes_(Length) PVOID FileInformation,
- _In_ ULONG Length,
- _In_ FILE_INFORMATION_CLASS FileInformationClass
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryDirectoryFile(
- _In_ HANDLE FileHandle,
- _In_opt_ HANDLE Event,
- _In_opt_ PIO_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _Out_writes_bytes_(Length) PVOID FileInformation,
- _In_ ULONG Length,
- _In_ FILE_INFORMATION_CLASS FileInformationClass,
- _In_ BOOLEAN ReturnSingleEntry,
- _In_opt_ PUNICODE_STRING FileName,
- _In_ BOOLEAN RestartScan
- );
-
-#if (PHNT_VERSION >= PHNT_REDSTONE3)
-// QueryFlags values for NtQueryDirectoryFileEx
-#define FILE_QUERY_RESTART_SCAN 0x00000001
-#define FILE_QUERY_RETURN_SINGLE_ENTRY 0x00000002
-#define FILE_QUERY_INDEX_SPECIFIED 0x00000004
-#define FILE_QUERY_RETURN_ON_DISK_ENTRIES_ONLY 0x00000008
-#if (PHNT_VERSION >= PHNT_REDSTONE5)
-#define FILE_QUERY_NO_CURSOR_UPDATE 0x00000010
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryDirectoryFileEx(
- _In_ HANDLE FileHandle,
- _In_opt_ HANDLE Event,
- _In_opt_ PIO_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _Out_writes_bytes_(Length) PVOID FileInformation,
- _In_ ULONG Length,
- _In_ FILE_INFORMATION_CLASS FileInformationClass,
- _In_ ULONG QueryFlags,
- _In_opt_ PUNICODE_STRING FileName
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryEaFile(
- _In_ HANDLE FileHandle,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _Out_writes_bytes_(Length) PVOID Buffer,
- _In_ ULONG Length,
- _In_ BOOLEAN ReturnSingleEntry,
- _In_reads_bytes_opt_(EaListLength) PVOID EaList,
- _In_ ULONG EaListLength,
- _In_opt_ PULONG EaIndex,
- _In_ BOOLEAN RestartScan
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetEaFile(
- _In_ HANDLE FileHandle,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_reads_bytes_(Length) PVOID Buffer,
- _In_ ULONG Length
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryQuotaInformationFile(
- _In_ HANDLE FileHandle,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _Out_writes_bytes_(Length) PVOID Buffer,
- _In_ ULONG Length,
- _In_ BOOLEAN ReturnSingleEntry,
- _In_reads_bytes_opt_(SidListLength) PVOID SidList,
- _In_ ULONG SidListLength,
- _In_opt_ PSID StartSid,
- _In_ BOOLEAN RestartScan
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetQuotaInformationFile(
- _In_ HANDLE FileHandle,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_reads_bytes_(Length) PVOID Buffer,
- _In_ ULONG Length
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryVolumeInformationFile(
- _In_ HANDLE FileHandle,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _Out_writes_bytes_(Length) PVOID FsInformation,
- _In_ ULONG Length,
- _In_ FSINFOCLASS FsInformationClass
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetVolumeInformationFile(
- _In_ HANDLE FileHandle,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_reads_bytes_(Length) PVOID FsInformation,
- _In_ ULONG Length,
- _In_ FSINFOCLASS FsInformationClass
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCancelIoFile(
- _In_ HANDLE FileHandle,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCancelIoFileEx(
- _In_ HANDLE FileHandle,
- _In_opt_ PIO_STATUS_BLOCK IoRequestToCancel,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCancelSynchronousIoFile(
- _In_ HANDLE ThreadHandle,
- _In_opt_ PIO_STATUS_BLOCK IoRequestToCancel,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtDeviceIoControlFile(
- _In_ HANDLE FileHandle,
- _In_opt_ HANDLE Event,
- _In_opt_ PIO_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_ ULONG IoControlCode,
- _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
- _In_ ULONG InputBufferLength,
- _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
- _In_ ULONG OutputBufferLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtFsControlFile(
- _In_ HANDLE FileHandle,
- _In_opt_ HANDLE Event,
- _In_opt_ PIO_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_ ULONG FsControlCode,
- _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
- _In_ ULONG InputBufferLength,
- _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
- _In_ ULONG OutputBufferLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtReadFile(
- _In_ HANDLE FileHandle,
- _In_opt_ HANDLE Event,
- _In_opt_ PIO_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _Out_writes_bytes_(Length) PVOID Buffer,
- _In_ ULONG Length,
- _In_opt_ PLARGE_INTEGER ByteOffset,
- _In_opt_ PULONG Key
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtWriteFile(
- _In_ HANDLE FileHandle,
- _In_opt_ HANDLE Event,
- _In_opt_ PIO_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_reads_bytes_(Length) PVOID Buffer,
- _In_ ULONG Length,
- _In_opt_ PLARGE_INTEGER ByteOffset,
- _In_opt_ PULONG Key
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtReadFileScatter(
- _In_ HANDLE FileHandle,
- _In_opt_ HANDLE Event,
- _In_opt_ PIO_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_ PFILE_SEGMENT_ELEMENT SegmentArray,
- _In_ ULONG Length,
- _In_opt_ PLARGE_INTEGER ByteOffset,
- _In_opt_ PULONG Key
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtWriteFileGather(
- _In_ HANDLE FileHandle,
- _In_opt_ HANDLE Event,
- _In_opt_ PIO_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_ PFILE_SEGMENT_ELEMENT SegmentArray,
- _In_ ULONG Length,
- _In_opt_ PLARGE_INTEGER ByteOffset,
- _In_opt_ PULONG Key
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtLockFile(
- _In_ HANDLE FileHandle,
- _In_opt_ HANDLE Event,
- _In_opt_ PIO_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_ PLARGE_INTEGER ByteOffset,
- _In_ PLARGE_INTEGER Length,
- _In_ ULONG Key,
- _In_ BOOLEAN FailImmediately,
- _In_ BOOLEAN ExclusiveLock
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtUnlockFile(
- _In_ HANDLE FileHandle,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_ PLARGE_INTEGER ByteOffset,
- _In_ PLARGE_INTEGER Length,
- _In_ ULONG Key
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryAttributesFile(
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _Out_ PFILE_BASIC_INFORMATION FileInformation
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryFullAttributesFile(
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _Out_ PFILE_NETWORK_OPEN_INFORMATION FileInformation
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtNotifyChangeDirectoryFile(
- _In_ HANDLE FileHandle,
- _In_opt_ HANDLE Event,
- _In_opt_ PIO_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _Out_writes_bytes_(Length) PVOID Buffer, // FILE_NOTIFY_INFORMATION
- _In_ ULONG Length,
- _In_ ULONG CompletionFilter,
- _In_ BOOLEAN WatchTree
- );
-
-// private
-typedef enum _DIRECTORY_NOTIFY_INFORMATION_CLASS
-{
- DirectoryNotifyInformation = 1, // FILE_NOTIFY_INFORMATION
- DirectoryNotifyExtendedInformation, // FILE_NOTIFY_EXTENDED_INFORMATION
- DirectoryNotifyFullInformation, // since 22H2
- DirectoryNotifyMaximumInformation
-} DIRECTORY_NOTIFY_INFORMATION_CLASS, *PDIRECTORY_NOTIFY_INFORMATION_CLASS;
-
-#if (PHNT_VERSION >= PHNT_REDSTONE3)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtNotifyChangeDirectoryFileEx(
- _In_ HANDLE FileHandle,
- _In_opt_ HANDLE Event,
- _In_opt_ PIO_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _Out_writes_bytes_(Length) PVOID Buffer,
- _In_ ULONG Length,
- _In_ ULONG CompletionFilter,
- _In_ BOOLEAN WatchTree,
- _In_opt_ DIRECTORY_NOTIFY_INFORMATION_CLASS DirectoryNotifyInformationClass
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtLoadDriver(
- _In_ PUNICODE_STRING DriverServiceName
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtUnloadDriver(
- _In_ PUNICODE_STRING DriverServiceName
- );
-
-// I/O completion port
-
-#ifndef IO_COMPLETION_QUERY_STATE
-#define IO_COMPLETION_QUERY_STATE 0x0001
-#endif
-
-#ifndef IO_COMPLETION_MODIFY_STATE
-#define IO_COMPLETION_MODIFY_STATE 0x0002
-#endif
-
-#ifndef IO_COMPLETION_ALL_ACCESS
-#define IO_COMPLETION_ALL_ACCESS (IO_COMPLETION_QUERY_STATE|IO_COMPLETION_MODIFY_STATE|STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE)
-#endif
-
-typedef enum _IO_COMPLETION_INFORMATION_CLASS
-{
- IoCompletionBasicInformation
-} IO_COMPLETION_INFORMATION_CLASS;
-
-typedef struct _IO_COMPLETION_BASIC_INFORMATION
-{
- LONG Depth;
-} IO_COMPLETION_BASIC_INFORMATION, *PIO_COMPLETION_BASIC_INFORMATION;
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateIoCompletion(
- _Out_ PHANDLE IoCompletionHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_opt_ ULONG Count
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenIoCompletion(
- _Out_ PHANDLE IoCompletionHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryIoCompletion(
- _In_ HANDLE IoCompletionHandle,
- _In_ IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass,
- _Out_writes_bytes_(IoCompletionInformationLength) PVOID IoCompletionInformation,
- _In_ ULONG IoCompletionInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetIoCompletion(
- _In_ HANDLE IoCompletionHandle,
- _In_opt_ PVOID KeyContext,
- _In_opt_ PVOID ApcContext,
- _In_ NTSTATUS IoStatus,
- _In_ ULONG_PTR IoStatusInformation
- );
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetIoCompletionEx(
- _In_ HANDLE IoCompletionHandle,
- _In_ HANDLE IoCompletionPacketHandle,
- _In_opt_ PVOID KeyContext,
- _In_opt_ PVOID ApcContext,
- _In_ NTSTATUS IoStatus,
- _In_ ULONG_PTR IoStatusInformation
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtRemoveIoCompletion(
- _In_ HANDLE IoCompletionHandle,
- _Out_ PVOID *KeyContext,
- _Out_ PVOID *ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtRemoveIoCompletionEx(
- _In_ HANDLE IoCompletionHandle,
- _Out_writes_to_(Count, *NumEntriesRemoved) PFILE_IO_COMPLETION_INFORMATION IoCompletionInformation,
- _In_ ULONG Count,
- _Out_ PULONG NumEntriesRemoved,
- _In_opt_ PLARGE_INTEGER Timeout,
- _In_ BOOLEAN Alertable
- );
-#endif
-
-// Wait completion packet
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateWaitCompletionPacket(
- _Out_ PHANDLE WaitCompletionPacketHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAssociateWaitCompletionPacket(
- _In_ HANDLE WaitCompletionPacketHandle,
- _In_ HANDLE IoCompletionHandle,
- _In_ HANDLE TargetObjectHandle,
- _In_opt_ PVOID KeyContext,
- _In_opt_ PVOID ApcContext,
- _In_ NTSTATUS IoStatus,
- _In_ ULONG_PTR IoStatusInformation,
- _Out_opt_ PBOOLEAN AlreadySignaled
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCancelWaitCompletionPacket(
- _In_ HANDLE WaitCompletionPacketHandle,
- _In_ BOOLEAN RemoveSignaledPacket
- );
-
-#endif
-
-// Sessions
-
-typedef enum _IO_SESSION_EVENT
-{
- IoSessionEventIgnore,
- IoSessionEventCreated,
- IoSessionEventTerminated,
- IoSessionEventConnected,
- IoSessionEventDisconnected,
- IoSessionEventLogon,
- IoSessionEventLogoff,
- IoSessionEventMax
-} IO_SESSION_EVENT;
-
-typedef enum _IO_SESSION_STATE
-{
- IoSessionStateCreated = 1,
- IoSessionStateInitialized = 2,
- IoSessionStateConnected = 3,
- IoSessionStateDisconnected = 4,
- IoSessionStateDisconnectedLoggedOn = 5,
- IoSessionStateLoggedOn = 6,
- IoSessionStateLoggedOff = 7,
- IoSessionStateTerminated = 8,
- IoSessionStateMax
-} IO_SESSION_STATE;
-
-// Sessions
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenSession(
- _Out_ PHANDLE SessionHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-#endif
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtNotifyChangeSession(
- _In_ HANDLE SessionHandle,
- _In_ ULONG ChangeSequenceNumber,
- _In_ PLARGE_INTEGER ChangeTimeStamp,
- _In_ IO_SESSION_EVENT Event,
- _In_ IO_SESSION_STATE NewState,
- _In_ IO_SESSION_STATE PreviousState,
- _In_reads_bytes_opt_(PayloadSize) PVOID Payload,
- _In_ ULONG PayloadSize
- );
-#endif
-
-// I/O Ring
-
-#if (PHNT_VERSION >= PHNT_WIN11)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateIoRing(
- _Out_ PHANDLE IoRingHandle,
- _In_ ULONG CreateParametersLength,
- _In_ PVOID CreateParameters,
- _In_ ULONG OutputParametersLength,
- _Out_ PVOID OutputParameters
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSubmitIoRing(
- _In_ HANDLE IoRingHandle,
- _In_ ULONG Flags,
- _In_opt_ ULONG WaitOperations,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryIoRingCapabilities(
- _In_ SIZE_T IoRingCapabilitiesLength,
- _Out_ PVOID IoRingCapabilities
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetInformationIoRing(
- _In_ HANDLE IoRingHandle,
- _In_ ULONG IoRingInformationClass,
- _In_ ULONG IoRingInformationLength,
- _In_ PVOID IoRingInformation
- );
-#endif
-
-// Other types
-
-typedef enum _INTERFACE_TYPE
-{
- InterfaceTypeUndefined = -1,
- Internal = 0,
- Isa = 1,
- Eisa = 2,
- MicroChannel = 3,
- TurboChannel = 4,
- PCIBus = 5,
- VMEBus = 6,
- NuBus = 7,
- PCMCIABus = 8,
- CBus = 9,
- MPIBus = 10,
- MPSABus = 11,
- ProcessorInternal = 12,
- InternalPowerBus = 13,
- PNPISABus = 14,
- PNPBus = 15,
- Vmcs = 16,
- ACPIBus = 17,
- MaximumInterfaceType
-} INTERFACE_TYPE, *PINTERFACE_TYPE;
-
-typedef enum _DMA_WIDTH
-{
- Width8Bits,
- Width16Bits,
- Width32Bits,
- Width64Bits,
- WidthNoWrap,
- MaximumDmaWidth
-} DMA_WIDTH, *PDMA_WIDTH;
-
-typedef enum _DMA_SPEED
-{
- Compatible,
- TypeA,
- TypeB,
- TypeC,
- TypeF,
- MaximumDmaSpeed
-} DMA_SPEED, *PDMA_SPEED;
-
-typedef enum _BUS_DATA_TYPE
-{
- ConfigurationSpaceUndefined = -1,
- Cmos,
- EisaConfiguration,
- Pos,
- CbusConfiguration,
- PCIConfiguration,
- VMEConfiguration,
- NuBusConfiguration,
- PCMCIAConfiguration,
- MPIConfiguration,
- MPSAConfiguration,
- PNPISAConfiguration,
- SgiInternalConfiguration,
- MaximumBusDataType
-} BUS_DATA_TYPE, *PBUS_DATA_TYPE;
-
-// Control structures
-
-// Reparse structure for FSCTL_SET_REPARSE_POINT, FSCTL_GET_REPARSE_POINT, FSCTL_DELETE_REPARSE_POINT
-
-#define SYMLINK_FLAG_RELATIVE 0x00000001
-
-#if (PHNT_VERSION >= PHNT_REDSTONE4)
-#define SYMLINK_DIRECTORY 0x80000000 // If set then this is a directory symlink
-#define SYMLINK_FILE 0x40000000 // If set then this is a file symlink
-#endif
-
-typedef struct _REPARSE_DATA_BUFFER
-{
- ULONG ReparseTag;
- USHORT ReparseDataLength;
- USHORT Reserved;
-
- _Field_size_bytes_(ReparseDataLength)
- union
- {
- struct
- {
- USHORT SubstituteNameOffset;
- USHORT SubstituteNameLength;
- USHORT PrintNameOffset;
- USHORT PrintNameLength;
- ULONG Flags;
- WCHAR PathBuffer[1];
- } SymbolicLinkReparseBuffer;
- struct
- {
- USHORT SubstituteNameOffset;
- USHORT SubstituteNameLength;
- USHORT PrintNameOffset;
- USHORT PrintNameLength;
- WCHAR PathBuffer[1];
- } MountPointReparseBuffer;
- struct
- {
- ULONG StringCount;
- WCHAR StringList[1];
- } AppExecLinkReparseBuffer;
- struct
- {
- UCHAR DataBuffer[1];
- } GenericReparseBuffer;
- };
-} REPARSE_DATA_BUFFER, *PREPARSE_DATA_BUFFER;
-
-#define REPARSE_DATA_BUFFER_HEADER_SIZE UFIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer)
-
-#if (PHNT_VERSION >= PHNT_REDSTONE)
-// Reparse structure for FSCTL_SET_REPARSE_POINT_EX
-
-typedef struct _REPARSE_DATA_BUFFER_EX
-{
- ULONG Flags;
-
- //
- // This is the existing reparse tag on the file if any, if the
- // caller wants to replace the reparse tag too.
- //
- // - To set the reparse data along with the reparse tag that
- // could be different, pass the current reparse tag of the
- // file.
- //
- // - To update the reparse data while having the same reparse
- // tag, the caller should give the existing reparse tag in
- // this ExistingReparseTag field.
- //
- // - To set the reparse tag along with reparse data on a file
- // that doesn't have a reparse tag yet, set this to zero.
- //
- // If the ExistingReparseTag does not match the reparse tag on
- // the file, the FSCTL_SET_REPARSE_POINT_EX would fail with
- // STATUS_IO_REPARSE_TAG_MISMATCH. NOTE: If a file doesn't have
- // a reparse tag, ExistingReparseTag should be 0.
- //
-
- ULONG ExistingReparseTag;
-
- // For non-Microsoft reparse tags, this is the existing reparse
- // guid on the file if any, if the caller wants to replace the
- // reparse tag and / or guid along with the data.
- //
- // If ExistingReparseTag is 0, the file is not expected to have
- // any reparse tags, so ExistingReparseGuid is ignored. And for
- // non-Microsoft tags ExistingReparseGuid should match the guid
- // in the file if ExistingReparseTag is non zero.
-
- GUID ExistingReparseGuid;
-
- //
- // Reserved
- //
- ULONGLONG Reserved;
-
- //
- // Reparse data to set
- //
- union
- {
- REPARSE_DATA_BUFFER ReparseDataBuffer;
- REPARSE_GUID_DATA_BUFFER ReparseGuidDataBuffer;
- };
-} REPARSE_DATA_BUFFER_EX, *PREPARSE_DATA_BUFFER_EX;
-
-// REPARSE_DATA_BUFFER_EX Flags
-//
-// REPARSE_DATA_EX_FLAG_GIVEN_TAG_OR_NONE - Forces the FSCTL to set the
-// reparse tag if the file has no tag or the tag on the file is same as
-// the one in ExistingReparseTag. NOTE: If the ExistingReparseTag is
-// not a Microsoft tag then the ExistingReparseGuid should match if the
-// file has the ExistingReparseTag.
-//
-#define REPARSE_DATA_EX_FLAG_GIVEN_TAG_OR_NONE (0x00000001)
-
-#define REPARSE_GUID_DATA_BUFFER_EX_HEADER_SIZE \
- UFIELD_OFFSET(REPARSE_DATA_BUFFER_EX, ReparseGuidDataBuffer.GenericReparseBuffer)
-
-#define REPARSE_DATA_BUFFER_EX_HEADER_SIZE \
- UFIELD_OFFSET(REPARSE_DATA_BUFFER_EX, ReparseDataBuffer.GenericReparseBuffer)
-
-#endif // PHNT_REDSTONE
-
-// Named pipe FS control definitions
-
-#define DEVICE_NAMED_PIPE L"\\Device\\NamedPipe\\"
-
-#define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
-#define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
-#define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_GET_PIPE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_SET_PIPE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_GET_CONNECTION_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_SET_CONNECTION_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 13, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_GET_HANDLE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 14, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_SET_HANDLE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_FLUSH CTL_CODE(FILE_DEVICE_NAMED_PIPE, 16, METHOD_BUFFERED, FILE_WRITE_DATA)
-#define FSCTL_PIPE_DISABLE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 17, METHOD_BUFFERED, FILE_ANY_ACCESS) // since REDSTONE
-#define FSCTL_PIPE_SILO_ARRIVAL CTL_CODE(FILE_DEVICE_NAMED_PIPE, 18, METHOD_BUFFERED, FILE_WRITE_DATA) // since REDSTONE3
-#define FSCTL_PIPE_CREATE_SYMLINK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 19, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) // requires SeTcbPrivilege
-#define FSCTL_PIPE_DELETE_SYMLINK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 20, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
-#define FSCTL_PIPE_QUERY_CLIENT_PROCESS_V2 CTL_CODE(FILE_DEVICE_NAMED_PIPE, 21, METHOD_BUFFERED, FILE_ANY_ACCESS) // since 19H1
-
-#define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
-#define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
-#define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
-#define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
-
-// Flags for query event
-
-#define FILE_PIPE_READ_DATA 0x00000000
-#define FILE_PIPE_WRITE_SPACE 0x00000001
-
-// Input for FSCTL_PIPE_ASSIGN_EVENT
-typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER
-{
- HANDLE EventHandle;
- ULONG KeyValue;
-} FILE_PIPE_ASSIGN_EVENT_BUFFER, *PFILE_PIPE_ASSIGN_EVENT_BUFFER;
-
-// Output for FILE_PIPE_PEEK_BUFFER
-typedef struct _FILE_PIPE_PEEK_BUFFER
-{
- ULONG NamedPipeState;
- ULONG ReadDataAvailable;
- ULONG NumberOfMessages;
- ULONG MessageLength;
- _Field_size_bytes_(MessageLength) CHAR Data[1];
-} FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER;
-
-// Output for FSCTL_PIPE_QUERY_EVENT
-typedef struct _FILE_PIPE_EVENT_BUFFER
-{
- ULONG NamedPipeState;
- ULONG EntryType;
- ULONG ByteCount;
- ULONG KeyValue;
- ULONG NumberRequests;
-} FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER;
-
-// Input for FSCTL_PIPE_WAIT
-typedef struct _FILE_PIPE_WAIT_FOR_BUFFER
-{
- LARGE_INTEGER Timeout;
- ULONG NameLength;
- BOOLEAN TimeoutSpecified;
- _Field_size_bytes_(NameLength) WCHAR Name[1];
-} FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER;
-
-// Input for FSCTL_PIPE_SET_CLIENT_PROCESS, Output for FSCTL_PIPE_QUERY_CLIENT_PROCESS
-typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER
-{
-#if !defined(BUILD_WOW6432)
- PVOID ClientSession;
- PVOID ClientProcess;
-#else
- ULONGLONG ClientSession;
- ULONGLONG ClientProcess;
-#endif
-} FILE_PIPE_CLIENT_PROCESS_BUFFER, *PFILE_PIPE_CLIENT_PROCESS_BUFFER;
-
-// Control structure for FSCTL_PIPE_QUERY_CLIENT_PROCESS_V2
-
-typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER_V2
-{
- ULONGLONG ClientSession;
-#if !defined(BUILD_WOW6432)
- PVOID ClientProcess;
-#else
- ULONGLONG ClientProcess;
-#endif
-} FILE_PIPE_CLIENT_PROCESS_BUFFER_V2, *PFILE_PIPE_CLIENT_PROCESS_BUFFER_V2;
-
-#define FILE_PIPE_COMPUTER_NAME_LENGTH 15
-
-// Input for FSCTL_PIPE_SET_CLIENT_PROCESS, Output for FSCTL_PIPE_QUERY_CLIENT_PROCESS
-typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER_EX
-{
-#if !defined(BUILD_WOW6432)
- PVOID ClientSession;
- PVOID ClientProcess;
-#else
- ULONGLONG ClientSession;
- ULONGLONG ClientProcess;
-#endif
- USHORT ClientComputerNameLength; // in bytes
- WCHAR ClientComputerBuffer[FILE_PIPE_COMPUTER_NAME_LENGTH + 1]; // null-terminated
-} FILE_PIPE_CLIENT_PROCESS_BUFFER_EX, *PFILE_PIPE_CLIENT_PROCESS_BUFFER_EX;
-
-// Control structure for FSCTL_PIPE_SILO_ARRIVAL
-
-typedef struct _FILE_PIPE_SILO_ARRIVAL_INPUT
-{
- HANDLE JobHandle;
-} FILE_PIPE_SILO_ARRIVAL_INPUT, *PFILE_PIPE_SILO_ARRIVAL_INPUT;
-
-//
-// Flags for create symlink
-//
-
-//
-// A global symlink will cause resolution of the symlink's target to occur in
-// the host silo (i.e. not in any current silo). For example, if there is a
-// symlink at \Device\Silos\37\Device\NamedPipe\symlink then the target will be
-// resolved as \Device\NamedPipe\target instead of \Device\Silos\37\Device\NamedPipe\target
-//
-#define FILE_PIPE_SYMLINK_FLAG_GLOBAL 0x1
-
-//
-// A relative symlink will cause resolution of the symlink's target to occur relative
-// to the root of the named pipe file system. For example, if there is a symlink at
-// \Device\NamedPipe\symlink that has a target called "target", then the target will
-// be resolved as \Device\NamedPipe\target
-//
-#define FILE_PIPE_SYMLINK_FLAG_RELATIVE 0x2
-
-#define FILE_PIPE_SYMLINK_VALID_FLAGS \
- (FILE_PIPE_SYMLINK_FLAG_GLOBAL | FILE_PIPE_SYMLINK_FLAG_RELATIVE)
-
-// Control structure for FSCTL_PIPE_CREATE_SYMLINK
-
-typedef struct _FILE_PIPE_CREATE_SYMLINK_INPUT
-{
- USHORT NameOffset;
- USHORT NameLength;
- USHORT SubstituteNameOffset;
- USHORT SubstituteNameLength;
- ULONG Flags;
-} FILE_PIPE_CREATE_SYMLINK_INPUT, *PFILE_PIPE_CREATE_SYMLINK_INPUT;
-
-// Control structure for FSCTL_PIPE_DELETE_SYMLINK
-
-typedef struct _FILE_PIPE_DELETE_SYMLINK_INPUT
-{
- USHORT NameOffset;
- USHORT NameLength;
-} FILE_PIPE_DELETE_SYMLINK_INPUT, *PFILE_PIPE_DELETE_SYMLINK_INPUT;
-
-// Mailslot FS control definitions
-
-#define MAILSLOT_CLASS_FIRSTCLASS 1
-#define MAILSLOT_CLASS_SECONDCLASS 2
-
-#define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
-
-// Output for FSCTL_MAILSLOT_PEEK
-typedef struct _FILE_MAILSLOT_PEEK_BUFFER
-{
- ULONG ReadDataAvailable;
- ULONG NumberOfMessages;
- ULONG MessageLength;
-} FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER;
-
-// Mount manager FS control definitions
-
-#define MOUNTMGR_DEVICE_NAME L"\\Device\\MountPointManager"
-#define MOUNTMGRCONTROLTYPE 0x0000006D // 'm'
-#define MOUNTDEVCONTROLTYPE 0x0000004D // 'M'
-
-#define IOCTL_MOUNTMGR_CREATE_POINT CTL_CODE(MOUNTMGRCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
-#define IOCTL_MOUNTMGR_DELETE_POINTS CTL_CODE(MOUNTMGRCONTROLTYPE, 1, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
-#define IOCTL_MOUNTMGR_QUERY_POINTS CTL_CODE(MOUNTMGRCONTROLTYPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define IOCTL_MOUNTMGR_DELETE_POINTS_DBONLY CTL_CODE(MOUNTMGRCONTROLTYPE, 3, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
-#define IOCTL_MOUNTMGR_NEXT_DRIVE_LETTER CTL_CODE(MOUNTMGRCONTROLTYPE, 4, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
-#define IOCTL_MOUNTMGR_AUTO_DL_ASSIGNMENTS CTL_CODE(MOUNTMGRCONTROLTYPE, 5, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
-#define IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_CREATED CTL_CODE(MOUNTMGRCONTROLTYPE, 6, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
-#define IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_DELETED CTL_CODE(MOUNTMGRCONTROLTYPE, 7, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
-#define IOCTL_MOUNTMGR_CHANGE_NOTIFY CTL_CODE(MOUNTMGRCONTROLTYPE, 8, METHOD_BUFFERED, FILE_READ_ACCESS)
-#define IOCTL_MOUNTMGR_KEEP_LINKS_WHEN_OFFLINE CTL_CODE(MOUNTMGRCONTROLTYPE, 9, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
-#define IOCTL_MOUNTMGR_CHECK_UNPROCESSED_VOLUMES CTL_CODE(MOUNTMGRCONTROLTYPE, 10, METHOD_BUFFERED, FILE_READ_ACCESS)
-#define IOCTL_MOUNTMGR_VOLUME_ARRIVAL_NOTIFICATION CTL_CODE(MOUNTMGRCONTROLTYPE, 11, METHOD_BUFFERED, FILE_READ_ACCESS)
-#define IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATH CTL_CODE(MOUNTMGRCONTROLTYPE, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS CTL_CODE(MOUNTMGRCONTROLTYPE, 13, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define IOCTL_MOUNTMGR_SCRUB_REGISTRY CTL_CODE(MOUNTMGRCONTROLTYPE, 14, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
-#define IOCTL_MOUNTMGR_QUERY_AUTO_MOUNT CTL_CODE(MOUNTMGRCONTROLTYPE, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define IOCTL_MOUNTMGR_SET_AUTO_MOUNT CTL_CODE(MOUNTMGRCONTROLTYPE, 16, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
-#define IOCTL_MOUNTMGR_BOOT_DL_ASSIGNMENT CTL_CODE(MOUNTMGRCONTROLTYPE, 17, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) // since WIN7
-#define IOCTL_MOUNTMGR_TRACELOG_CACHE CTL_CODE(MOUNTMGRCONTROLTYPE, 18, METHOD_BUFFERED, FILE_READ_ACCESS)
-#define IOCTL_MOUNTMGR_PREPARE_VOLUME_DELETE CTL_CODE(MOUNTMGRCONTROLTYPE, 19, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
-#define IOCTL_MOUNTMGR_CANCEL_VOLUME_DELETE CTL_CODE(MOUNTMGRCONTROLTYPE, 20, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) // since WIN8
-#define IOCTL_MOUNTMGR_SILO_ARRIVAL CTL_CODE(MOUNTMGRCONTROLTYPE, 21, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) // since RS1
-
-#define IOCTL_MOUNTDEV_QUERY_DEVICE_NAME CTL_CODE(MOUNTDEVCONTROLTYPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
-
-// Input structure for IOCTL_MOUNTMGR_CREATE_POINT.
-typedef struct _MOUNTMGR_CREATE_POINT_INPUT
-{
- USHORT SymbolicLinkNameOffset;
- USHORT SymbolicLinkNameLength;
- USHORT DeviceNameOffset;
- USHORT DeviceNameLength;
-} MOUNTMGR_CREATE_POINT_INPUT, *PMOUNTMGR_CREATE_POINT_INPUT;
-
-// Input structure for IOCTL_MOUNTMGR_DELETE_POINTS, IOCTL_MOUNTMGR_QUERY_POINTS, and IOCTL_MOUNTMGR_DELETE_POINTS_DBONLY.
-typedef struct _MOUNTMGR_MOUNT_POINT
-{
- ULONG SymbolicLinkNameOffset;
- USHORT SymbolicLinkNameLength;
- USHORT Reserved1;
- ULONG UniqueIdOffset;
- USHORT UniqueIdLength;
- USHORT Reserved2;
- ULONG DeviceNameOffset;
- USHORT DeviceNameLength;
- USHORT Reserved3;
-} MOUNTMGR_MOUNT_POINT, *PMOUNTMGR_MOUNT_POINT;
-
-// Output structure for IOCTL_MOUNTMGR_DELETE_POINTS, IOCTL_MOUNTMGR_QUERY_POINTS, and IOCTL_MOUNTMGR_DELETE_POINTS_DBONLY.
-typedef struct _MOUNTMGR_MOUNT_POINTS
-{
- ULONG Size;
- ULONG NumberOfMountPoints;
- _Field_size_(NumberOfMountPoints) MOUNTMGR_MOUNT_POINT MountPoints[1];
-} MOUNTMGR_MOUNT_POINTS, *PMOUNTMGR_MOUNT_POINTS;
-
-// Input structure for IOCTL_MOUNTMGR_NEXT_DRIVE_LETTER.
-typedef struct _MOUNTMGR_DRIVE_LETTER_TARGET
-{
- USHORT DeviceNameLength;
- _Field_size_bytes_(DeviceNameLength) WCHAR DeviceName[1];
-} MOUNTMGR_DRIVE_LETTER_TARGET, *PMOUNTMGR_DRIVE_LETTER_TARGET;
-
-// Output structure for IOCTL_MOUNTMGR_NEXT_DRIVE_LETTER.
-typedef struct _MOUNTMGR_DRIVE_LETTER_INFORMATION
-{
- BOOLEAN DriveLetterWasAssigned;
- UCHAR CurrentDriveLetter;
-} MOUNTMGR_DRIVE_LETTER_INFORMATION, *PMOUNTMGR_DRIVE_LETTER_INFORMATION;
-
-// Input structure for IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_CREATED and
-// IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_DELETED.
-typedef struct _MOUNTMGR_VOLUME_MOUNT_POINT
-{
- USHORT SourceVolumeNameOffset;
- USHORT SourceVolumeNameLength;
- USHORT TargetVolumeNameOffset;
- USHORT TargetVolumeNameLength;
-} MOUNTMGR_VOLUME_MOUNT_POINT, *PMOUNTMGR_VOLUME_MOUNT_POINT;
-
-// Input structure for IOCTL_MOUNTMGR_CHANGE_NOTIFY.
-// Output structure for IOCTL_MOUNTMGR_CHANGE_NOTIFY.
-typedef struct _MOUNTMGR_CHANGE_NOTIFY_INFO
-{
- ULONG EpicNumber;
-} MOUNTMGR_CHANGE_NOTIFY_INFO, *PMOUNTMGR_CHANGE_NOTIFY_INFO;
-
-// Input structure for IOCTL_MOUNTMGR_KEEP_LINKS_WHEN_OFFLINE,
-// IOCTL_MOUNTMGR_VOLUME_ARRIVAL_NOTIFICATION,
-// IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATH, and
-// IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS.
-// IOCTL_MOUNTMGR_PREPARE_VOLUME_DELETE
-// IOCTL_MOUNTMGR_CANCEL_VOLUME_DELETE
-typedef struct _MOUNTMGR_TARGET_NAME
-{
- USHORT DeviceNameLength;
- _Field_size_bytes_(DeviceNameLength) WCHAR DeviceName[1];
-} MOUNTMGR_TARGET_NAME, *PMOUNTMGR_TARGET_NAME;
-
-// Input / Output structure for querying / setting the auto-mount setting
-typedef enum _MOUNTMGR_AUTO_MOUNT_STATE
-{
- Disabled = 0,
- Enabled
-} MOUNTMGR_AUTO_MOUNT_STATE;
-
-// IOCTL_MOUNTMGR_QUERY_AUTO_MOUNT
-typedef struct _MOUNTMGR_QUERY_AUTO_MOUNT
-{
- MOUNTMGR_AUTO_MOUNT_STATE CurrentState;
-} MOUNTMGR_QUERY_AUTO_MOUNT, *PMOUNTMGR_QUERY_AUTO_MOUNT;
-
-// IOCTL_MOUNTMGR_SET_AUTO_MOUNT
-typedef struct _MOUNTMGR_SET_AUTO_MOUNT
-{
- MOUNTMGR_AUTO_MOUNT_STATE NewState;
-} MOUNTMGR_SET_AUTO_MOUNT, *PMOUNTMGR_SET_AUTO_MOUNT;
-
-// Input structure for IOCTL_MOUNTMGR_SILO_ARRIVAL.
-typedef struct _MOUNTMGR_SILO_ARRIVAL_INPUT
-{
- HANDLE JobHandle;
-} MOUNTMGR_SILO_ARRIVAL_INPUT, *PMOUNTMGR_SILO_ARRIVAL_INPUT;
-
-// Macro that defines what a "drive letter" mount point is. This macro can
-// be used to scan the result from QUERY_POINTS to discover which mount points
-// are find "drive letter" mount points.
-#define MOUNTMGR_IS_DRIVE_LETTER(s) ( \
- (s)->Length == 28 && \
- (s)->Buffer[0] == '\\' && \
- (s)->Buffer[1] == 'D' && \
- (s)->Buffer[2] == 'o' && \
- (s)->Buffer[3] == 's' && \
- (s)->Buffer[4] == 'D' && \
- (s)->Buffer[5] == 'e' && \
- (s)->Buffer[6] == 'v' && \
- (s)->Buffer[7] == 'i' && \
- (s)->Buffer[8] == 'c' && \
- (s)->Buffer[9] == 'e' && \
- (s)->Buffer[10] == 's' && \
- (s)->Buffer[11] == '\\' && \
- (s)->Buffer[12] >= 'A' && \
- (s)->Buffer[12] <= 'Z' && \
- (s)->Buffer[13] == ':')
-
-// Macro that defines what a "volume name" mount point is. This macro can
-// be used to scan the result from QUERY_POINTS to discover which mount points
-// are "volume name" mount points.
-#define MOUNTMGR_IS_VOLUME_NAME(s) ( \
- ((s)->Length == 96 || ((s)->Length == 98 && (s)->Buffer[48] == '\\')) && \
- (s)->Buffer[0] == '\\' && \
- ((s)->Buffer[1] == '?' || (s)->Buffer[1] == '\\') && \
- (s)->Buffer[2] == '?' && \
- (s)->Buffer[3] == '\\' && \
- (s)->Buffer[4] == 'V' && \
- (s)->Buffer[5] == 'o' && \
- (s)->Buffer[6] == 'l' && \
- (s)->Buffer[7] == 'u' && \
- (s)->Buffer[8] == 'm' && \
- (s)->Buffer[9] == 'e' && \
- (s)->Buffer[10] == '{' && \
- (s)->Buffer[19] == '-' && \
- (s)->Buffer[24] == '-' && \
- (s)->Buffer[29] == '-' && \
- (s)->Buffer[34] == '-' && \
- (s)->Buffer[47] == '}')
-
-// Output structure for IOCTL_MOUNTDEV_QUERY_DEVICE_NAME.
-typedef struct _MOUNTDEV_NAME
-{
- USHORT NameLength;
- _Field_size_bytes_(NameLength) WCHAR Name[1];
-} MOUNTDEV_NAME, * PMOUNTDEV_NAME;
-
-// Output structure for IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATH and IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS.
-typedef struct _MOUNTMGR_VOLUME_PATHS
-{
- ULONG MultiSzLength;
- _Field_size_bytes_(MultiSzLength) WCHAR MultiSz[1];
-} MOUNTMGR_VOLUME_PATHS, *PMOUNTMGR_VOLUME_PATHS;
-
-#define MOUNTMGR_IS_DOS_VOLUME_NAME(s) ( \
- MOUNTMGR_IS_VOLUME_NAME(s) && \
- (s)->Length == 96 && \
- (s)->Buffer[1] == '\\')
-
-#define MOUNTMGR_IS_DOS_VOLUME_NAME_WB(s) ( \
- MOUNTMGR_IS_VOLUME_NAME(s) && \
- (s)->Length == 98 && \
- (s)->Buffer[1] == '\\')
-
-#define MOUNTMGR_IS_NT_VOLUME_NAME(s) ( \
- MOUNTMGR_IS_VOLUME_NAME(s) && \
- (s)->Length == 96 && \
- (s)->Buffer[1] == '?')
-
-#define MOUNTMGR_IS_NT_VOLUME_NAME_WB(s) ( \
- MOUNTMGR_IS_VOLUME_NAME(s) && \
- (s)->Length == 98 && \
- (s)->Buffer[1] == '?')
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-//
-// Major Function Codes
-//
-#define IRP_MJ_CREATE 0x00
-#define IRP_MJ_CREATE_NAMED_PIPE 0x01
-#define IRP_MJ_CLOSE 0x02
-#define IRP_MJ_READ 0x03
-#define IRP_MJ_WRITE 0x04
-#define IRP_MJ_QUERY_INFORMATION 0x05
-#define IRP_MJ_SET_INFORMATION 0x06
-#define IRP_MJ_QUERY_EA 0x07
-#define IRP_MJ_SET_EA 0x08
-#define IRP_MJ_FLUSH_BUFFERS 0x09
-#define IRP_MJ_QUERY_VOLUME_INFORMATION 0x0a
-#define IRP_MJ_SET_VOLUME_INFORMATION 0x0b
-#define IRP_MJ_DIRECTORY_CONTROL 0x0c
-#define IRP_MJ_FILE_SYSTEM_CONTROL 0x0d
-#define IRP_MJ_DEVICE_CONTROL 0x0e
-#define IRP_MJ_INTERNAL_DEVICE_CONTROL 0x0f
-#define IRP_MJ_SHUTDOWN 0x10
-#define IRP_MJ_LOCK_CONTROL 0x11
-#define IRP_MJ_CLEANUP 0x12
-#define IRP_MJ_CREATE_MAILSLOT 0x13
-#define IRP_MJ_QUERY_SECURITY 0x14
-#define IRP_MJ_SET_SECURITY 0x15
-#define IRP_MJ_POWER 0x16
-#define IRP_MJ_SYSTEM_CONTROL 0x17
-#define IRP_MJ_DEVICE_CHANGE 0x18
-#define IRP_MJ_QUERY_QUOTA 0x19
-#define IRP_MJ_SET_QUOTA 0x1a
-#define IRP_MJ_PNP 0x1b
-#define IRP_MJ_PNP_POWER IRP_MJ_PNP // Obsolete....
-#define IRP_MJ_MAXIMUM_FUNCTION 0x1b
-#define IRP_MJ_ACQUIRE_FOR_SECTION_SYNCHRONIZATION ((UCHAR)-1)
-#define IRP_MJ_RELEASE_FOR_SECTION_SYNCHRONIZATION ((UCHAR)-2)
-#define IRP_MJ_ACQUIRE_FOR_MOD_WRITE ((UCHAR)-3)
-#define IRP_MJ_RELEASE_FOR_MOD_WRITE ((UCHAR)-4)
-#define IRP_MJ_ACQUIRE_FOR_CC_FLUSH ((UCHAR)-5)
-#define IRP_MJ_RELEASE_FOR_CC_FLUSH ((UCHAR)-6)
-#define IRP_MJ_QUERY_OPEN ((UCHAR)-7)
-#define IRP_MJ_FAST_IO_CHECK_IF_POSSIBLE ((UCHAR)-13)
-#define IRP_MJ_NETWORK_QUERY_OPEN ((UCHAR)-14)
-#define IRP_MJ_MDL_READ ((UCHAR)-15)
-#define IRP_MJ_MDL_READ_COMPLETE ((UCHAR)-16)
-#define IRP_MJ_PREPARE_MDL_WRITE ((UCHAR)-17)
-#define IRP_MJ_MDL_WRITE_COMPLETE ((UCHAR)-18)
-#define IRP_MJ_VOLUME_MOUNT ((UCHAR)-19)
-#define IRP_MJ_VOLUME_DISMOUNT ((UCHAR)-20)
-#define FLT_INTERNAL_OPERATION_COUNT 22
-
-//
-// Minor Function Codes
-//
-#define IRP_MN_SCSI_CLASS 0x01
-// PNP minor function codes
-#define IRP_MN_START_DEVICE 0x00
-#define IRP_MN_QUERY_REMOVE_DEVICE 0x01
-#define IRP_MN_REMOVE_DEVICE 0x02
-#define IRP_MN_CANCEL_REMOVE_DEVICE 0x03
-#define IRP_MN_STOP_DEVICE 0x04
-#define IRP_MN_QUERY_STOP_DEVICE 0x05
-#define IRP_MN_CANCEL_STOP_DEVICE 0x06
-#define IRP_MN_QUERY_DEVICE_RELATIONS 0x07
-#define IRP_MN_QUERY_INTERFACE 0x08
-#define IRP_MN_QUERY_CAPABILITIES 0x09
-#define IRP_MN_QUERY_RESOURCES 0x0A
-#define IRP_MN_QUERY_RESOURCE_REQUIREMENTS 0x0B
-#define IRP_MN_QUERY_DEVICE_TEXT 0x0C
-#define IRP_MN_FILTER_RESOURCE_REQUIREMENTS 0x0D
-#define IRP_MN_READ_CONFIG 0x0F
-#define IRP_MN_WRITE_CONFIG 0x10
-#define IRP_MN_EJECT 0x11
-#define IRP_MN_SET_LOCK 0x12
-#define IRP_MN_QUERY_ID 0x13
-#define IRP_MN_QUERY_PNP_DEVICE_STATE 0x14
-#define IRP_MN_QUERY_BUS_INFORMATION 0x15
-#define IRP_MN_DEVICE_USAGE_NOTIFICATION 0x16
-#define IRP_MN_SURPRISE_REMOVAL 0x17
-#if (PHNT_VERSION >= PHNT_WIN7)
-#define IRP_MN_DEVICE_ENUMERATED 0x19
-#endif
-// POWER minor function codes
-#define IRP_MN_WAIT_WAKE 0x00
-#define IRP_MN_POWER_SEQUENCE 0x01
-#define IRP_MN_SET_POWER 0x02
-#define IRP_MN_QUERY_POWER 0x03
-// WMI minor function codes under IRP_MJ_SYSTEM_CONTROL
-#define IRP_MN_QUERY_ALL_DATA 0x00
-#define IRP_MN_QUERY_SINGLE_INSTANCE 0x01
-#define IRP_MN_CHANGE_SINGLE_INSTANCE 0x02
-#define IRP_MN_CHANGE_SINGLE_ITEM 0x03
-#define IRP_MN_ENABLE_EVENTS 0x04
-#define IRP_MN_DISABLE_EVENTS 0x05
-#define IRP_MN_ENABLE_COLLECTION 0x06
-#define IRP_MN_DISABLE_COLLECTION 0x07
-#define IRP_MN_REGINFO 0x08
-#define IRP_MN_EXECUTE_METHOD 0x09
-// Minor code 0x0a is reserved
-#define IRP_MN_REGINFO_EX 0x0b
-// Minor code 0x0c is reserved
-// Minor code 0x0d is reserved
-
-//
-// Filter Manager Callback Data Flags
-//
-#define FLTFL_CALLBACK_DATA_REISSUE_MASK 0x0000FFFF
-#define FLTFL_CALLBACK_DATA_IRP_OPERATION 0x00000001 // Set for Irp operations
-#define FLTFL_CALLBACK_DATA_FAST_IO_OPERATION 0x00000002 // Set for Fast Io operations
-#define FLTFL_CALLBACK_DATA_FS_FILTER_OPERATION 0x00000004 // Set for Fs Filter operations
-#define FLTFL_CALLBACK_DATA_SYSTEM_BUFFER 0x00000008 // Set if the buffer passed in for the i/o was a system buffer
-#define FLTFL_CALLBACK_DATA_GENERATED_IO 0x00010000 // Set if this is I/O generated by a mini-filter
-#define FLTFL_CALLBACK_DATA_REISSUED_IO 0x00020000 // Set if this I/O was reissued
-#define FLTFL_CALLBACK_DATA_DRAINING_IO 0x00040000 // set if this operation is being drained. If set,
-#define FLTFL_CALLBACK_DATA_POST_OPERATION 0x00080000 // Set if this is a POST operation
-#define FLTFL_CALLBACK_DATA_NEW_SYSTEM_BUFFER 0x00100000
-#define FLTFL_CALLBACK_DATA_DIRTY 0x80000000 // Set by caller if parameters were changed
-
-//
-// IRP Flags
-//
-#define IRP_NOCACHE 0x00000001
-#define IRP_PAGING_IO 0x00000002
-#define IRP_MOUNT_COMPLETION 0x00000002
-#define IRP_SYNCHRONOUS_API 0x00000004
-#define IRP_ASSOCIATED_IRP 0x00000008
-#define IRP_BUFFERED_IO 0x00000010
-#define IRP_DEALLOCATE_BUFFER 0x00000020
-#define IRP_INPUT_OPERATION 0x00000040
-#define IRP_SYNCHRONOUS_PAGING_IO 0x00000040
-#define IRP_CREATE_OPERATION 0x00000080
-#define IRP_READ_OPERATION 0x00000100
-#define IRP_WRITE_OPERATION 0x00000200
-#define IRP_CLOSE_OPERATION 0x00000400
-#define IRP_DEFER_IO_COMPLETION 0x00000800
-#define IRP_OB_QUERY_NAME 0x00001000
-#define IRP_HOLD_DEVICE_QUEUE 0x00002000
-#define IRP_UM_DRIVER_INITIATED_IO 0x00400000
-
-//
-// File Object Flags
-//
-#define FO_FILE_OPEN 0x00000001
-#define FO_SYNCHRONOUS_IO 0x00000002
-#define FO_ALERTABLE_IO 0x00000004
-#define FO_NO_INTERMEDIATE_BUFFERING 0x00000008
-#define FO_WRITE_THROUGH 0x00000010
-#define FO_SEQUENTIAL_ONLY 0x00000020
-#define FO_CACHE_SUPPORTED 0x00000040
-#define FO_NAMED_PIPE 0x00000080
-#define FO_STREAM_FILE 0x00000100
-#define FO_MAILSLOT 0x00000200
-#define FO_GENERATE_AUDIT_ON_CLOSE 0x00000400
-#define FO_QUEUE_IRP_TO_THREAD FO_GENERATE_AUDIT_ON_CLOSE
-#define FO_DIRECT_DEVICE_OPEN 0x00000800
-#define FO_FILE_MODIFIED 0x00001000
-#define FO_FILE_SIZE_CHANGED 0x00002000
-#define FO_CLEANUP_COMPLETE 0x00004000
-#define FO_TEMPORARY_FILE 0x00008000
-#define FO_DELETE_ON_CLOSE 0x00010000
-#define FO_OPENED_CASE_SENSITIVE 0x00020000
-#define FO_HANDLE_CREATED 0x00040000
-#define FO_FILE_FAST_IO_READ 0x00080000
-#define FO_RANDOM_ACCESS 0x00100000
-#define FO_FILE_OPEN_CANCELLED 0x00200000
-#define FO_VOLUME_OPEN 0x00400000
-#define FO_BYPASS_IO_ENABLED 0x00800000 //when set BYPASS IO is enabled on this handle
-#define FO_REMOTE_ORIGIN 0x01000000
-#define FO_DISALLOW_EXCLUSIVE 0x02000000
-#define FO_SKIP_COMPLETION_PORT FO_DISALLOW_EXCLUSIVE
-#define FO_SKIP_SET_EVENT 0x04000000
-#define FO_SKIP_SET_FAST_IO 0x08000000
-#define FO_INDIRECT_WAIT_OBJECT 0x10000000
-#define FO_SECTION_MINSTORE_TREATMENT 0x20000000
-
-//
-// Define stack location (IO_STACK_LOCATION) flags
-//
-#define SL_PENDING_RETURNED 0x01
-#define SL_ERROR_RETURNED 0x02
-#define SL_INVOKE_ON_CANCEL 0x20
-#define SL_INVOKE_ON_SUCCESS 0x40
-#define SL_INVOKE_ON_ERROR 0x80
-// Create / Create Named Pipe (IRP_MJ_CREATE/IRP_MJ_CREATE_NAMED_PIPE)
-#define SL_FORCE_ACCESS_CHECK 0x01
-#define SL_OPEN_PAGING_FILE 0x02
-#define SL_OPEN_TARGET_DIRECTORY 0x04
-#define SL_STOP_ON_SYMLINK 0x08
-#define SL_IGNORE_READONLY_ATTRIBUTE 0x40
-#define SL_CASE_SENSITIVE 0x80
-// Read / Write (IRP_MJ_READ/IRP_MJ_WRITE)
-#define SL_KEY_SPECIFIED 0x01
-#define SL_OVERRIDE_VERIFY_VOLUME 0x02
-#define SL_WRITE_THROUGH 0x04
-#define SL_FT_SEQUENTIAL_WRITE 0x08
-#define SL_FORCE_DIRECT_WRITE 0x10
-#define SL_REALTIME_STREAM 0x20 // valid only with optical media
-#define SL_PERSISTENT_MEMORY_FIXED_MAPPING 0x20 // valid only with persistent memory device and IRP_MJ_WRITE
-#define SL_BYPASS_IO 0x40
-// IRP_MJ_FLUSH_BUFFERS
-#define SL_FORCE_ASYNCHRONOUS 0x01
-// Device I/O Control
-#define SL_READ_ACCESS_GRANTED 0x01
-#define SL_WRITE_ACCESS_GRANTED 0x04 // Gap for SL_OVERRIDE_VERIFY_VOLUME
-// Lock (IRP_MJ_LOCK_CONTROL)
-#define SL_FAIL_IMMEDIATELY 0x01
-#define SL_EXCLUSIVE_LOCK 0x02
-// QueryDirectory / QueryEa / QueryQuota (IRP_MJ_DIRECTORY_CONTROL/IRP_MJ_QUERY_EA/IRP_MJ_QUERY_QUOTA))
-#define SL_RESTART_SCAN 0x01
-#define SL_RETURN_SINGLE_ENTRY 0x02
-#define SL_INDEX_SPECIFIED 0x04
-#define SL_RETURN_ON_DISK_ENTRIES_ONLY 0x08
-#define SL_NO_CURSOR_UPDATE 0x10
-#define SL_QUERY_DIRECTORY_MASK 0x1b
-// NotifyDirectory (IRP_MJ_DIRECTORY_CONTROL)
-#define SL_WATCH_TREE 0x01
-// FileSystemControl (IRP_MJ_FILE_SYSTEM_CONTROL)
-#define SL_ALLOW_RAW_MOUNT 0x01
-// SetInformationFile (IRP_MJ_SET_INFORMATION) / QueryInformationFile
-#define SL_BYPASS_ACCESS_CHECK 0x01
-#define SL_INFO_FORCE_ACCESS_CHECK 0x01
-#define SL_INFO_IGNORE_READONLY_ATTRIBUTE 0x40 // same value as IO_IGNORE_READONLY_ATTRIBUTE
-
-//
-// Device Object (DO) flags
-//
-#define DO_VERIFY_VOLUME 0x00000002
-#define DO_BUFFERED_IO 0x00000004
-#define DO_EXCLUSIVE 0x00000008
-#define DO_DIRECT_IO 0x00000010
-#define DO_MAP_IO_BUFFER 0x00000020
-#define DO_DEVICE_INITIALIZING 0x00000080
-#define DO_SHUTDOWN_REGISTERED 0x00000800
-#define DO_BUS_ENUMERATED_DEVICE 0x00001000
-#define DO_POWER_PAGABLE 0x00002000
-#define DO_POWER_INRUSH 0x00004000
-#define DO_DEVICE_TO_BE_RESET 0x04000000
-#define DO_DAX_VOLUME 0x10000000
-
-//
-// KSecDD FS control definitions
-//
-#define KSEC_DEVICE_NAME L"\\Device\\KSecDD"
-#define IOCTL_KSEC_CONNECT_LSA CTL_CODE(FILE_DEVICE_KSEC, 0, METHOD_BUFFERED, FILE_WRITE_ACCESS )
-#define IOCTL_KSEC_RNG CTL_CODE(FILE_DEVICE_KSEC, 1, METHOD_BUFFERED, FILE_ANY_ACCESS )
-#define IOCTL_KSEC_RNG_REKEY CTL_CODE(FILE_DEVICE_KSEC, 2, METHOD_BUFFERED, FILE_ANY_ACCESS )
-#define IOCTL_KSEC_ENCRYPT_MEMORY CTL_CODE(FILE_DEVICE_KSEC, 3, METHOD_OUT_DIRECT, FILE_ANY_ACCESS )
-#define IOCTL_KSEC_DECRYPT_MEMORY CTL_CODE(FILE_DEVICE_KSEC, 4, METHOD_OUT_DIRECT, FILE_ANY_ACCESS )
-#define IOCTL_KSEC_ENCRYPT_MEMORY_CROSS_PROC CTL_CODE(FILE_DEVICE_KSEC, 5, METHOD_OUT_DIRECT, FILE_ANY_ACCESS )
-#define IOCTL_KSEC_DECRYPT_MEMORY_CROSS_PROC CTL_CODE(FILE_DEVICE_KSEC, 6, METHOD_OUT_DIRECT, FILE_ANY_ACCESS )
-#define IOCTL_KSEC_ENCRYPT_MEMORY_SAME_LOGON CTL_CODE(FILE_DEVICE_KSEC, 7, METHOD_OUT_DIRECT, FILE_ANY_ACCESS )
-#define IOCTL_KSEC_DECRYPT_MEMORY_SAME_LOGON CTL_CODE(FILE_DEVICE_KSEC, 8, METHOD_OUT_DIRECT, FILE_ANY_ACCESS )
-#define IOCTL_KSEC_FIPS_GET_FUNCTION_TABLE CTL_CODE(FILE_DEVICE_KSEC, 9, METHOD_BUFFERED, FILE_ANY_ACCESS )
-#define IOCTL_KSEC_ALLOC_POOL CTL_CODE(FILE_DEVICE_KSEC, 10, METHOD_BUFFERED, FILE_ANY_ACCESS )
-#define IOCTL_KSEC_FREE_POOL CTL_CODE(FILE_DEVICE_KSEC, 11, METHOD_BUFFERED, FILE_ANY_ACCESS )
-#define IOCTL_KSEC_COPY_POOL CTL_CODE(FILE_DEVICE_KSEC, 12, METHOD_BUFFERED, FILE_ANY_ACCESS )
-#define IOCTL_KSEC_DUPLICATE_HANDLE CTL_CODE(FILE_DEVICE_KSEC, 13, METHOD_BUFFERED, FILE_ANY_ACCESS )
-#define IOCTL_KSEC_REGISTER_EXTENSION CTL_CODE(FILE_DEVICE_KSEC, 14, METHOD_BUFFERED, FILE_ANY_ACCESS )
-#define IOCTL_KSEC_CLIENT_CALLBACK CTL_CODE(FILE_DEVICE_KSEC, 15, METHOD_BUFFERED, FILE_ANY_ACCESS )
-#define IOCTL_KSEC_GET_BCRYPT_EXTENSION CTL_CODE(FILE_DEVICE_KSEC, 16, METHOD_BUFFERED, FILE_ANY_ACCESS )
-#define IOCTL_KSEC_GET_SSL_EXTENSION CTL_CODE(FILE_DEVICE_KSEC, 17, METHOD_BUFFERED, FILE_ANY_ACCESS )
-#define IOCTL_KSEC_GET_DEVICECONTROL_EXTENSION CTL_CODE(FILE_DEVICE_KSEC, 18, METHOD_BUFFERED, FILE_ANY_ACCESS )
-#define IOCTL_KSEC_ALLOC_VM CTL_CODE(FILE_DEVICE_KSEC, 19, METHOD_BUFFERED, FILE_ANY_ACCESS )
-#define IOCTL_KSEC_FREE_VM CTL_CODE(FILE_DEVICE_KSEC, 20, METHOD_BUFFERED, FILE_ANY_ACCESS )
-#define IOCTL_KSEC_COPY_VM CTL_CODE(FILE_DEVICE_KSEC, 21, METHOD_BUFFERED, FILE_ANY_ACCESS )
-#define IOCTL_KSEC_CLIENT_FREE_VM CTL_CODE(FILE_DEVICE_KSEC, 22, METHOD_BUFFERED, FILE_ANY_ACCESS )
-#define IOCTL_KSEC_INSERT_PROTECTED_PROCESS_ADDRESS CTL_CODE(FILE_DEVICE_KSEC, 23, METHOD_BUFFERED, FILE_ANY_ACCESS )
-#define IOCTL_KSEC_REMOVE_PROTECTED_PROCESS_ADDRESS CTL_CODE(FILE_DEVICE_KSEC, 24, METHOD_BUFFERED, FILE_ANY_ACCESS )
-#define IOCTL_KSEC_GET_BCRYPT_EXTENSION2 CTL_CODE(FILE_DEVICE_KSEC, 25, METHOD_BUFFERED, FILE_ANY_ACCESS )
-#define IOCTL_KSEC_IPC_GET_QUEUED_FUNCTION_CALLS CTL_CODE(FILE_DEVICE_KSEC, 26, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
-#define IOCTL_KSEC_IPC_SET_FUNCTION_RETURN CTL_CODE(FILE_DEVICE_KSEC, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
-
-// pub
-typedef enum _FS_FILTER_SECTION_SYNC_TYPE
-{
- SyncTypeOther = 0,
- SyncTypeCreateSection
-} FS_FILTER_SECTION_SYNC_TYPE, *PFS_FILTER_SECTION_SYNC_TYPE;
-
-//pub
-typedef enum _CREATE_FILE_TYPE
-{
- CreateFileTypeNone,
- CreateFileTypeNamedPipe,
- CreateFileTypeMailslot
-} CREATE_FILE_TYPE;
-
-// pub
-typedef struct _NAMED_PIPE_CREATE_PARAMETERS
-{
- ULONG NamedPipeType;
- ULONG ReadMode;
- ULONG CompletionMode;
- ULONG MaximumInstances;
- ULONG InboundQuota;
- ULONG OutboundQuota;
- LARGE_INTEGER DefaultTimeout;
- BOOLEAN TimeoutSpecified;
-} NAMED_PIPE_CREATE_PARAMETERS, *PNAMED_PIPE_CREATE_PARAMETERS;
-
-// pub
-typedef struct _MAILSLOT_CREATE_PARAMETERS
-{
- ULONG MailslotQuota;
- ULONG MaximumMessageSize;
- LARGE_INTEGER ReadTimeout;
- BOOLEAN TimeoutSpecified;
-} MAILSLOT_CREATE_PARAMETERS, *PMAILSLOT_CREATE_PARAMETERS;
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-
-// pub
-typedef struct _OPLOCK_KEY_ECP_CONTEXT
-{
- GUID OplockKey;
- ULONG Reserved;
-} OPLOCK_KEY_ECP_CONTEXT, *POPLOCK_KEY_ECP_CONTEXT;
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-
-// pub
-typedef struct _OPLOCK_KEY_CONTEXT
-{
- USHORT Version; // OPLOCK_KEY_VERSION_*
- USHORT Flags; // OPLOCK_KEY_FLAG_*
- GUID ParentOplockKey;
- GUID TargetOplockKey;
- ULONG Reserved;
-} OPLOCK_KEY_CONTEXT, *POPLOCK_KEY_CONTEXT;
-
-#define OPLOCK_KEY_VERSION_WIN7 0x0001
-#define OPLOCK_KEY_VERSION_WIN8 0x0002
-
-#define OPLOCK_KEY_FLAG_PARENT_KEY 0x0001
-#define OPLOCK_KEY_FLAG_TARGET_KEY 0x0002
-
-#endif
-
-#endif // (PHNT_MODE != PHNT_MODE_KERNEL)
-
-#endif
diff --git a/deps/phnt-nightly/ntkeapi.h b/deps/phnt-nightly/ntkeapi.h
deleted file mode 100644
index af9c67e..0000000
--- a/deps/phnt-nightly/ntkeapi.h
+++ /dev/null
@@ -1,174 +0,0 @@
-/*
- * Kernel executive support library
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTKEAPI_H
-#define _NTKEAPI_H
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-#define LOW_PRIORITY 0 // Lowest thread priority level
-#define LOW_REALTIME_PRIORITY 16 // Lowest realtime priority level
-#define HIGH_PRIORITY 31 // Highest thread priority level
-#define MAXIMUM_PRIORITY 32 // Number of thread priority levels
-#endif
-
-typedef enum _KTHREAD_STATE
-{
- Initialized,
- Ready,
- Running,
- Standby,
- Terminated,
- Waiting,
- Transition,
- DeferredReady,
- GateWaitObsolete,
- WaitingForProcessInSwap,
- MaximumThreadState
-} KTHREAD_STATE, *PKTHREAD_STATE;
-
-// private
-typedef enum _KHETERO_CPU_POLICY
-{
- KHeteroCpuPolicyAll = 0,
- KHeteroCpuPolicyLarge = 1,
- KHeteroCpuPolicyLargeOrIdle = 2,
- KHeteroCpuPolicySmall = 3,
- KHeteroCpuPolicySmallOrIdle = 4,
- KHeteroCpuPolicyDynamic = 5,
- KHeteroCpuPolicyStaticMax = 5, // valid
- KHeteroCpuPolicyBiasedSmall = 6,
- KHeteroCpuPolicyBiasedLarge = 7,
- KHeteroCpuPolicyDefault = 8,
- KHeteroCpuPolicyMax = 9
-} KHETERO_CPU_POLICY, *PKHETERO_CPU_POLICY;
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-typedef enum _KWAIT_REASON
-{
- Executive,
- FreePage,
- PageIn,
- PoolAllocation,
- DelayExecution,
- Suspended,
- UserRequest,
- WrExecutive,
- WrFreePage,
- WrPageIn,
- WrPoolAllocation,
- WrDelayExecution,
- WrSuspended,
- WrUserRequest,
- WrEventPair,
- WrQueue,
- WrLpcReceive,
- WrLpcReply,
- WrVirtualMemory,
- WrPageOut,
- WrRendezvous,
- WrKeyedEvent,
- WrTerminated,
- WrProcessInSwap,
- WrCpuRateControl,
- WrCalloutStack,
- WrKernel,
- WrResource,
- WrPushLock,
- WrMutex,
- WrQuantumEnd,
- WrDispatchInt,
- WrPreempted,
- WrYieldExecution,
- WrFastMutex,
- WrGuardedMutex,
- WrRundown,
- WrAlertByThreadId,
- WrDeferredPreempt,
- WrPhysicalFault,
- WrIoRing,
- WrMdlCache,
- MaximumWaitReason
-} KWAIT_REASON, *PKWAIT_REASON;
-
-typedef enum _KPROFILE_SOURCE
-{
- ProfileTime,
- ProfileAlignmentFixup,
- ProfileTotalIssues,
- ProfilePipelineDry,
- ProfileLoadInstructions,
- ProfilePipelineFrozen,
- ProfileBranchInstructions,
- ProfileTotalNonissues,
- ProfileDcacheMisses,
- ProfileIcacheMisses,
- ProfileCacheMisses,
- ProfileBranchMispredictions,
- ProfileStoreInstructions,
- ProfileFpInstructions,
- ProfileIntegerInstructions,
- Profile2Issue,
- Profile3Issue,
- Profile4Issue,
- ProfileSpecialInstructions,
- ProfileTotalCycles,
- ProfileIcacheIssues,
- ProfileDcacheAccesses,
- ProfileMemoryBarrierCycles,
- ProfileLoadLinkedIssues,
- ProfileMaximum
-} KPROFILE_SOURCE;
-
-#endif
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCallbackReturn(
- _In_reads_bytes_opt_(OutputLength) PVOID OutputBuffer,
- _In_ ULONG OutputLength,
- _In_ NTSTATUS Status
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtFlushProcessWriteBuffers(
- VOID
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryDebugFilterState(
- _In_ ULONG ComponentId,
- _In_ ULONG Level
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetDebugFilterState(
- _In_ ULONG ComponentId,
- _In_ ULONG Level,
- _In_ BOOLEAN State
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtYieldExecution(
- VOID
- );
-
-#endif
-
-#endif
diff --git a/deps/phnt-nightly/ntldr.h b/deps/phnt-nightly/ntldr.h
deleted file mode 100644
index eb71424..0000000
--- a/deps/phnt-nightly/ntldr.h
+++ /dev/null
@@ -1,1185 +0,0 @@
-/*
- * Loader support functions
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTLDR_H
-#define _NTLDR_H
-
-// DLLs
-
-typedef BOOLEAN (NTAPI *PLDR_INIT_ROUTINE)(
- _In_ PVOID DllHandle,
- _In_ ULONG Reason,
- _In_opt_ PVOID Context
- );
-
-// symbols
-typedef struct _LDR_SERVICE_TAG_RECORD
-{
- struct _LDR_SERVICE_TAG_RECORD *Next;
- ULONG ServiceTag;
-} LDR_SERVICE_TAG_RECORD, *PLDR_SERVICE_TAG_RECORD;
-
-// symbols
-typedef struct _LDRP_CSLIST
-{
- PSINGLE_LIST_ENTRY Tail;
-} LDRP_CSLIST, *PLDRP_CSLIST;
-
-// symbols
-typedef enum _LDR_DDAG_STATE
-{
- LdrModulesMerged = -5,
- LdrModulesInitError = -4,
- LdrModulesSnapError = -3,
- LdrModulesUnloaded = -2,
- LdrModulesUnloading = -1,
- LdrModulesPlaceHolder = 0,
- LdrModulesMapping = 1,
- LdrModulesMapped = 2,
- LdrModulesWaitingForDependencies = 3,
- LdrModulesSnapping = 4,
- LdrModulesSnapped = 5,
- LdrModulesCondensed = 6,
- LdrModulesReadyToInit = 7,
- LdrModulesInitializing = 8,
- LdrModulesReadyToRun = 9
-} LDR_DDAG_STATE;
-
-// symbols
-typedef struct _LDR_DDAG_NODE
-{
- LIST_ENTRY Modules;
- PLDR_SERVICE_TAG_RECORD ServiceTagList;
- ULONG LoadCount;
- ULONG LoadWhileUnloadingCount;
- ULONG LowestLink;
- union
- {
- LDRP_CSLIST Dependencies;
- SINGLE_LIST_ENTRY RemovalLink;
- };
- LDRP_CSLIST IncomingDependencies;
- LDR_DDAG_STATE State;
- SINGLE_LIST_ENTRY CondenseLink;
- ULONG PreorderNumber;
-} LDR_DDAG_NODE, *PLDR_DDAG_NODE;
-
-// rev
-typedef struct _LDR_DEPENDENCY_RECORD
-{
- SINGLE_LIST_ENTRY DependencyLink;
- PLDR_DDAG_NODE DependencyNode;
- SINGLE_LIST_ENTRY IncomingDependencyLink;
- PLDR_DDAG_NODE IncomingDependencyNode;
-} LDR_DEPENDENCY_RECORD, *PLDR_DEPENDENCY_RECORD;
-
-// symbols
-typedef enum _LDR_DLL_LOAD_REASON
-{
- LoadReasonStaticDependency,
- LoadReasonStaticForwarderDependency,
- LoadReasonDynamicForwarderDependency,
- LoadReasonDelayloadDependency,
- LoadReasonDynamicLoad,
- LoadReasonAsImageLoad,
- LoadReasonAsDataLoad,
- LoadReasonEnclavePrimary, // since REDSTONE3
- LoadReasonEnclaveDependency,
- LoadReasonPatchImage, // since WIN11
- LoadReasonUnknown = -1
-} LDR_DLL_LOAD_REASON, *PLDR_DLL_LOAD_REASON;
-
-typedef enum _LDR_HOT_PATCH_STATE
-{
- LdrHotPatchBaseImage,
- LdrHotPatchNotApplied,
- LdrHotPatchAppliedReverse,
- LdrHotPatchAppliedForward,
- LdrHotPatchFailedToPatch,
- LdrHotPatchStateMax,
-} LDR_HOT_PATCH_STATE, *PLDR_HOT_PATCH_STATE;
-
-typedef struct _ACTIVATION_CONTEXT *PACTIVATION_CONTEXT;
-typedef struct _LDRP_LOAD_CONTEXT *PLDRP_LOAD_CONTEXT;
-
-// LDR_DATA_TABLE_ENTRY->Flags
-#define LDRP_PACKAGED_BINARY 0x00000001
-#define LDRP_MARKED_FOR_REMOVAL 0x00000002
-#define LDRP_IMAGE_DLL 0x00000004
-#define LDRP_LOAD_NOTIFICATIONS_SENT 0x00000008
-#define LDRP_TELEMETRY_ENTRY_PROCESSED 0x00000010
-#define LDRP_PROCESS_STATIC_IMPORT 0x00000020
-#define LDRP_IN_LEGACY_LISTS 0x00000040
-#define LDRP_IN_INDEXES 0x00000080
-#define LDRP_SHIM_DLL 0x00000100
-#define LDRP_IN_EXCEPTION_TABLE 0x00000200
-#define LDRP_LOAD_IN_PROGRESS 0x00001000
-#define LDRP_LOAD_CONFIG_PROCESSED 0x00002000
-#define LDRP_ENTRY_PROCESSED 0x00004000
-#define LDRP_PROTECT_DELAY_LOAD 0x00008000
-#define LDRP_DONT_CALL_FOR_THREADS 0x00040000
-#define LDRP_PROCESS_ATTACH_CALLED 0x00080000
-#define LDRP_PROCESS_ATTACH_FAILED 0x00100000
-#define LDRP_COR_DEFERRED_VALIDATE 0x00200000
-#define LDRP_COR_IMAGE 0x00400000
-#define LDRP_DONT_RELOCATE 0x00800000
-#define LDRP_COR_IL_ONLY 0x01000000
-#define LDRP_CHPE_IMAGE 0x02000000
-#define LDRP_CHPE_EMULATOR_IMAGE 0x04000000
-#define LDRP_REDIRECTED 0x10000000
-#define LDRP_COMPAT_DATABASE_PROCESSED 0x80000000
-
-#define LDR_DATA_TABLE_ENTRY_SIZE_WINXP FIELD_OFFSET(LDR_DATA_TABLE_ENTRY, DdagNode)
-#define LDR_DATA_TABLE_ENTRY_SIZE_WIN7 FIELD_OFFSET(LDR_DATA_TABLE_ENTRY, BaseNameHashValue)
-#define LDR_DATA_TABLE_ENTRY_SIZE_WIN8 FIELD_OFFSET(LDR_DATA_TABLE_ENTRY, ImplicitPathOptions)
-#define LDR_DATA_TABLE_ENTRY_SIZE_WIN10 FIELD_OFFSET(LDR_DATA_TABLE_ENTRY, SigningLevel)
-#define LDR_DATA_TABLE_ENTRY_SIZE_WIN11 sizeof(LDR_DATA_TABLE_ENTRY)
-
-// symbols
-typedef struct _LDR_DATA_TABLE_ENTRY
-{
- LIST_ENTRY InLoadOrderLinks;
- LIST_ENTRY InMemoryOrderLinks;
- LIST_ENTRY InInitializationOrderLinks;
- PVOID DllBase;
- PLDR_INIT_ROUTINE EntryPoint;
- ULONG SizeOfImage;
- UNICODE_STRING FullDllName;
- UNICODE_STRING BaseDllName;
- union
- {
- UCHAR FlagGroup[4];
- ULONG Flags;
- struct
- {
- ULONG PackagedBinary : 1;
- ULONG MarkedForRemoval : 1;
- ULONG ImageDll : 1;
- ULONG LoadNotificationsSent : 1;
- ULONG TelemetryEntryProcessed : 1;
- ULONG ProcessStaticImport : 1;
- ULONG InLegacyLists : 1;
- ULONG InIndexes : 1;
- ULONG ShimDll : 1;
- ULONG InExceptionTable : 1;
- ULONG ReservedFlags1 : 2;
- ULONG LoadInProgress : 1;
- ULONG LoadConfigProcessed : 1;
- ULONG EntryProcessed : 1;
- ULONG ProtectDelayLoad : 1;
- ULONG ReservedFlags3 : 2;
- ULONG DontCallForThreads : 1;
- ULONG ProcessAttachCalled : 1;
- ULONG ProcessAttachFailed : 1;
- ULONG CorDeferredValidate : 1;
- ULONG CorImage : 1;
- ULONG DontRelocate : 1;
- ULONG CorILOnly : 1;
- ULONG ChpeImage : 1;
- ULONG ChpeEmulatorImage : 1;
- ULONG ReservedFlags5 : 1;
- ULONG Redirected : 1;
- ULONG ReservedFlags6 : 2;
- ULONG CompatDatabaseProcessed : 1;
- };
- };
- USHORT ObsoleteLoadCount;
- USHORT TlsIndex;
- LIST_ENTRY HashLinks;
- ULONG TimeDateStamp;
- PACTIVATION_CONTEXT EntryPointActivationContext;
- PVOID Lock; // RtlAcquireSRWLockExclusive
- PLDR_DDAG_NODE DdagNode;
- LIST_ENTRY NodeModuleLink;
- PLDRP_LOAD_CONTEXT LoadContext;
- PVOID ParentDllBase;
- PVOID SwitchBackContext;
- RTL_BALANCED_NODE BaseAddressIndexNode;
- RTL_BALANCED_NODE MappingInfoIndexNode;
- ULONG_PTR OriginalBase;
- LARGE_INTEGER LoadTime;
- ULONG BaseNameHashValue;
- LDR_DLL_LOAD_REASON LoadReason; // since WIN8
- ULONG ImplicitPathOptions;
- ULONG ReferenceCount; // since WIN10
- ULONG DependentLoadFlags;
- UCHAR SigningLevel; // since REDSTONE2
- ULONG CheckSum; // since 22H1
- PVOID ActivePatchImageBase;
- LDR_HOT_PATCH_STATE HotPatchState;
-} LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
-
-#define LDR_IS_DATAFILE(DllHandle) (((ULONG_PTR)(DllHandle)) & (ULONG_PTR)1)
-#define LDR_IS_IMAGEMAPPING(DllHandle) (((ULONG_PTR)(DllHandle)) & (ULONG_PTR)2)
-#define LDR_IS_RESOURCE(DllHandle) (LDR_IS_IMAGEMAPPING(DllHandle) || LDR_IS_DATAFILE(DllHandle))
-#define LDR_MAPPEDVIEW_TO_DATAFILE(BaseAddress) ((PVOID)(((ULONG_PTR)(BaseAddress)) | (ULONG_PTR)1))
-#define LDR_MAPPEDVIEW_TO_IMAGEMAPPING(BaseAddress) ((PVOID)(((ULONG_PTR)(BaseAddress)) | (ULONG_PTR)2))
-#define LDR_DATAFILE_TO_MAPPEDVIEW(DllHandle) ((PVOID)(((ULONG_PTR)(DllHandle)) & ~(ULONG_PTR)1))
-#define LDR_IMAGEMAPPING_TO_MAPPEDVIEW(DllHandle) ((PVOID)(((ULONG_PTR)(DllHandle)) & ~(ULONG_PTR)2))
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrLoadDll(
- _In_opt_ PWSTR DllPath,
- _In_opt_ PULONG DllCharacteristics,
- _In_ PUNICODE_STRING DllName,
- _Out_ PVOID *DllHandle
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrUnloadDll(
- _In_ PVOID DllHandle
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrGetDllHandle(
- _In_opt_ PWSTR DllPath,
- _In_opt_ PULONG DllCharacteristics,
- _In_ PUNICODE_STRING DllName,
- _Out_ PVOID *DllHandle
- );
-
-#define LDR_GET_DLL_HANDLE_EX_UNCHANGED_REFCOUNT 0x00000001
-#define LDR_GET_DLL_HANDLE_EX_PIN 0x00000002
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrGetDllHandleEx(
- _In_ ULONG Flags,
- _In_opt_ PWSTR DllPath,
- _In_opt_ PULONG DllCharacteristics,
- _In_ PUNICODE_STRING DllName,
- _Out_ PVOID *DllHandle
- );
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrGetDllHandleByMapping(
- _In_ PVOID BaseAddress,
- _Out_ PVOID *DllHandle
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrGetDllHandleByName(
- _In_opt_ PUNICODE_STRING BaseDllName,
- _In_opt_ PUNICODE_STRING FullDllName,
- _Out_ PVOID *DllHandle
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrGetDllFullName(
- _In_ PVOID DllHandle,
- _Out_ PUNICODE_STRING FullDllName
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrGetDllPath(
- _In_ PCWSTR DllName,
- _In_ ULONG Flags, // LOAD_LIBRARY_SEARCH_*
- _Out_ PWSTR* DllPath,
- _Out_ PWSTR* SearchPaths
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrGetDllDirectory(
- _Out_ PUNICODE_STRING DllDirectory
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrSetDllDirectory(
- _In_ PUNICODE_STRING DllDirectory
- );
-#endif
-
-#define LDR_ADDREF_DLL_PIN 0x00000001
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrAddRefDll(
- _In_ ULONG Flags,
- _In_ PVOID DllHandle
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrGetProcedureAddress(
- _In_ PVOID DllHandle,
- _In_opt_ PANSI_STRING ProcedureName,
- _In_opt_ ULONG ProcedureNumber,
- _Out_ PVOID *ProcedureAddress
- );
-
-// rev
-#define LDR_GET_PROCEDURE_ADDRESS_DONT_RECORD_FORWARDER 0x00000001
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrGetProcedureAddressEx(
- _In_ PVOID DllHandle,
- _In_opt_ PANSI_STRING ProcedureName,
- _In_opt_ ULONG ProcedureNumber,
- _Out_ PVOID *ProcedureAddress,
- _In_ ULONG Flags
- );
-#endif
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrGetKnownDllSectionHandle(
- _In_ PCWSTR DllName,
- _In_ BOOLEAN KnownDlls32,
- _Out_ PHANDLE Section
- );
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrGetProcedureAddressForCaller(
- _In_ PVOID DllHandle,
- _In_opt_ PANSI_STRING ProcedureName,
- _In_opt_ ULONG ProcedureNumber,
- _Out_ PVOID *ProcedureAddress,
- _In_ ULONG Flags,
- _In_ PVOID *Callback
- );
-#endif
-
-#define LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS 0x00000001
-#define LDR_LOCK_LOADER_LOCK_FLAG_TRY_ONLY 0x00000002
-
-#define LDR_LOCK_LOADER_LOCK_DISPOSITION_INVALID 0
-#define LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_ACQUIRED 1
-#define LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_NOT_ACQUIRED 2
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrLockLoaderLock(
- _In_ ULONG Flags,
- _Out_opt_ ULONG *Disposition,
- _Out_opt_ PVOID *Cookie
- );
-
-#define LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS 0x00000001
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrUnlockLoaderLock(
- _In_ ULONG Flags,
- _In_opt_ PVOID Cookie
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrRelocateImage(
- _In_ PVOID NewBase,
- _In_opt_ PSTR LoaderName,
- _In_ NTSTATUS Success,
- _In_ NTSTATUS Conflict,
- _In_ NTSTATUS Invalid
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrRelocateImageWithBias(
- _In_ PVOID NewBase,
- _In_opt_ LONGLONG Bias,
- _In_opt_ PSTR LoaderName,
- _In_ NTSTATUS Success,
- _In_ NTSTATUS Conflict,
- _In_ NTSTATUS Invalid
- );
-
-NTSYSAPI
-PIMAGE_BASE_RELOCATION
-NTAPI
-LdrProcessRelocationBlock(
- _In_ ULONG_PTR VA,
- _In_ ULONG SizeOfBlock,
- _In_ PUSHORT NextOffset,
- _In_ LONG_PTR Diff
- );
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-NTSYSAPI
-PIMAGE_BASE_RELOCATION
-NTAPI
-LdrProcessRelocationBlockEx(
- _In_ ULONG Machine, // IMAGE_FILE_MACHINE_AMD64|IMAGE_FILE_MACHINE_ARM|IMAGE_FILE_MACHINE_THUMB|IMAGE_FILE_MACHINE_ARMNT
- _In_ ULONG_PTR VA,
- _In_ ULONG SizeOfBlock,
- _In_ PUSHORT NextOffset,
- _In_ LONG_PTR Diff
- );
-#endif
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-LdrVerifyMappedImageMatchesChecksum(
- _In_ PVOID BaseAddress,
- _In_ SIZE_T NumberOfBytes,
- _In_ ULONG FileLength
- );
-
-typedef VOID (NTAPI *PLDR_IMPORT_MODULE_CALLBACK)(
- _In_ PVOID Parameter,
- _In_ PSTR ModuleName
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrVerifyImageMatchesChecksum(
- _In_ HANDLE ImageFileHandle,
- _In_opt_ PLDR_IMPORT_MODULE_CALLBACK ImportCallbackRoutine,
- _In_ PVOID ImportCallbackParameter,
- _Out_opt_ PUSHORT ImageCharacteristics
- );
-
-// private
-typedef struct _LDR_IMPORT_CALLBACK_INFO
-{
- PLDR_IMPORT_MODULE_CALLBACK ImportCallbackRoutine;
- PVOID ImportCallbackParameter;
-} LDR_IMPORT_CALLBACK_INFO, *PLDR_IMPORT_CALLBACK_INFO;
-
-// private
-typedef struct _LDR_SECTION_INFO
-{
- HANDLE SectionHandle;
- ACCESS_MASK DesiredAccess;
- POBJECT_ATTRIBUTES ObjA;
- ULONG SectionPageProtection;
- ULONG AllocationAttributes;
-} LDR_SECTION_INFO, *PLDR_SECTION_INFO;
-
-// private
-typedef struct _LDR_VERIFY_IMAGE_INFO
-{
- ULONG Size;
- ULONG Flags;
- LDR_IMPORT_CALLBACK_INFO CallbackInfo;
- LDR_SECTION_INFO SectionInfo;
- USHORT ImageCharacteristics;
-} LDR_VERIFY_IMAGE_INFO, *PLDR_VERIFY_IMAGE_INFO;
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrVerifyImageMatchesChecksumEx(
- _In_ HANDLE ImageFileHandle,
- _Inout_ PLDR_VERIFY_IMAGE_INFO VerifyInfo
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrQueryModuleServiceTags(
- _In_ PVOID DllHandle,
- _Out_writes_(*BufferSize) PULONG ServiceTagBuffer,
- _Inout_ PULONG BufferSize
- );
-#endif
-
-// begin_msdn:"DLL Load Notification"
-
-#define LDR_DLL_NOTIFICATION_REASON_LOADED 1
-#define LDR_DLL_NOTIFICATION_REASON_UNLOADED 2
-
-typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA
-{
- ULONG Flags;
- PUNICODE_STRING FullDllName;
- PUNICODE_STRING BaseDllName;
- PVOID DllBase;
- ULONG SizeOfImage;
-} LDR_DLL_LOADED_NOTIFICATION_DATA, *PLDR_DLL_LOADED_NOTIFICATION_DATA;
-
-typedef struct _LDR_DLL_UNLOADED_NOTIFICATION_DATA
-{
- ULONG Flags;
- PCUNICODE_STRING FullDllName;
- PCUNICODE_STRING BaseDllName;
- PVOID DllBase;
- ULONG SizeOfImage;
-} LDR_DLL_UNLOADED_NOTIFICATION_DATA, *PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
-
-typedef union _LDR_DLL_NOTIFICATION_DATA
-{
- LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
- LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
-} LDR_DLL_NOTIFICATION_DATA, *PLDR_DLL_NOTIFICATION_DATA;
-
-typedef VOID (NTAPI *PLDR_DLL_NOTIFICATION_FUNCTION)(
- _In_ ULONG NotificationReason,
- _In_ PLDR_DLL_NOTIFICATION_DATA NotificationData,
- _In_opt_ PVOID Context
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrRegisterDllNotification(
- _In_ ULONG Flags,
- _In_ PLDR_DLL_NOTIFICATION_FUNCTION NotificationFunction,
- _In_opt_ PVOID Context,
- _Out_ PVOID *Cookie
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrUnregisterDllNotification(
- _In_ PVOID Cookie
- );
-
-#endif
-
-// end_msdn
-
-// rev
-NTSYSAPI
-PUNICODE_STRING
-NTAPI
-LdrStandardizeSystemPath(
- _In_ PUNICODE_STRING SystemPath
- );
-
-#if (PHNT_VERSION >= PHNT_WINBLUE)
-typedef struct _LDR_FAILURE_DATA
-{
- NTSTATUS Status;
- WCHAR DllName[0x20];
- WCHAR AdditionalInfo[0x20];
-} LDR_FAILURE_DATA, *PLDR_FAILURE_DATA;
-
-NTSYSAPI
-PLDR_FAILURE_DATA
-NTAPI
-LdrGetFailureData(
- VOID
- );
-#endif
-
-// private
-typedef struct _PS_MITIGATION_OPTIONS_MAP
-{
- ULONG_PTR Map[3]; // 2 < 20H1
-} PS_MITIGATION_OPTIONS_MAP, *PPS_MITIGATION_OPTIONS_MAP;
-
-// private
-typedef struct _PS_MITIGATION_AUDIT_OPTIONS_MAP
-{
- ULONG_PTR Map[3]; // 2 < 20H1
-} PS_MITIGATION_AUDIT_OPTIONS_MAP, *PPS_MITIGATION_AUDIT_OPTIONS_MAP;
-
-// private
-typedef struct _PS_SYSTEM_DLL_INIT_BLOCK
-{
- ULONG Size;
- ULONG_PTR SystemDllWowRelocation;
- ULONG_PTR SystemDllNativeRelocation;
- ULONG_PTR Wow64SharedInformation[16]; // use WOW64_SHARED_INFORMATION as index
- ULONG RngData;
- union
- {
- ULONG Flags;
- struct
- {
- ULONG CfgOverride : 1;
- ULONG Reserved : 31;
- };
- };
- PS_MITIGATION_OPTIONS_MAP MitigationOptionsMap;
- ULONG_PTR CfgBitMap;
- ULONG_PTR CfgBitMapSize;
- ULONG_PTR Wow64CfgBitMap;
- ULONG_PTR Wow64CfgBitMapSize;
- PS_MITIGATION_AUDIT_OPTIONS_MAP MitigationAuditOptionsMap; // REDSTONE3
-} PS_SYSTEM_DLL_INIT_BLOCK, *PPS_SYSTEM_DLL_INIT_BLOCK;
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-// rev
-NTSYSAPI PS_SYSTEM_DLL_INIT_BLOCK LdrSystemDllInitBlock;
-#endif
-
-// Load as data table
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-typedef struct _ACTIVATION_CONTEXT *PACTIVATION_CONTEXT;
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrAddLoadAsDataTable(
- _In_ PVOID Module,
- _In_ PWSTR FilePath,
- _In_ SIZE_T Size,
- _In_ HANDLE Handle,
- _In_opt_ PACTIVATION_CONTEXT ActCtx
- );
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrRemoveLoadAsDataTable(
- _In_ PVOID InitModule,
- _Out_opt_ PVOID *BaseModule,
- _Out_opt_ PSIZE_T Size,
- _In_ ULONG Flags
- );
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrGetFileNameFromLoadAsDataTable(
- _In_ PVOID Module,
- _Out_ PVOID *pFileNamePrt
- );
-
-#endif
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrDisableThreadCalloutsForDll(
- _In_ PVOID DllImageBase
- );
-
-// Resources
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrAccessResource(
- _In_ PVOID DllHandle,
- _In_ PIMAGE_RESOURCE_DATA_ENTRY ResourceDataEntry,
- _Out_opt_ PVOID *ResourceBuffer,
- _Out_opt_ ULONG *ResourceLength
- );
-
-typedef struct _LDR_RESOURCE_INFO
-{
- ULONG_PTR Type;
- ULONG_PTR Name;
- ULONG_PTR Language;
-} LDR_RESOURCE_INFO, *PLDR_RESOURCE_INFO;
-
-#define RESOURCE_TYPE_LEVEL 0
-#define RESOURCE_NAME_LEVEL 1
-#define RESOURCE_LANGUAGE_LEVEL 2
-#define RESOURCE_DATA_LEVEL 3
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrFindResource_U(
- _In_ PVOID DllHandle,
- _In_ PLDR_RESOURCE_INFO ResourceInfo,
- _In_ ULONG Level,
- _Out_ PIMAGE_RESOURCE_DATA_ENTRY *ResourceDataEntry
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrFindResourceEx_U(
- _In_ ULONG Flags,
- _In_ PVOID DllHandle,
- _In_ PLDR_RESOURCE_INFO ResourceInfo,
- _In_ ULONG Level,
- _Out_ PIMAGE_RESOURCE_DATA_ENTRY *ResourceDataEntry
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrFindResourceDirectory_U(
- _In_ PVOID DllHandle,
- _In_ PLDR_RESOURCE_INFO ResourceInfo,
- _In_ ULONG Level,
- _Out_ PIMAGE_RESOURCE_DIRECTORY *ResourceDirectory
- );
-
-// private
-typedef struct _LDR_ENUM_RESOURCE_ENTRY
-{
- union
- {
- ULONG_PTR NameOrId;
- PIMAGE_RESOURCE_DIRECTORY_STRING Name;
- struct
- {
- USHORT Id;
- USHORT NameIsPresent;
- };
- } Path[3];
- PVOID Data;
- ULONG Size;
- ULONG Reserved;
-} LDR_ENUM_RESOURCE_ENTRY, *PLDR_ENUM_RESOURCE_ENTRY;
-
-#define NAME_FROM_RESOURCE_ENTRY(RootDirectory, Entry) \
- ((Entry)->NameIsString ? (ULONG_PTR)((ULONG_PTR)(RootDirectory) + (ULONG_PTR)((Entry)->NameOffset)) : (Entry)->Id)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrEnumResources(
- _In_ PVOID DllHandle,
- _In_ PLDR_RESOURCE_INFO ResourceInfo,
- _In_ ULONG Level,
- _Inout_ ULONG *ResourceCount,
- _Out_writes_to_opt_(*ResourceCount, *ResourceCount) PLDR_ENUM_RESOURCE_ENTRY Resources
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrFindEntryForAddress(
- _In_ PVOID DllHandle,
- _Out_ PLDR_DATA_TABLE_ENTRY *Entry
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrLoadAlternateResourceModule(
- _In_ PVOID DllHandle,
- _Out_ PVOID *ResourceDllBase,
- _Out_opt_ ULONG_PTR *ResourceOffset,
- _In_ ULONG Flags
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrLoadAlternateResourceModuleEx(
- _In_ PVOID DllHandle,
- _In_ LANGID LanguageId,
- _Out_ PVOID *ResourceDllBase,
- _Out_opt_ ULONG_PTR *ResourceOffset,
- _In_ ULONG Flags
- );
-
-// rev
-NTSYSAPI
-BOOLEAN
-NTAPI
-LdrUnloadAlternateResourceModule(
- _In_ PVOID DllHandle
- );
-
-// rev
-NTSYSAPI
-BOOLEAN
-NTAPI
-LdrUnloadAlternateResourceModuleEx(
- _In_ PVOID DllHandle,
- _In_ ULONG Flags
- );
-
-#endif // (PHNT_MODE != PHNT_MODE_KERNEL)
-
-// Module information
-
-typedef struct _RTL_PROCESS_MODULE_INFORMATION
-{
- PVOID Section;
- PVOID MappedBase;
- PVOID ImageBase;
- ULONG ImageSize;
- ULONG Flags;
- USHORT LoadOrderIndex;
- USHORT InitOrderIndex;
- USHORT LoadCount;
- USHORT OffsetToFileName;
- UCHAR FullPathName[256];
-} RTL_PROCESS_MODULE_INFORMATION, *PRTL_PROCESS_MODULE_INFORMATION;
-
-typedef struct _RTL_PROCESS_MODULES
-{
- ULONG NumberOfModules;
- _Field_size_(NumberOfModules) RTL_PROCESS_MODULE_INFORMATION Modules[1];
-} RTL_PROCESS_MODULES, *PRTL_PROCESS_MODULES;
-
-// private
-typedef struct _RTL_PROCESS_MODULE_INFORMATION_EX
-{
- USHORT NextOffset;
- RTL_PROCESS_MODULE_INFORMATION BaseInfo;
- ULONG ImageChecksum;
- ULONG TimeDateStamp;
- PVOID DefaultBase;
-} RTL_PROCESS_MODULE_INFORMATION_EX, *PRTL_PROCESS_MODULE_INFORMATION_EX;
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrQueryProcessModuleInformation(
- _In_opt_ PRTL_PROCESS_MODULES ModuleInformation,
- _In_opt_ ULONG Size,
- _Out_ PULONG ReturnedSize
- );
-
-typedef VOID (NTAPI *PLDR_ENUM_CALLBACK)(
- _In_ PLDR_DATA_TABLE_ENTRY ModuleInformation,
- _In_ PVOID Parameter,
- _Out_ BOOLEAN *Stop
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrEnumerateLoadedModules(
- _In_ BOOLEAN ReservedFlag,
- _In_ PLDR_ENUM_CALLBACK EnumProc,
- _In_ PVOID Context
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrOpenImageFileOptionsKey(
- _In_ PUNICODE_STRING SubKey,
- _In_ BOOLEAN Wow64,
- _Out_ PHANDLE NewKeyHandle
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrQueryImageFileKeyOption(
- _In_ HANDLE KeyHandle,
- _In_ PCWSTR ValueName,
- _In_ ULONG Type,
- _Out_ PVOID Buffer,
- _In_ ULONG BufferSize,
- _Out_opt_ PULONG ReturnedLength
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrQueryImageFileExecutionOptions(
- _In_ PUNICODE_STRING SubKey,
- _In_ PCWSTR ValueName,
- _In_ ULONG ValueSize,
- _Out_ PVOID Buffer,
- _In_ ULONG BufferSize,
- _Out_opt_ PULONG ReturnedLength
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrQueryImageFileExecutionOptionsEx(
- _In_ PUNICODE_STRING SubKey,
- _In_ PCWSTR ValueName,
- _In_ ULONG Type,
- _Out_ PVOID Buffer,
- _In_ ULONG BufferSize,
- _Out_opt_ PULONG ReturnedLength,
- _In_ BOOLEAN Wow64
- );
-
-// private
-typedef struct _DELAYLOAD_PROC_DESCRIPTOR
-{
- ULONG ImportDescribedByName;
- union
- {
- PCSTR Name;
- ULONG Ordinal;
- } Description;
-} DELAYLOAD_PROC_DESCRIPTOR, *PDELAYLOAD_PROC_DESCRIPTOR;
-
-// private
-typedef struct _DELAYLOAD_INFO
-{
- ULONG Size;
- PCIMAGE_DELAYLOAD_DESCRIPTOR DelayloadDescriptor;
- PIMAGE_THUNK_DATA ThunkAddress;
- PCSTR TargetDllName;
- DELAYLOAD_PROC_DESCRIPTOR TargetApiDescriptor;
- PVOID TargetModuleBase;
- PVOID Unused;
- ULONG LastError;
-} DELAYLOAD_INFO, *PDELAYLOAD_INFO;
-
-// private
-typedef PVOID (NTAPI *PDELAYLOAD_FAILURE_DLL_CALLBACK)(
- _In_ ULONG NotificationReason,
- _In_ PDELAYLOAD_INFO DelayloadInfo
- );
-
-// rev
-typedef PVOID (NTAPI *PDELAYLOAD_FAILURE_SYSTEM_ROUTINE)(
- _In_ PCSTR DllName,
- _In_ PCSTR ProcedureName
- );
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-// rev from QueryOptionalDelayLoadedAPI
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrQueryOptionalDelayLoadedAPI(
- _In_ PVOID ParentModuleBase,
- _In_ PCSTR DllName,
- _In_ PCSTR ProcedureName,
- _Reserved_ ULONG Flags
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-// rev from ResolveDelayLoadedAPI
-NTSYSAPI
-PVOID
-NTAPI
-LdrResolveDelayLoadedAPI(
- _In_ PVOID ParentModuleBase,
- _In_ PCIMAGE_DELAYLOAD_DESCRIPTOR DelayloadDescriptor,
- _In_opt_ PDELAYLOAD_FAILURE_DLL_CALLBACK FailureDllHook,
- _In_opt_ PDELAYLOAD_FAILURE_SYSTEM_ROUTINE FailureSystemHook, // kernel32.DelayLoadFailureHook
- _Out_ PIMAGE_THUNK_DATA ThunkAddress,
- _Reserved_ ULONG Flags
- );
-
-// rev from ResolveDelayLoadsFromDll
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrResolveDelayLoadsFromDll(
- _In_ PVOID ParentModuleBase,
- _In_ PCSTR TargetDllName,
- _Reserved_ ULONG Flags
- );
-
-// rev from SetDefaultDllDirectories
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrSetDefaultDllDirectories(
- _In_ ULONG DirectoryFlags
- );
-
-// rev from AddDllDirectory
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrAddDllDirectory(
- _In_ PUNICODE_STRING NewDirectory,
- _Out_ PDLL_DIRECTORY_COOKIE Cookie
- );
-
-// rev from RemoveDllDirectory
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrRemoveDllDirectory(
- _In_ DLL_DIRECTORY_COOKIE Cookie
- );
-#endif
-
-// rev
-DECLSPEC_NORETURN
-NTSYSAPI
-VOID
-NTAPI
-LdrShutdownProcess(
- VOID
- );
-
-// rev
-DECLSPEC_NORETURN
-NTSYSAPI
-VOID
-NTAPI
-LdrShutdownThread(
- VOID
- );
-
-#if (PHNT_VERSION >= PHNT_WINBLUE)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrSetImplicitPathOptions(
- _In_ ULONG ImplicitPathOptions
- );
-
-// rev
-NTSYSAPI
-BOOLEAN
-NTAPI
-LdrControlFlowGuardEnforced(
- VOID
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_19H1)
-// rev
-NTSYSAPI
-BOOLEAN
-NTAPI
-LdrIsModuleSxsRedirected(
- _In_ PVOID DllHandle
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrUpdatePackageSearchPath(
- _In_ PWSTR SearchPath
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-
-// rev
-#define ENCLAVE_STATE_CREATED 0x00000000ul // LdrpCreateSoftwareEnclave initial state
-#define ENCLAVE_STATE_INITIALIZED 0x00000001ul // ZwInitializeEnclave successful (LdrInitializeEnclave)
-#define ENCLAVE_STATE_INITIALIZED_VBS 0x00000002ul // only for ENCLAVE_TYPE_VBS (LdrInitializeEnclave)
-
-// rev
-typedef struct _LDR_SOFTWARE_ENCLAVE
-{
- LIST_ENTRY Links; // ntdll!LdrpEnclaveList
- RTL_CRITICAL_SECTION CriticalSection;
- ULONG EnclaveType; // ENCLAVE_TYPE_*
- LONG ReferenceCount;
- ULONG EnclaveState; // ENCLAVE_STATE_*
- PVOID BaseAddress;
- SIZE_T Size;
- PVOID PreviousBaseAddress;
- LIST_ENTRY Modules; // LDR_DATA_TABLE_ENTRY.InLoadOrderLinks
- PLDR_DATA_TABLE_ENTRY PrimaryModule;
- PLDR_DATA_TABLE_ENTRY BCryptModule;
- PLDR_DATA_TABLE_ENTRY BCryptPrimitivesModule;
-} LDR_SOFTWARE_ENCLAVE, *PLDR_SOFTWARE_ENCLAVE;
-
-// rev from CreateEnclave
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrCreateEnclave(
- _In_ HANDLE ProcessHandle,
- _Inout_ PVOID* BaseAddress,
- _In_ ULONG Reserved,
- _In_ SIZE_T Size,
- _In_ SIZE_T InitialCommitment,
- _In_ ULONG EnclaveType,
- _In_reads_bytes_(EnclaveInformationLength) PVOID EnclaveInformation,
- _In_ ULONG EnclaveInformationLength,
- _Out_ PULONG EnclaveError
- );
-
-// rev from InitializeEnclave
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrInitializeEnclave(
- _In_ HANDLE ProcessHandle,
- _In_ PVOID BaseAddress,
- _In_reads_bytes_(EnclaveInformationLength) PVOID EnclaveInformation,
- _In_ ULONG EnclaveInformationLength,
- _Out_ PULONG EnclaveError
- );
-
-// rev from DeleteEnclave
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrDeleteEnclave(
- _In_ PVOID BaseAddress
- );
-
-// rev from CallEnclave
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrCallEnclave(
- _In_ PENCLAVE_ROUTINE Routine,
- _In_ ULONG Flags, // ENCLAVE_CALL_FLAG_*
- _Inout_ PVOID* RoutineParamReturn
- );
-
-// rev from LoadEnclaveImage
-NTSYSAPI
-NTSTATUS
-NTAPI
-LdrLoadEnclaveModule(
- _In_ PVOID BaseAddress,
- _In_opt_ PWSTR DllPath,
- _In_ PUNICODE_STRING DllName
- );
-
-#endif
-
-#endif // (PHNT_MODE != PHNT_MODE_KERNEL)
-
-#endif
diff --git a/deps/phnt-nightly/ntlpcapi.h b/deps/phnt-nightly/ntlpcapi.h
deleted file mode 100644
index 8bc4702..0000000
--- a/deps/phnt-nightly/ntlpcapi.h
+++ /dev/null
@@ -1,1055 +0,0 @@
-/*
- * Local Inter-process Communication support functions
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTLPCAPI_H
-#define _NTLPCAPI_H
-
-#define PORT_CONNECT 0x0001
-#define PORT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1)
-
-typedef struct _PORT_MESSAGE
-{
- union
- {
- struct
- {
- CSHORT DataLength;
- CSHORT TotalLength;
- } s1;
- ULONG Length;
- } u1;
- union
- {
- struct
- {
- CSHORT Type;
- CSHORT DataInfoOffset;
- } s2;
- ULONG ZeroInit;
- } u2;
- union
- {
- CLIENT_ID ClientId;
- double DoNotUseThisField;
- };
- ULONG MessageId;
- union
- {
- SIZE_T ClientViewSize; // only valid for LPC_CONNECTION_REQUEST messages
- ULONG CallbackId; // only valid for LPC_REQUEST messages
- };
-} PORT_MESSAGE, *PPORT_MESSAGE;
-
-typedef struct _PORT_DATA_ENTRY
-{
- PVOID Base;
- ULONG Size;
-} PORT_DATA_ENTRY, *PPORT_DATA_ENTRY;
-
-typedef struct _PORT_DATA_INFORMATION
-{
- ULONG CountDataEntries;
- _Field_size_(CountDataEntries) PORT_DATA_ENTRY DataEntries[1];
-} PORT_DATA_INFORMATION, *PPORT_DATA_INFORMATION;
-
-#define LPC_REQUEST 1
-#define LPC_REPLY 2
-#define LPC_DATAGRAM 3
-#define LPC_LOST_REPLY 4
-#define LPC_PORT_CLOSED 5
-#define LPC_CLIENT_DIED 6
-#define LPC_EXCEPTION 7
-#define LPC_DEBUG_EVENT 8
-#define LPC_ERROR_EVENT 9
-#define LPC_CONNECTION_REQUEST 10
-#define LPC_CONTINUATION_REQUIRED 0x2000
-
-#define LPC_KERNELMODE_MESSAGE (CSHORT)0x8000
-#define LPC_NO_IMPERSONATE (CSHORT)0x4000
-
-#define PORT_VALID_OBJECT_ATTRIBUTES OBJ_CASE_INSENSITIVE
-
-#ifdef _WIN64
-#define PORT_MAXIMUM_MESSAGE_LENGTH 512
-#else
-#define PORT_MAXIMUM_MESSAGE_LENGTH 256
-#endif
-
-#define LPC_MAX_CONNECTION_INFO_SIZE (16 * sizeof(ULONG_PTR))
-
-#define PORT_TOTAL_MAXIMUM_MESSAGE_LENGTH \
- ((PORT_MAXIMUM_MESSAGE_LENGTH + sizeof(PORT_MESSAGE) + LPC_MAX_CONNECTION_INFO_SIZE + 0xf) & ~0xf)
-
-typedef struct _LPC_CLIENT_DIED_MSG
-{
- PORT_MESSAGE PortMsg;
- LARGE_INTEGER CreateTime;
-} LPC_CLIENT_DIED_MSG, *PLPC_CLIENT_DIED_MSG;
-
-typedef struct _PORT_VIEW
-{
- ULONG Length;
- HANDLE SectionHandle;
- ULONG SectionOffset;
- SIZE_T ViewSize;
- PVOID ViewBase;
- PVOID ViewRemoteBase;
-} PORT_VIEW, *PPORT_VIEW;
-
-typedef struct _REMOTE_PORT_VIEW
-{
- ULONG Length;
- SIZE_T ViewSize;
- PVOID ViewBase;
-} REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW;
-
-// WOW64 definitions
-
-// Except in a small number of special cases, WOW64 programs using the LPC APIs must use the 64-bit versions of the
-// PORT_MESSAGE, PORT_VIEW and REMOTE_PORT_VIEW data structures. Note that we take a different approach than the
-// official NT headers, which produce 64-bit versions in a 32-bit environment when USE_LPC6432 is defined.
-
-typedef struct _PORT_MESSAGE64
-{
- union
- {
- struct
- {
- CSHORT DataLength;
- CSHORT TotalLength;
- } s1;
- ULONG Length;
- } u1;
- union
- {
- struct
- {
- CSHORT Type;
- CSHORT DataInfoOffset;
- } s2;
- ULONG ZeroInit;
- } u2;
- union
- {
- CLIENT_ID64 ClientId;
- double DoNotUseThisField;
- };
- ULONG MessageId;
- union
- {
- ULONGLONG ClientViewSize; // only valid for LPC_CONNECTION_REQUEST messages
- ULONG CallbackId; // only valid for LPC_REQUEST messages
- };
-} PORT_MESSAGE64, *PPORT_MESSAGE64;
-
-typedef struct _LPC_CLIENT_DIED_MSG64
-{
- PORT_MESSAGE64 PortMsg;
- LARGE_INTEGER CreateTime;
-} LPC_CLIENT_DIED_MSG64, *PLPC_CLIENT_DIED_MSG64;
-
-typedef struct _PORT_VIEW64
-{
- ULONG Length;
- ULONGLONG SectionHandle;
- ULONG SectionOffset;
- ULONGLONG ViewSize;
- ULONGLONG ViewBase;
- ULONGLONG ViewRemoteBase;
-} PORT_VIEW64, *PPORT_VIEW64;
-
-typedef struct _REMOTE_PORT_VIEW64
-{
- ULONG Length;
- ULONGLONG ViewSize;
- ULONGLONG ViewBase;
-} REMOTE_PORT_VIEW64, *PREMOTE_PORT_VIEW64;
-
-// Port creation
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreatePort(
- _Out_ PHANDLE PortHandle,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ ULONG MaxConnectionInfoLength,
- _In_ ULONG MaxMessageLength,
- _In_opt_ ULONG MaxPoolUsage
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateWaitablePort(
- _Out_ PHANDLE PortHandle,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ ULONG MaxConnectionInfoLength,
- _In_ ULONG MaxMessageLength,
- _In_opt_ ULONG MaxPoolUsage
- );
-
-// Port connection (client)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtConnectPort(
- _Out_ PHANDLE PortHandle,
- _In_ PUNICODE_STRING PortName,
- _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQos,
- _Inout_opt_ PPORT_VIEW ClientView,
- _Inout_opt_ PREMOTE_PORT_VIEW ServerView,
- _Out_opt_ PULONG MaxMessageLength,
- _Inout_updates_bytes_to_opt_(*ConnectionInformationLength, *ConnectionInformationLength) PVOID ConnectionInformation,
- _Inout_opt_ PULONG ConnectionInformationLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSecureConnectPort(
- _Out_ PHANDLE PortHandle,
- _In_ PUNICODE_STRING PortName,
- _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQos,
- _Inout_opt_ PPORT_VIEW ClientView,
- _In_opt_ PSID RequiredServerSid,
- _Inout_opt_ PREMOTE_PORT_VIEW ServerView,
- _Out_opt_ PULONG MaxMessageLength,
- _Inout_updates_bytes_to_opt_(*ConnectionInformationLength, *ConnectionInformationLength) PVOID ConnectionInformation,
- _Inout_opt_ PULONG ConnectionInformationLength
- );
-
-// Port connection (server)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtListenPort(
- _In_ HANDLE PortHandle,
- _Out_ PPORT_MESSAGE ConnectionRequest
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAcceptConnectPort(
- _Out_ PHANDLE PortHandle,
- _In_opt_ PVOID PortContext,
- _In_ PPORT_MESSAGE ConnectionRequest,
- _In_ BOOLEAN AcceptConnection,
- _Inout_opt_ PPORT_VIEW ServerView,
- _Out_opt_ PREMOTE_PORT_VIEW ClientView
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCompleteConnectPort(
- _In_ HANDLE PortHandle
- );
-
-// General
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtRequestPort(
- _In_ HANDLE PortHandle,
- _In_reads_bytes_(RequestMessage->u1.s1.TotalLength) PPORT_MESSAGE RequestMessage
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtRequestWaitReplyPort(
- _In_ HANDLE PortHandle,
- _In_reads_bytes_(RequestMessage->u1.s1.TotalLength) PPORT_MESSAGE RequestMessage,
- _Out_ PPORT_MESSAGE ReplyMessage
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtReplyPort(
- _In_ HANDLE PortHandle,
- _In_reads_bytes_(ReplyMessage->u1.s1.TotalLength) PPORT_MESSAGE ReplyMessage
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtReplyWaitReplyPort(
- _In_ HANDLE PortHandle,
- _Inout_ PPORT_MESSAGE ReplyMessage
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtReplyWaitReceivePort(
- _In_ HANDLE PortHandle,
- _Out_opt_ PVOID *PortContext,
- _In_reads_bytes_opt_(ReplyMessage->u1.s1.TotalLength) PPORT_MESSAGE ReplyMessage,
- _Out_ PPORT_MESSAGE ReceiveMessage
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtReplyWaitReceivePortEx(
- _In_ HANDLE PortHandle,
- _Out_opt_ PVOID *PortContext,
- _In_reads_bytes_opt_(ReplyMessage->u1.s1.TotalLength) PPORT_MESSAGE ReplyMessage,
- _Out_ PPORT_MESSAGE ReceiveMessage,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtImpersonateClientOfPort(
- _In_ HANDLE PortHandle,
- _In_ PPORT_MESSAGE Message
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtReadRequestData(
- _In_ HANDLE PortHandle,
- _In_ PPORT_MESSAGE Message,
- _In_ ULONG DataEntryIndex,
- _Out_writes_bytes_to_(BufferSize, *NumberOfBytesRead) PVOID Buffer,
- _In_ SIZE_T BufferSize,
- _Out_opt_ PSIZE_T NumberOfBytesRead
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtWriteRequestData(
- _In_ HANDLE PortHandle,
- _In_ PPORT_MESSAGE Message,
- _In_ ULONG DataEntryIndex,
- _In_reads_bytes_(BufferSize) PVOID Buffer,
- _In_ SIZE_T BufferSize,
- _Out_opt_ PSIZE_T NumberOfBytesWritten
- );
-
-typedef enum _PORT_INFORMATION_CLASS
-{
- PortBasicInformation,
- PortDumpInformation
-} PORT_INFORMATION_CLASS;
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryInformationPort(
- _In_ HANDLE PortHandle,
- _In_ PORT_INFORMATION_CLASS PortInformationClass,
- _Out_writes_bytes_to_(Length, *ReturnLength) PVOID PortInformation,
- _In_ ULONG Length,
- _Out_opt_ PULONG ReturnLength
- );
-
-// Asynchronous Local Inter-process Communication
-
-// rev
-typedef HANDLE ALPC_HANDLE, *PALPC_HANDLE;
-
-#define ALPC_PORFLG_LPC_MODE 0x1000 // kernel only
-#define ALPC_PORFLG_ALLOW_IMPERSONATION 0x10000
-#define ALPC_PORFLG_ALLOW_LPC_REQUESTS 0x20000 // rev
-#define ALPC_PORFLG_WAITABLE_PORT 0x40000 // dbg
-#define ALPC_PORFLG_ALLOW_DUP_OBJECT 0x80000
-#define ALPC_PORFLG_SYSTEM_PROCESS 0x100000 // dbg
-#define ALPC_PORFLG_WAKE_POLICY1 0x200000
-#define ALPC_PORFLG_WAKE_POLICY2 0x400000
-#define ALPC_PORFLG_WAKE_POLICY3 0x800000
-#define ALPC_PORFLG_DIRECT_MESSAGE 0x1000000
-#define ALPC_PORFLG_ALLOW_MULTIHANDLE_ATTRIBUTE 0x2000000
-
-#define ALPC_PORFLG_OBJECT_TYPE_FILE 0x0001
-#define ALPC_PORFLG_OBJECT_TYPE_INVALID 0x0002
-#define ALPC_PORFLG_OBJECT_TYPE_THREAD 0x0004
-#define ALPC_PORFLG_OBJECT_TYPE_SEMAPHORE 0x0008
-#define ALPC_PORFLG_OBJECT_TYPE_EVENT 0x0010
-#define ALPC_PORFLG_OBJECT_TYPE_PROCESS 0X0020
-#define ALPC_PORFLG_OBJECT_TYPE_MUTEX 0x0040
-#define ALPC_PORFLG_OBJECT_TYPE_SECTION 0x0080
-#define ALPC_PORFLG_OBJECT_TYPE_REGKEY 0x0100
-#define ALPC_PORFLG_OBJECT_TYPE_TOKEN 0x0200
-#define ALPC_PORFLG_OBJECT_TYPE_COMPOSITION 0x0400
-#define ALPC_PORFLG_OBJECT_TYPE_JOB 0x0800
-#define ALPC_PORFLG_OBJECT_TYPE_ALL \
- (ALPC_PORFLG_OBJECT_TYPE_FILE | ALPC_PORFLG_OBJECT_TYPE_THREAD | \
- ALPC_PORFLG_OBJECT_TYPE_SEMAPHORE | ALPC_PORFLG_OBJECT_TYPE_EVENT | \
- ALPC_PORFLG_OBJECT_TYPE_PROCESS | ALPC_PORFLG_OBJECT_TYPE_MUTEX | \
- ALPC_PORFLG_OBJECT_TYPE_SECTION | ALPC_PORFLG_OBJECT_TYPE_REGKEY | \
- ALPC_PORFLG_OBJECT_TYPE_TOKEN | ALPC_PORFLG_OBJECT_TYPE_COMPOSITION | \
- ALPC_PORFLG_OBJECT_TYPE_JOB)
-
-// symbols
-typedef struct _ALPC_PORT_ATTRIBUTES
-{
- ULONG Flags;
- SECURITY_QUALITY_OF_SERVICE SecurityQos;
- SIZE_T MaxMessageLength;
- SIZE_T MemoryBandwidth;
- SIZE_T MaxPoolUsage;
- SIZE_T MaxSectionSize;
- SIZE_T MaxViewSize;
- SIZE_T MaxTotalSectionSize;
- ULONG DupObjectTypes;
-#ifdef _WIN64
- ULONG Reserved;
-#endif
-} ALPC_PORT_ATTRIBUTES, *PALPC_PORT_ATTRIBUTES;
-
-// begin_rev
-#define ALPC_MESSAGE_SECURITY_ATTRIBUTE 0x80000000
-#define ALPC_MESSAGE_VIEW_ATTRIBUTE 0x40000000
-#define ALPC_MESSAGE_CONTEXT_ATTRIBUTE 0x20000000
-#define ALPC_MESSAGE_HANDLE_ATTRIBUTE 0x10000000
-// end_rev
-
-// symbols
-typedef struct _ALPC_MESSAGE_ATTRIBUTES
-{
- ULONG AllocatedAttributes;
- ULONG ValidAttributes;
-} ALPC_MESSAGE_ATTRIBUTES, *PALPC_MESSAGE_ATTRIBUTES;
-
-// symbols
-typedef struct _ALPC_COMPLETION_LIST_STATE
-{
- union
- {
- struct
- {
- ULONG64 Head : 24;
- ULONG64 Tail : 24;
- ULONG64 ActiveThreadCount : 16;
- } s1;
- ULONG64 Value;
- } u1;
-} ALPC_COMPLETION_LIST_STATE, *PALPC_COMPLETION_LIST_STATE;
-
-#define ALPC_COMPLETION_LIST_BUFFER_GRANULARITY_MASK 0x3f // dbg
-
-// symbols
-typedef struct DECLSPEC_ALIGN(128) _ALPC_COMPLETION_LIST_HEADER
-{
- ULONG64 StartMagic;
-
- ULONG TotalSize;
- ULONG ListOffset;
- ULONG ListSize;
- ULONG BitmapOffset;
- ULONG BitmapSize;
- ULONG DataOffset;
- ULONG DataSize;
- ULONG AttributeFlags;
- ULONG AttributeSize;
-
- DECLSPEC_ALIGN(128) ALPC_COMPLETION_LIST_STATE State;
- ULONG LastMessageId;
- ULONG LastCallbackId;
- DECLSPEC_ALIGN(128) ULONG PostCount;
- DECLSPEC_ALIGN(128) ULONG ReturnCount;
- DECLSPEC_ALIGN(128) ULONG LogSequenceNumber;
- DECLSPEC_ALIGN(128) RTL_SRWLOCK UserLock;
-
- ULONG64 EndMagic;
-} ALPC_COMPLETION_LIST_HEADER, *PALPC_COMPLETION_LIST_HEADER;
-
-// private
-typedef struct _ALPC_CONTEXT_ATTR
-{
- PVOID PortContext;
- PVOID MessageContext;
- ULONG Sequence;
- ULONG MessageId;
- ULONG CallbackId;
-} ALPC_CONTEXT_ATTR, *PALPC_CONTEXT_ATTR;
-
-// begin_rev
-#define ALPC_HANDLEFLG_DUPLICATE_SAME_ACCESS 0x10000
-#define ALPC_HANDLEFLG_DUPLICATE_SAME_ATTRIBUTES 0x20000
-#define ALPC_HANDLEFLG_DUPLICATE_INHERIT 0x80000
-// end_rev
-
-// private
-typedef struct _ALPC_HANDLE_ATTR32
-{
- ULONG Flags;
- ULONG Reserved0;
- ULONG SameAccess;
- ULONG SameAttributes;
- ULONG Indirect;
- ULONG Inherit;
- ULONG Reserved1;
- ULONG Handle;
- ULONG ObjectType; // ObjectTypeCode, not ObjectTypeIndex
- ULONG DesiredAccess;
- ULONG GrantedAccess;
-} ALPC_HANDLE_ATTR32, *PALPC_HANDLE_ATTR32;
-
-// private
-typedef struct _ALPC_HANDLE_ATTR
-{
- ULONG Flags;
- ULONG Reserved0;
- ULONG SameAccess;
- ULONG SameAttributes;
- ULONG Indirect;
- ULONG Inherit;
- ULONG Reserved1;
- HANDLE Handle;
- PALPC_HANDLE_ATTR32 HandleAttrArray;
- ULONG ObjectType; // ObjectTypeCode, not ObjectTypeIndex
- ULONG HandleCount;
- ACCESS_MASK DesiredAccess;
- ACCESS_MASK GrantedAccess;
-} ALPC_HANDLE_ATTR, *PALPC_HANDLE_ATTR;
-
-#define ALPC_SECFLG_CREATE_HANDLE 0x20000 // dbg
-#define ALPC_SECFLG_NOSECTIONHANDLE 0x40000
-
-// private
-typedef struct _ALPC_SECURITY_ATTR
-{
- ULONG Flags;
- PSECURITY_QUALITY_OF_SERVICE QoS;
- ALPC_HANDLE ContextHandle; // dbg
-} ALPC_SECURITY_ATTR, *PALPC_SECURITY_ATTR;
-
-// begin_rev
-#define ALPC_VIEWFLG_NOT_SECURE 0x40000
-// end_rev
-
-// private
-typedef struct _ALPC_DATA_VIEW_ATTR
-{
- ULONG Flags;
- ALPC_HANDLE SectionHandle;
- PVOID ViewBase; // must be zero on input
- SIZE_T ViewSize;
-} ALPC_DATA_VIEW_ATTR, *PALPC_DATA_VIEW_ATTR;
-
-// private
-typedef enum _ALPC_PORT_INFORMATION_CLASS
-{
- AlpcBasicInformation, // q: out ALPC_BASIC_INFORMATION
- AlpcPortInformation, // s: in ALPC_PORT_ATTRIBUTES
- AlpcAssociateCompletionPortInformation, // s: in ALPC_PORT_ASSOCIATE_COMPLETION_PORT
- AlpcConnectedSIDInformation, // q: in SID
- AlpcServerInformation, // q: inout ALPC_SERVER_INFORMATION
- AlpcMessageZoneInformation, // s: in ALPC_PORT_MESSAGE_ZONE_INFORMATION
- AlpcRegisterCompletionListInformation, // s: in ALPC_PORT_COMPLETION_LIST_INFORMATION
- AlpcUnregisterCompletionListInformation, // s: VOID
- AlpcAdjustCompletionListConcurrencyCountInformation, // s: in ULONG
- AlpcRegisterCallbackInformation, // s: ALPC_REGISTER_CALLBACK // kernel-mode only
- AlpcCompletionListRundownInformation, // s: VOID // 10
- AlpcWaitForPortReferences,
- AlpcServerSessionInformation // q: ALPC_SERVER_SESSION_INFORMATION // since 19H2
-} ALPC_PORT_INFORMATION_CLASS;
-
-// private
-typedef struct _ALPC_BASIC_INFORMATION
-{
- ULONG Flags;
- ULONG SequenceNo;
- PVOID PortContext;
-} ALPC_BASIC_INFORMATION, *PALPC_BASIC_INFORMATION;
-
-// private
-typedef struct _ALPC_PORT_ASSOCIATE_COMPLETION_PORT
-{
- PVOID CompletionKey;
- HANDLE CompletionPort;
-} ALPC_PORT_ASSOCIATE_COMPLETION_PORT, *PALPC_PORT_ASSOCIATE_COMPLETION_PORT;
-
-// private
-typedef struct _ALPC_SERVER_INFORMATION
-{
- union
- {
- struct
- {
- HANDLE ThreadHandle;
- } In;
- struct
- {
- BOOLEAN ThreadBlocked;
- HANDLE ConnectedProcessId;
- UNICODE_STRING ConnectionPortName;
- } Out;
- };
-} ALPC_SERVER_INFORMATION, *PALPC_SERVER_INFORMATION;
-
-// private
-typedef struct _ALPC_PORT_MESSAGE_ZONE_INFORMATION
-{
- PVOID Buffer;
- ULONG Size;
-} ALPC_PORT_MESSAGE_ZONE_INFORMATION, *PALPC_PORT_MESSAGE_ZONE_INFORMATION;
-
-// private
-typedef struct _ALPC_PORT_COMPLETION_LIST_INFORMATION
-{
- PVOID Buffer; // PALPC_COMPLETION_LIST_HEADER
- ULONG Size;
- ULONG ConcurrencyCount;
- ULONG AttributeFlags;
-} ALPC_PORT_COMPLETION_LIST_INFORMATION, *PALPC_PORT_COMPLETION_LIST_INFORMATION;
-
-// private
-typedef struct _ALPC_REGISTER_CALLBACK
-{
- PVOID CallbackObject; // PCALLBACK_OBJECT
- PVOID CallbackContext;
-} ALPC_REGISTER_CALLBACK, *PALPC_REGISTER_CALLBACK;
-
-// private
-typedef struct _ALPC_SERVER_SESSION_INFORMATION
-{
- ULONG SessionId;
- ULONG ProcessId;
-} ALPC_SERVER_SESSION_INFORMATION, *PALPC_SERVER_SESSION_INFORMATION;
-
-// private
-typedef enum _ALPC_MESSAGE_INFORMATION_CLASS
-{
- AlpcMessageSidInformation, // q: out SID
- AlpcMessageTokenModifiedIdInformation, // q: out LUID
- AlpcMessageDirectStatusInformation,
- AlpcMessageHandleInformation, // ALPC_MESSAGE_HANDLE_INFORMATION
- MaxAlpcMessageInfoClass
-} ALPC_MESSAGE_INFORMATION_CLASS, *PALPC_MESSAGE_INFORMATION_CLASS;
-
-typedef struct _ALPC_MESSAGE_HANDLE_INFORMATION
-{
- ULONG Index;
- ULONG Flags;
- ULONG Handle;
- ULONG ObjectType;
- ACCESS_MASK GrantedAccess;
-} ALPC_MESSAGE_HANDLE_INFORMATION, *PALPC_MESSAGE_HANDLE_INFORMATION;
-
-// begin_private
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-// System calls
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAlpcCreatePort(
- _Out_ PHANDLE PortHandle,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_opt_ PALPC_PORT_ATTRIBUTES PortAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAlpcDisconnectPort(
- _In_ HANDLE PortHandle,
- _In_ ULONG Flags
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAlpcQueryInformation(
- _In_opt_ HANDLE PortHandle,
- _In_ ALPC_PORT_INFORMATION_CLASS PortInformationClass,
- _Inout_updates_bytes_to_(Length, *ReturnLength) PVOID PortInformation,
- _In_ ULONG Length,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAlpcSetInformation(
- _In_ HANDLE PortHandle,
- _In_ ALPC_PORT_INFORMATION_CLASS PortInformationClass,
- _In_reads_bytes_opt_(Length) PVOID PortInformation,
- _In_ ULONG Length
- );
-
-#define ALPC_CREATEPORTSECTIONFLG_SECURE 0x40000 // rev
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAlpcCreatePortSection(
- _In_ HANDLE PortHandle,
- _In_ ULONG Flags,
- _In_opt_ HANDLE SectionHandle,
- _In_ SIZE_T SectionSize,
- _Out_ PALPC_HANDLE AlpcSectionHandle,
- _Out_ PSIZE_T ActualSectionSize
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAlpcDeletePortSection(
- _In_ HANDLE PortHandle,
- _Reserved_ ULONG Flags,
- _In_ ALPC_HANDLE SectionHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAlpcCreateResourceReserve(
- _In_ HANDLE PortHandle,
- _Reserved_ ULONG Flags,
- _In_ SIZE_T MessageSize,
- _Out_ PALPC_HANDLE ResourceId
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAlpcDeleteResourceReserve(
- _In_ HANDLE PortHandle,
- _Reserved_ ULONG Flags,
- _In_ ALPC_HANDLE ResourceId
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAlpcCreateSectionView(
- _In_ HANDLE PortHandle,
- _Reserved_ ULONG Flags,
- _Inout_ PALPC_DATA_VIEW_ATTR ViewAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAlpcDeleteSectionView(
- _In_ HANDLE PortHandle,
- _Reserved_ ULONG Flags,
- _In_ PVOID ViewBase
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAlpcCreateSecurityContext(
- _In_ HANDLE PortHandle,
- _Reserved_ ULONG Flags,
- _Inout_ PALPC_SECURITY_ATTR SecurityAttribute
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAlpcDeleteSecurityContext(
- _In_ HANDLE PortHandle,
- _Reserved_ ULONG Flags,
- _In_ ALPC_HANDLE ContextHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAlpcRevokeSecurityContext(
- _In_ HANDLE PortHandle,
- _Reserved_ ULONG Flags,
- _In_ ALPC_HANDLE ContextHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAlpcQueryInformationMessage(
- _In_ HANDLE PortHandle,
- _In_ PPORT_MESSAGE PortMessage,
- _In_ ALPC_MESSAGE_INFORMATION_CLASS MessageInformationClass,
- _Out_writes_bytes_to_opt_(Length, *ReturnLength) PVOID MessageInformation,
- _In_ ULONG Length,
- _Out_opt_ PULONG ReturnLength
- );
-
-#define ALPC_MSGFLG_REPLY_MESSAGE 0x1
-#define ALPC_MSGFLG_LPC_MODE 0x2
-#define ALPC_MSGFLG_RELEASE_MESSAGE 0x10000 // dbg
-#define ALPC_MSGFLG_SYNC_REQUEST 0x20000 // dbg
-#define ALPC_MSGFLG_TRACK_PORT_REFERENCES 0x40000
-#define ALPC_MSGFLG_WAIT_USER_MODE 0x100000
-#define ALPC_MSGFLG_WAIT_ALERTABLE 0x200000
-#define ALPC_MSGFLG_WOW64_CALL 0x80000000 // dbg
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAlpcConnectPort(
- _Out_ PHANDLE PortHandle,
- _In_ PUNICODE_STRING PortName,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_opt_ PALPC_PORT_ATTRIBUTES PortAttributes,
- _In_ ULONG Flags,
- _In_opt_ PSID RequiredServerSid,
- _Inout_updates_bytes_to_opt_(*BufferLength, *BufferLength) PPORT_MESSAGE ConnectionMessage,
- _Inout_opt_ PSIZE_T BufferLength,
- _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES OutMessageAttributes,
- _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES InMessageAttributes,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAlpcConnectPortEx(
- _Out_ PHANDLE PortHandle,
- _In_ POBJECT_ATTRIBUTES ConnectionPortObjectAttributes,
- _In_opt_ POBJECT_ATTRIBUTES ClientPortObjectAttributes,
- _In_opt_ PALPC_PORT_ATTRIBUTES PortAttributes,
- _In_ ULONG Flags,
- _In_opt_ PSECURITY_DESCRIPTOR ServerSecurityRequirements,
- _Inout_updates_bytes_to_opt_(*BufferLength, *BufferLength) PPORT_MESSAGE ConnectionMessage,
- _Inout_opt_ PSIZE_T BufferLength,
- _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES OutMessageAttributes,
- _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES InMessageAttributes,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAlpcAcceptConnectPort(
- _Out_ PHANDLE PortHandle,
- _In_ HANDLE ConnectionPortHandle,
- _In_ ULONG Flags,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_opt_ PALPC_PORT_ATTRIBUTES PortAttributes,
- _In_opt_ PVOID PortContext,
- _In_reads_bytes_(ConnectionRequest->u1.s1.TotalLength) PPORT_MESSAGE ConnectionRequest,
- _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES ConnectionMessageAttributes,
- _In_ BOOLEAN AcceptConnection
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAlpcSendWaitReceivePort(
- _In_ HANDLE PortHandle,
- _In_ ULONG Flags,
- _In_reads_bytes_opt_(SendMessage->u1.s1.TotalLength) PPORT_MESSAGE SendMessage,
- _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES SendMessageAttributes,
- _Out_writes_bytes_to_opt_(*BufferLength, *BufferLength) PPORT_MESSAGE ReceiveMessage,
- _Inout_opt_ PSIZE_T BufferLength,
- _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES ReceiveMessageAttributes,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-#define ALPC_CANCELFLG_TRY_CANCEL 0x1 // dbg
-#define ALPC_CANCELFLG_NO_CONTEXT_CHECK 0x8
-#define ALPC_CANCELFLGP_FLUSH 0x10000 // dbg
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAlpcCancelMessage(
- _In_ HANDLE PortHandle,
- _In_ ULONG Flags,
- _In_ PALPC_CONTEXT_ATTR MessageContext
- );
-
-#define ALPC_IMPERSONATEFLG_ANONYMOUS 0x1
-#define ALPC_IMPERSONATEFLG_REQUIRE_IMPERSONATE 0x2
-//ALPC_IMPERSONATEFLG 0x3-0x10 (SECURITY_IMPERSONATION_LEVEL)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAlpcImpersonateClientOfPort(
- _In_ HANDLE PortHandle,
- _In_ PPORT_MESSAGE Message,
- _In_ PVOID Flags
- );
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAlpcImpersonateClientContainerOfPort(
- _In_ HANDLE PortHandle,
- _In_ PPORT_MESSAGE Message,
- _Reserved_ ULONG Flags
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAlpcOpenSenderProcess(
- _Out_ PHANDLE ProcessHandle,
- _In_ HANDLE PortHandle,
- _In_ PPORT_MESSAGE PortMessage,
- _Reserved_ ULONG Flags,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAlpcOpenSenderThread(
- _Out_ PHANDLE ThreadHandle,
- _In_ HANDLE PortHandle,
- _In_ PPORT_MESSAGE PortMessage,
- _Reserved_ ULONG Flags,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-// Support functions
-
-NTSYSAPI
-ULONG
-NTAPI
-AlpcMaxAllowedMessageLength(
- VOID
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-AlpcGetHeaderSize(
- _In_ ULONG Flags
- );
-
-#define ALPC_ATTRFLG_ALLOCATEDATTR 0x20000000
-#define ALPC_ATTRFLG_VALIDATTR 0x40000000
-#define ALPC_ATTRFLG_KEEPRUNNINGATTR 0x60000000
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-AlpcInitializeMessageAttribute(
- _In_ ULONG AttributeFlags,
- _Out_opt_ PALPC_MESSAGE_ATTRIBUTES Buffer,
- _In_ SIZE_T BufferSize,
- _Out_ PSIZE_T RequiredBufferSize
- );
-
-NTSYSAPI
-PVOID
-NTAPI
-AlpcGetMessageAttribute(
- _In_ PALPC_MESSAGE_ATTRIBUTES Buffer,
- _In_ ULONG AttributeFlag
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-AlpcRegisterCompletionList(
- _In_ HANDLE PortHandle,
- _Out_ PALPC_COMPLETION_LIST_HEADER Buffer,
- _In_ ULONG Size,
- _In_ ULONG ConcurrencyCount,
- _In_ ULONG AttributeFlags
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-AlpcUnregisterCompletionList(
- _In_ HANDLE PortHandle
- );
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-AlpcRundownCompletionList(
- _In_ HANDLE PortHandle
- );
-#endif
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-AlpcAdjustCompletionListConcurrencyCount(
- _In_ HANDLE PortHandle,
- _In_ ULONG ConcurrencyCount
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-AlpcRegisterCompletionListWorkerThread(
- _Inout_ PVOID CompletionList
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-AlpcUnregisterCompletionListWorkerThread(
- _Inout_ PVOID CompletionList
- );
-
-NTSYSAPI
-VOID
-NTAPI
-AlpcGetCompletionListLastMessageInformation(
- _In_ PVOID CompletionList,
- _Out_ PULONG LastMessageId,
- _Out_ PULONG LastCallbackId
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-AlpcGetOutstandingCompletionListMessageCount(
- _In_ PVOID CompletionList
- );
-
-NTSYSAPI
-PPORT_MESSAGE
-NTAPI
-AlpcGetMessageFromCompletionList(
- _In_ PVOID CompletionList,
- _Out_opt_ PALPC_MESSAGE_ATTRIBUTES *MessageAttributes
- );
-
-NTSYSAPI
-VOID
-NTAPI
-AlpcFreeCompletionListMessage(
- _Inout_ PVOID CompletionList,
- _In_ PPORT_MESSAGE Message
- );
-
-NTSYSAPI
-PALPC_MESSAGE_ATTRIBUTES
-NTAPI
-AlpcGetCompletionListMessageAttributes(
- _In_ PVOID CompletionList,
- _In_ PPORT_MESSAGE Message
- );
-
-#endif
-
-// end_private
-
-#endif
diff --git a/deps/phnt-nightly/ntmisc.h b/deps/phnt-nightly/ntmisc.h
deleted file mode 100644
index ac6f429..0000000
--- a/deps/phnt-nightly/ntmisc.h
+++ /dev/null
@@ -1,640 +0,0 @@
-/*
- * Trace Control support functions
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTMISC_H
-#define _NTMISC_H
-
-// Filter manager
-
-#define FLT_PORT_CONNECT 0x0001
-#define FLT_PORT_ALL_ACCESS (FLT_PORT_CONNECT | STANDARD_RIGHTS_ALL)
-
-// VDM
-
-typedef enum _VDMSERVICECLASS
-{
- VdmStartExecution,
- VdmQueueInterrupt,
- VdmDelayInterrupt,
- VdmInitialize,
- VdmFeatures,
- VdmSetInt21Handler,
- VdmQueryDir,
- VdmPrinterDirectIoOpen,
- VdmPrinterDirectIoClose,
- VdmPrinterInitialize,
- VdmSetLdtEntries,
- VdmSetProcessLdtInfo,
- VdmAdlibEmulation,
- VdmPMCliControl,
- VdmQueryVdmProcess,
- VdmPreInitialize
-} VDMSERVICECLASS, *PVDMSERVICECLASS;
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtVdmControl(
- _In_ VDMSERVICECLASS Service,
- _Inout_ PVOID ServiceData
- );
-
-// WMI/ETW
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtTraceEvent(
- _In_ HANDLE TraceHandle,
- _In_ ULONG Flags,
- _In_ ULONG FieldSize,
- _In_ PVOID Fields
- );
-
-// rev
-typedef enum _ETWTRACECONTROLCODE
-{
- EtwStartLoggerCode = 1, // inout WMI_LOGGER_INFORMATION
- EtwStopLoggerCode = 2, // inout WMI_LOGGER_INFORMATION
- EtwQueryLoggerCode = 3, // inout WMI_LOGGER_INFORMATION
- EtwUpdateLoggerCode = 4, // inout WMI_LOGGER_INFORMATION
- EtwFlushLoggerCode = 5, // inout WMI_LOGGER_INFORMATION
- EtwIncrementLoggerFile = 6, // inout WMI_LOGGER_INFORMATION
- EtwRealtimeTransition = 7, // inout WMI_LOGGER_INFORMATION
- // reserved
- EtwRealtimeConnectCode = 11,
- EtwActivityIdCreate = 12,
- EtwWdiScenarioCode = 13,
- EtwRealtimeDisconnectCode = 14, // in HANDLE
- EtwRegisterGuidsCode = 15,
- EtwReceiveNotification = 16,
- EtwSendDataBlock = 17, // ETW_ENABLE_NOTIFICATION_PACKET
- EtwSendReplyDataBlock = 18,
- EtwReceiveReplyDataBlock = 19,
- EtwWdiSemUpdate = 20,
- EtwEnumTraceGuidList = 21, // out GUID[]
- EtwGetTraceGuidInfo = 22, // in GUID, out ETW_TRACE_GUID_INFO
- EtwEnumerateTraceGuids = 23,
- EtwRegisterSecurityProv = 24,
- EtwReferenceTimeCode = 25, // in ULONG LoggerId, out ETW_REF_CLOCK
- EtwTrackBinaryCode = 26, // in HANDLE
- EtwAddNotificationEvent = 27,
- EtwUpdateDisallowList = 28,
- EtwSetEnableAllKeywordsCode = 29,
- EtwSetProviderTraitsCode = 30,
- EtwUseDescriptorTypeCode = 31,
- EtwEnumTraceGroupList = 32,
- EtwGetTraceGroupInfo = 33,
- EtwGetDisallowList = 34,
- EtwSetCompressionSettings = 35,
- EtwGetCompressionSettings = 36,
- EtwUpdatePeriodicCaptureState = 37,
- EtwGetPrivateSessionTraceHandle = 38,
- EtwRegisterPrivateSession = 39,
- EtwQuerySessionDemuxObject = 40,
- EtwSetProviderBinaryTracking = 41,
- EtwMaxLoggers = 42, // out ULONG
- EtwMaxPmcCounter = 43, // out ULONG
- EtwQueryUsedProcessorCount = 44, // ULONG // since WIN11
- EtwGetPmcOwnership = 45,
- EtwGetPmcSessions = 46,
-} ETWTRACECONTROLCODE;
-
-// public TRACE_PROVIDER_INSTANCE_INFO
-typedef struct _ETW_TRACE_PROVIDER_INSTANCE_INFO
-{
- ULONG NextOffset;
- ULONG EnableCount;
- ULONG Pid;
- ULONG Flags;
-} ETW_TRACE_PROVIDER_INSTANCE_INFO, *PETW_TRACE_PROVIDER_INSTANCE_INFO;
-
-// public TRACE_GUID_INFO
-typedef struct _ETW_TRACE_GUID_INFO
-{
- ULONG InstanceCount;
- ULONG Reserved;
- //ETW_TRACE_PROVIDER_INSTANCE_INFO Instances[1];
-} ETW_TRACE_GUID_INFO, *PETW_TRACE_GUID_INFO;
-
-typedef struct _ETW_REF_CLOCK
-{
- LARGE_INTEGER StartTime;
- LARGE_INTEGER StartPerfClock;
-} ETW_REF_CLOCK, *PETW_REF_CLOCK;
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtTraceControl(
- _In_ ETWTRACECONTROLCODE TraceControlCode,
- _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
- _In_ ULONG InputBufferLength,
- _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
- _In_ ULONG OutputBufferLength,
- _Out_ PULONG ReturnLength
- );
-
-#endif
-
-//
-// Maximum supported buffer size in KB - Win8 (16MB)
-//
-// N.B. Prior to Win8 the value was 1MB (1024KB).
-#define MIN_ETW_BUFFER_SIZE 1 // in KBytes
-#define MAX_ETW_BUFFER_SIZE (16 * 1024) // in KBytes
-#define MAX_ETW_BUFFER_SIZE_WIN7 (1 * 1024) // in KBytes
-#define MAX_ETW_EVENT_SIZE 0xFFFF // MAX_USHORT
-
-#define ETW_KERNEL_RUNDOWN_START 0x00000001
-#define ETW_KERNEL_RUNDOWN_STOP 0x00000002
-#define ETW_CKCL_RUNDOWN_START 0x00000004
-#define ETW_CKCL_RUNDOWN_STOP 0x00000008
-#define ETW_FILENAME_RUNDOWN 0x00000010
-
-//
-// Constants for UMGL (User Mode Global Logging).
-//
-// N.B. There is enough space reserved in UserSharedData
-// to support up to 16 providers, but to avoid needless
-// scanning MAX_PROVIDERS constant is currently set to 8.
-//
-// N.B. Heap and CritSec providers can be controlled with IFEO
-// making the indexes fixed.
-#define ETW_UMGL_INDEX_HEAP 0
-#define ETW_UMGL_INDEX_CRITSEC 1
-#define ETW_UMGL_INDEX_LDR 2
-#define ETW_UMGL_INDEX_THREAD_POOL 3
-#define ETW_UMGL_INDEX_HEAPRANGE 4
-#define ETW_UMGL_INDEX_HEAPSUMMARY 5
-#define ETW_UMGL_INDEX_UMS 6
-#define ETW_UMGL_INDEX_WNF 7
-#define ETW_UMGL_INDEX_THREAD 8
-#define ETW_UMGL_INDEX_SPARE2 9
-#define ETW_UMGL_INDEX_SPARE3 10
-#define ETW_UMGL_INDEX_SPARE4 11
-#define ETW_UMGL_INDEX_SPARE5 12
-#define ETW_UMGL_INDEX_SPARE6 13
-#define ETW_UMGL_INDEX_SPARE7 14
-#define ETW_UMGL_INDEX_SPARE8 15
-
-#define ETW_UMGL_MAX_PROVIDERS 9
-
-typedef struct _ETW_UMGL_KEY
-{
- UCHAR LoggerId;
- UCHAR Flags;
-} ETW_UMGL_KEY, *PETW_UMGL_KEY;
-
-#define UMGL_LOGGER_ID(Index) (((PETW_UMGL_KEY)(&USER_SHARED_DATA->UserModeGlobalLogger[Index]))->LoggerId)
-#define UMGL_LOGGER_FLAGS(Index) (((PETW_UMGL_KEY)(&USER_SHARED_DATA->UserModeGlobalLogger[Index]))->Flags)
-#define IS_UMGL_LOGGING_ENABLED(Index) (UMGL_LOGGER_ID(Index) != 0)
-#define IS_UMGL_FLAG_ENABLED(Index, Flag) ((UMGL_LOGGER_FLAGS(Index) & Flag) != 0)
-
-#define IS_HEAP_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_HEAP) && (NtCurrentPeb()->HeapTracingEnabled != FALSE))
-#define IS_HEAP_RANGE_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_HEAPRANGE))
-#define HEAP_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_HEAP))
-
-#define IS_CRITSEC_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_CRITSEC) && (NtCurrentPeb()->CritSecTracingEnabled != FALSE))
-#define CRITSEC_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_CRITSEC))
-#define IS_LOADER_LOGGING_ENABLED_FLAG(Flag) (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_LDR) && ((UMGL_LOGGER_FLAGS(ETW_UMGL_INDEX_LDR) & Flag) != 0) )
-#define IS_PER_PROCESS_LOADER_LOGGING_ENABLED_FLAG(Flag) (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_LDR) && (NtCurrentPeb()->LibLoaderTracingEnabled != FALSE) && ((UMGL_LOGGER_FLAGS(ETW_UMGL_INDEX_LDR) & Flag) != 0) )
-#define IS_GLOBAL_LOADER_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_LDR))
-#define LOADER_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_LDR))
-#define HEAPRANGE_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_HEAPRANGE))
-#define IS_THREAD_POOL_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_THREAD_POOL))
-#define THREAD_POOL_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_THREAD_POOL))
-#define IS_UMS_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_UMS))
-#define UMS_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_UMS))
-#define HEAPSUMMARY_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_HEAPSUMMARY))
-#define IS_HEAPSUMMARY_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_HEAPSUMMARY))
-#define WNF_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_WNF))
-#define IS_WNF_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_WNF))
-#define UMGL_THREAD_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_THREAD))
-#define IS_UMGL_THREAD_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_THREAD))
-
-//
-// Flags used by user mode loader logging to UMGL.
-//
-#define ETW_UMGL_LDR_MUI_VERBOSE_FLAG 0x0001
-#define ETW_UMGL_LDR_MUI_TEST_FLAG 0x0002
-#define ETW_UMGL_LDR_RELOCATION_FLAG 0x0004
-#define ETW_UMGL_LDR_NEW_DLL_FLAG 0x0010
-#define ETW_UMGL_LDR_TEST_FLAG 0x0020
-#define ETW_UMGL_LDR_SECURITY_FLAG 0x0040
-
-//
-// Constants for heap log
-//
-#define MEMORY_FROM_LOOKASIDE 1 //Activity from LookAside
-#define MEMORY_FROM_LOWFRAG 2 //Activity from Low Frag Heap
-#define MEMORY_FROM_MAINPATH 3 //Activity from Main Code Path
-#define MEMORY_FROM_SLOWPATH 4 //Activity from Slow C
-#define MEMORY_FROM_INVALID 5
-#define MEMORY_FROM_SEGMENT_HEAP 6 //Activity from segment heap.
-
-//
-// Header preparation macro for UMGL
-//
-#define TRACE_HEADER_TYPE_SYSTEM32 1
-#define TRACE_HEADER_TYPE_SYSTEM64 2
-#define TRACE_HEADER_TYPE_COMPACT32 3
-#define TRACE_HEADER_TYPE_COMPACT64 4
-#define TRACE_HEADER_TYPE_FULL_HEADER32 10
-#define TRACE_HEADER_TYPE_INSTANCE32 11
-#define TRACE_HEADER_TYPE_TIMED 12 // Not used
-#define TRACE_HEADER_TYPE_ERROR 13 // Error while logging event
-#define TRACE_HEADER_TYPE_WNODE_HEADER 14 // Not used
-#define TRACE_HEADER_TYPE_MESSAGE 15
-#define TRACE_HEADER_TYPE_PERFINFO32 16
-#define TRACE_HEADER_TYPE_PERFINFO64 17
-#define TRACE_HEADER_TYPE_EVENT_HEADER32 18
-#define TRACE_HEADER_TYPE_EVENT_HEADER64 19
-#define TRACE_HEADER_TYPE_FULL_HEADER64 20
-#define TRACE_HEADER_TYPE_INSTANCE64 21
-
-#define EVENT_HEADER_SIZE_MASK 0x0000FFFF
-
-#define SYSTEM_TRACE_VERSION 2
-
-#define TRACE_HEADER_FLAG 0x80000000
-
-#define EVENT_HEADER_EVENT64 ((USHORT)(((TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE) >> 16) | TRACE_HEADER_TYPE_EVENT_HEADER64))
-#define EVENT_HEADER_EVENT32 ((USHORT)(((TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE) >> 16) | TRACE_HEADER_TYPE_EVENT_HEADER32))
-#define EVENT_HEADER_ERROR ((USHORT)(((TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE) >> 16) | TRACE_HEADER_TYPE_ERROR))
-#define TRACE_HEADER_FULL32 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_FULL_HEADER32 << 16))
-#define TRACE_HEADER_FULL64 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_FULL_HEADER64 << 16))
-#define TRACE_HEADER_INSTANCE32 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_INSTANCE32 << 16))
-#define TRACE_HEADER_INSTANCE64 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_INSTANCE64 << 16))
-
-#ifdef _WIN64
-#define EVENT_HEADER_EVENT EVENT_HEADER_EVENT64
-#define TRACE_HEADER_FULL TRACE_HEADER_FULL64
-#define TRACE_HEADER_INSTANCE TRACE_HEADER_INSTANCE64
-#else
-#define EVENT_HEADER_EVENT EVENT_HEADER_EVENT32
-#define TRACE_HEADER_FULL TRACE_HEADER_FULL32
-#define TRACE_HEADER_INSTANCE TRACE_HEADER_INSTANCE32
-#endif
-
-#define PREPARE_ETW_TRACE_HEADER_GUID(Header, EventStruct, EventType, EventGuid, LoggerId) \
- (Header)->Size = sizeof(EventStruct); \
- (Header)->Class.Type = (EventType); \
- RtlCopyMemory(&((Header)->Guid), (EventGuid), sizeof(*(EventGuid))); \
-
-// Used with OpenTrace(), prevents conversion of TimeStamps to UTC
-#define EVENT_TRACE_USE_RAWTIMESTAMP 0x00000002
-// Used with OpenTrace(), retrieves event from file as is.
-#define EVENT_TRACE_GET_RAWEVENT 0x00000100
-// Used with OpenTrace() to ReadBehind a live logger session
-#define EVENT_TRACE_READ_BEHIND 0x00000200
-// Used in EventCallbacks to indicate that the InstanceId field is a sequence number.
-#define EVENT_TRACE_USE_SEQUENCE 0x0004
-// Kernel Event Version is used to indicate if any kernel event has changed.
-#define ETW_KERNEL_EVENT_VERSION 60
-
-typedef struct _ETW_KERNEL_HEADER_EXTENSION
-{
- PERFINFO_GROUPMASK GroupMasks;
- ULONG Version;
-} ETW_KERNEL_HEADER_EXTENSION, *PETW_KERNEL_HEADER_EXTENSION;
-
-#define ETW_SET_MARK_WITH_FLUSH 0x00000001
-
-typedef struct _ETW_SET_MARK_INFORMATION
-{
- ULONG Flag;
- WCHAR Mark[1];
-} ETW_SET_MARK_INFORMATION, *PETW_SET_MARK_INFORMATION;
-
-//
-// Data Block structure for ETW notification
-//
-typedef enum _ETW_NOTIFICATION_TYPE
-{
- EtwNotificationTypeNoReply = 1, // No data block reply
- EtwNotificationTypeLegacyEnable, // Enable notification for RegisterTraceGuids
- EtwNotificationTypeEnable, // Enable notification for EventRegister
- EtwNotificationTypePrivateLogger, // Private logger notification for ETW
- EtwNotificationTypePerflib, // PERFLIB V2 counter data request/delivery block
- EtwNotificationTypeAudio, // Private notification for audio policy
- EtwNotificationTypeSession, // Session related ETW notifications
- EtwNotificationTypeReserved, // For internal use (test)
- EtwNotificationTypeCredentialUI, // Private notification for media center elevation detection
- EtwNotificationTypeInProcSession, // Private in-proc session related ETW notifications
- EtwNotificationTypeMax
-} ETW_NOTIFICATION_TYPE;
-
-#define ETW_MAX_DATA_BLOCK_BUFFER_SIZE (65536)
-
-typedef struct _ETW_NOTIFICATION_HEADER
-{
- ETW_NOTIFICATION_TYPE NotificationType; // Notification type
- ULONG NotificationSize; // Notification size in bytes
- ULONG Offset; // Offset to the next notification
- BOOLEAN ReplyRequested; // Reply Requested
- ULONG Timeout; // Timeout in milliseconds when requesting reply
- union
- {
- ULONG ReplyCount; // Out to sender: the number of notifications sent
- ULONG NotifyeeCount; // Out to notifyee: the order during notification
- };
- ULONGLONG Reserved2;
- ULONG TargetPID;
- ULONG SourcePID;
- GUID DestinationGuid; // Desctination GUID
- GUID SourceGuid; // Source GUID
-} ETW_NOTIFICATION_HEADER, *PETW_NOTIFICATION_HEADER;
-
-typedef ULONG (NTAPI *PETW_NOTIFICATION_CALLBACK)(
- _In_ PETW_NOTIFICATION_HEADER NotificationHeader,
- _In_ PVOID Context
- );
-
-typedef enum _ETW_SESSION_NOTIFICATION_TYPE
-{
- EtwSessionNotificationMediaChanged = 1,
- EtwSessionNotificationSessionTerminated,
- EtwSessionNotificationLogfileError,
- EtwSessionNotificationRealtimeError,
- EtwSessionNotificationSessionStarted,
- EtwSessionNotificationMax
-} ETW_SESSION_NOTIFICATION_TYPE;
-
-typedef struct _ETW_SESSION_NOTIFICATION_PACKET
-{
- ETW_NOTIFICATION_HEADER NotificationHeader;
- ETW_SESSION_NOTIFICATION_TYPE Type;
- NTSTATUS Status;
- TRACEHANDLE TraceHandle;
- ULONG Reserved[2];
-} ETW_SESSION_NOTIFICATION_PACKET, *PETW_SESSION_NOTIFICATION_PACKET;
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-#ifndef EVENT_DESCRIPTOR_DEF
-#define EVENT_DESCRIPTOR_DEF
-typedef struct _EVENT_DESCRIPTOR
-{
- USHORT Id;
- UCHAR Version;
- UCHAR Channel;
- UCHAR Level;
- UCHAR Opcode;
- USHORT Task;
- ULONGLONG Keyword;
-} EVENT_DESCRIPTOR, *PEVENT_DESCRIPTOR;
-typedef const EVENT_DESCRIPTOR* PCEVENT_DESCRIPTOR;
-#endif
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwSetMark(
- _In_opt_ TRACEHANDLE TraceHandle,
- _In_ PETW_SET_MARK_INFORMATION MarkInfo,
- _In_ ULONG Size
- );
-
-typedef struct _EVENT_DATA_DESCRIPTOR EVENT_DATA_DESCRIPTOR, *PEVENT_DATA_DESCRIPTOR;
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwEventWriteFull(
- _In_ REGHANDLE RegHandle,
- _In_ PCEVENT_DESCRIPTOR EventDescriptor,
- _In_ USHORT EventProperty,
- _In_opt_ LPCGUID ActivityId,
- _In_opt_ LPCGUID RelatedActivityId,
- _In_ ULONG UserDataCount,
- _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData
- );
-
-//NTSYSAPI
-//ULONG
-//NTAPI
-//EtwEventRegister(
-// _In_ LPCGUID ProviderId,
-// _In_opt_ PENABLECALLBACK EnableCallback,
-// _In_opt_ PVOID CallbackContext,
-// _Out_ PREGHANDLE RegHandle
-// );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwEventUnregister(
- _In_ REGHANDLE RegHandle
- );
-
-typedef enum _EVENT_INFO_CLASS EVENT_INFO_CLASS;
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwEventSetInformation(
- _In_ REGHANDLE RegHandle,
- _In_ EVENT_INFO_CLASS InformationClass,
- _In_reads_bytes_(InformationLength) PVOID EventInformation,
- _In_ ULONG InformationLength
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwRegisterSecurityProvider(
- VOID
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-EtwEventProviderEnabled(
- _In_ REGHANDLE RegHandle,
- _In_ UCHAR Level,
- _In_ ULONGLONG Keyword
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-EtwEventEnabled(
- _In_ REGHANDLE RegHandle,
- _In_ PCEVENT_DESCRIPTOR EventDescriptor
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwEventWrite(
- _In_ REGHANDLE RegHandle,
- _In_ PCEVENT_DESCRIPTOR EventDescriptor,
- _In_ ULONG UserDataCount,
- _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwEventWriteTransfer(
- _In_ REGHANDLE RegHandle,
- _In_ PCEVENT_DESCRIPTOR EventDescriptor,
- _In_opt_ LPCGUID ActivityId,
- _In_opt_ LPCGUID RelatedActivityId,
- _In_ ULONG UserDataCount,
- _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwEventWriteString(
- _In_ REGHANDLE RegHandle,
- _In_ UCHAR Level,
- _In_ ULONGLONG Keyword,
- _In_ PCWSTR String
- );
-
-ULONG
-NTAPI
-EtwEventWriteEx(
- _In_ REGHANDLE RegHandle,
- _In_ PCEVENT_DESCRIPTOR EventDescriptor,
- _In_ ULONG64 Filter,
- _In_ ULONG Flags,
- _In_opt_ LPCGUID ActivityId,
- _In_opt_ LPCGUID RelatedActivityId,
- _In_ ULONG UserDataCount,
- _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwEventWriteStartScenario(
- _In_ REGHANDLE RegHandle,
- _In_ PCEVENT_DESCRIPTOR EventDescriptor,
- _In_ ULONG UserDataCount,
- _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwEventWriteEndScenario(
- _In_ REGHANDLE RegHandle,
- _In_ PCEVENT_DESCRIPTOR EventDescriptor,
- _In_ ULONG UserDataCount,
- _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwWriteUMSecurityEvent(
- _In_ PCEVENT_DESCRIPTOR EventDescriptor,
- _In_ USHORT EventProperty,
- _In_ ULONG UserDataCount,
- _In_opt_ PEVENT_DATA_DESCRIPTOR UserData
- );
-
-ULONG
-NTAPI
-EtwEventWriteNoRegistration(
- _In_ LPCGUID ProviderId,
- _In_ PCEVENT_DESCRIPTOR EventDescriptor,
- _In_ ULONG UserDataCount,
- _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwEventActivityIdControl(
- _In_ ULONG ControlCode,
- _Inout_ LPGUID ActivityId
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwNotificationRegister(
- _In_ LPCGUID Guid,
- _In_ ULONG Type,
- _In_ PETW_NOTIFICATION_CALLBACK Callback,
- _In_opt_ PVOID Context,
- _Out_ PREGHANDLE RegHandle
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwNotificationUnregister (
- _In_ REGHANDLE RegHandle,
- _Out_opt_ PVOID * Context
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwSendNotification(
- _In_ PETW_NOTIFICATION_HEADER DataBlock,
- _In_ ULONG ReceiveDataBlockSize,
- _Inout_ PVOID ReceiveDataBlock,
- _Out_ PULONG ReplyReceived,
- _Out_ PULONG ReplySizeNeeded
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwReplyNotification(
- _In_ PETW_NOTIFICATION_HEADER Notification
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwEnumerateProcessRegGuids(
- _Out_writes_bytes_opt_(OutBufferSize) PVOID OutBuffer,
- _In_ ULONG OutBufferSize,
- _Out_ PULONG ReturnLength
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwQueryRealtimeConsumer(
- _In_ TRACEHANDLE TraceHandle,
- _Out_ PULONG EventsLostCount,
- _Out_ PULONG BuffersLostCount
- );
-
-// private
-typedef struct _TELEMETRY_COVERAGE_POINT
-{
- PWSTR Name;
- ULONG Hash;
- ULONG LastCoveredRound;
- ULONG Flags;
-} TELEMETRY_COVERAGE_POINT, *PTELEMETRY_COVERAGE_POINT;
-
-// rev
-#if (PHNT_VERSION >= PHNT_REDSTONE3)
-NTSYSAPI
-BOOLEAN
-NTAPI
-EtwCheckCoverage(
- _Inout_ PTELEMETRY_COVERAGE_POINT CoveragePoint
- );
-#endif
-
-#endif
-
-#endif
diff --git a/deps/phnt-nightly/ntmmapi.h b/deps/phnt-nightly/ntmmapi.h
deleted file mode 100644
index 282b576..0000000
--- a/deps/phnt-nightly/ntmmapi.h
+++ /dev/null
@@ -1,1215 +0,0 @@
-/*
- * Memory Manager Support functions
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTMMAPI_H
-#define _NTMMAPI_H
-
-// Protection constants
-
-#define PAGE_NOACCESS 0x01
-#define PAGE_READONLY 0x02
-#define PAGE_READWRITE 0x04
-#define PAGE_WRITECOPY 0x08
-#define PAGE_EXECUTE 0x10
-#define PAGE_EXECUTE_READ 0x20
-#define PAGE_EXECUTE_READWRITE 0x40
-#define PAGE_EXECUTE_WRITECOPY 0x80
-#define PAGE_GUARD 0x100
-#define PAGE_NOCACHE 0x200
-#define PAGE_WRITECOMBINE 0x400
-
-#define PAGE_REVERT_TO_FILE_MAP 0x80000000
-#define PAGE_ENCLAVE_THREAD_CONTROL 0x80000000
-#define PAGE_TARGETS_NO_UPDATE 0x40000000
-#define PAGE_TARGETS_INVALID 0x40000000
-#define PAGE_ENCLAVE_UNVALIDATED 0x20000000
-#define PAGE_ENCLAVE_NO_CHANGE 0x20000000
-#define PAGE_ENCLAVE_MASK 0x10000000
-#define PAGE_ENCLAVE_DECOMMIT (PAGE_ENCLAVE_MASK | 0)
-#define PAGE_ENCLAVE_SS_FIRST (PAGE_ENCLAVE_MASK | 1)
-#define PAGE_ENCLAVE_SS_REST (PAGE_ENCLAVE_MASK | 2)
-
-// Region and section constants
-
-#define MEM_COMMIT 0x00001000
-#define MEM_RESERVE 0x00002000
-#define MEM_DECOMMIT 0x00004000
-#define MEM_RELEASE 0x00008000
-#define MEM_FREE 0x00010000
-#define MEM_PRIVATE 0x00020000
-#define MEM_MAPPED 0x00040000
-#define MEM_RESET 0x00080000
-#define MEM_TOP_DOWN 0x00100000
-#define MEM_WRITE_WATCH 0x00200000
-#define MEM_PHYSICAL 0x00400000
-#define MEM_ROTATE 0x00800000
-#define MEM_DIFFERENT_IMAGE_BASE_OK 0x00800000
-#define MEM_RESET_UNDO 0x01000000
-#define MEM_LARGE_PAGES 0x20000000
-#define MEM_DOS_LIM 0x40000000
-#define MEM_4MB_PAGES 0x80000000
-#define MEM_64K_PAGES (MEM_LARGE_PAGES | MEM_PHYSICAL)
-
-#define MEM_UNMAP_WITH_TRANSIENT_BOOST 0x00000001
-#define MEM_COALESCE_PLACEHOLDERS 0x00000001
-#define MEM_PRESERVE_PLACEHOLDER 0x00000002
-#define MEM_REPLACE_PLACEHOLDER 0x00004000
-#define MEM_RESERVE_PLACEHOLDER 0x00040000
-
-#define SEC_HUGE_PAGES 0x00020000
-#define SEC_PARTITION_OWNER_HANDLE 0x00040000
-#define SEC_64K_PAGES 0x00080000
-#define SEC_BASED 0x00200000
-#define SEC_NO_CHANGE 0x00400000
-#define SEC_FILE 0x00800000
-#define SEC_IMAGE 0x01000000
-#define SEC_PROTECTED_IMAGE 0x02000000
-#define SEC_RESERVE 0x04000000
-#define SEC_COMMIT 0x08000000
-#define SEC_NOCACHE 0x10000000
-#define SEC_GLOBAL 0x20000000
-#define SEC_WRITECOMBINE 0x40000000
-#define SEC_LARGE_PAGES 0x80000000
-#define SEC_IMAGE_NO_EXECUTE (SEC_IMAGE | SEC_NOCACHE)
-#if (PHNT_MODE == PHNT_MODE_KERNEL)
-#define MEM_IMAGE SEC_IMAGE
-#endif
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-typedef enum _MEMORY_INFORMATION_CLASS
-{
- MemoryBasicInformation, // q: MEMORY_BASIC_INFORMATION
- MemoryWorkingSetInformation, // q: MEMORY_WORKING_SET_INFORMATION
- MemoryMappedFilenameInformation, // q: UNICODE_STRING
- MemoryRegionInformation, // q: MEMORY_REGION_INFORMATION
- MemoryWorkingSetExInformation, // q: MEMORY_WORKING_SET_EX_INFORMATION // since VISTA
- MemorySharedCommitInformation, // q: MEMORY_SHARED_COMMIT_INFORMATION // since WIN8
- MemoryImageInformation, // q: MEMORY_IMAGE_INFORMATION
- MemoryRegionInformationEx, // MEMORY_REGION_INFORMATION
- MemoryPrivilegedBasicInformation, // MEMORY_BASIC_INFORMATION
- MemoryEnclaveImageInformation, // MEMORY_ENCLAVE_IMAGE_INFORMATION // since REDSTONE3
- MemoryBasicInformationCapped, // 10
- MemoryPhysicalContiguityInformation, // MEMORY_PHYSICAL_CONTIGUITY_INFORMATION // since 20H1
- MemoryBadInformation, // since WIN11
- MemoryBadInformationAllProcesses, // since 22H1
- MaxMemoryInfoClass
-} MEMORY_INFORMATION_CLASS;
-#else
-#define MemoryBasicInformation 0x0
-#define MemoryWorkingSetInformation 0x1
-#define MemoryMappedFilenameInformation 0x2
-#define MemoryRegionInformation 0x3
-#define MemoryWorkingSetExInformation 0x4
-#define MemorySharedCommitInformation 0x5
-#define MemoryImageInformation 0x6
-#define MemoryRegionInformationEx 0x7
-#define MemoryPrivilegedBasicInformation 0x8
-#define MemoryEnclaveImageInformation 0x9
-#define MemoryBasicInformationCapped 0xA
-#define MemoryPhysicalContiguityInformation 0xB
-#define MemoryBadInformation 0xC
-#define MemoryBadInformationAllProcesses 0xD
-#endif
-
-typedef struct _MEMORY_WORKING_SET_BLOCK
-{
- ULONG_PTR Protection : 5;
- ULONG_PTR ShareCount : 3;
- ULONG_PTR Shared : 1;
- ULONG_PTR Node : 3;
-#ifdef _WIN64
- ULONG_PTR VirtualPage : 52;
-#else
- ULONG VirtualPage : 20;
-#endif
-} MEMORY_WORKING_SET_BLOCK, *PMEMORY_WORKING_SET_BLOCK;
-
-typedef struct _MEMORY_WORKING_SET_INFORMATION
-{
- ULONG_PTR NumberOfEntries;
- _Field_size_(NumberOfEntries) MEMORY_WORKING_SET_BLOCK WorkingSetInfo[1];
-} MEMORY_WORKING_SET_INFORMATION, *PMEMORY_WORKING_SET_INFORMATION;
-
-// private
-typedef struct _MEMORY_REGION_INFORMATION
-{
- PVOID AllocationBase;
- ULONG AllocationProtect;
- union
- {
- ULONG RegionType;
- struct
- {
- ULONG Private : 1;
- ULONG MappedDataFile : 1;
- ULONG MappedImage : 1;
- ULONG MappedPageFile : 1;
- ULONG MappedPhysical : 1;
- ULONG DirectMapped : 1;
- ULONG SoftwareEnclave : 1; // REDSTONE3
- ULONG PageSize64K : 1;
- ULONG PlaceholderReservation : 1; // REDSTONE4
- ULONG MappedAwe : 1; // 21H1
- ULONG MappedWriteWatch : 1;
- ULONG PageSizeLarge : 1;
- ULONG PageSizeHuge : 1;
- ULONG Reserved : 19;
- };
- };
- SIZE_T RegionSize;
- SIZE_T CommitSize;
- ULONG_PTR PartitionId; // 19H1
- ULONG_PTR NodePreference; // 20H1
-} MEMORY_REGION_INFORMATION, *PMEMORY_REGION_INFORMATION;
-
-// private
-typedef enum _MEMORY_WORKING_SET_EX_LOCATION
-{
- MemoryLocationInvalid,
- MemoryLocationResident,
- MemoryLocationPagefile,
- MemoryLocationReserved
-} MEMORY_WORKING_SET_EX_LOCATION;
-
-// private
-typedef struct _MEMORY_WORKING_SET_EX_BLOCK
-{
- union
- {
- struct
- {
- ULONG_PTR Valid : 1;
- ULONG_PTR ShareCount : 3;
- ULONG_PTR Win32Protection : 11;
- ULONG_PTR Shared : 1;
- ULONG_PTR Node : 6;
- ULONG_PTR Locked : 1;
- ULONG_PTR LargePage : 1;
- ULONG_PTR Priority : 3;
- ULONG_PTR Reserved : 3;
- ULONG_PTR SharedOriginal : 1;
- ULONG_PTR Bad : 1;
- ULONG_PTR Win32GraphicsProtection : 4; // 19H1
-#ifdef _WIN64
- ULONG_PTR ReservedUlong : 28;
-#endif
- };
- struct
- {
- ULONG_PTR Valid : 1;
- ULONG_PTR Reserved0 : 14;
- ULONG_PTR Shared : 1;
- ULONG_PTR Reserved1 : 5;
- ULONG_PTR PageTable : 1;
- ULONG_PTR Location : 2;
- ULONG_PTR Priority : 3;
- ULONG_PTR ModifiedList : 1;
- ULONG_PTR Reserved2 : 2;
- ULONG_PTR SharedOriginal : 1;
- ULONG_PTR Bad : 1;
-#ifdef _WIN64
- ULONG_PTR ReservedUlong : 32;
-#endif
- } Invalid;
- };
-} MEMORY_WORKING_SET_EX_BLOCK, *PMEMORY_WORKING_SET_EX_BLOCK;
-
-// private
-typedef struct _MEMORY_WORKING_SET_EX_INFORMATION
-{
- PVOID VirtualAddress;
- union
- {
- MEMORY_WORKING_SET_EX_BLOCK VirtualAttributes;
- ULONG_PTR Long;
- } u1;
-} MEMORY_WORKING_SET_EX_INFORMATION, *PMEMORY_WORKING_SET_EX_INFORMATION;
-
-// private
-typedef struct _MEMORY_SHARED_COMMIT_INFORMATION
-{
- SIZE_T CommitSize;
-} MEMORY_SHARED_COMMIT_INFORMATION, *PMEMORY_SHARED_COMMIT_INFORMATION;
-
-// private
-typedef struct _MEMORY_IMAGE_INFORMATION
-{
- PVOID ImageBase;
- SIZE_T SizeOfImage;
- union
- {
- ULONG ImageFlags;
- struct
- {
- ULONG ImagePartialMap : 1;
- ULONG ImageNotExecutable : 1;
- ULONG ImageSigningLevel : 4; // REDSTONE3
- ULONG Reserved : 26;
- };
- };
-} MEMORY_IMAGE_INFORMATION, *PMEMORY_IMAGE_INFORMATION;
-
-// private
-typedef struct _MEMORY_ENCLAVE_IMAGE_INFORMATION
-{
- MEMORY_IMAGE_INFORMATION ImageInfo;
- UCHAR UniqueID[32];
- UCHAR AuthorID[32];
-} MEMORY_ENCLAVE_IMAGE_INFORMATION, *PMEMORY_ENCLAVE_IMAGE_INFORMATION;
-
-// private
-typedef enum _MEMORY_PHYSICAL_CONTIGUITY_UNIT_STATE
-{
- MemoryNotContiguous,
- MemoryAlignedAndContiguous,
- MemoryNotResident,
- MemoryNotEligibleToMakeContiguous,
- MemoryContiguityStateMax,
-} MEMORY_PHYSICAL_CONTIGUITY_UNIT_STATE;
-
-// private
-typedef struct _MEMORY_PHYSICAL_CONTIGUITY_UNIT_INFORMATION
-{
- union
- {
- struct
- {
- ULONG State : 2;
- ULONG Reserved : 30;
- };
- ULONG AllInformation;
- };
-} MEMORY_PHYSICAL_CONTIGUITY_UNIT_INFORMATION, *PMEMORY_PHYSICAL_CONTIGUITY_UNIT_INFORMATION;
-
-// private
-typedef struct _MEMORY_PHYSICAL_CONTIGUITY_INFORMATION
-{
- PVOID VirtualAddress;
- ULONG_PTR Size;
- ULONG_PTR ContiguityUnitSize;
- ULONG Flags;
- PMEMORY_PHYSICAL_CONTIGUITY_UNIT_INFORMATION ContiguityUnitInformation;
-} MEMORY_PHYSICAL_CONTIGUITY_INFORMATION, *PMEMORY_PHYSICAL_CONTIGUITY_INFORMATION;
-
-#define MMPFNLIST_ZERO 0
-#define MMPFNLIST_FREE 1
-#define MMPFNLIST_STANDBY 2
-#define MMPFNLIST_MODIFIED 3
-#define MMPFNLIST_MODIFIEDNOWRITE 4
-#define MMPFNLIST_BAD 5
-#define MMPFNLIST_ACTIVE 6
-#define MMPFNLIST_TRANSITION 7
-
-//typedef enum _MMLISTS
-//{
-// ZeroedPageList = 0,
-// FreePageList = 1,
-// StandbyPageList = 2,
-// ModifiedPageList = 3,
-// ModifiedNoWritePageList = 4,
-// BadPageList = 5,
-// ActiveAndValid = 6,
-// TransitionPage = 7
-//} MMLISTS;
-
-#define MMPFNUSE_PROCESSPRIVATE 0
-#define MMPFNUSE_FILE 1
-#define MMPFNUSE_PAGEFILEMAPPED 2
-#define MMPFNUSE_PAGETABLE 3
-#define MMPFNUSE_PAGEDPOOL 4
-#define MMPFNUSE_NONPAGEDPOOL 5
-#define MMPFNUSE_SYSTEMPTE 6
-#define MMPFNUSE_SESSIONPRIVATE 7
-#define MMPFNUSE_METAFILE 8
-#define MMPFNUSE_AWEPAGE 9
-#define MMPFNUSE_DRIVERLOCKPAGE 10
-#define MMPFNUSE_KERNELSTACK 11
-
-//typedef enum _MMPFNUSE
-//{
-// ProcessPrivatePage,
-// MemoryMappedFilePage,
-// PageFileMappedPage,
-// PageTablePage,
-// PagedPoolPage,
-// NonPagedPoolPage,
-// SystemPTEPage,
-// SessionPrivatePage,
-// MetafilePage,
-// AWEPage,
-// DriverLockedPage,
-// KernelStackPage
-//} MMPFNUSE;
-
-// private
-typedef struct _MEMORY_FRAME_INFORMATION
-{
- ULONGLONG UseDescription : 4; // MMPFNUSE_*
- ULONGLONG ListDescription : 3; // MMPFNLIST_*
- ULONGLONG Cold : 1; // 19H1
- ULONGLONG Pinned : 1; // 1 - pinned, 0 - not pinned
- ULONGLONG DontUse : 48; // *_INFORMATION overlay
- ULONGLONG Priority : 3;
- ULONGLONG NonTradeable : 1;
- ULONGLONG Reserved : 3;
-} MEMORY_FRAME_INFORMATION;
-
-// private
-typedef struct _FILEOFFSET_INFORMATION
-{
- ULONGLONG DontUse : 9; // MEMORY_FRAME_INFORMATION overlay
- ULONGLONG Offset : 48; // mapped files
- ULONGLONG Reserved : 7;
-} FILEOFFSET_INFORMATION;
-
-// private
-typedef struct _PAGEDIR_INFORMATION
-{
- ULONGLONG DontUse : 9; // MEMORY_FRAME_INFORMATION overlay
- ULONGLONG PageDirectoryBase : 48; // private pages
- ULONGLONG Reserved : 7;
-} PAGEDIR_INFORMATION;
-
-// private
-typedef struct _UNIQUE_PROCESS_INFORMATION
-{
- ULONGLONG DontUse : 9; // MEMORY_FRAME_INFORMATION overlay
- ULONGLONG UniqueProcessKey : 48; // ProcessId
- ULONGLONG Reserved : 7;
-} UNIQUE_PROCESS_INFORMATION, *PUNIQUE_PROCESS_INFORMATION;
-
-// private
-typedef struct _MMPFN_IDENTITY
-{
- union
- {
- MEMORY_FRAME_INFORMATION e1; // all
- FILEOFFSET_INFORMATION e2; // mapped files
- PAGEDIR_INFORMATION e3; // private pages
- UNIQUE_PROCESS_INFORMATION e4; // owning process
- } u1;
- ULONG_PTR PageFrameIndex; // all
- union
- {
- struct
- {
- ULONG_PTR Image : 1;
- ULONG_PTR Mismatch : 1;
- } e1;
- struct
- {
- ULONG_PTR CombinedPage;
- } e2;
- ULONG_PTR FileObject; // mapped files
- ULONG_PTR UniqueFileObjectKey;
- ULONG_PTR ProtoPteAddress;
- ULONG_PTR VirtualAddress; // everything else
- } u2;
-} MMPFN_IDENTITY, *PMMPFN_IDENTITY;
-
-typedef struct _MMPFN_MEMSNAP_INFORMATION
-{
- ULONG_PTR InitialPageFrameIndex;
- ULONG_PTR Count;
-} MMPFN_MEMSNAP_INFORMATION, *PMMPFN_MEMSNAP_INFORMATION;
-
-typedef enum _SECTION_INFORMATION_CLASS
-{
- SectionBasicInformation, // q; SECTION_BASIC_INFORMATION
- SectionImageInformation, // q; SECTION_IMAGE_INFORMATION
- SectionRelocationInformation, // q; ULONG_PTR RelocationDelta // name:wow64:whNtQuerySection_SectionRelocationInformation // since WIN7
- SectionOriginalBaseInformation, // q; PVOID BaseAddress // since REDSTONE
- SectionInternalImageInformation, // SECTION_INTERNAL_IMAGE_INFORMATION // since REDSTONE2
- MaxSectionInfoClass
-} SECTION_INFORMATION_CLASS;
-
-typedef struct _SECTION_BASIC_INFORMATION
-{
- PVOID BaseAddress;
- ULONG AllocationAttributes;
- LARGE_INTEGER MaximumSize;
-} SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION;
-
-// symbols
-typedef struct _SECTION_IMAGE_INFORMATION
-{
- PVOID TransferAddress;
- ULONG ZeroBits;
- SIZE_T MaximumStackSize;
- SIZE_T CommittedStackSize;
- ULONG SubSystemType;
- union
- {
- struct
- {
- USHORT SubSystemMinorVersion;
- USHORT SubSystemMajorVersion;
- };
- ULONG SubSystemVersion;
- };
- union
- {
- struct
- {
- USHORT MajorOperatingSystemVersion;
- USHORT MinorOperatingSystemVersion;
- };
- ULONG OperatingSystemVersion;
- };
- USHORT ImageCharacteristics;
- USHORT DllCharacteristics;
- USHORT Machine;
- BOOLEAN ImageContainsCode;
- union
- {
- UCHAR ImageFlags;
- struct
- {
- UCHAR ComPlusNativeReady : 1;
- UCHAR ComPlusILOnly : 1;
- UCHAR ImageDynamicallyRelocated : 1;
- UCHAR ImageMappedFlat : 1;
- UCHAR BaseBelow4gb : 1;
- UCHAR ComPlusPrefer32bit : 1;
- UCHAR Reserved : 2;
- };
- };
- ULONG LoaderFlags;
- ULONG ImageFileSize;
- ULONG CheckSum;
-} SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION;
-
-// symbols
-typedef struct _SECTION_INTERNAL_IMAGE_INFORMATION
-{
- SECTION_IMAGE_INFORMATION SectionInformation;
- union
- {
- ULONG ExtendedFlags;
- struct
- {
- ULONG ImageExportSuppressionEnabled : 1;
- ULONG ImageCetShadowStacksReady : 1; // 20H1
- ULONG ImageXfgEnabled : 1; // 20H2
- ULONG ImageCetShadowStacksStrictMode : 1;
- ULONG ImageCetSetContextIpValidationRelaxedMode : 1;
- ULONG ImageCetDynamicApisAllowInProc : 1;
- ULONG ImageCetDowngradeReserved1 : 1;
- ULONG ImageCetDowngradeReserved2 : 1;
- ULONG Reserved : 24;
- };
- };
-} SECTION_INTERNAL_IMAGE_INFORMATION, *PSECTION_INTERNAL_IMAGE_INFORMATION;
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-typedef enum _SECTION_INHERIT
-{
- ViewShare = 1,
- ViewUnmap = 2
-} SECTION_INHERIT;
-#endif
-
-#define MEM_EXECUTE_OPTION_ENABLE 0x1
-#define MEM_EXECUTE_OPTION_DISABLE 0x2
-#define MEM_EXECUTE_OPTION_DISABLE_THUNK_EMULATION 0x4
-#define MEM_EXECUTE_OPTION_PERMANENT 0x8
-#define MEM_EXECUTE_OPTION_EXECUTE_DISPATCH_ENABLE 0x10
-#define MEM_EXECUTE_OPTION_IMAGE_DISPATCH_ENABLE 0x20
-#define MEM_EXECUTE_OPTION_DISABLE_EXCEPTION_CHAIN_VALIDATION 0x40
-#define MEM_EXECUTE_OPTION_VALID_FLAGS 0x7f
-
-// Virtual memory
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-_Must_inspect_result_
-_When_(return == 0, __drv_allocatesMem(mem))
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAllocateVirtualMemory(
- _In_ HANDLE ProcessHandle,
- _Inout_ _At_(*BaseAddress, _Readable_bytes_(*RegionSize) _Writable_bytes_(*RegionSize) _Post_readable_byte_size_(*RegionSize)) PVOID *BaseAddress,
- _In_ ULONG_PTR ZeroBits,
- _Inout_ PSIZE_T RegionSize,
- _In_ ULONG AllocationType,
- _In_ ULONG Protect
- );
-
-#if (PHNT_VERSION >= PHNT_REDSTONE5)
-
-_Must_inspect_result_
-_When_(return == 0, __drv_allocatesMem(mem))
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAllocateVirtualMemoryEx(
- _In_ HANDLE ProcessHandle,
- _Inout_ _At_(*BaseAddress, _Readable_bytes_(*RegionSize) _Writable_bytes_(*RegionSize) _Post_readable_byte_size_(*RegionSize)) PVOID *BaseAddress,
- _Inout_ PSIZE_T RegionSize,
- _In_ ULONG AllocationType,
- _In_ ULONG PageProtection,
- _Inout_updates_opt_(ExtendedParameterCount) PMEM_EXTENDED_PARAMETER ExtendedParameters,
- _In_ ULONG ExtendedParameterCount
- );
-
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtFreeVirtualMemory(
- _In_ HANDLE ProcessHandle,
- _Inout_ PVOID *BaseAddress,
- _Inout_ PSIZE_T RegionSize,
- _In_ ULONG FreeType
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtReadVirtualMemory(
- _In_ HANDLE ProcessHandle,
- _In_opt_ PVOID BaseAddress,
- _Out_writes_bytes_(BufferSize) PVOID Buffer,
- _In_ SIZE_T BufferSize,
- _Out_opt_ PSIZE_T NumberOfBytesRead
- );
-
-#if (PHNT_VERSION >= PHNT_WIN11)
-// rev
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtReadVirtualMemoryEx(
- _In_ HANDLE ProcessHandle,
- _In_opt_ PVOID BaseAddress,
- _Out_writes_bytes_(BufferSize) PVOID Buffer,
- _In_ SIZE_T BufferSize,
- _Out_opt_ PSIZE_T NumberOfBytesRead,
- _In_ ULONG Flags
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtWriteVirtualMemory(
- _In_ HANDLE ProcessHandle,
- _In_opt_ PVOID BaseAddress,
- _In_reads_bytes_(BufferSize) PVOID Buffer,
- _In_ SIZE_T BufferSize,
- _Out_opt_ PSIZE_T NumberOfBytesWritten
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtProtectVirtualMemory(
- _In_ HANDLE ProcessHandle,
- _Inout_ PVOID *BaseAddress,
- _Inout_ PSIZE_T RegionSize,
- _In_ ULONG NewProtect,
- _Out_ PULONG OldProtect
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryVirtualMemory(
- _In_ HANDLE ProcessHandle,
- _In_opt_ PVOID BaseAddress,
- _In_ MEMORY_INFORMATION_CLASS MemoryInformationClass,
- _Out_writes_bytes_(MemoryInformationLength) PVOID MemoryInformation,
- _In_ SIZE_T MemoryInformationLength,
- _Out_opt_ PSIZE_T ReturnLength
- );
-
-typedef struct _IO_STATUS_BLOCK* PIO_STATUS_BLOCK;
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtFlushVirtualMemory(
- _In_ HANDLE ProcessHandle,
- _Inout_ PVOID *BaseAddress,
- _Inout_ PSIZE_T RegionSize,
- _Out_ PIO_STATUS_BLOCK IoStatus
- );
-
-#endif
-
-// begin_private
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-typedef enum _VIRTUAL_MEMORY_INFORMATION_CLASS
-{
- VmPrefetchInformation, // ULONG
- VmPagePriorityInformation, // OFFER_PRIORITY
- VmCfgCallTargetInformation, // CFG_CALL_TARGET_LIST_INFORMATION // REDSTONE2
- VmPageDirtyStateInformation, // REDSTONE3
- VmImageHotPatchInformation, // 19H1
- VmPhysicalContiguityInformation, // 20H1
- VmVirtualMachinePrepopulateInformation,
- VmRemoveFromWorkingSetInformation,
- MaxVmInfoClass
-} VIRTUAL_MEMORY_INFORMATION_CLASS;
-#else
-#define VmPrefetchInformation 0x0
-#define VmPagePriorityInformation 0x1
-#define VmCfgCallTargetInformation 0x2
-#define VmPageDirtyStateInformation 0x3
-#define VmImageHotPatchInformation 0x4
-#define VmPhysicalContiguityInformation 0x5
-#define VmVirtualMachinePrepopulateInformation 0x6
-#define VmRemoveFromWorkingSetInformation 0x7
-#define MaxVmInfoClass 0x8
-#endif
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-typedef struct _MEMORY_RANGE_ENTRY
-{
- PVOID VirtualAddress;
- SIZE_T NumberOfBytes;
-} MEMORY_RANGE_ENTRY, *PMEMORY_RANGE_ENTRY;
-
-typedef struct _CFG_CALL_TARGET_LIST_INFORMATION
-{
- ULONG NumberOfEntries;
- ULONG Reserved;
- PULONG NumberOfEntriesProcessed;
- PCFG_CALL_TARGET_INFO CallTargetInfo;
- PVOID Section; // since REDSTONE5
- ULONGLONG FileOffset;
-} CFG_CALL_TARGET_LIST_INFORMATION, *PCFG_CALL_TARGET_LIST_INFORMATION;
-#endif
-// end_private
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetInformationVirtualMemory(
- _In_ HANDLE ProcessHandle,
- _In_ VIRTUAL_MEMORY_INFORMATION_CLASS VmInformationClass,
- _In_ ULONG_PTR NumberOfEntries,
- _In_reads_(NumberOfEntries) PMEMORY_RANGE_ENTRY VirtualAddresses,
- _In_reads_bytes_(VmInformationLength) PVOID VmInformation,
- _In_ ULONG VmInformationLength
- );
-
-#endif
-
-#define MAP_PROCESS 1
-#define MAP_SYSTEM 2
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtLockVirtualMemory(
- _In_ HANDLE ProcessHandle,
- _Inout_ PVOID *BaseAddress,
- _Inout_ PSIZE_T RegionSize,
- _In_ ULONG MapType
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtUnlockVirtualMemory(
- _In_ HANDLE ProcessHandle,
- _Inout_ PVOID *BaseAddress,
- _Inout_ PSIZE_T RegionSize,
- _In_ ULONG MapType
- );
-
-#endif
-
-// Sections
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateSection(
- _Out_ PHANDLE SectionHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_opt_ PLARGE_INTEGER MaximumSize,
- _In_ ULONG SectionPageProtection,
- _In_ ULONG AllocationAttributes,
- _In_opt_ HANDLE FileHandle
- );
-
-#if (PHNT_VERSION >= PHNT_REDSTONE5)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateSectionEx(
- _Out_ PHANDLE SectionHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_opt_ PLARGE_INTEGER MaximumSize,
- _In_ ULONG SectionPageProtection,
- _In_ ULONG AllocationAttributes,
- _In_opt_ HANDLE FileHandle,
- _Inout_updates_opt_(ExtendedParameterCount) PMEM_EXTENDED_PARAMETER ExtendedParameters,
- _In_ ULONG ExtendedParameterCount
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenSection(
- _Out_ PHANDLE SectionHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtMapViewOfSection(
- _In_ HANDLE SectionHandle,
- _In_ HANDLE ProcessHandle,
- _Inout_ _At_(*BaseAddress, _Readable_bytes_(*ViewSize) _Writable_bytes_(*ViewSize) _Post_readable_byte_size_(*ViewSize)) PVOID *BaseAddress,
- _In_ ULONG_PTR ZeroBits,
- _In_ SIZE_T CommitSize,
- _Inout_opt_ PLARGE_INTEGER SectionOffset,
- _Inout_ PSIZE_T ViewSize,
- _In_ SECTION_INHERIT InheritDisposition,
- _In_ ULONG AllocationType,
- _In_ ULONG Win32Protect
- );
-
-#if (PHNT_VERSION >= PHNT_REDSTONE5)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtMapViewOfSectionEx(
- _In_ HANDLE SectionHandle,
- _In_ HANDLE ProcessHandle,
- _Inout_ _At_(*BaseAddress, _Readable_bytes_(*ViewSize) _Writable_bytes_(*ViewSize) _Post_readable_byte_size_(*ViewSize)) PVOID *BaseAddress,
- _Inout_opt_ PLARGE_INTEGER SectionOffset,
- _Inout_ PSIZE_T ViewSize,
- _In_ ULONG AllocationType,
- _In_ ULONG Win32Protect,
- _Inout_updates_opt_(ExtendedParameterCount) PMEM_EXTENDED_PARAMETER ExtendedParameters,
- _In_ ULONG ExtendedParameterCount
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtUnmapViewOfSection(
- _In_ HANDLE ProcessHandle,
- _In_opt_ PVOID BaseAddress
- );
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtUnmapViewOfSectionEx(
- _In_ HANDLE ProcessHandle,
- _In_opt_ PVOID BaseAddress,
- _In_ ULONG Flags
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtExtendSection(
- _In_ HANDLE SectionHandle,
- _Inout_ PLARGE_INTEGER NewSectionSize
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQuerySection(
- _In_ HANDLE SectionHandle,
- _In_ SECTION_INFORMATION_CLASS SectionInformationClass,
- _Out_writes_bytes_(SectionInformationLength) PVOID SectionInformation,
- _In_ SIZE_T SectionInformationLength,
- _Out_opt_ PSIZE_T ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAreMappedFilesTheSame(
- _In_ PVOID File1MappedAsAnImage,
- _In_ PVOID File2MappedAsFile
- );
-
-#endif
-
-// Partitions
-
-#ifndef MEMORY_PARTITION_QUERY_ACCESS
-#define MEMORY_PARTITION_QUERY_ACCESS 0x0001
-#define MEMORY_PARTITION_MODIFY_ACCESS 0x0002
-#define MEMORY_PARTITION_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
- MEMORY_PARTITION_QUERY_ACCESS | MEMORY_PARTITION_MODIFY_ACCESS)
-#endif
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-// private
-typedef enum _PARTITION_INFORMATION_CLASS
-{
- SystemMemoryPartitionInformation, // q: MEMORY_PARTITION_CONFIGURATION_INFORMATION
- SystemMemoryPartitionMoveMemory, // s: MEMORY_PARTITION_TRANSFER_INFORMATION
- SystemMemoryPartitionAddPagefile, // s: MEMORY_PARTITION_PAGEFILE_INFORMATION
- SystemMemoryPartitionCombineMemory, // q; s: MEMORY_PARTITION_PAGE_COMBINE_INFORMATION
- SystemMemoryPartitionInitialAddMemory, // q; s: MEMORY_PARTITION_INITIAL_ADD_INFORMATION
- SystemMemoryPartitionGetMemoryEvents, // MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION // since REDSTONE2
- SystemMemoryPartitionSetAttributes,
- SystemMemoryPartitionNodeInformation,
- SystemMemoryPartitionCreateLargePages,
- SystemMemoryPartitionDedicatedMemoryInformation,
- SystemMemoryPartitionOpenDedicatedMemory, // 10
- SystemMemoryPartitionMemoryChargeAttributes,
- SystemMemoryPartitionClearAttributes,
- SystemMemoryPartitionSetMemoryThresholds, // since WIN11
- SystemMemoryPartitionMax
-} PARTITION_INFORMATION_CLASS, *PPARTITION_INFORMATION_CLASS;
-#else
-#define SystemMemoryPartitionInformation 0x0
-#define SystemMemoryPartitionMoveMemory 0x1
-#define SystemMemoryPartitionAddPagefile 0x2
-#define SystemMemoryPartitionCombineMemory 0x3
-#define SystemMemoryPartitionInitialAddMemory 0x4
-#define SystemMemoryPartitionGetMemoryEvents 0x5
-#define SystemMemoryPartitionSetAttributes 0x6
-#define SystemMemoryPartitionNodeInformation 0x7
-#define SystemMemoryPartitionCreateLargePages 0x8
-#define SystemMemoryPartitionDedicatedMemoryInformation 0x9
-#define SystemMemoryPartitionOpenDedicatedMemory 0xA
-#define SystemMemoryPartitionMemoryChargeAttributes 0xB
-#define SystemMemoryPartitionClearAttributes 0xC
-#define SystemMemoryPartitionSetMemoryThresholds 0xD
-#define SystemMemoryPartitionMax 0xE
-#endif
-
-// private
-typedef struct _MEMORY_PARTITION_CONFIGURATION_INFORMATION
-{
- ULONG Flags;
- ULONG NumaNode;
- ULONG Channel;
- ULONG NumberOfNumaNodes;
- ULONG_PTR ResidentAvailablePages;
- ULONG_PTR CommittedPages;
- ULONG_PTR CommitLimit;
- ULONG_PTR PeakCommitment;
- ULONG_PTR TotalNumberOfPages;
- ULONG_PTR AvailablePages;
- ULONG_PTR ZeroPages;
- ULONG_PTR FreePages;
- ULONG_PTR StandbyPages;
- ULONG_PTR StandbyPageCountByPriority[8]; // since REDSTONE2
- ULONG_PTR RepurposedPagesByPriority[8];
- ULONG_PTR MaximumCommitLimit;
- ULONG_PTR Reserved; // DonatedPagesToPartitions
- ULONG PartitionId; // since REDSTONE3
-} MEMORY_PARTITION_CONFIGURATION_INFORMATION, *PMEMORY_PARTITION_CONFIGURATION_INFORMATION;
-
-// private
-typedef struct _MEMORY_PARTITION_TRANSFER_INFORMATION
-{
- ULONG_PTR NumberOfPages;
- ULONG NumaNode;
- ULONG Flags;
-} MEMORY_PARTITION_TRANSFER_INFORMATION, *PMEMORY_PARTITION_TRANSFER_INFORMATION;
-
-// private
-typedef struct _MEMORY_PARTITION_PAGEFILE_INFORMATION
-{
- UNICODE_STRING PageFileName;
- LARGE_INTEGER MinimumSize;
- LARGE_INTEGER MaximumSize;
- ULONG Flags;
-} MEMORY_PARTITION_PAGEFILE_INFORMATION, *PMEMORY_PARTITION_PAGEFILE_INFORMATION;
-
-// private
-typedef struct _MEMORY_PARTITION_PAGE_COMBINE_INFORMATION
-{
- HANDLE StopHandle;
- ULONG Flags;
- ULONG_PTR TotalNumberOfPages;
-} MEMORY_PARTITION_PAGE_COMBINE_INFORMATION, *PMEMORY_PARTITION_PAGE_COMBINE_INFORMATION;
-
-// private
-typedef struct _MEMORY_PARTITION_PAGE_RANGE
-{
- ULONG_PTR StartPage;
- ULONG_PTR NumberOfPages;
-} MEMORY_PARTITION_PAGE_RANGE, *PMEMORY_PARTITION_PAGE_RANGE;
-
-// private
-typedef struct _MEMORY_PARTITION_INITIAL_ADD_INFORMATION
-{
- ULONG Flags;
- ULONG NumberOfRanges;
- ULONG_PTR NumberOfPagesAdded;
- MEMORY_PARTITION_PAGE_RANGE PartitionRanges[1];
-} MEMORY_PARTITION_INITIAL_ADD_INFORMATION, *PMEMORY_PARTITION_INITIAL_ADD_INFORMATION;
-
-// private
-typedef struct _MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION
-{
- union
- {
- struct
- {
- ULONG CommitEvents : 1;
- ULONG Spare : 31;
- };
- ULONG AllFlags;
- } Flags;
-
- ULONG HandleAttributes;
- ULONG DesiredAccess;
- HANDLE LowCommitCondition; // \KernelObjects\LowCommitCondition
- HANDLE HighCommitCondition; // \KernelObjects\HighCommitCondition
- HANDLE MaximumCommitCondition; // \KernelObjects\MaximumCommitCondition
-} MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION, *PMEMORY_PARTITION_MEMORY_EVENTS_INFORMATION;
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreatePartition(
- _In_opt_ HANDLE ParentPartitionHandle,
- _Out_ PHANDLE PartitionHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ ULONG PreferredNode
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenPartition(
- _Out_ PHANDLE PartitionHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtManagePartition(
- _In_ HANDLE TargetHandle,
- _In_opt_ HANDLE SourceHandle,
- _In_ PARTITION_INFORMATION_CLASS PartitionInformationClass,
- _Inout_updates_bytes_(PartitionInformationLength) PVOID PartitionInformation,
- _In_ ULONG PartitionInformationLength
- );
-
-#endif
-
-#endif
-
-// User physical pages
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtMapUserPhysicalPages(
- _In_ PVOID VirtualAddress,
- _In_ ULONG_PTR NumberOfPages,
- _In_reads_opt_(NumberOfPages) PULONG_PTR UserPfnArray
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtMapUserPhysicalPagesScatter(
- _In_reads_(NumberOfPages) PVOID *VirtualAddresses,
- _In_ ULONG_PTR NumberOfPages,
- _In_reads_opt_(NumberOfPages) PULONG_PTR UserPfnArray
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAllocateUserPhysicalPages(
- _In_ HANDLE ProcessHandle,
- _Inout_ PULONG_PTR NumberOfPages,
- _Out_writes_(*NumberOfPages) PULONG_PTR UserPfnArray
- );
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAllocateUserPhysicalPagesEx(
- _In_ HANDLE ProcessHandle,
- _Inout_ PULONG_PTR NumberOfPages,
- _Out_writes_(*NumberOfPages) PULONG_PTR UserPfnArray,
- _Inout_updates_opt_(ParameterCount) PMEM_EXTENDED_PARAMETER ExtendedParameters,
- _In_ ULONG ExtendedParameterCount
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtFreeUserPhysicalPages(
- _In_ HANDLE ProcessHandle,
- _Inout_ PULONG_PTR NumberOfPages,
- _In_reads_(*NumberOfPages) PULONG_PTR UserPfnArray
- );
-
-#endif
-
-// Misc.
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtGetWriteWatch(
- _In_ HANDLE ProcessHandle,
- _In_ ULONG Flags,
- _In_ PVOID BaseAddress,
- _In_ SIZE_T RegionSize,
- _Out_writes_(*EntriesInUserAddressArray) PVOID *UserAddressArray,
- _Inout_ PULONG_PTR EntriesInUserAddressArray,
- _Out_ PULONG Granularity
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtResetWriteWatch(
- _In_ HANDLE ProcessHandle,
- _In_ PVOID BaseAddress,
- _In_ SIZE_T RegionSize
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreatePagingFile(
- _In_ PUNICODE_STRING PageFileName,
- _In_ PLARGE_INTEGER MinimumSize,
- _In_ PLARGE_INTEGER MaximumSize,
- _In_ ULONG Priority
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtFlushInstructionCache(
- _In_ HANDLE ProcessHandle,
- _In_opt_ PVOID BaseAddress,
- _In_ SIZE_T Length
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtFlushWriteBuffer(
- VOID
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-// Enclave support
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateEnclave(
- _In_ HANDLE ProcessHandle,
- _Inout_ PVOID* BaseAddress,
- _In_ ULONG_PTR ZeroBits,
- _In_ SIZE_T Size,
- _In_ SIZE_T InitialCommitment,
- _In_ ULONG EnclaveType,
- _In_reads_bytes_(EnclaveInformationLength) PVOID EnclaveInformation,
- _In_ ULONG EnclaveInformationLength,
- _Out_opt_ PULONG EnclaveError
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtLoadEnclaveData(
- _In_ HANDLE ProcessHandle,
- _In_ PVOID BaseAddress,
- _In_reads_bytes_(BufferSize) PVOID Buffer,
- _In_ SIZE_T BufferSize,
- _In_ ULONG Protect,
- _In_reads_bytes_(PageInformationLength) PVOID PageInformation,
- _In_ ULONG PageInformationLength,
- _Out_opt_ PSIZE_T NumberOfBytesWritten,
- _Out_opt_ PULONG EnclaveError
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtInitializeEnclave(
- _In_ HANDLE ProcessHandle,
- _In_ PVOID BaseAddress,
- _In_reads_bytes_(EnclaveInformationLength) PVOID EnclaveInformation,
- _In_ ULONG EnclaveInformationLength,
- _Out_opt_ PULONG EnclaveError
- );
-
-// rev
-#define TERMINATE_ENCLAVE_VALID_FLAGS 0x00000005ul
-#define TERMINATE_ENCLAVE_FLAG_NO_WAIT 0x00000001ul
-#define TERMINATE_ENCLAVE_FLAG_WAIT_ERROR 0x00000004ul // STATUS_PENDING -> STATUS_ENCLAVE_NOT_TERMINATED
-
-// rev
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtTerminateEnclave(
- _In_ PVOID BaseAddress,
- _In_ ULONG Flags // TERMINATE_ENCLAVE_FLAG_*
- );
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-// rev
-#define ENCLAVE_CALL_VALID_FLAGS 0x00000001ul
-#define ENCLAVE_CALL_FLAG_NO_WAIT 0x00000001ul
-
-// rev
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCallEnclave(
- _In_ PENCLAVE_ROUTINE Routine,
- _In_ PVOID Reserved, // reserved for dispatch (RtlEnclaveCallDispatch)
- _In_ ULONG Flags, // ENCLAVE_CALL_FLAG_*
- _Inout_ PVOID* RoutineParamReturn // input routine parameter, output routine return value
- );
-#endif
-
-#endif
-
-#endif
diff --git a/deps/phnt-nightly/ntnls.h b/deps/phnt-nightly/ntnls.h
deleted file mode 100644
index 6babac8..0000000
--- a/deps/phnt-nightly/ntnls.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * National Language Support functions
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTNLS_H
-#define _NTNLS_H
-
-#define MAXIMUM_LEADBYTES 12
-
-typedef struct _CPTABLEINFO
-{
- USHORT CodePage;
- USHORT MaximumCharacterSize;
- USHORT DefaultChar;
- USHORT UniDefaultChar;
- USHORT TransDefaultChar;
- USHORT TransUniDefaultChar;
- USHORT DBCSCodePage;
- UCHAR LeadByte[MAXIMUM_LEADBYTES];
- PUSHORT MultiByteTable;
- PVOID WideCharTable;
- PUSHORT DBCSRanges;
- PUSHORT DBCSOffsets;
-} CPTABLEINFO, *PCPTABLEINFO;
-
-typedef struct _NLSTABLEINFO
-{
- CPTABLEINFO OemTableInfo;
- CPTABLEINFO AnsiTableInfo;
- PUSHORT UpperCaseTable;
- PUSHORT LowerCaseTable;
-} NLSTABLEINFO, *PNLSTABLEINFO;
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-NTSYSAPI USHORT NlsAnsiCodePage;
-NTSYSAPI BOOLEAN NlsMbCodePageTag;
-NTSYSAPI BOOLEAN NlsMbOemCodePageTag;
-#endif
-
-#endif
diff --git a/deps/phnt-nightly/ntobapi.h b/deps/phnt-nightly/ntobapi.h
deleted file mode 100644
index b77ce30..0000000
--- a/deps/phnt-nightly/ntobapi.h
+++ /dev/null
@@ -1,442 +0,0 @@
-/*
- * Object Manager support functions
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTOBAPI_H
-#define _NTOBAPI_H
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-#define OBJECT_TYPE_CREATE 0x0001
-#define OBJECT_TYPE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | OBJECT_TYPE_CREATE)
-#endif
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-#define DIRECTORY_QUERY 0x0001
-#define DIRECTORY_TRAVERSE 0x0002
-#define DIRECTORY_CREATE_OBJECT 0x0004
-#define DIRECTORY_CREATE_SUBDIRECTORY 0x0008
-#define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | DIRECTORY_QUERY | DIRECTORY_TRAVERSE | DIRECTORY_CREATE_OBJECT | DIRECTORY_CREATE_SUBDIRECTORY)
-#endif
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-#define SYMBOLIC_LINK_QUERY 0x0001
-#define SYMBOLIC_LINK_SET 0x0002
-#define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYMBOLIC_LINK_QUERY)
-#define SYMBOLIC_LINK_ALL_ACCESS_EX (STANDARD_RIGHTS_REQUIRED | 0xFFFF)
-#endif
-
-#ifndef OBJ_PROTECT_CLOSE
-#define OBJ_PROTECT_CLOSE 0x00000001
-#endif
-#ifndef OBJ_INHERIT
-#define OBJ_INHERIT 0x00000002
-#endif
-#ifndef OBJ_AUDIT_OBJECT_CLOSE
-#define OBJ_AUDIT_OBJECT_CLOSE 0x00000004
-#endif
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-typedef enum _OBJECT_INFORMATION_CLASS
-{
- ObjectBasicInformation, // q: OBJECT_BASIC_INFORMATION
- ObjectNameInformation, // q: OBJECT_NAME_INFORMATION
- ObjectTypeInformation, // q: OBJECT_TYPE_INFORMATION
- ObjectTypesInformation, // q: OBJECT_TYPES_INFORMATION
- ObjectHandleFlagInformation, // qs: OBJECT_HANDLE_FLAG_INFORMATION
- ObjectSessionInformation, // s: void // change object session // (requires SeTcbPrivilege)
- ObjectSessionObjectInformation, // s: void // change object session // (requires SeTcbPrivilege)
- MaxObjectInfoClass
-} OBJECT_INFORMATION_CLASS;
-#else
-#define ObjectBasicInformation 0
-#define ObjectNameInformation 1
-#define ObjectTypeInformation 2
-#define ObjectTypesInformation 3
-#define ObjectHandleFlagInformation 4
-#define ObjectSessionInformation 5
-#define ObjectSessionObjectInformation 6
-#endif
-
-typedef struct _OBJECT_BASIC_INFORMATION
-{
- ULONG Attributes;
- ACCESS_MASK GrantedAccess;
- ULONG HandleCount;
- ULONG PointerCount;
- ULONG PagedPoolCharge;
- ULONG NonPagedPoolCharge;
- ULONG Reserved[3];
- ULONG NameInfoSize;
- ULONG TypeInfoSize;
- ULONG SecurityDescriptorSize;
- LARGE_INTEGER CreationTime;
-} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-typedef struct _OBJECT_NAME_INFORMATION
-{
- UNICODE_STRING Name;
-} OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
-#endif
-
-typedef struct _OBJECT_TYPE_INFORMATION
-{
- UNICODE_STRING TypeName;
- ULONG TotalNumberOfObjects;
- ULONG TotalNumberOfHandles;
- ULONG TotalPagedPoolUsage;
- ULONG TotalNonPagedPoolUsage;
- ULONG TotalNamePoolUsage;
- ULONG TotalHandleTableUsage;
- ULONG HighWaterNumberOfObjects;
- ULONG HighWaterNumberOfHandles;
- ULONG HighWaterPagedPoolUsage;
- ULONG HighWaterNonPagedPoolUsage;
- ULONG HighWaterNamePoolUsage;
- ULONG HighWaterHandleTableUsage;
- ULONG InvalidAttributes;
- GENERIC_MAPPING GenericMapping;
- ULONG ValidAccessMask;
- BOOLEAN SecurityRequired;
- BOOLEAN MaintainHandleCount;
- UCHAR TypeIndex; // since WINBLUE
- CHAR ReservedByte;
- ULONG PoolType;
- ULONG DefaultPagedPoolCharge;
- ULONG DefaultNonPagedPoolCharge;
-} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
-
-typedef struct _OBJECT_TYPES_INFORMATION
-{
- ULONG NumberOfTypes;
-} OBJECT_TYPES_INFORMATION, *POBJECT_TYPES_INFORMATION;
-
-typedef struct _OBJECT_HANDLE_FLAG_INFORMATION
-{
- BOOLEAN Inherit;
- BOOLEAN ProtectFromClose;
-} OBJECT_HANDLE_FLAG_INFORMATION, *POBJECT_HANDLE_FLAG_INFORMATION;
-
-// Objects, handles
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryObject(
- _In_opt_ HANDLE Handle,
- _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass,
- _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation,
- _In_ ULONG ObjectInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetInformationObject(
- _In_ HANDLE Handle,
- _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass,
- _In_reads_bytes_(ObjectInformationLength) PVOID ObjectInformation,
- _In_ ULONG ObjectInformationLength
- );
-
-#define DUPLICATE_CLOSE_SOURCE 0x00000001
-#define DUPLICATE_SAME_ACCESS 0x00000002
-#define DUPLICATE_SAME_ATTRIBUTES 0x00000004
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtDuplicateObject(
- _In_ HANDLE SourceProcessHandle,
- _In_ HANDLE SourceHandle,
- _In_opt_ HANDLE TargetProcessHandle,
- _Out_opt_ PHANDLE TargetHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ ULONG HandleAttributes,
- _In_ ULONG Options
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtMakeTemporaryObject(
- _In_ HANDLE Handle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtMakePermanentObject(
- _In_ HANDLE Handle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSignalAndWaitForSingleObject(
- _In_ HANDLE SignalHandle,
- _In_ HANDLE WaitHandle,
- _In_ BOOLEAN Alertable,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtWaitForSingleObject(
- _In_ HANDLE Handle,
- _In_ BOOLEAN Alertable,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtWaitForMultipleObjects(
- _In_ ULONG Count,
- _In_reads_(Count) HANDLE Handles[],
- _In_ WAIT_TYPE WaitType,
- _In_ BOOLEAN Alertable,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-#if (PHNT_VERSION >= PHNT_WS03)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtWaitForMultipleObjects32(
- _In_ ULONG Count,
- _In_reads_(Count) LONG Handles[],
- _In_ WAIT_TYPE WaitType,
- _In_ BOOLEAN Alertable,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetSecurityObject(
- _In_ HANDLE Handle,
- _In_ SECURITY_INFORMATION SecurityInformation,
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQuerySecurityObject(
- _In_ HANDLE Handle,
- _In_ SECURITY_INFORMATION SecurityInformation,
- _Out_writes_bytes_opt_(Length) PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_ ULONG Length,
- _Out_ PULONG LengthNeeded
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtClose(
- _In_ _Post_ptr_invalid_ HANDLE Handle
- );
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCompareObjects(
- _In_ HANDLE FirstObjectHandle,
- _In_ HANDLE SecondObjectHandle
- );
-#endif
-
-#endif
-
-// Directory objects
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateDirectoryObject(
- _Out_ PHANDLE DirectoryHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateDirectoryObjectEx(
- _Out_ PHANDLE DirectoryHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ HANDLE ShadowDirectoryHandle,
- _In_ ULONG Flags
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenDirectoryObject(
- _Out_ PHANDLE DirectoryHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-typedef struct _OBJECT_DIRECTORY_INFORMATION
-{
- UNICODE_STRING Name;
- UNICODE_STRING TypeName;
-} OBJECT_DIRECTORY_INFORMATION, *POBJECT_DIRECTORY_INFORMATION;
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryDirectoryObject(
- _In_ HANDLE DirectoryHandle,
- _Out_writes_bytes_opt_(Length) PVOID Buffer,
- _In_ ULONG Length,
- _In_ BOOLEAN ReturnSingleEntry,
- _In_ BOOLEAN RestartScan,
- _Inout_ PULONG Context,
- _Out_opt_ PULONG ReturnLength
- );
-
-#endif
-
-// Private namespaces
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-// private
-typedef enum _BOUNDARY_ENTRY_TYPE
-{
- OBNS_Invalid,
- OBNS_Name,
- OBNS_SID,
- OBNS_IL
-} BOUNDARY_ENTRY_TYPE;
-
-// private
-typedef struct _OBJECT_BOUNDARY_ENTRY
-{
- BOUNDARY_ENTRY_TYPE EntryType;
- ULONG EntrySize;
-} OBJECT_BOUNDARY_ENTRY, *POBJECT_BOUNDARY_ENTRY;
-
-// rev
-#define OBJECT_BOUNDARY_DESCRIPTOR_VERSION 1
-
-// private
-typedef struct _OBJECT_BOUNDARY_DESCRIPTOR
-{
- ULONG Version;
- ULONG Items;
- ULONG TotalSize;
- union
- {
- ULONG Flags;
- struct
- {
- ULONG AddAppContainerSid : 1;
- ULONG Reserved : 31;
- };
- };
-} OBJECT_BOUNDARY_DESCRIPTOR, *POBJECT_BOUNDARY_DESCRIPTOR;
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreatePrivateNamespace(
- _Out_ PHANDLE NamespaceHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ POBJECT_BOUNDARY_DESCRIPTOR BoundaryDescriptor
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenPrivateNamespace(
- _Out_ PHANDLE NamespaceHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ POBJECT_BOUNDARY_DESCRIPTOR BoundaryDescriptor
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtDeletePrivateNamespace(
- _In_ HANDLE NamespaceHandle
- );
-
-#endif
-
-#endif
-
-// Symbolic links
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateSymbolicLinkObject(
- _Out_ PHANDLE LinkHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ PUNICODE_STRING LinkTarget
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenSymbolicLinkObject(
- _Out_ PHANDLE LinkHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQuerySymbolicLinkObject(
- _In_ HANDLE LinkHandle,
- _Inout_ PUNICODE_STRING LinkTarget,
- _Out_opt_ PULONG ReturnedLength
- );
-
-typedef enum _SYMBOLIC_LINK_INFO_CLASS
-{
- SymbolicLinkGlobalInformation = 1, // s: ULONG
- SymbolicLinkAccessMask, // s: ACCESS_MASK
- MaxnSymbolicLinkInfoClass
-} SYMBOLIC_LINK_INFO_CLASS;
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetInformationSymbolicLink(
- _In_ HANDLE LinkHandle,
- _In_ SYMBOLIC_LINK_INFO_CLASS SymbolicLinkInformationClass,
- _In_reads_bytes_(SymbolicLinkInformationLength) PVOID SymbolicLinkInformation,
- _In_ ULONG SymbolicLinkInformationLength
- );
-#endif
-
-#endif
-
-#endif
diff --git a/deps/phnt-nightly/ntpebteb.h b/deps/phnt-nightly/ntpebteb.h
deleted file mode 100644
index 7c11fa0..0000000
--- a/deps/phnt-nightly/ntpebteb.h
+++ /dev/null
@@ -1,514 +0,0 @@
-/*
- * Process and Thread Environment Block support functions
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTPEBTEB_H
-#define _NTPEBTEB_H
-
-typedef struct _RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
-typedef struct _RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION;
-typedef struct _SILO_USER_SHARED_DATA *PSILO_USER_SHARED_DATA;
-typedef struct _LEAP_SECOND_DATA *PLEAP_SECOND_DATA;
-
-#include
-
-// private
-#define KACF_OLDGETSHORTPATHNAME 0x00000001
-#define KACF_VERSIONLIE_NOT_USED 0x00000002
-#define KACF_GETDISKFREESPACE 0x00000008
-#define KACF_FTMFROMCURRENTAPT 0x00000020
-#define KACF_DISALLOWORBINDINGCHANGES 0x00000040
-#define KACF_OLE32VALIDATEPTRS 0x00000080
-#define KACF_DISABLECICERO 0x00000100
-#define KACF_OLE32ENABLEASYNCDOCFILE 0x00000200
-#define KACF_OLE32ENABLELEGACYEXCEPTIONHANDLING 0x00000400
-#define KACF_RPCDISABLENDRCLIENTHARDENING 0x00000800
-#define KACF_RPCDISABLENDRMAYBENULL_SIZEIS 0x00001000
-#define KACF_DISABLEALLDDEHACK_NOT_USED 0x00002000
-#define KACF_RPCDISABLENDR61_RANGE 0x00004000
-#define KACF_RPC32ENABLELEGACYEXCEPTIONHANDLING 0x00008000
-#define KACF_OLE32DOCFILEUSELEGACYNTFSFLAGS 0x00010000
-#define KACF_RPCDISABLENDRCONSTIIDCHECK 0x00020000
-#define KACF_USERDISABLEFORWARDERPATCH 0x00040000
-#define KACF_OLE32DISABLENEW_WMPAINT_DISPATCH 0x00100000
-#define KACF_ADDRESTRICTEDSIDINCOINITIALIZESECURITY 0x00200000
-#define KACF_ALLOCDEBUGINFOFORCRITSECTIONS 0x00400000
-#define KACF_OLEAUT32ENABLEUNSAFELOADTYPELIBRELATIVE 0x00800000
-#define KACF_ALLOWMAXIMIZEDWINDOWGAMMA 0x01000000
-#define KACF_DONOTADDTOCACHE 0x80000000
-
-// private
-typedef struct _API_SET_NAMESPACE
-{
- ULONG Version;
- ULONG Size;
- ULONG Flags;
- ULONG Count;
- ULONG EntryOffset;
- ULONG HashOffset;
- ULONG HashFactor;
-} API_SET_NAMESPACE, *PAPI_SET_NAMESPACE;
-
-// private
-typedef struct _API_SET_HASH_ENTRY
-{
- ULONG Hash;
- ULONG Index;
-} API_SET_HASH_ENTRY, *PAPI_SET_HASH_ENTRY;
-
-// private
-typedef struct _API_SET_NAMESPACE_ENTRY
-{
- ULONG Flags;
- ULONG NameOffset;
- ULONG NameLength;
- ULONG HashedLength;
- ULONG ValueOffset;
- ULONG ValueCount;
-} API_SET_NAMESPACE_ENTRY, *PAPI_SET_NAMESPACE_ENTRY;
-
-// private
-typedef struct _API_SET_VALUE_ENTRY
-{
- ULONG Flags;
- ULONG NameOffset;
- ULONG NameLength;
- ULONG ValueOffset;
- ULONG ValueLength;
-} API_SET_VALUE_ENTRY, *PAPI_SET_VALUE_ENTRY;
-
-// private
-typedef struct _TELEMETRY_COVERAGE_HEADER
-{
- UCHAR MajorVersion;
- UCHAR MinorVersion;
- struct
- {
- USHORT TracingEnabled : 1;
- USHORT Reserved1 : 15;
- };
- ULONG HashTableEntries;
- ULONG HashIndexMask;
- ULONG TableUpdateVersion;
- ULONG TableSizeInBytes;
- ULONG LastResetTick;
- ULONG ResetRound;
- ULONG Reserved2;
- ULONG RecordedCount;
- ULONG Reserved3[4];
- ULONG HashTable[ANYSIZE_ARRAY];
-} TELEMETRY_COVERAGE_HEADER, *PTELEMETRY_COVERAGE_HEADER;
-
-// symbols
-typedef struct _PEB
-{
- BOOLEAN InheritedAddressSpace;
- BOOLEAN ReadImageFileExecOptions;
- BOOLEAN BeingDebugged;
- union
- {
- BOOLEAN BitField;
- struct
- {
- BOOLEAN ImageUsesLargePages : 1;
- BOOLEAN IsProtectedProcess : 1;
- BOOLEAN IsImageDynamicallyRelocated : 1;
- BOOLEAN SkipPatchingUser32Forwarders : 1;
- BOOLEAN IsPackagedProcess : 1;
- BOOLEAN IsAppContainer : 1;
- BOOLEAN IsProtectedProcessLight : 1;
- BOOLEAN IsLongPathAwareProcess : 1;
- };
- };
-
- HANDLE Mutant;
-
- PVOID ImageBaseAddress;
- PPEB_LDR_DATA Ldr;
- PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
- PVOID SubSystemData;
- PVOID ProcessHeap;
- PRTL_CRITICAL_SECTION FastPebLock;
- PSLIST_HEADER AtlThunkSListPtr;
- PVOID IFEOKey;
-
- union
- {
- ULONG CrossProcessFlags;
- struct
- {
- ULONG ProcessInJob : 1;
- ULONG ProcessInitializing : 1;
- ULONG ProcessUsingVEH : 1;
- ULONG ProcessUsingVCH : 1;
- ULONG ProcessUsingFTH : 1;
- ULONG ProcessPreviouslyThrottled : 1;
- ULONG ProcessCurrentlyThrottled : 1;
- ULONG ProcessImagesHotPatched : 1; // REDSTONE5
- ULONG ReservedBits0 : 24;
- };
- };
- union
- {
- PVOID KernelCallbackTable;
- PVOID UserSharedInfoPtr;
- };
- ULONG SystemReserved;
- ULONG AtlThunkSListPtr32;
- PAPI_SET_NAMESPACE ApiSetMap;
- ULONG TlsExpansionCounter;
- PRTL_BITMAP TlsBitmap;
- ULONG TlsBitmapBits[2]; // TLS_MINIMUM_AVAILABLE
-
- PVOID ReadOnlySharedMemoryBase;
- PSILO_USER_SHARED_DATA SharedData; // HotpatchInformation
- PVOID *ReadOnlyStaticServerData;
-
- PVOID AnsiCodePageData; // PCPTABLEINFO
- PVOID OemCodePageData; // PCPTABLEINFO
- PVOID UnicodeCaseTableData; // PNLSTABLEINFO
-
- ULONG NumberOfProcessors;
- ULONG NtGlobalFlag;
-
- ULARGE_INTEGER CriticalSectionTimeout;
- SIZE_T HeapSegmentReserve;
- SIZE_T HeapSegmentCommit;
- SIZE_T HeapDeCommitTotalFreeThreshold;
- SIZE_T HeapDeCommitFreeBlockThreshold;
-
- ULONG NumberOfHeaps;
- ULONG MaximumNumberOfHeaps;
- PVOID *ProcessHeaps; // PHEAP
-
- PVOID GdiSharedHandleTable; // PGDI_SHARED_MEMORY
- PVOID ProcessStarterHelper;
- ULONG GdiDCAttributeList;
-
- PRTL_CRITICAL_SECTION LoaderLock;
-
- ULONG OSMajorVersion;
- ULONG OSMinorVersion;
- USHORT OSBuildNumber;
- USHORT OSCSDVersion;
- ULONG OSPlatformId;
- ULONG ImageSubsystem;
- ULONG ImageSubsystemMajorVersion;
- ULONG ImageSubsystemMinorVersion;
- KAFFINITY ActiveProcessAffinityMask;
- GDI_HANDLE_BUFFER GdiHandleBuffer;
- PVOID PostProcessInitRoutine;
-
- PRTL_BITMAP TlsExpansionBitmap;
- ULONG TlsExpansionBitmapBits[32]; // TLS_EXPANSION_SLOTS
-
- ULONG SessionId;
-
- ULARGE_INTEGER AppCompatFlags; // KACF_*
- ULARGE_INTEGER AppCompatFlagsUser;
- PVOID pShimData;
- PVOID AppCompatInfo; // APPCOMPAT_EXE_DATA
-
- UNICODE_STRING CSDVersion;
-
- PACTIVATION_CONTEXT_DATA ActivationContextData;
- PASSEMBLY_STORAGE_MAP ProcessAssemblyStorageMap;
- PACTIVATION_CONTEXT_DATA SystemDefaultActivationContextData;
- PASSEMBLY_STORAGE_MAP SystemAssemblyStorageMap;
-
- SIZE_T MinimumStackCommit;
-
- PVOID SparePointers[2]; // 19H1 (previously FlsCallback to FlsHighIndex)
- PVOID PatchLoaderData;
- PVOID ChpeV2ProcessInfo; // _CHPEV2_PROCESS_INFO
-
- ULONG AppModelFeatureState;
- ULONG SpareUlongs[2];
-
- USHORT ActiveCodePage;
- USHORT OemCodePage;
- USHORT UseCaseMapping;
- USHORT UnusedNlsField;
-
- PVOID WerRegistrationData;
- PVOID WerShipAssertPtr;
-
- union
- {
- PVOID pContextData; // WIN7
- PVOID pUnused; // WIN10
- PVOID EcCodeBitMap; // WIN11
- };
-
- PVOID pImageHeaderHash;
- union
- {
- ULONG TracingFlags;
- struct
- {
- ULONG HeapTracingEnabled : 1;
- ULONG CritSecTracingEnabled : 1;
- ULONG LibLoaderTracingEnabled : 1;
- ULONG SpareTracingBits : 29;
- };
- };
- ULONGLONG CsrServerReadOnlySharedMemoryBase;
- PRTL_CRITICAL_SECTION TppWorkerpListLock;
- LIST_ENTRY TppWorkerpList;
- PVOID WaitOnAddressHashTable[128];
- PTELEMETRY_COVERAGE_HEADER TelemetryCoverageHeader; // REDSTONE3
- ULONG CloudFileFlags;
- ULONG CloudFileDiagFlags; // REDSTONE4
- CHAR PlaceholderCompatibilityMode;
- CHAR PlaceholderCompatibilityModeReserved[7];
- PLEAP_SECOND_DATA LeapSecondData; // REDSTONE5
- union
- {
- ULONG LeapSecondFlags;
- struct
- {
- ULONG SixtySecondEnabled : 1;
- ULONG Reserved : 31;
- };
- };
- ULONG NtGlobalFlag2;
- ULONGLONG ExtendedFeatureDisableMask; // since WIN11
-} PEB, *PPEB;
-
-#ifdef _WIN64
-C_ASSERT(FIELD_OFFSET(PEB, SessionId) == 0x2C0);
-//C_ASSERT(sizeof(PEB) == 0x7B0); // REDSTONE3
-//C_ASSERT(sizeof(PEB) == 0x7B8); // REDSTONE4
-//C_ASSERT(sizeof(PEB) == 0x7C8); // REDSTONE5 // 19H1
-C_ASSERT(sizeof(PEB) == 0x7d0); // WIN11
-#else
-C_ASSERT(FIELD_OFFSET(PEB, SessionId) == 0x1D4);
-//C_ASSERT(sizeof(PEB) == 0x468); // REDSTONE3
-//C_ASSERT(sizeof(PEB) == 0x470); // REDSTONE4
-//C_ASSERT(sizeof(PEB) == 0x480); // REDSTONE5 // 19H1
-C_ASSERT(sizeof(PEB) == 0x488); // WIN11
-#endif
-
-#define GDI_BATCH_BUFFER_SIZE 310
-
-typedef struct _GDI_TEB_BATCH
-{
- ULONG Offset;
- ULONG_PTR HDC;
- ULONG Buffer[GDI_BATCH_BUFFER_SIZE];
-} GDI_TEB_BATCH, *PGDI_TEB_BATCH;
-
-typedef struct _TEB_ACTIVE_FRAME_CONTEXT
-{
- ULONG Flags;
- PSTR FrameName;
-} TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
-
-typedef struct _TEB_ACTIVE_FRAME_CONTEXT_EX
-{
- TEB_ACTIVE_FRAME_CONTEXT BasicContext;
- PSTR SourceLocation;
-} TEB_ACTIVE_FRAME_CONTEXT_EX, *PTEB_ACTIVE_FRAME_CONTEXT_EX;
-
-typedef struct _TEB_ACTIVE_FRAME
-{
- ULONG Flags;
- struct _TEB_ACTIVE_FRAME *Previous;
- PTEB_ACTIVE_FRAME_CONTEXT Context;
-} TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
-
-typedef struct _TEB_ACTIVE_FRAME_EX
-{
- TEB_ACTIVE_FRAME BasicFrame;
- PVOID ExtensionIdentifier;
-} TEB_ACTIVE_FRAME_EX, *PTEB_ACTIVE_FRAME_EX;
-
-#define STATIC_UNICODE_BUFFER_LENGTH 261
-#define WIN32_CLIENT_INFO_LENGTH 62
-
-typedef struct _TEB
-{
- NT_TIB NtTib;
-
- PVOID EnvironmentPointer;
- CLIENT_ID ClientId;
- PVOID ActiveRpcHandle;
- PVOID ThreadLocalStoragePointer;
- PPEB ProcessEnvironmentBlock;
-
- ULONG LastErrorValue;
- ULONG CountOfOwnedCriticalSections;
- PVOID CsrClientThread;
- PVOID Win32ThreadInfo;
- ULONG User32Reserved[26];
- ULONG UserReserved[5];
- PVOID WOW32Reserved;
- LCID CurrentLocale;
- ULONG FpSoftwareStatusRegister;
- PVOID ReservedForDebuggerInstrumentation[16];
-#ifdef _WIN64
- PVOID SystemReserved1[30];
-#else
- PVOID SystemReserved1[26];
-#endif
-
- CHAR PlaceholderCompatibilityMode;
- BOOLEAN PlaceholderHydrationAlwaysExplicit;
- CHAR PlaceholderReserved[10];
-
- ULONG ProxiedProcessId;
- ACTIVATION_CONTEXT_STACK ActivationStack;
-
- UCHAR WorkingOnBehalfTicket[8];
- NTSTATUS ExceptionCode;
-
- PACTIVATION_CONTEXT_STACK ActivationContextStackPointer;
- ULONG_PTR InstrumentationCallbackSp;
- ULONG_PTR InstrumentationCallbackPreviousPc;
- ULONG_PTR InstrumentationCallbackPreviousSp;
-#ifdef _WIN64
- ULONG TxFsContext;
-#endif
-
- BOOLEAN InstrumentationCallbackDisabled;
-#ifdef _WIN64
- BOOLEAN UnalignedLoadStoreExceptions;
-#endif
-#ifndef _WIN64
- UCHAR SpareBytes[23];
- ULONG TxFsContext;
-#endif
- GDI_TEB_BATCH GdiTebBatch;
- CLIENT_ID RealClientId;
- HANDLE GdiCachedProcessHandle;
- ULONG GdiClientPID;
- ULONG GdiClientTID;
- PVOID GdiThreadLocalInfo;
- ULONG_PTR Win32ClientInfo[WIN32_CLIENT_INFO_LENGTH];
-
- PVOID glDispatchTable[233];
- ULONG_PTR glReserved1[29];
- PVOID glReserved2;
- PVOID glSectionInfo;
- PVOID glSection;
- PVOID glTable;
- PVOID glCurrentRC;
- PVOID glContext;
-
- NTSTATUS LastStatusValue;
- UNICODE_STRING StaticUnicodeString;
- WCHAR StaticUnicodeBuffer[STATIC_UNICODE_BUFFER_LENGTH];
-
- PVOID DeallocationStack;
- PVOID TlsSlots[TLS_MINIMUM_AVAILABLE];
- LIST_ENTRY TlsLinks;
-
- PVOID Vdm;
- PVOID ReservedForNtRpc;
- PVOID DbgSsReserved[2];
-
- ULONG HardErrorMode;
-#ifdef _WIN64
- PVOID Instrumentation[11];
-#else
- PVOID Instrumentation[9];
-#endif
- GUID ActivityId;
-
- PVOID SubProcessTag;
- PVOID PerflibData;
- PVOID EtwTraceData;
- PVOID WinSockData;
- ULONG GdiBatchCount;
-
- union
- {
- PROCESSOR_NUMBER CurrentIdealProcessor;
- ULONG IdealProcessorValue;
- struct
- {
- UCHAR ReservedPad0;
- UCHAR ReservedPad1;
- UCHAR ReservedPad2;
- UCHAR IdealProcessor;
- };
- };
-
- ULONG GuaranteedStackBytes;
- PVOID ReservedForPerf;
- PVOID ReservedForOle; // tagSOleTlsData
- ULONG WaitingOnLoaderLock;
- PVOID SavedPriorityState;
- ULONG_PTR ReservedForCodeCoverage;
- PVOID ThreadPoolData;
- PVOID *TlsExpansionSlots;
-#ifdef _WIN64
- PVOID DeallocationBStore;
- PVOID BStoreLimit;
-#endif
- ULONG MuiGeneration;
- ULONG IsImpersonating;
- PVOID NlsCache;
- PVOID pShimData;
- ULONG HeapData;
- HANDLE CurrentTransactionHandle;
- PTEB_ACTIVE_FRAME ActiveFrame;
- PVOID FlsData;
-
- PVOID PreferredLanguages;
- PVOID UserPrefLanguages;
- PVOID MergedPrefLanguages;
- ULONG MuiImpersonation;
-
- union
- {
- USHORT CrossTebFlags;
- USHORT SpareCrossTebBits : 16;
- };
- union
- {
- USHORT SameTebFlags;
- struct
- {
- USHORT SafeThunkCall : 1;
- USHORT InDebugPrint : 1;
- USHORT HasFiberData : 1;
- USHORT SkipThreadAttach : 1;
- USHORT WerInShipAssertCode : 1;
- USHORT RanProcessInit : 1;
- USHORT ClonedThread : 1;
- USHORT SuppressDebugMsg : 1;
- USHORT DisableUserStackWalk : 1;
- USHORT RtlExceptionAttached : 1;
- USHORT InitialThread : 1;
- USHORT SessionAware : 1;
- USHORT LoadOwner : 1;
- USHORT LoaderWorker : 1;
- USHORT SkipLoaderInit : 1;
- USHORT SkipFileAPIBrokering : 1;
- };
- };
-
- PVOID TxnScopeEnterCallback;
- PVOID TxnScopeExitCallback;
- PVOID TxnScopeContext;
- ULONG LockCount;
- LONG WowTebOffset;
- PVOID ResourceRetValue;
- PVOID ReservedForWdf;
- ULONGLONG ReservedForCrt;
- GUID EffectiveContainerId;
- ULONGLONG LastSleepCounter; // Win11
- ULONG SpinCallCount;
- ULONGLONG ExtendedFeatureDisableMask;
-} TEB, *PTEB;
-
-#ifdef _WIN64
-C_ASSERT(sizeof(TEB) == 0x1850); // WIN11
-#else
-C_ASSERT(sizeof(TEB) == 0x1018); // WIN11
-#endif
-
-#endif
diff --git a/deps/phnt-nightly/ntpfapi.h b/deps/phnt-nightly/ntpfapi.h
deleted file mode 100644
index dc7354f..0000000
--- a/deps/phnt-nightly/ntpfapi.h
+++ /dev/null
@@ -1,456 +0,0 @@
-/*
- * Prefetcher (Superfetch) support functions
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTPFAPI_H
-#define _NTPFAPI_H
-
-// begin_private
-
-// Prefetch
-
-typedef enum _PF_BOOT_PHASE_ID
-{
- PfKernelInitPhase = 0,
- PfBootDriverInitPhase = 90,
- PfSystemDriverInitPhase = 120,
- PfSessionManagerInitPhase = 150,
- PfSMRegistryInitPhase = 180,
- PfVideoInitPhase = 210,
- PfPostVideoInitPhase = 240,
- PfBootAcceptedRegistryInitPhase = 270,
- PfUserShellReadyPhase = 300,
- PfMaxBootPhaseId = 900
-} PF_BOOT_PHASE_ID;
-
-typedef enum _PF_ENABLE_STATUS
-{
- PfSvNotSpecified,
- PfSvEnabled,
- PfSvDisabled,
- PfSvMaxEnableStatus
-} PF_ENABLE_STATUS;
-
-typedef struct _PF_TRACE_LIMITS
-{
- ULONG MaxNumPages;
- ULONG MaxNumSections;
- LONGLONG TimerPeriod;
-} PF_TRACE_LIMITS, *PPF_TRACE_LIMITS;
-
-typedef struct _PF_SYSTEM_PREFETCH_PARAMETERS
-{
- PF_ENABLE_STATUS EnableStatus[2];
- PF_TRACE_LIMITS TraceLimits[2];
- ULONG MaxNumActiveTraces;
- ULONG MaxNumSavedTraces;
- WCHAR RootDirPath[32];
- WCHAR HostingApplicationList[128];
-} PF_SYSTEM_PREFETCH_PARAMETERS, *PPF_SYSTEM_PREFETCH_PARAMETERS;
-
-#define PF_BOOT_CONTROL_VERSION 1
-
-typedef struct _PF_BOOT_CONTROL
-{
- ULONG Version;
- ULONG DisableBootPrefetching;
-} PF_BOOT_CONTROL, *PPF_BOOT_CONTROL;
-
-typedef enum _PREFETCHER_INFORMATION_CLASS
-{
- PrefetcherRetrieveTrace = 1, // q: CHAR[]
- PrefetcherSystemParameters, // q: PF_SYSTEM_PREFETCH_PARAMETERS
- PrefetcherBootPhase, // s: PF_BOOT_PHASE_ID
- PrefetcherSpare1, // PrefetcherRetrieveBootLoaderTrace // q: CHAR[]
- PrefetcherBootControl, // s: PF_BOOT_CONTROL
- PrefetcherScenarioPolicyControl,
- PrefetcherSpare2,
- PrefetcherAppLaunchScenarioControl,
- PrefetcherInformationMax
-} PREFETCHER_INFORMATION_CLASS;
-
-#define PREFETCHER_INFORMATION_VERSION 23 // rev
-#define PREFETCHER_INFORMATION_MAGIC ('kuhC') // rev
-
-typedef struct _PREFETCHER_INFORMATION
-{
- _In_ ULONG Version;
- _In_ ULONG Magic;
- _In_ PREFETCHER_INFORMATION_CLASS PrefetcherInformationClass;
- _Inout_ PVOID PrefetcherInformation;
- _Inout_ ULONG PrefetcherInformationLength;
-} PREFETCHER_INFORMATION, *PPREFETCHER_INFORMATION;
-
-// Superfetch
-
-typedef struct _PF_SYSTEM_SUPERFETCH_PARAMETERS
-{
- ULONG EnabledComponents;
- ULONG BootID;
- ULONG SavedSectInfoTracesMax;
- ULONG SavedPageAccessTracesMax;
- ULONG ScenarioPrefetchTimeoutStandby;
- ULONG ScenarioPrefetchTimeoutHibernate;
- ULONG ScenarioPrefetchTimeoutHiberBoot;
-} PF_SYSTEM_SUPERFETCH_PARAMETERS, *PPF_SYSTEM_SUPERFETCH_PARAMETERS;
-
-// rev
-typedef enum _PF_EVENT_TYPE
-{
- PfEventTypeImageLoad = 0,
- PfEventTypeAppLaunch = 1,
- PfEventTypeStartTrace = 2,
- PfEventTypeEndTrace = 3,
- PfEventTypeTimestamp = 4,
- PfEventTypeOperation = 5,
- PfEventTypeRepurpose = 6,
- PfEventTypeForegroundProcess = 7,
- PfEventTypeTimeRange = 8,
- PfEventTypeUserInput = 9,
- PfEventTypeFileAccess = 10,
- PfEventTypeUnmap = 11,
- PfEventTypeUtilization = 11,
- PfEventTypeMemInfo = 12,
- PfEventTypeFileDelete = 13,
- PfEventTypeAppExit = 14,
- PfEventTypeSystemTime = 15,
- PfEventTypePower = 16,
- PfEventTypeSessionChange = 17,
- PfEventTypeHardFaultTimeStamp = 18,
- PfEventTypeVirtualFree = 19,
- PfEventTypePerfInfo = 20,
- PfEventTypeProcessSnapshot = 21,
- PfEventTypeUserSnapshot = 22,
- PfEventTypeStreamSequenceNumber = 23,
- PfEventTypeFileTruncate = 24,
- PfEventTypeFileRename = 25,
- PfEventTypeFileCreate = 26,
- PfEventTypeAgCxContext = 27,
- PfEventTypePowerAction = 28,
- PfEventTypeHardFaultTS = 29,
- PfEventTypeRobustInfo = 30,
- PfEventTypeFileDefrag = 31,
- PfEventTypeMax = 32
-} PF_EVENT_TYPE;
-
-// rev
-typedef struct _PF_LOG_EVENT_DATA
-{
- ULONG EventType : 5; // PF_EVENT_TYPE
- ULONG Flags : 2;
- ULONG DataSize : 25;
- PVOID EventData;
-} PF_LOG_EVENT_DATA, *PPF_LOG_EVENT_DATA;
-
-#define PF_PFN_PRIO_REQUEST_VERSION 1
-#define PF_PFN_PRIO_REQUEST_QUERY_MEMORY_LIST 0x1
-#define PF_PFN_PRIO_REQUEST_VALID_FLAGS 0x1
-
-typedef struct _PF_PFN_PRIO_REQUEST
-{
- ULONG Version;
- ULONG RequestFlags;
- ULONG_PTR PfnCount;
- SYSTEM_MEMORY_LIST_INFORMATION MemInfo;
- MMPFN_IDENTITY PageData[256];
-} PF_PFN_PRIO_REQUEST, *PPF_PFN_PRIO_REQUEST;
-
-typedef enum _PFS_PRIVATE_PAGE_SOURCE_TYPE
-{
- PfsPrivateSourceKernel,
- PfsPrivateSourceSession,
- PfsPrivateSourceProcess,
- PfsPrivateSourceMax
-} PFS_PRIVATE_PAGE_SOURCE_TYPE;
-
-typedef struct _PFS_PRIVATE_PAGE_SOURCE
-{
- PFS_PRIVATE_PAGE_SOURCE_TYPE Type;
- union
- {
- ULONG SessionId;
- ULONG ProcessId;
- };
- ULONG ImagePathHash;
- ULONG_PTR UniqueProcessHash;
-} PFS_PRIVATE_PAGE_SOURCE, *PPFS_PRIVATE_PAGE_SOURCE;
-
-typedef struct _PF_PRIVSOURCE_INFO
-{
- PFS_PRIVATE_PAGE_SOURCE DbInfo;
- PVOID EProcess;
- SIZE_T WsPrivatePages;
- SIZE_T TotalPrivatePages;
- ULONG SessionID;
- CHAR ImageName[16];
- union {
- ULONG_PTR WsSwapPages; // process only PF_PRIVSOURCE_QUERY_WS_SWAP_PAGES.
- ULONG_PTR SessionPagedPoolPages; // session only.
- ULONG_PTR StoreSizePages; // process only PF_PRIVSOURCE_QUERY_STORE_INFO.
- };
- ULONG_PTR WsTotalPages; // process/session only.
- ULONG DeepFreezeTimeMs; // process only.
- ULONG ModernApp : 1; // process only.
- ULONG DeepFrozen : 1; // process only. If set, DeepFreezeTimeMs contains the time at which the freeze occurred
- ULONG Foreground : 1; // process only.
- ULONG PerProcessStore : 1; // process only.
- ULONG Spare : 28;
-} PF_PRIVSOURCE_INFO, *PPF_PRIVSOURCE_INFO;
-
-// rev
-#define PF_PRIVSOURCE_QUERY_REQUEST_VERSION 8
-#define PF_PRIVSOURCE_QUERY_REQUEST_FLAGS_QUERYWSPAGES 0x1
-#define PF_PRIVSOURCE_QUERY_REQUEST_FLAGS_QUERYCOMPRESSEDPAGES 0x2
-#define PF_PRIVSOURCE_QUERY_REQUEST_FLAGS_QUERYSKIPPAGES 0x4 // ??
-
-// rev
-typedef struct _PF_PRIVSOURCE_QUERY_REQUEST
-{
- ULONG Version;
- ULONG Flags;
- ULONG InfoCount;
- PF_PRIVSOURCE_INFO InfoArray[1];
-} PF_PRIVSOURCE_QUERY_REQUEST, *PPF_PRIVSOURCE_QUERY_REQUEST;
-
-// rev
-typedef enum _PF_PHASED_SCENARIO_TYPE
-{
- PfScenarioTypeNone,
- PfScenarioTypeStandby,
- PfScenarioTypeHibernate,
- PfScenarioTypeFUS,
- PfScenarioTypeMax
-} PF_PHASED_SCENARIO_TYPE;
-
-// rev
-#define PF_SCENARIO_PHASE_INFO_VERSION 4
-
-// rev
-typedef struct _PF_SCENARIO_PHASE_INFO
-{
- ULONG Version;
- PF_PHASED_SCENARIO_TYPE ScenType;
- ULONG PhaseId;
- ULONG SequenceNumber;
- ULONG Flags;
- ULONG FUSUserId;
-} PF_SCENARIO_PHASE_INFO, *PPF_SCENARIO_PHASE_INFO;
-
-// rev
-typedef struct _PF_MEMORY_LIST_NODE
-{
- ULONGLONG Node : 8;
- ULONGLONG Spare : 56;
- ULONGLONG StandbyLowPageCount;
- ULONGLONG StandbyMediumPageCount;
- ULONGLONG StandbyHighPageCount;
- ULONGLONG FreePageCount;
- ULONGLONG ModifiedPageCount;
-} PF_MEMORY_LIST_NODE, *PPF_MEMORY_LIST_NODE;
-
-// rev
-typedef struct _PF_ROBUST_PROCESS_ENTRY
-{
- ULONG ImagePathHash;
- ULONG Pid;
- ULONG Alignment;
-} PF_ROBUST_PROCESS_ENTRY, *PPF_ROBUST_PROCESS_ENTRY;
-
-// rev
-typedef struct _PF_ROBUST_FILE_ENTRY
-{
- ULONG FilePathHash;
-} PF_ROBUST_FILE_ENTRY, *PPF_ROBUST_FILE_ENTRY;
-
-// rev
-typedef enum _PF_ROBUSTNESS_CONTROL_COMMAND
-{
- PfRpControlUpdate = 0,
- PfRpControlReset = 1,
- PfRpControlRobustAllStart = 2,
- PfRpControlRobustAllStop = 3,
- PfRpControlCommandMax = 4
-} PF_ROBUSTNESS_CONTROL_COMMAND;
-
-// rev
-#define PF_ROBUSTNESS_CONTROL_VERSION 1
-
-// rev
-typedef struct _PF_ROBUSTNESS_CONTROL
-{
- ULONG Version;
- PF_ROBUSTNESS_CONTROL_COMMAND Command;
- ULONG DeprioProcessCount;
- ULONG ExemptProcessCount;
- ULONG DeprioFileCount;
- ULONG ExemptFileCount;
- PF_ROBUST_PROCESS_ENTRY ProcessEntries[1];
- PF_ROBUST_FILE_ENTRY FileEntries[1];
-} PF_ROBUSTNESS_CONTROL, *PPF_ROBUSTNESS_CONTROL;
-
-// rev
-typedef struct _PF_TIME_CONTROL
-{
- LONG TimeAdjustment;
-} PF_TIME_CONTROL, *PPF_TIME_CONTROL;
-
-#define PF_MEMORY_LIST_INFO_VERSION 1
-
-typedef struct _PF_MEMORY_LIST_INFO
-{
- ULONG Version;
- ULONG Size;
- ULONG NodeCount;
- PF_MEMORY_LIST_NODE Nodes[1];
-} PF_MEMORY_LIST_INFO, *PPF_MEMORY_LIST_INFO;
-
-typedef struct _PF_PHYSICAL_MEMORY_RANGE
-{
- ULONG_PTR BasePfn;
- ULONG_PTR PageCount;
-} PF_PHYSICAL_MEMORY_RANGE, *PPF_PHYSICAL_MEMORY_RANGE;
-
-#define PF_PHYSICAL_MEMORY_RANGE_INFO_V1_VERSION 1
-
-typedef struct _PF_PHYSICAL_MEMORY_RANGE_INFO_V1
-{
- ULONG Version;
- ULONG RangeCount;
- PF_PHYSICAL_MEMORY_RANGE Ranges[1];
-} PF_PHYSICAL_MEMORY_RANGE_INFO_V1, *PPF_PHYSICAL_MEMORY_RANGE_INFO_V1;
-
-#define PF_PHYSICAL_MEMORY_RANGE_INFO_V2_VERSION 2
-
-typedef struct _PF_PHYSICAL_MEMORY_RANGE_INFO_V2
-{
- ULONG Version;
- ULONG Flags;
- ULONG RangeCount;
- PF_PHYSICAL_MEMORY_RANGE Ranges[ANYSIZE_ARRAY];
-} PF_PHYSICAL_MEMORY_RANGE_INFO_V2, *PPF_PHYSICAL_MEMORY_RANGE_INFO_V2;
-
-// rev
-#define PF_REPURPOSED_BY_PREFETCH_INFO_VERSION 1
-
-// rev
-typedef struct _PF_REPURPOSED_BY_PREFETCH_INFO
-{
- ULONG Version;
- SIZE_T RepurposedByPrefetch;
-} PF_REPURPOSED_BY_PREFETCH_INFO, *PPF_REPURPOSED_BY_PREFETCH_INFO;
-
-// rev
-#define PF_VIRTUAL_QUERY_VERSION 1
-
-// rev
-typedef struct _PF_VIRTUAL_QUERY
-{
- ULONG Version;
- union
- {
- ULONG Flags;
- struct
- {
- ULONG FaultInPageTables : 1;
- ULONG ReportPageTables : 1;
- ULONG Spare : 30;
- };
- };
- PVOID QueryBuffer; // MEMORY_WORKING_SET_EX_INFORMATION[NumberOfPages] (input: VirtualAddress[], output: VirtualAttributes[])
- SIZE_T QueryBufferSize; // NumberOfPages * sizeof(MEMORY_WORKING_SET_EX_INFORMATION)
- HANDLE ProcessHandle;
-} PF_VIRTUAL_QUERY, *PPF_VIRTUAL_QUERY;
-
-// rev
-#define PF_MIN_WS_AGE_RATE_CONTROL_VERSION 1
-
-// rev
-typedef struct _PF_MIN_WS_AGE_RATE_CONTROL
-{
- ULONG Version;
- ULONG SecondsToOldestAge;
-} PF_MIN_WS_AGE_RATE_CONTROL, *PPF_MIN_WS_AGE_RATE_CONTROL;
-
-// rev
-#define PF_DEPRIORITIZE_OLD_PAGES_VERSION 3
-
-// rev
-typedef struct _PF_DEPRIORITIZE_OLD_PAGES
-{
- ULONG Version;
- HANDLE ProcessHandle;
- union
- {
- ULONG Flags;
- struct
- {
- ULONG TargetPriority : 4;
- ULONG TrimPages : 2;
- ULONG Spare : 26;
- };
- };
-} PF_DEPRIORITIZE_OLD_PAGES, *PPF_DEPRIORITIZE_OLD_PAGES;
-
-// rev
-#define PF_GPU_UTILIZATION_INFO_VERSION 1
-
-// rev
-typedef struct _PF_GPU_UTILIZATION_INFO
-{
- ULONG Version;
- ULONG SessionId;
- ULONGLONG GpuTime;
-} PF_GPU_UTILIZATION_INFO, *PPF_GPU_UTILIZATION_INFO;
-
-// rev
-typedef enum _SUPERFETCH_INFORMATION_CLASS
-{
- SuperfetchRetrieveTrace = 1, // q: CHAR[]
- SuperfetchSystemParameters, // q: PF_SYSTEM_SUPERFETCH_PARAMETERS
- SuperfetchLogEvent, // s: PF_LOG_EVENT_DATA
- SuperfetchGenerateTrace, // s: NULL
- SuperfetchPrefetch,
- SuperfetchPfnQuery, // q: PF_PFN_PRIO_REQUEST
- SuperfetchPfnSetPriority,
- SuperfetchPrivSourceQuery, // q: PF_PRIVSOURCE_QUERY_REQUEST
- SuperfetchSequenceNumberQuery, // q: ULONG
- SuperfetchScenarioPhase, // 10
- SuperfetchWorkerPriority, // s: KPRIORITY
- SuperfetchScenarioQuery, // q: PF_SCENARIO_PHASE_INFO
- SuperfetchScenarioPrefetch,
- SuperfetchRobustnessControl, // s: PF_ROBUSTNESS_CONTROL
- SuperfetchTimeControl, // s: PF_TIME_CONTROL
- SuperfetchMemoryListQuery, // q: PF_MEMORY_LIST_INFO
- SuperfetchMemoryRangesQuery, // q: PF_PHYSICAL_MEMORY_RANGE_INFO
- SuperfetchTracingControl,
- SuperfetchTrimWhileAgingControl,
- SuperfetchRepurposedByPrefetch, // q: PF_REPURPOSED_BY_PREFETCH_INFO // 20
- SuperfetchChannelPowerRequest,
- SuperfetchMovePages,
- SuperfetchVirtualQuery, // q: PF_VIRTUAL_QUERY
- SuperfetchCombineStatsQuery,
- SuperfetchSetMinWsAgeRate, // s: PF_MIN_WS_AGE_RATE_CONTROL
- SuperfetchDeprioritizeOldPagesInWs, // s: PF_DEPRIORITIZE_OLD_PAGES
- SuperfetchFileExtentsQuery, // q: PF_FILE_EXTENTS_INFO
- SuperfetchGpuUtilizationQuery, // q: PF_GPU_UTILIZATION_INFO
- SuperfetchPfnSet, // s: PF_PFN_PRIO_REQUEST // since WIN11
- SuperfetchInformationMax
-} SUPERFETCH_INFORMATION_CLASS;
-
-#define SUPERFETCH_INFORMATION_VERSION 45 // rev
-#define SUPERFETCH_INFORMATION_MAGIC ('kuhC') // rev
-
-typedef struct _SUPERFETCH_INFORMATION
-{
- _In_ ULONG Version;
- _In_ ULONG Magic;
- _In_ SUPERFETCH_INFORMATION_CLASS SuperfetchInformationClass;
- _Inout_ PVOID SuperfetchInformation;
- _Inout_ ULONG SuperfetchInformationLength;
-} SUPERFETCH_INFORMATION, *PSUPERFETCH_INFORMATION;
-
-// end_private
-
-#endif
diff --git a/deps/phnt-nightly/ntpnpapi.h b/deps/phnt-nightly/ntpnpapi.h
deleted file mode 100644
index dd1147e..0000000
--- a/deps/phnt-nightly/ntpnpapi.h
+++ /dev/null
@@ -1,207 +0,0 @@
-/*
- * Plug and Play support functions
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTPNPAPI_H
-#define _NTPNPAPI_H
-
-typedef enum _PLUGPLAY_EVENT_CATEGORY
-{
- HardwareProfileChangeEvent,
- TargetDeviceChangeEvent,
- DeviceClassChangeEvent,
- CustomDeviceEvent,
- DeviceInstallEvent,
- DeviceArrivalEvent,
- PowerEvent,
- VetoEvent,
- BlockedDriverEvent,
- InvalidIDEvent,
- MaxPlugEventCategory
-} PLUGPLAY_EVENT_CATEGORY, *PPLUGPLAY_EVENT_CATEGORY;
-
-typedef struct _PLUGPLAY_EVENT_BLOCK
-{
- GUID EventGuid;
- PLUGPLAY_EVENT_CATEGORY EventCategory;
- PULONG Result;
- ULONG Flags;
- ULONG TotalSize;
- PVOID DeviceObject;
-
- union
- {
- struct
- {
- GUID ClassGuid;
- WCHAR SymbolicLinkName[1];
- } DeviceClass;
- struct
- {
- WCHAR DeviceIds[1];
- } TargetDevice;
- struct
- {
- WCHAR DeviceId[1];
- } InstallDevice;
- struct
- {
- PVOID NotificationStructure;
- WCHAR DeviceIds[1];
- } CustomNotification;
- struct
- {
- PVOID Notification;
- } ProfileNotification;
- struct
- {
- ULONG NotificationCode;
- ULONG NotificationData;
- } PowerNotification;
- struct
- {
- PNP_VETO_TYPE VetoType;
- WCHAR DeviceIdVetoNameBuffer[1]; // DeviceIdVetoName
- } VetoNotification;
- struct
- {
- GUID BlockedDriverGuid;
- } BlockedDriverNotification;
- struct
- {
- WCHAR ParentId[1];
- } InvalidIDNotification;
- } u;
-} PLUGPLAY_EVENT_BLOCK, *PPLUGPLAY_EVENT_BLOCK;
-
-typedef enum _PLUGPLAY_CONTROL_CLASS
-{
- PlugPlayControlEnumerateDevice, // PLUGPLAY_CONTROL_ENUMERATE_DEVICE_DATA
- PlugPlayControlRegisterNewDevice, // PLUGPLAY_CONTROL_DEVICE_CONTROL_DATA
- PlugPlayControlDeregisterDevice, // PLUGPLAY_CONTROL_DEVICE_CONTROL_DATA
- PlugPlayControlInitializeDevice, // PLUGPLAY_CONTROL_DEVICE_CONTROL_DATA
- PlugPlayControlStartDevice, // PLUGPLAY_CONTROL_DEVICE_CONTROL_DATA
- PlugPlayControlUnlockDevice, // PLUGPLAY_CONTROL_DEVICE_CONTROL_DATA
- PlugPlayControlQueryAndRemoveDevice, // PLUGPLAY_CONTROL_QUERY_AND_REMOVE_DATA
- PlugPlayControlUserResponse, // PLUGPLAY_CONTROL_USER_RESPONSE_DATA
- PlugPlayControlGenerateLegacyDevice, // PLUGPLAY_CONTROL_LEGACY_DEVGEN_DATA
- PlugPlayControlGetInterfaceDeviceList, // PLUGPLAY_CONTROL_INTERFACE_LIST_DATA
- PlugPlayControlProperty, // PLUGPLAY_CONTROL_PROPERTY_DATA
- PlugPlayControlDeviceClassAssociation, // PLUGPLAY_CONTROL_CLASS_ASSOCIATION_DATA
- PlugPlayControlGetRelatedDevice, // PLUGPLAY_CONTROL_RELATED_DEVICE_DATA
- PlugPlayControlGetInterfaceDeviceAlias, // PLUGPLAY_CONTROL_INTERFACE_ALIAS_DATA
- PlugPlayControlDeviceStatus, // PLUGPLAY_CONTROL_STATUS_DATA
- PlugPlayControlGetDeviceDepth, // PLUGPLAY_CONTROL_DEPTH_DATA
- PlugPlayControlQueryDeviceRelations, // PLUGPLAY_CONTROL_DEVICE_RELATIONS_DATA
- PlugPlayControlTargetDeviceRelation, // PLUGPLAY_CONTROL_TARGET_RELATION_DATA
- PlugPlayControlQueryConflictList, // PLUGPLAY_CONTROL_CONFLICT_LIST
- PlugPlayControlRetrieveDock, // PLUGPLAY_CONTROL_RETRIEVE_DOCK_DATA
- PlugPlayControlResetDevice, // PLUGPLAY_CONTROL_DEVICE_CONTROL_DATA
- PlugPlayControlHaltDevice, // PLUGPLAY_CONTROL_DEVICE_CONTROL_DATA
- PlugPlayControlGetBlockedDriverList, // PLUGPLAY_CONTROL_BLOCKED_DRIVER_DATA
- PlugPlayControlGetDeviceInterfaceEnabled, // PLUGPLAY_CONTROL_DEVICE_INTERFACE_ENABLED
- MaxPlugPlayControl
-} PLUGPLAY_CONTROL_CLASS, *PPLUGPLAY_CONTROL_CLASS;
-
-// pub
-typedef enum _DEVICE_RELATION_TYPE
-{
- BusRelations,
- EjectionRelations,
- PowerRelations,
- RemovalRelations,
- TargetDeviceRelation,
- SingleBusRelations,
- TransportRelations
-} DEVICE_RELATION_TYPE, *PDEVICE_RELATION_TYPE;
-
-// pub
-typedef enum _BUS_QUERY_ID_TYPE
-{
- BusQueryDeviceID = 0, // \
- BusQueryHardwareIDs = 1, // Hardware ids
- BusQueryCompatibleIDs = 2, // compatible device ids
- BusQueryInstanceID = 3, // persistent id for this instance of the device
- BusQueryDeviceSerialNumber = 4, // serial number for this device
- BusQueryContainerID = 5 // unique id of the device's physical container
-} BUS_QUERY_ID_TYPE, *PBUS_QUERY_ID_TYPE;
-
-// pub
-typedef enum _DEVICE_TEXT_TYPE
-{
- DeviceTextDescription = 0, // DeviceDesc property
- DeviceTextLocationInformation = 1 // DeviceLocation property
-} DEVICE_TEXT_TYPE, *PDEVICE_TEXT_TYPE;
-
-// pub
-typedef enum _DEVICE_USAGE_NOTIFICATION_TYPE
-{
- DeviceUsageTypeUndefined,
- DeviceUsageTypePaging,
- DeviceUsageTypeHibernation,
- DeviceUsageTypeDumpFile,
- DeviceUsageTypeBoot,
- DeviceUsageTypePostDisplay,
- DeviceUsageTypeGuestAssigned
-} DEVICE_USAGE_NOTIFICATION_TYPE, *PDEVICE_USAGE_NOTIFICATION_TYPE;
-
-#if (PHNT_VERSION < PHNT_WIN8)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtGetPlugPlayEvent(
- _In_ HANDLE EventHandle,
- _In_opt_ PVOID Context,
- _Out_writes_bytes_(EventBufferSize) PPLUGPLAY_EVENT_BLOCK EventBlock,
- _In_ ULONG EventBufferSize
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtPlugPlayControl(
- _In_ PLUGPLAY_CONTROL_CLASS PnPControlClass,
- _Inout_updates_bytes_(PnPControlDataLength) PVOID PnPControlData,
- _In_ ULONG PnPControlDataLength
- );
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSerializeBoot(
- VOID
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtEnableLastKnownGood(
- VOID
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtDisableLastKnownGood(
- VOID
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtReplacePartitionUnit(
- _In_ PUNICODE_STRING TargetInstancePath,
- _In_ PUNICODE_STRING SpareInstancePath,
- _In_ ULONG Flags
- );
-#endif
-
-#endif
diff --git a/deps/phnt-nightly/ntpoapi.h b/deps/phnt-nightly/ntpoapi.h
deleted file mode 100644
index 302feed..0000000
--- a/deps/phnt-nightly/ntpoapi.h
+++ /dev/null
@@ -1,791 +0,0 @@
-/*
- * Power Management support functions
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTPOAPI_H
-#define _NTPOAPI_H
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-// POWER_INFORMATION_LEVEL
-// Note: We don't use an enum for these values to minimize conflicts with the Windows SDK. (dmex)
-#define SystemPowerPolicyAc 0 // SYSTEM_POWER_POLICY // GET: InputBuffer NULL. SET: InputBuffer not NULL.
-#define SystemPowerPolicyDc 1 // SYSTEM_POWER_POLICY
-#define VerifySystemPolicyAc 2 // SYSTEM_POWER_POLICY
-#define VerifySystemPolicyDc 3 // SYSTEM_POWER_POLICY
-#define SystemPowerCapabilities 4 // SYSTEM_POWER_CAPABILITIES
-#define SystemBatteryState 5 // SYSTEM_BATTERY_STATE
-#define SystemPowerStateHandler 6 // POWER_STATE_HANDLER // (kernel-mode only)
-#define ProcessorStateHandler 7 // PROCESSOR_STATE_HANDLER // (kernel-mode only)
-#define SystemPowerPolicyCurrent 8 // SYSTEM_POWER_POLICY
-#define AdministratorPowerPolicy 9 // ADMINISTRATOR_POWER_POLICY
-#define SystemReserveHiberFile 10 // BOOLEAN // (requires SeCreatePagefilePrivilege) // TRUE: hibernation file created. FALSE: hibernation file deleted.
-#define ProcessorInformation 11 // PROCESSOR_POWER_INFORMATION
-#define SystemPowerInformation 12 // SYSTEM_POWER_INFORMATION
-#define ProcessorStateHandler2 13 // PROCESSOR_STATE_HANDLER2 // not implemented
-#define LastWakeTime 14 // ULONGLONG // InterruptTime
-#define LastSleepTime 15 // ULONGLONG // InterruptTime
-#define SystemExecutionState 16 // EXECUTION_STATE // NtSetThreadExecutionState
-#define SystemPowerStateNotifyHandler 17 // POWER_STATE_NOTIFY_HANDLER // (kernel-mode only)
-#define ProcessorPowerPolicyAc 18 // PROCESSOR_POWER_POLICY // not implemented
-#define ProcessorPowerPolicyDc 19 // PROCESSOR_POWER_POLICY // not implemented
-#define VerifyProcessorPowerPolicyAc 20 // PROCESSOR_POWER_POLICY // not implemented
-#define VerifyProcessorPowerPolicyDc 21 // PROCESSOR_POWER_POLICY // not implemented
-#define ProcessorPowerPolicyCurrent 22 // PROCESSOR_POWER_POLICY // not implemented
-#define SystemPowerStateLogging 23 // SYSTEM_POWER_STATE_DISABLE_REASON[]
-#define SystemPowerLoggingEntry 24 // SYSTEM_POWER_LOGGING_ENTRY[] // (kernel-mode only)
-#define SetPowerSettingValue 25 // (kernel-mode only)
-#define NotifyUserPowerSetting 26 // not implemented
-#define PowerInformationLevelUnused0 27 // not implemented
-#define SystemMonitorHiberBootPowerOff 28 // NULL (PowerMonitorOff)
-#define SystemVideoState 29 // MONITOR_DISPLAY_STATE
-#define TraceApplicationPowerMessage 30 // (kernel-mode only)
-#define TraceApplicationPowerMessageEnd 31 // (kernel-mode only)
-#define ProcessorPerfStates 32 // (kernel-mode only)
-#define ProcessorIdleStates 33 // PROCESSOR_IDLE_STATES // (kernel-mode only)
-#define ProcessorCap 34 // PROCESSOR_CAP // (kernel-mode only)
-#define SystemWakeSource 35 // out: POWER_WAKE_SOURCE_INFO
-#define SystemHiberFileInformation 36 // out: SYSTEM_HIBERFILE_INFORMATION
-#define TraceServicePowerMessage 37
-#define ProcessorLoad 38 // in: PROCESSOR_LOAD (sets), in: PPROCESSOR_NUMBER (clears)
-#define PowerShutdownNotification 39 // (kernel-mode only)
-#define MonitorCapabilities 40 // (kernel-mode only)
-#define SessionPowerInit 41 // (kernel-mode only)
-#define SessionDisplayState 42 // (kernel-mode only)
-#define PowerRequestCreate 43 // in: COUNTED_REASON_CONTEXT, out: HANDLE
-#define PowerRequestAction 44 // in: POWER_REQUEST_ACTION
-#define GetPowerRequestList 45 // out: POWER_REQUEST_LIST
-#define ProcessorInformationEx 46 // in: USHORT ProcessorGroup, out: PROCESSOR_POWER_INFORMATION
-#define NotifyUserModeLegacyPowerEvent 47 // (kernel-mode only)
-#define GroupPark 48 // (debug-mode boot only)
-#define ProcessorIdleDomains 49 // (kernel-mode only)
-#define WakeTimerList 50 // out: WAKE_TIMER_INFO[]
-#define SystemHiberFileSize 51 // ULONG
-#define ProcessorIdleStatesHv 52 // (kernel-mode only)
-#define ProcessorPerfStatesHv 53 // (kernel-mode only)
-#define ProcessorPerfCapHv 54 // PROCESSOR_PERF_CAP_HV // (kernel-mode only)
-#define ProcessorSetIdle 55 // (debug-mode boot only)
-#define LogicalProcessorIdling 56 // (kernel-mode only)
-#define UserPresence 57 // POWER_USER_PRESENCE // not implemented
-#define PowerSettingNotificationName 58
-#define GetPowerSettingValue 59 // GUID
-#define IdleResiliency 60 // POWER_IDLE_RESILIENCY
-#define SessionRITState 61 // POWER_SESSION_RIT_STATE
-#define SessionConnectNotification 62 // POWER_SESSION_WINLOGON
-#define SessionPowerCleanup 63
-#define SessionLockState 64 // POWER_SESSION_WINLOGON
-#define SystemHiberbootState 65 // BOOLEAN // fast startup supported
-#define PlatformInformation 66 // BOOLEAN // connected standby supported
-#define PdcInvocation 67 // (kernel-mode only)
-#define MonitorInvocation 68 // (kernel-mode only)
-#define FirmwareTableInformationRegistered 69 // (kernel-mode only)
-#define SetShutdownSelectedTime 70 // NULL
-#define SuspendResumeInvocation 71 // (kernel-mode only)
-#define PlmPowerRequestCreate 72 // in: COUNTED_REASON_CONTEXT, out: HANDLE
-#define ScreenOff 73 // NULL (PowerMonitorOff)
-#define CsDeviceNotification 74 // (kernel-mode only)
-#define PlatformRole 75 // POWER_PLATFORM_ROLE
-#define LastResumePerformance 76 // RESUME_PERFORMANCE
-#define DisplayBurst 77 // NULL (PowerMonitorOn)
-#define ExitLatencySamplingPercentage 78
-#define RegisterSpmPowerSettings 79 // (kernel-mode only)
-#define PlatformIdleStates 80 // (kernel-mode only)
-#define ProcessorIdleVeto 81 // (kernel-mode only) // deprecated
-#define PlatformIdleVeto 82 // (kernel-mode only) // deprecated
-#define SystemBatteryStatePrecise 83 // SYSTEM_BATTERY_STATE
-#define ThermalEvent 84 // THERMAL_EVENT // PowerReportThermalEvent
-#define PowerRequestActionInternal 85 // POWER_REQUEST_ACTION_INTERNAL
-#define BatteryDeviceState 86
-#define PowerInformationInternal 87 // POWER_INFORMATION_LEVEL_INTERNAL // PopPowerInformationInternal
-#define ThermalStandby 88 // NULL // shutdown with thermal standby as reason.
-#define SystemHiberFileType 89 // ULONG // zero ? reduced : full // powercfg.exe /h /type
-#define PhysicalPowerButtonPress 90 // BOOLEAN
-#define QueryPotentialDripsConstraint 91 // (kernel-mode only)
-#define EnergyTrackerCreate 92
-#define EnergyTrackerQuery 93
-#define UpdateBlackBoxRecorder 94
-#define SessionAllowExternalDmaDevices 95
-#define SendSuspendResumeNotification 96 // since WIN11
-#define BlackBoxRecorderDirectAccessBuffer 97
-#define PowerInformationLevelMaximum 98
-#endif
-
-typedef struct _PROCESSOR_POWER_INFORMATION
-{
- ULONG Number;
- ULONG MaxMhz;
- ULONG CurrentMhz;
- ULONG MhzLimit;
- ULONG MaxIdleState;
- ULONG CurrentIdleState;
-} PROCESSOR_POWER_INFORMATION, *PPROCESSOR_POWER_INFORMATION;
-
-typedef struct _SYSTEM_POWER_INFORMATION
-{
- ULONG MaxIdlenessAllowed;
- ULONG Idleness;
- ULONG TimeRemaining;
- UCHAR CoolingMode;
-} SYSTEM_POWER_INFORMATION, *PSYSTEM_POWER_INFORMATION;
-
-typedef struct _SYSTEM_HIBERFILE_INFORMATION
-{
- ULONG NumberOfMcbPairs;
- LARGE_INTEGER Mcb[1];
-} SYSTEM_HIBERFILE_INFORMATION, *PSYSTEM_HIBERFILE_INFORMATION;
-
-#define POWER_REQUEST_CONTEXT_NOT_SPECIFIED DIAGNOSTIC_REASON_NOT_SPECIFIED
-
-// wdm
-typedef struct _COUNTED_REASON_CONTEXT
-{
- ULONG Version;
- ULONG Flags;
- union
- {
- struct
- {
- UNICODE_STRING ResourceFileName;
- USHORT ResourceReasonId;
- ULONG StringCount;
- _Field_size_(StringCount) PUNICODE_STRING ReasonStrings;
- };
- UNICODE_STRING SimpleString;
- };
-} COUNTED_REASON_CONTEXT, *PCOUNTED_REASON_CONTEXT;
-
-typedef enum _POWER_REQUEST_TYPE_INTERNAL // POWER_REQUEST_TYPE
-{
- PowerRequestDisplayRequiredInternal,
- PowerRequestSystemRequiredInternal,
- PowerRequestAwayModeRequiredInternal,
- PowerRequestExecutionRequiredInternal, // Windows 8+
- PowerRequestPerfBoostRequiredInternal, // Windows 8+
- PowerRequestActiveLockScreenInternal, // Windows 10 RS1+ (reserved on Windows 8)
- // Values 6 and 7 are reserved for Windows 8 only
- PowerRequestInternalInvalid,
- PowerRequestInternalUnknown,
- PowerRequestFullScreenVideoRequired // Windows 8 only
-} POWER_REQUEST_TYPE_INTERNAL;
-
-typedef struct _POWER_REQUEST_ACTION
-{
- HANDLE PowerRequestHandle;
- POWER_REQUEST_TYPE_INTERNAL RequestType;
- BOOLEAN SetAction;
- HANDLE ProcessHandle; // Windows 8+ and only for requests created via PlmPowerRequestCreate
-} POWER_REQUEST_ACTION, *PPOWER_REQUEST_ACTION;
-
-typedef union _POWER_STATE
-{
- SYSTEM_POWER_STATE SystemState;
- DEVICE_POWER_STATE DeviceState;
-} POWER_STATE, *PPOWER_STATE;
-
-typedef enum _POWER_STATE_TYPE
-{
- SystemPowerState = 0,
- DevicePowerState
-} POWER_STATE_TYPE, *PPOWER_STATE_TYPE;
-
-// wdm
-typedef struct _SYSTEM_POWER_STATE_CONTEXT
-{
- union
- {
- struct
- {
- ULONG Reserved1 : 8;
- ULONG TargetSystemState : 4;
- ULONG EffectiveSystemState : 4;
- ULONG CurrentSystemState : 4;
- ULONG IgnoreHibernationPath : 1;
- ULONG PseudoTransition : 1;
- ULONG KernelSoftReboot : 1;
- ULONG DirectedDripsTransition : 1;
- ULONG Reserved2 : 8;
- };
- ULONG ContextAsUlong;
- };
-} SYSTEM_POWER_STATE_CONTEXT, *PSYSTEM_POWER_STATE_CONTEXT;
-
-typedef enum _REQUESTER_TYPE
-{
- KernelRequester = 0,
- UserProcessRequester = 1,
- UserSharedServiceRequester = 2
-} REQUESTER_TYPE;
-
-typedef struct _COUNTED_REASON_CONTEXT_RELATIVE
-{
- ULONG Flags;
- union
- {
- struct
- {
- SIZE_T ResourceFileNameOffset;
- USHORT ResourceReasonId;
- ULONG StringCount;
- SIZE_T SubstitutionStringsOffset;
- } DUMMYSTRUCTNAME;
- SIZE_T SimpleStringOffset;
- } DUMMYUNIONNAME;
-} COUNTED_REASON_CONTEXT_RELATIVE, *PCOUNTED_REASON_CONTEXT_RELATIVE;
-
-typedef struct _DIAGNOSTIC_BUFFER
-{
- SIZE_T Size;
- REQUESTER_TYPE CallerType;
- union
- {
- struct
- {
- SIZE_T ProcessImageNameOffset; // PWSTR
- ULONG ProcessId;
- ULONG ServiceTag;
- } DUMMYSTRUCTNAME;
- struct
- {
- SIZE_T DeviceDescriptionOffset; // PWSTR
- SIZE_T DevicePathOffset; // PWSTR
- } DUMMYSTRUCTNAME;
- } DUMMYUNIONNAME;
- SIZE_T ReasonOffset; // PCOUNTED_REASON_CONTEXT_RELATIVE
-} DIAGNOSTIC_BUFFER, *PDIAGNOSTIC_BUFFER;
-
-typedef struct _WAKE_TIMER_INFO
-{
- SIZE_T OffsetToNext;
- ULARGE_INTEGER DueTime;
- ULONG Period;
- DIAGNOSTIC_BUFFER ReasonContext;
-} WAKE_TIMER_INFO, * PWAKE_TIMER_INFO;
-
-// rev
-typedef struct _PROCESSOR_PERF_CAP_HV
-{
- ULONG Version;
- ULONG InitialApicId;
- ULONG Ppc;
- ULONG Tpc;
- ULONG ThermalCap;
-} PROCESSOR_PERF_CAP_HV, *PPROCESSOR_PERF_CAP_HV;
-
-typedef struct PROCESSOR_IDLE_TIMES
-{
- ULONG64 StartTime;
- ULONG64 EndTime;
- ULONG Reserved[4];
-} PROCESSOR_IDLE_TIMES, *PPROCESSOR_IDLE_TIMES;
-
-_Function_class_(PROCESSOR_IDLE_HANDLER)
-typedef NTSTATUS (FASTCALL PROCESSOR_IDLE_HANDLER)(
- _In_ ULONG_PTR Context,
- _Inout_ PPROCESSOR_IDLE_TIMES IdleTimes
- );
-
-typedef PROCESSOR_IDLE_HANDLER *PPROCESSOR_IDLE_HANDLER;
-
-#define PROCESSOR_STATE_TYPE_PERFORMANCE 0x1
-#define PROCESSOR_STATE_TYPE_THROTTLE 0x2
-
-#define IDLE_STATE_FLAGS_C1_HLT 0x01 // describes C1 only
-#define IDLE_STATE_FLAGS_C1_IO_HLT 0x02 // describes C1 only
-#define IDLE_STATE_FLAGS_IO 0x04 // describes C2 and C3 only
-#define IDLE_STATE_FLAGS_MWAIT 0x08 // describes C1, C2, C3, C4, ...
-
-typedef struct _PROCESSOR_IDLE_STATE
-{
- UCHAR StateType;
- ULONG StateFlags;
- ULONG HardwareLatency;
- ULONG Power;
- ULONG_PTR Context;
- PPROCESSOR_IDLE_HANDLER Handler;
-} PROCESSOR_IDLE_STATE, *PPROCESSOR_IDLE_STATE;
-
-typedef struct _PROCESSOR_IDLE_STATES
-{
- ULONG Size;
- ULONG Revision;
- ULONG Count;
- ULONG Type;
- KAFFINITY TargetProcessors;
- PROCESSOR_IDLE_STATE State[ANYSIZE_ARRAY];
-} PROCESSOR_IDLE_STATES, *PPROCESSOR_IDLE_STATES;
-
-// rev
-typedef struct _PROCESSOR_LOAD
-{
- PROCESSOR_NUMBER ProcessorNumber;
- UCHAR BusyPercentage;
- UCHAR FrequencyPercentage;
- USHORT Padding;
-} PROCESSOR_LOAD, *PPROCESSOR_LOAD;
-
-// rev
-typedef struct _PROCESSOR_CAP
-{
- ULONG Version;
- PROCESSOR_NUMBER ProcessorNumber;
- ULONG PlatformCap;
- ULONG ThermalCap;
- ULONG LimitReasons;
-} PROCESSOR_CAP, *PPROCESSOR_CAP;
-
-typedef struct _PO_WAKE_SOURCE_INFO
-{
- ULONG Count;
- ULONG Offsets[ANYSIZE_ARRAY]; // POWER_WAKE_SOURCE_HEADER, POWER_WAKE_SOURCE_INTERNAL, POWER_WAKE_SOURCE_TIMER, POWER_WAKE_SOURCE_FIXED
-} PO_WAKE_SOURCE_INFO, *PPO_WAKE_SOURCE_INFO;
-
-typedef struct _PO_WAKE_SOURCE_HISTORY
-{
- ULONG Count;
- ULONG Offsets[ANYSIZE_ARRAY]; // POWER_WAKE_SOURCE_HEADER, POWER_WAKE_SOURCE_INTERNAL, POWER_WAKE_SOURCE_TIMER, POWER_WAKE_SOURCE_FIXED
-} PO_WAKE_SOURCE_HISTORY, *PPO_WAKE_SOURCE_HISTORY;
-
-typedef enum _PO_WAKE_SOURCE_TYPE
-{
- DeviceWakeSourceType = 0,
- FixedWakeSourceType = 1,
- TimerWakeSourceType = 2,
- TimerPresumedWakeSourceType = 3,
- InternalWakeSourceType = 4
-} PO_WAKE_SOURCE_TYPE, *PPO_WAKE_SOURCE_TYPE;
-
-typedef enum _PO_INTERNAL_WAKE_SOURCE_TYPE
-{
- InternalWakeSourceDozeToHibernate = 0,
- InternalWakeSourcePredictedUserPresence = 1
-} PO_INTERNAL_WAKE_SOURCE_TYPE;
-
-typedef enum _PO_FIXED_WAKE_SOURCE_TYPE
-{
- FixedWakeSourcePowerButton = 0,
- FixedWakeSourceSleepButton = 1,
- FixedWakeSourceRtc = 2,
- FixedWakeSourceDozeToHibernate = 3
-} PO_FIXED_WAKE_SOURCE_TYPE, *PPO_FIXED_WAKE_SOURCE_TYPE;
-
-typedef struct _PO_WAKE_SOURCE_HEADER
-{
- PO_WAKE_SOURCE_TYPE Type;
- ULONG Size;
-} PO_WAKE_SOURCE_HEADER, *PPO_WAKE_SOURCE_HEADER;
-
-typedef struct _PO_WAKE_SOURCE_DEVICE
-{
- PO_WAKE_SOURCE_HEADER Header;
- WCHAR InstancePath[ANYSIZE_ARRAY];
-} PO_WAKE_SOURCE_DEVICE, *PPO_WAKE_SOURCE_DEVICE;
-
-typedef struct _PO_WAKE_SOURCE_FIXED
-{
- PO_WAKE_SOURCE_HEADER Header;
- PO_FIXED_WAKE_SOURCE_TYPE FixedWakeSourceType;
-} PO_WAKE_SOURCE_FIXED, *PPO_WAKE_SOURCE_FIXED;
-
-typedef struct _PO_WAKE_SOURCE_INTERNAL
-{
- PO_WAKE_SOURCE_HEADER Header;
- PO_INTERNAL_WAKE_SOURCE_TYPE InternalWakeSourceType;
-} PO_WAKE_SOURCE_INTERNAL, *PPO_WAKE_SOURCE_INTERNAL;
-
-typedef struct _PO_WAKE_SOURCE_TIMER
-{
- PO_WAKE_SOURCE_HEADER Header;
- DIAGNOSTIC_BUFFER Reason;
-} PO_WAKE_SOURCE_TIMER, *PPO_WAKE_SOURCE_TIMER;
-
-// The number of supported request types per version
-#define POWER_REQUEST_SUPPORTED_TYPES_V1 3 // Windows 7
-#define POWER_REQUEST_SUPPORTED_TYPES_V2 9 // Windows 8
-#define POWER_REQUEST_SUPPORTED_TYPES_V3 5 // Windows 8.1 and Windows 10 TH1-TH2
-#define POWER_REQUEST_SUPPORTED_TYPES_V4 6 // Windows 10 RS1+
-
-typedef struct _POWER_REQUEST
-{
- union
- {
- struct
- {
- ULONG SupportedRequestMask;
- ULONG PowerRequestCount[POWER_REQUEST_SUPPORTED_TYPES_V1];
- DIAGNOSTIC_BUFFER DiagnosticBuffer;
- } V1;
-#if (PHNT_VERSION >= PHNT_WIN8)
- struct
- {
- ULONG SupportedRequestMask;
- ULONG PowerRequestCount[POWER_REQUEST_SUPPORTED_TYPES_V2];
- DIAGNOSTIC_BUFFER DiagnosticBuffer;
- } V2;
-#endif
-#if (PHNT_VERSION >= PHNT_WINBLUE)
- struct
- {
- ULONG SupportedRequestMask;
- ULONG PowerRequestCount[POWER_REQUEST_SUPPORTED_TYPES_V3];
- DIAGNOSTIC_BUFFER DiagnosticBuffer;
- } V3;
-#endif
-#if (PHNT_VERSION >= PHNT_REDSTONE)
- struct
- {
- ULONG SupportedRequestMask;
- ULONG PowerRequestCount[POWER_REQUEST_SUPPORTED_TYPES_V4];
- DIAGNOSTIC_BUFFER DiagnosticBuffer;
- } V4;
-#endif
- };
-} POWER_REQUEST, *PPOWER_REQUEST;
-
-typedef struct _POWER_REQUEST_LIST
-{
- ULONG_PTR Count;
- ULONG_PTR PowerRequestOffsets[ANYSIZE_ARRAY]; // PPOWER_REQUEST
-} POWER_REQUEST_LIST, *PPOWER_REQUEST_LIST;
-
-typedef enum _POWER_STATE_HANDLER_TYPE
-{
- PowerStateSleeping1 = 0,
- PowerStateSleeping2 = 1,
- PowerStateSleeping3 = 2,
- PowerStateSleeping4 = 3,
- PowerStateShutdownOff = 4,
- PowerStateShutdownReset = 5,
- PowerStateSleeping4Firmware = 6,
- PowerStateMaximum = 7
-} POWER_STATE_HANDLER_TYPE, *PPOWER_STATE_HANDLER_TYPE;
-
-typedef NTSTATUS (NTAPI *PENTER_STATE_SYSTEM_HANDLER)(
- _In_ PVOID SystemContext
- );
-
-typedef NTSTATUS (NTAPI *PENTER_STATE_HANDLER)(
- _In_ PVOID Context,
- _In_opt_ PENTER_STATE_SYSTEM_HANDLER SystemHandler,
- _In_ PVOID SystemContext,
- _In_ LONG NumberProcessors,
- _In_ LONG volatile *Number
- );
-
-typedef struct _POWER_STATE_HANDLER
-{
- POWER_STATE_HANDLER_TYPE Type;
- BOOLEAN RtcWake;
- UCHAR Spare[3];
- PENTER_STATE_HANDLER Handler;
- PVOID Context;
-} POWER_STATE_HANDLER, *PPOWER_STATE_HANDLER;
-
-typedef NTSTATUS (NTAPI *PENTER_STATE_NOTIFY_HANDLER)(
- _In_ POWER_STATE_HANDLER_TYPE State,
- _In_ PVOID Context,
- _In_ BOOLEAN Entering
- );
-
-typedef struct _POWER_STATE_NOTIFY_HANDLER
-{
- PENTER_STATE_NOTIFY_HANDLER Handler;
- PVOID Context;
-} POWER_STATE_NOTIFY_HANDLER, *PPOWER_STATE_NOTIFY_HANDLER;
-
-typedef struct _POWER_REQUEST_ACTION_INTERNAL
-{
- PVOID PowerRequestPointer;
- POWER_REQUEST_TYPE_INTERNAL RequestType;
- BOOLEAN SetAction;
-} POWER_REQUEST_ACTION_INTERNAL, *PPOWER_REQUEST_ACTION_INTERNAL;
-
-typedef enum _POWER_INFORMATION_LEVEL_INTERNAL
-{
- PowerInternalAcpiInterfaceRegister,
- PowerInternalS0LowPowerIdleInfo, // POWER_S0_LOW_POWER_IDLE_INFO
- PowerInternalReapplyBrightnessSettings,
- PowerInternalUserAbsencePrediction, // POWER_USER_ABSENCE_PREDICTION
- PowerInternalUserAbsencePredictionCapability, // POWER_USER_ABSENCE_PREDICTION_CAPABILITY
- PowerInternalPoProcessorLatencyHint, // POWER_PROCESSOR_LATENCY_HINT
- PowerInternalStandbyNetworkRequest, // POWER_STANDBY_NETWORK_REQUEST (requires PopNetBIServiceSid)
- PowerInternalDirtyTransitionInformation, // out: BOOLEAN
- PowerInternalSetBackgroundTaskState, // POWER_SET_BACKGROUND_TASK_STATE
- PowerInternalTtmOpenTerminal,
- PowerInternalTtmCreateTerminal, // 10
- PowerInternalTtmEvacuateDevices,
- PowerInternalTtmCreateTerminalEventQueue,
- PowerInternalTtmGetTerminalEvent,
- PowerInternalTtmSetDefaultDeviceAssignment,
- PowerInternalTtmAssignDevice,
- PowerInternalTtmSetDisplayState,
- PowerInternalTtmSetDisplayTimeouts,
- PowerInternalBootSessionStandbyActivationInformation, // out: POWER_BOOT_SESSION_STANDBY_ACTIVATION_INFO
- PowerInternalSessionPowerState, // in: POWER_SESSION_POWER_STATE
- PowerInternalSessionTerminalInput, // 20
- PowerInternalSetWatchdog,
- PowerInternalPhysicalPowerButtonPressInfoAtBoot,
- PowerInternalExternalMonitorConnected,
- PowerInternalHighPrecisionBrightnessSettings,
- PowerInternalWinrtScreenToggle,
- PowerInternalPpmQosDisable,
- PowerInternalTransitionCheckpoint,
- PowerInternalInputControllerState,
- PowerInternalFirmwareResetReason,
- PowerInternalPpmSchedulerQosSupport, // out: POWER_INTERNAL_PROCESSOR_QOS_SUPPORT // 30
- PowerInternalBootStatGet,
- PowerInternalBootStatSet,
- PowerInternalCallHasNotReturnedWatchdog,
- PowerInternalBootStatCheckIntegrity,
- PowerInternalBootStatRestoreDefaults, // in: void
- PowerInternalHostEsStateUpdate, // in: POWER_INTERNAL_HOST_ENERGY_SAVER_STATE
- PowerInternalGetPowerActionState, // out: ULONG
- PowerInternalBootStatUnlock,
- PowerInternalWakeOnVoiceState,
- PowerInternalDeepSleepBlock, // 40
- PowerInternalIsPoFxDevice,
- PowerInternalPowerTransitionExtensionAtBoot,
- PowerInternalProcessorBrandedFrequency, // in: POWER_INTERNAL_PROCESSOR_BRANDED_FREQENCY_INPUT, out: POWER_INTERNAL_PROCESSOR_BRANDED_FREQENCY_OUTPUT
- PowerInternalTimeBrokerExpirationReason,
- PowerInternalNotifyUserShutdownStatus,
- PowerInternalPowerRequestTerminalCoreWindow,
- PowerInternalProcessorIdleVeto,
- PowerInternalPlatformIdleVeto,
- PowerInternalIsLongPowerButtonBugcheckEnabled,
- PowerInternalAutoChkCausedReboot, // 50
- PowerInternalSetWakeAlarmOverride,
-
- PowerInternalDirectedFxAddTestDevice = 53,
- PowerInternalDirectedFxRemoveTestDevice,
-
- PowerInternalDirectedFxSetMode = 56,
- PowerInternalRegisterPowerPlane,
- PowerInternalSetDirectedDripsFlags,
- PowerInternalClearDirectedDripsFlags,
- PowerInternalRetrieveHiberFileResumeContext, // 60
- PowerInternalReadHiberFilePage,
- PowerInternalLastBootSucceeded, // out: BOOLEAN
- PowerInternalQuerySleepStudyHelperRoutineBlock,
- PowerInternalDirectedDripsQueryCapabilities,
- PowerInternalClearConstraints,
- PowerInternalSoftParkVelocityEnabled,
- PowerInternalQueryIntelPepCapabilities,
- PowerInternalGetSystemIdleLoopEnablement, // since WIN11
- PowerInternalGetVmPerfControlSupport,
- PowerInternalGetVmPerfControlConfig, // 70
- PowerInternalSleepDetailedDiagUpdate,
- PowerInternalProcessorClassFrequencyBandsStats,
- PowerInternalHostGlobalUserPresenceStateUpdate,
- PowerInternalCpuNodeIdleIntervalStats,
- PowerInternalClassIdleIntervalStats,
- PowerInternalCpuNodeConcurrencyStats,
- PowerInternalClassConcurrencyStats,
- PowerInternalQueryProcMeasurementCapabilities,
- PowerInternalQueryProcMeasurementValues,
- PowerInternalPrepareForSystemInitiatedReboot, // 80
- PowerInternalGetAdaptiveSessionState,
- PowerInternalSetConsoleLockedState,
- PowerInternalOverrideSystemInitiatedRebootState,
- PowerInternalFanImpactStats,
- PowerInternalFanRpmBuckets,
- PowerInternalPowerBootAppDiagInfo, // out: POWER_INTERNAL_BOOTAPP_DIAGNOSTIC
- PowerInternalUnregisterShutdownNotification, // since 22H1
- PowerInternalManageTransitionStateRecord,
- PowerInternalGetAcpiTimeAndAlarmCapabilities, // since 22H2
- PowerInternalSuspendResumeRequest,
- PowerInternalEnergyEstimationInfo, // since 23H2
- PowerInformationInternalMaximum
-} POWER_INFORMATION_LEVEL_INTERNAL;
-
-typedef enum _POWER_S0_DISCONNECTED_REASON
-{
- PoS0DisconnectedReasonNone,
- PoS0DisconnectedReasonNonCompliantNic,
- PoS0DisconnectedReasonSettingPolicy,
- PoS0DisconnectedReasonEnforceDsPolicy,
- PoS0DisconnectedReasonCsChecksFailed,
- PoS0DisconnectedReasonSmartStandby,
- PoS0DisconnectedReasonMaximum
-} POWER_S0_DISCONNECTED_REASON;
-
-typedef struct _POWER_S0_LOW_POWER_IDLE_INFO
-{
- POWER_S0_DISCONNECTED_REASON DisconnectedReason;
- union
- {
- BOOLEAN Storage : 1;
- BOOLEAN WiFi : 1;
- BOOLEAN Mbn : 1;
- BOOLEAN Ethernet : 1;
- BOOLEAN Reserved : 4;
- UCHAR AsUCHAR;
- } CsDeviceCompliance;
- union
- {
- BOOLEAN DisconnectInStandby : 1;
- BOOLEAN EnforceDs : 1;
- BOOLEAN Reserved : 6;
- UCHAR AsUCHAR;
- } Policy;
-} POWER_S0_LOW_POWER_IDLE_INFO, *PPOWER_S0_LOW_POWER_IDLE_INFO;
-
-typedef struct _POWER_INFORMATION_INTERNAL_HEADER
-{
- POWER_INFORMATION_LEVEL_INTERNAL InternalType;
- ULONG Version;
-} POWER_INFORMATION_INTERNAL_HEADER, *PPOWER_INFORMATION_INTERNAL_HEADER;
-
-typedef struct _POWER_USER_ABSENCE_PREDICTION
-{
- POWER_INFORMATION_INTERNAL_HEADER Header;
- LARGE_INTEGER ReturnTime;
-} POWER_USER_ABSENCE_PREDICTION, *PPOWER_USER_ABSENCE_PREDICTION;
-
-typedef struct _POWER_USER_ABSENCE_PREDICTION_CAPABILITY
-{
- BOOLEAN AbsencePredictionCapability;
-} POWER_USER_ABSENCE_PREDICTION_CAPABILITY, *PPOWER_USER_ABSENCE_PREDICTION_CAPABILITY;
-
-// rev
-typedef struct _POWER_PROCESSOR_LATENCY_HINT
-{
- POWER_INFORMATION_INTERNAL_HEADER PowerInformationInternalHeader;
- ULONG Type;
-} POWER_PROCESSOR_LATENCY_HINT, *PPO_PROCESSOR_LATENCY_HINT;
-
-// rev
-typedef struct _POWER_STANDBY_NETWORK_REQUEST
-{
- POWER_INFORMATION_INTERNAL_HEADER PowerInformationInternalHeader;
- BOOLEAN Active;
-} POWER_STANDBY_NETWORK_REQUEST, *PPOWER_STANDBY_NETWORK_REQUEST;
-
-// rev
-typedef struct _POWER_SET_BACKGROUND_TASK_STATE
-{
- POWER_INFORMATION_INTERNAL_HEADER PowerInformationInternalHeader;
- BOOLEAN Engaged;
-} POWER_SET_BACKGROUND_TASK_STATE, *PPOWER_SET_BACKGROUND_TASK_STATE;
-
-// rev
-typedef struct _POWER_BOOT_SESSION_STANDBY_ACTIVATION_INFO
-{
- ULONG StandbyTotalTime;
- ULONG DripsTotalTime;
- ULONG ActivatorClientTotalActiveTime;
- ULONG PerActivatorClientTotalActiveTime[98];
-} POWER_BOOT_SESSION_STANDBY_ACTIVATION_INFO, *PPOWER_BOOT_SESSION_STANDBY_ACTIVATION_INFO;
-
-// rev
-typedef struct _POWER_SESSION_POWER_STATE
-{
- POWER_INFORMATION_INTERNAL_HEADER Header;
- ULONG SessionId;
- BOOLEAN On;
- BOOLEAN IsConsole;
- POWER_MONITOR_REQUEST_REASON RequestReason;
-} POWER_SESSION_POWER_STATE, *PPOWER_SESSION_POWER_STATE;
-
-// rev
-typedef struct _POWER_INTERNAL_PROCESSOR_QOS_SUPPORT
-{
- BOOLEAN QosSupportedAndConfigured;
- BOOLEAN SchedulerDirectedPerfStatesSupported;
- BOOLEAN QosGroupPolicyDisable;
-} POWER_INTERNAL_PROCESSOR_QOS_SUPPORT, *PPOWER_INTERNAL_PROCESSOR_QOS_SUPPORT;
-
-// rev
-typedef struct _POWER_INTERNAL_HOST_ENERGY_SAVER_STATE
-{
- POWER_INFORMATION_INTERNAL_HEADER Header;
- BOOLEAN EsEnabledOnHost;
-} POWER_INTERNAL_HOST_ENERGY_SAVER_STATE, *PPOWER_INTERNAL_HOST_ENERGY_SAVER_STATE;
-
-// rev
-typedef struct _POWER_INTERNAL_PROCESSOR_BRANDED_FREQENCY_INPUT
-{
- POWER_INFORMATION_LEVEL_INTERNAL InternalType;
- PROCESSOR_NUMBER ProcessorNumber; // ULONG_MAX
-} POWER_INTERNAL_PROCESSOR_BRANDED_FREQENCY_INPUT, *PPOWER_INTERNAL_PROCESSOR_BRANDED_FREQENCY_INPUT;
-
-// rev
-typedef struct _POWER_INTERNAL_PROCESSOR_BRANDED_FREQENCY_OUTPUT
-{
- ULONG Version;
- ULONG NominalFrequency; // if (Domain) Prcb->PowerState.CheckContext.Domain.NominalFrequency else Prcb->MHz
-} POWER_INTERNAL_PROCESSOR_BRANDED_FREQENCY_OUTPUT, *PPOWER_INTERNAL_PROCESSOR_BRANDED_FREQENCY_OUTPUT;
-
-// rev
-typedef struct _POWER_INTERNAL_BOOTAPP_DIAGNOSTIC
-{
- ULONG BootAppErrorDiagCode; // bcdedit last status
- ULONG BootAppFailureStatus; // bcdedit last status
-} POWER_INTERNAL_BOOTAPP_DIAGNOSTIC, *PPOWER_INTERNAL_BOOTAPP_DIAGNOSTIC;
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtPowerInformation(
- _In_ POWER_INFORMATION_LEVEL InformationLevel,
- _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
- _In_ ULONG InputBufferLength,
- _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
- _In_ ULONG OutputBufferLength
- );
-
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetThreadExecutionState(
- _In_ EXECUTION_STATE NewFlags, // ES_* flags
- _Out_ EXECUTION_STATE *PreviousFlags
- );
-
-#if (PHNT_VERSION < PHNT_WIN7)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtRequestWakeupLatency(
- _In_ LATENCY_TIME latency
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtInitiatePowerAction(
- _In_ POWER_ACTION SystemAction,
- _In_ SYSTEM_POWER_STATE LightestSystemState,
- _In_ ULONG Flags, // POWER_ACTION_* flags
- _In_ BOOLEAN Asynchronous
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetSystemPowerState(
- _In_ POWER_ACTION SystemAction,
- _In_ SYSTEM_POWER_STATE LightestSystemState,
- _In_ ULONG Flags // POWER_ACTION_* flags
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtGetDevicePowerState(
- _In_ HANDLE Device,
- _Out_ PDEVICE_POWER_STATE State
- );
-
-NTSYSCALLAPI
-BOOLEAN
-NTAPI
-NtIsSystemResumeAutomatic(
- VOID
- );
-
-#endif
diff --git a/deps/phnt-nightly/ntpsapi.h b/deps/phnt-nightly/ntpsapi.h
deleted file mode 100644
index 98418f9..0000000
--- a/deps/phnt-nightly/ntpsapi.h
+++ /dev/null
@@ -1,2723 +0,0 @@
-/*
- * Process support functions
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTPSAPI_H
-#define _NTPSAPI_H
-
-#if (PHNT_MODE == PHNT_MODE_KERNEL)
-#define PROCESS_TERMINATE 0x0001
-#define PROCESS_CREATE_THREAD 0x0002
-#define PROCESS_SET_SESSIONID 0x0004
-#define PROCESS_VM_OPERATION 0x0008
-#define PROCESS_VM_READ 0x0010
-#define PROCESS_VM_WRITE 0x0020
-//#define PROCESS_DUP_HANDLE 0x0040
-#define PROCESS_CREATE_PROCESS 0x0080
-#define PROCESS_SET_QUOTA 0x0100
-#define PROCESS_SET_INFORMATION 0x0200
-#define PROCESS_QUERY_INFORMATION 0x0400
-#define PROCESS_SET_PORT 0x0800
-#define PROCESS_SUSPEND_RESUME 0x0800
-#define PROCESS_QUERY_LIMITED_INFORMATION 0x1000
-#else
-#ifndef PROCESS_SET_PORT
-#define PROCESS_SET_PORT 0x0800
-#endif
-#endif
-
-#if (PHNT_MODE == PHNT_MODE_KERNEL)
-#define THREAD_QUERY_INFORMATION 0x0040
-#define THREAD_SET_THREAD_TOKEN 0x0080
-#define THREAD_IMPERSONATE 0x0100
-#define THREAD_DIRECT_IMPERSONATION 0x0200
-#else
-#ifndef THREAD_ALERT
-#define THREAD_ALERT 0x0004
-#endif
-#endif
-
-#if (PHNT_MODE == PHNT_MODE_KERNEL)
-#define JOB_OBJECT_ASSIGN_PROCESS 0x0001
-#define JOB_OBJECT_SET_ATTRIBUTES 0x0002
-#define JOB_OBJECT_QUERY 0x0004
-#define JOB_OBJECT_TERMINATE 0x0008
-#define JOB_OBJECT_SET_SECURITY_ATTRIBUTES 0x0010
-#define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x3F)
-//#define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1f) // pre-Vista full access
-#endif
-
-#define GDI_HANDLE_BUFFER_SIZE32 34
-#define GDI_HANDLE_BUFFER_SIZE64 60
-
-#ifndef _WIN64
-#define GDI_HANDLE_BUFFER_SIZE GDI_HANDLE_BUFFER_SIZE32
-#else
-#define GDI_HANDLE_BUFFER_SIZE GDI_HANDLE_BUFFER_SIZE64
-#endif
-
-typedef ULONG GDI_HANDLE_BUFFER[GDI_HANDLE_BUFFER_SIZE];
-
-typedef ULONG GDI_HANDLE_BUFFER32[GDI_HANDLE_BUFFER_SIZE32];
-typedef ULONG GDI_HANDLE_BUFFER64[GDI_HANDLE_BUFFER_SIZE64];
-
-#ifndef FLS_MAXIMUM_AVAILABLE
-#define FLS_MAXIMUM_AVAILABLE 128
-#endif
-#ifndef TLS_MINIMUM_AVAILABLE
-#define TLS_MINIMUM_AVAILABLE 64
-#endif
-#ifndef TLS_EXPANSION_SLOTS
-#define TLS_EXPANSION_SLOTS 1024
-#endif
-
-// symbols
-typedef struct _PEB_LDR_DATA
-{
- ULONG Length;
- BOOLEAN Initialized;
- HANDLE SsHandle;
- LIST_ENTRY InLoadOrderModuleList;
- LIST_ENTRY InMemoryOrderModuleList;
- LIST_ENTRY InInitializationOrderModuleList;
- PVOID EntryInProgress;
- BOOLEAN ShutdownInProgress;
- HANDLE ShutdownThreadId;
-} PEB_LDR_DATA, *PPEB_LDR_DATA;
-
-typedef struct _INITIAL_TEB
-{
- struct
- {
- PVOID OldStackBase;
- PVOID OldStackLimit;
- } OldInitialTeb;
- PVOID StackBase;
- PVOID StackLimit;
- PVOID StackAllocationBase;
-} INITIAL_TEB, *PINITIAL_TEB;
-
-typedef struct _WOW64_PROCESS
-{
- PVOID Wow64;
-} WOW64_PROCESS, *PWOW64_PROCESS;
-
-#include
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-typedef enum _PROCESSINFOCLASS
-{
- ProcessBasicInformation, // q: PROCESS_BASIC_INFORMATION, PROCESS_EXTENDED_BASIC_INFORMATION
- ProcessQuotaLimits, // qs: QUOTA_LIMITS, QUOTA_LIMITS_EX
- ProcessIoCounters, // q: IO_COUNTERS
- ProcessVmCounters, // q: VM_COUNTERS, VM_COUNTERS_EX, VM_COUNTERS_EX2
- ProcessTimes, // q: KERNEL_USER_TIMES
- ProcessBasePriority, // s: KPRIORITY
- ProcessRaisePriority, // s: ULONG
- ProcessDebugPort, // q: HANDLE
- ProcessExceptionPort, // s: PROCESS_EXCEPTION_PORT (requires SeTcbPrivilege)
- ProcessAccessToken, // s: PROCESS_ACCESS_TOKEN
- ProcessLdtInformation, // qs: PROCESS_LDT_INFORMATION // 10
- ProcessLdtSize, // s: PROCESS_LDT_SIZE
- ProcessDefaultHardErrorMode, // qs: ULONG
- ProcessIoPortHandlers, // (kernel-mode only) // s: PROCESS_IO_PORT_HANDLER_INFORMATION
- ProcessPooledUsageAndLimits, // q: POOLED_USAGE_AND_LIMITS
- ProcessWorkingSetWatch, // q: PROCESS_WS_WATCH_INFORMATION[]; s: void
- ProcessUserModeIOPL, // qs: ULONG (requires SeTcbPrivilege)
- ProcessEnableAlignmentFaultFixup, // s: BOOLEAN
- ProcessPriorityClass, // qs: PROCESS_PRIORITY_CLASS
- ProcessWx86Information, // qs: ULONG (requires SeTcbPrivilege) (VdmAllowed)
- ProcessHandleCount, // q: ULONG, PROCESS_HANDLE_INFORMATION // 20
- ProcessAffinityMask, // (q >WIN7)s: KAFFINITY, qs: GROUP_AFFINITY
- ProcessPriorityBoost, // qs: ULONG
- ProcessDeviceMap, // qs: PROCESS_DEVICEMAP_INFORMATION, PROCESS_DEVICEMAP_INFORMATION_EX
- ProcessSessionInformation, // q: PROCESS_SESSION_INFORMATION
- ProcessForegroundInformation, // s: PROCESS_FOREGROUND_BACKGROUND
- ProcessWow64Information, // q: ULONG_PTR
- ProcessImageFileName, // q: UNICODE_STRING
- ProcessLUIDDeviceMapsEnabled, // q: ULONG
- ProcessBreakOnTermination, // qs: ULONG
- ProcessDebugObjectHandle, // q: HANDLE // 30
- ProcessDebugFlags, // qs: ULONG
- ProcessHandleTracing, // q: PROCESS_HANDLE_TRACING_QUERY; s: PROCESS_HANDLE_TRACING_ENABLE[_EX] or void to disable
- ProcessIoPriority, // qs: IO_PRIORITY_HINT
- ProcessExecuteFlags, // qs: ULONG (MEM_EXECUTE_OPTION_*)
- ProcessTlsInformation, // PROCESS_TLS_INFORMATION // ProcessResourceManagement
- ProcessCookie, // q: ULONG
- ProcessImageInformation, // q: SECTION_IMAGE_INFORMATION
- ProcessCycleTime, // q: PROCESS_CYCLE_TIME_INFORMATION // since VISTA
- ProcessPagePriority, // qs: PAGE_PRIORITY_INFORMATION
- ProcessInstrumentationCallback, // s: PVOID or PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION // 40
- ProcessThreadStackAllocation, // s: PROCESS_STACK_ALLOCATION_INFORMATION, PROCESS_STACK_ALLOCATION_INFORMATION_EX
- ProcessWorkingSetWatchEx, // q: PROCESS_WS_WATCH_INFORMATION_EX[]; s: void
- ProcessImageFileNameWin32, // q: UNICODE_STRING
- ProcessImageFileMapping, // q: HANDLE (input)
- ProcessAffinityUpdateMode, // qs: PROCESS_AFFINITY_UPDATE_MODE
- ProcessMemoryAllocationMode, // qs: PROCESS_MEMORY_ALLOCATION_MODE
- ProcessGroupInformation, // q: USHORT[]
- ProcessTokenVirtualizationEnabled, // s: ULONG
- ProcessConsoleHostProcess, // qs: ULONG_PTR // ProcessOwnerInformation
- ProcessWindowInformation, // q: PROCESS_WINDOW_INFORMATION // 50
- ProcessHandleInformation, // q: PROCESS_HANDLE_SNAPSHOT_INFORMATION // since WIN8
- ProcessMitigationPolicy, // s: PROCESS_MITIGATION_POLICY_INFORMATION
- ProcessDynamicFunctionTableInformation, // s: PROCESS_DYNAMIC_FUNCTION_TABLE_INFORMATION
- ProcessHandleCheckingMode, // qs: ULONG; s: 0 disables, otherwise enables
- ProcessKeepAliveCount, // q: PROCESS_KEEPALIVE_COUNT_INFORMATION
- ProcessRevokeFileHandles, // s: PROCESS_REVOKE_FILE_HANDLES_INFORMATION
- ProcessWorkingSetControl, // s: PROCESS_WORKING_SET_CONTROL (requires SeDebugPrivilege)
- ProcessHandleTable, // q: ULONG[] // since WINBLUE
- ProcessCheckStackExtentsMode, // qs: ULONG // KPROCESS->CheckStackExtents (CFG)
- ProcessCommandLineInformation, // q: UNICODE_STRING // 60
- ProcessProtectionInformation, // q: PS_PROTECTION
- ProcessMemoryExhaustion, // s: PROCESS_MEMORY_EXHAUSTION_INFO // since THRESHOLD
- ProcessFaultInformation, // s: PROCESS_FAULT_INFORMATION
- ProcessTelemetryIdInformation, // q: PROCESS_TELEMETRY_ID_INFORMATION
- ProcessCommitReleaseInformation, // qs: PROCESS_COMMIT_RELEASE_INFORMATION
- ProcessDefaultCpuSetsInformation, // qs: SYSTEM_CPU_SET_INFORMATION[5]
- ProcessAllowedCpuSetsInformation, // qs: SYSTEM_CPU_SET_INFORMATION[5]
- ProcessSubsystemProcess,
- ProcessJobMemoryInformation, // q: PROCESS_JOB_MEMORY_INFO
- ProcessInPrivate, // q: BOOLEAN; s: void // ETW // since THRESHOLD2 // 70
- ProcessRaiseUMExceptionOnInvalidHandleClose, // qs: ULONG; s: 0 disables, otherwise enables
- ProcessIumChallengeResponse,
- ProcessChildProcessInformation, // q: PROCESS_CHILD_PROCESS_INFORMATION
- ProcessHighGraphicsPriorityInformation, // qs: BOOLEAN (requires SeTcbPrivilege)
- ProcessSubsystemInformation, // q: SUBSYSTEM_INFORMATION_TYPE // since REDSTONE2
- ProcessEnergyValues, // q: PROCESS_ENERGY_VALUES, PROCESS_EXTENDED_ENERGY_VALUES
- ProcessPowerThrottlingState, // qs: POWER_THROTTLING_PROCESS_STATE
- ProcessReserved3Information, // ProcessActivityThrottlePolicy // PROCESS_ACTIVITY_THROTTLE_POLICY
- ProcessWin32kSyscallFilterInformation, // q: WIN32K_SYSCALL_FILTER
- ProcessDisableSystemAllowedCpuSets, // s: BOOLEAN // 80
- ProcessWakeInformation, // q: PROCESS_WAKE_INFORMATION
- ProcessEnergyTrackingState, // qs: PROCESS_ENERGY_TRACKING_STATE
- ProcessManageWritesToExecutableMemory, // MANAGE_WRITES_TO_EXECUTABLE_MEMORY // since REDSTONE3
- ProcessCaptureTrustletLiveDump,
- ProcessTelemetryCoverage, // q: TELEMETRY_COVERAGE_HEADER; s: TELEMETRY_COVERAGE_POINT
- ProcessEnclaveInformation,
- ProcessEnableReadWriteVmLogging, // qs: PROCESS_READWRITEVM_LOGGING_INFORMATION
- ProcessUptimeInformation, // q: PROCESS_UPTIME_INFORMATION
- ProcessImageSection, // q: HANDLE
- ProcessDebugAuthInformation, // since REDSTONE4 // 90
- ProcessSystemResourceManagement, // s: PROCESS_SYSTEM_RESOURCE_MANAGEMENT
- ProcessSequenceNumber, // q: ULONGLONG
- ProcessLoaderDetour, // since REDSTONE5
- ProcessSecurityDomainInformation, // q: PROCESS_SECURITY_DOMAIN_INFORMATION
- ProcessCombineSecurityDomainsInformation, // s: PROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION
- ProcessEnableLogging, // qs: PROCESS_LOGGING_INFORMATION
- ProcessLeapSecondInformation, // qs: PROCESS_LEAP_SECOND_INFORMATION
- ProcessFiberShadowStackAllocation, // s: PROCESS_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION // since 19H1
- ProcessFreeFiberShadowStackAllocation, // s: PROCESS_FREE_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION
- ProcessAltSystemCallInformation, // s: PROCESS_SYSCALL_PROVIDER_INFORMATION // since 20H1 // 100
- ProcessDynamicEHContinuationTargets, // s: PROCESS_DYNAMIC_EH_CONTINUATION_TARGETS_INFORMATION
- ProcessDynamicEnforcedCetCompatibleRanges, // s: PROCESS_DYNAMIC_ENFORCED_ADDRESS_RANGE_INFORMATION // since 20H2
- ProcessCreateStateChange, // since WIN11
- ProcessApplyStateChange,
- ProcessEnableOptionalXStateFeatures, // s: ULONG64 // optional XState feature bitmask
- ProcessAltPrefetchParam, // since 22H1
- ProcessAssignCpuPartitions,
- ProcessPriorityClassEx, // s: PROCESS_PRIORITY_CLASS_EX
- ProcessMembershipInformation, // q: PROCESS_MEMBERSHIP_INFORMATION
- ProcessEffectiveIoPriority, // q: IO_PRIORITY_HINT
- ProcessEffectivePagePriority, // q: ULONG
- MaxProcessInfoClass
-} PROCESSINFOCLASS;
-#endif
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-typedef enum _THREADINFOCLASS
-{
- ThreadBasicInformation, // q: THREAD_BASIC_INFORMATION
- ThreadTimes, // q: KERNEL_USER_TIMES
- ThreadPriority, // s: KPRIORITY (requires SeIncreaseBasePriorityPrivilege)
- ThreadBasePriority, // s: KPRIORITY
- ThreadAffinityMask, // s: KAFFINITY
- ThreadImpersonationToken, // s: HANDLE
- ThreadDescriptorTableEntry, // q: DESCRIPTOR_TABLE_ENTRY (or WOW64_DESCRIPTOR_TABLE_ENTRY)
- ThreadEnableAlignmentFaultFixup, // s: BOOLEAN
- ThreadEventPair,
- ThreadQuerySetWin32StartAddress, // q: ULONG_PTR
- ThreadZeroTlsCell, // s: ULONG // TlsIndex // 10
- ThreadPerformanceCount, // q: LARGE_INTEGER
- ThreadAmILastThread, // q: ULONG
- ThreadIdealProcessor, // s: ULONG
- ThreadPriorityBoost, // qs: ULONG
- ThreadSetTlsArrayAddress, // s: ULONG_PTR // Obsolete
- ThreadIsIoPending, // q: ULONG
- ThreadHideFromDebugger, // q: BOOLEAN; s: void
- ThreadBreakOnTermination, // qs: ULONG
- ThreadSwitchLegacyState, // s: void // NtCurrentThread // NPX/FPU
- ThreadIsTerminated, // q: ULONG // 20
- ThreadLastSystemCall, // q: THREAD_LAST_SYSCALL_INFORMATION
- ThreadIoPriority, // qs: IO_PRIORITY_HINT (requires SeIncreaseBasePriorityPrivilege)
- ThreadCycleTime, // q: THREAD_CYCLE_TIME_INFORMATION
- ThreadPagePriority, // qs: PAGE_PRIORITY_INFORMATION
- ThreadActualBasePriority, // s: LONG (requires SeIncreaseBasePriorityPrivilege)
- ThreadTebInformation, // q: THREAD_TEB_INFORMATION (requires THREAD_GET_CONTEXT + THREAD_SET_CONTEXT)
- ThreadCSwitchMon, // Obsolete
- ThreadCSwitchPmu,
- ThreadWow64Context, // qs: WOW64_CONTEXT, ARM_NT_CONTEXT since 20H1
- ThreadGroupInformation, // qs: GROUP_AFFINITY // 30
- ThreadUmsInformation, // q: THREAD_UMS_INFORMATION // Obsolete
- ThreadCounterProfiling, // q: BOOLEAN; s: THREAD_PROFILING_INFORMATION?
- ThreadIdealProcessorEx, // qs: PROCESSOR_NUMBER; s: previous PROCESSOR_NUMBER on return
- ThreadCpuAccountingInformation, // q: BOOLEAN; s: HANDLE (NtOpenSession) // NtCurrentThread // since WIN8
- ThreadSuspendCount, // q: ULONG // since WINBLUE
- ThreadHeterogeneousCpuPolicy, // q: KHETERO_CPU_POLICY // since THRESHOLD
- ThreadContainerId, // q: GUID
- ThreadNameInformation, // qs: THREAD_NAME_INFORMATION
- ThreadSelectedCpuSets,
- ThreadSystemThreadInformation, // q: SYSTEM_THREAD_INFORMATION // 40
- ThreadActualGroupAffinity, // q: GROUP_AFFINITY // since THRESHOLD2
- ThreadDynamicCodePolicyInfo, // q: ULONG; s: ULONG (NtCurrentThread)
- ThreadExplicitCaseSensitivity, // qs: ULONG; s: 0 disables, otherwise enables
- ThreadWorkOnBehalfTicket, // RTL_WORK_ON_BEHALF_TICKET_EX
- ThreadSubsystemInformation, // q: SUBSYSTEM_INFORMATION_TYPE // since REDSTONE2
- ThreadDbgkWerReportActive, // s: ULONG; s: 0 disables, otherwise enables
- ThreadAttachContainer, // s: HANDLE (job object) // NtCurrentThread
- ThreadManageWritesToExecutableMemory, // MANAGE_WRITES_TO_EXECUTABLE_MEMORY // since REDSTONE3
- ThreadPowerThrottlingState, // POWER_THROTTLING_THREAD_STATE // since REDSTONE3 (set), WIN11 22H2 (query)
- ThreadWorkloadClass, // THREAD_WORKLOAD_CLASS // since REDSTONE5 // 50
- ThreadCreateStateChange, // since WIN11
- ThreadApplyStateChange,
- ThreadStrongerBadHandleChecks, // since 22H1
- ThreadEffectiveIoPriority, // q: IO_PRIORITY_HINT
- ThreadEffectivePagePriority, // q: ULONG
- MaxThreadInfoClass
-} THREADINFOCLASS;
-#endif
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-// Use with both ProcessPagePriority and ThreadPagePriority
-typedef struct _PAGE_PRIORITY_INFORMATION
-{
- ULONG PagePriority;
-} PAGE_PRIORITY_INFORMATION, *PPAGE_PRIORITY_INFORMATION;
-#endif
-
-// Process information structures
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-typedef struct _PROCESS_BASIC_INFORMATION
-{
- NTSTATUS ExitStatus;
- PPEB PebBaseAddress;
- KAFFINITY AffinityMask;
- KPRIORITY BasePriority;
- HANDLE UniqueProcessId;
- HANDLE InheritedFromUniqueProcessId;
-} PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
-
-typedef struct _PROCESS_EXTENDED_BASIC_INFORMATION
-{
- SIZE_T Size; // set to sizeof structure on input
- PROCESS_BASIC_INFORMATION BasicInfo;
- union
- {
- ULONG Flags;
- struct
- {
- ULONG IsProtectedProcess : 1;
- ULONG IsWow64Process : 1;
- ULONG IsProcessDeleting : 1;
- ULONG IsCrossSessionCreate : 1;
- ULONG IsFrozen : 1;
- ULONG IsBackground : 1;
- ULONG IsStronglyNamed : 1;
- ULONG IsSecureProcess : 1;
- ULONG IsSubsystemProcess : 1;
- ULONG SpareBits : 23;
- };
- };
-} PROCESS_EXTENDED_BASIC_INFORMATION, *PPROCESS_EXTENDED_BASIC_INFORMATION;
-
-typedef struct _VM_COUNTERS
-{
- SIZE_T PeakVirtualSize;
- SIZE_T VirtualSize;
- ULONG PageFaultCount;
- SIZE_T PeakWorkingSetSize;
- SIZE_T WorkingSetSize;
- SIZE_T QuotaPeakPagedPoolUsage;
- SIZE_T QuotaPagedPoolUsage;
- SIZE_T QuotaPeakNonPagedPoolUsage;
- SIZE_T QuotaNonPagedPoolUsage;
- SIZE_T PagefileUsage;
- SIZE_T PeakPagefileUsage;
-} VM_COUNTERS, *PVM_COUNTERS;
-
-typedef struct _VM_COUNTERS_EX
-{
- SIZE_T PeakVirtualSize;
- SIZE_T VirtualSize;
- ULONG PageFaultCount;
- SIZE_T PeakWorkingSetSize;
- SIZE_T WorkingSetSize;
- SIZE_T QuotaPeakPagedPoolUsage;
- SIZE_T QuotaPagedPoolUsage;
- SIZE_T QuotaPeakNonPagedPoolUsage;
- SIZE_T QuotaNonPagedPoolUsage;
- SIZE_T PagefileUsage;
- SIZE_T PeakPagefileUsage;
- SIZE_T PrivateUsage;
-} VM_COUNTERS_EX, *PVM_COUNTERS_EX;
-
-typedef struct _VM_COUNTERS_EX2
-{
- VM_COUNTERS_EX CountersEx;
- SIZE_T PrivateWorkingSetSize;
- SIZE_T SharedCommitUsage;
-} VM_COUNTERS_EX2, *PVM_COUNTERS_EX2;
-
-typedef struct _KERNEL_USER_TIMES
-{
- LARGE_INTEGER CreateTime;
- LARGE_INTEGER ExitTime;
- LARGE_INTEGER KernelTime;
- LARGE_INTEGER UserTime;
-} KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
-
-typedef struct _POOLED_USAGE_AND_LIMITS
-{
- SIZE_T PeakPagedPoolUsage;
- SIZE_T PagedPoolUsage;
- SIZE_T PagedPoolLimit;
- SIZE_T PeakNonPagedPoolUsage;
- SIZE_T NonPagedPoolUsage;
- SIZE_T NonPagedPoolLimit;
- SIZE_T PeakPagefileUsage;
- SIZE_T PagefileUsage;
- SIZE_T PagefileLimit;
-} POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;
-
-#define PROCESS_EXCEPTION_PORT_ALL_STATE_BITS 0x00000003
-#define PROCESS_EXCEPTION_PORT_ALL_STATE_FLAGS ((ULONG_PTR)((1UL << PROCESS_EXCEPTION_PORT_ALL_STATE_BITS) - 1))
-
-typedef struct _PROCESS_EXCEPTION_PORT
-{
- _In_ HANDLE ExceptionPortHandle; // Handle to the exception port. No particular access required.
- _Inout_ ULONG StateFlags; // Miscellaneous state flags to be cached along with the exception port in the kernel.
-} PROCESS_EXCEPTION_PORT, *PPROCESS_EXCEPTION_PORT;
-
-typedef struct _PROCESS_ACCESS_TOKEN
-{
- HANDLE Token; // needs TOKEN_ASSIGN_PRIMARY access
- HANDLE Thread; // handle to initial/only thread; needs THREAD_QUERY_INFORMATION access
-} PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
-
-typedef struct _PROCESS_LDT_INFORMATION
-{
- ULONG Start;
- ULONG Length;
- LDT_ENTRY LdtEntries[1];
-} PROCESS_LDT_INFORMATION, *PPROCESS_LDT_INFORMATION;
-
-typedef struct _PROCESS_LDT_SIZE
-{
- ULONG Length;
-} PROCESS_LDT_SIZE, *PPROCESS_LDT_SIZE;
-
-typedef struct _PROCESS_WS_WATCH_INFORMATION
-{
- PVOID FaultingPc;
- PVOID FaultingVa;
-} PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION;
-
-#endif
-
-// psapi:PSAPI_WS_WATCH_INFORMATION_EX
-typedef struct _PROCESS_WS_WATCH_INFORMATION_EX
-{
- PROCESS_WS_WATCH_INFORMATION BasicInfo;
- ULONG_PTR FaultingThreadId;
- ULONG_PTR Flags;
-} PROCESS_WS_WATCH_INFORMATION_EX, *PPROCESS_WS_WATCH_INFORMATION_EX;
-
-#define PROCESS_PRIORITY_CLASS_UNKNOWN 0
-#define PROCESS_PRIORITY_CLASS_IDLE 1
-#define PROCESS_PRIORITY_CLASS_NORMAL 2
-#define PROCESS_PRIORITY_CLASS_HIGH 3
-#define PROCESS_PRIORITY_CLASS_REALTIME 4
-#define PROCESS_PRIORITY_CLASS_BELOW_NORMAL 5
-#define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL 6
-
-typedef struct _PROCESS_PRIORITY_CLASS
-{
- BOOLEAN Foreground;
- UCHAR PriorityClass;
-} PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
-
-typedef struct _PROCESS_PRIORITY_CLASS_EX
-{
- union
- {
- struct
- {
- USHORT ForegroundValid : 1;
- USHORT PriorityClassValid : 1;
- };
- USHORT AllFlags;
- };
- UCHAR PriorityClass;
- BOOLEAN Foreground;
-} PROCESS_PRIORITY_CLASS_EX, *PPROCESS_PRIORITY_CLASS_EX;
-
-typedef struct _PROCESS_FOREGROUND_BACKGROUND
-{
- BOOLEAN Foreground;
-} PROCESS_FOREGROUND_BACKGROUND, *PPROCESS_FOREGROUND_BACKGROUND;
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-typedef struct _PROCESS_DEVICEMAP_INFORMATION
-{
- union
- {
- struct
- {
- HANDLE DirectoryHandle; // needs DIRECTORY_TRAVERSE access
- } Set;
- struct
- {
- ULONG DriveMap; // bit mask
- UCHAR DriveType[32]; // DRIVE_* WinBase.h
- } Query;
- };
-} PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION;
-
-#define PROCESS_LUID_DOSDEVICES_ONLY 0x00000001
-
-typedef struct _PROCESS_DEVICEMAP_INFORMATION_EX
-{
- union
- {
- struct
- {
- HANDLE DirectoryHandle; // needs DIRECTORY_TRAVERSE access
- } Set;
- struct
- {
- ULONG DriveMap; // bit mask
- UCHAR DriveType[32]; // DRIVE_* WinBase.h
- } Query;
- };
- ULONG Flags; // PROCESS_LUID_DOSDEVICES_ONLY
-} PROCESS_DEVICEMAP_INFORMATION_EX, *PPROCESS_DEVICEMAP_INFORMATION_EX;
-
-typedef struct _PROCESS_SESSION_INFORMATION
-{
- ULONG SessionId;
-} PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
-
-#define PROCESS_HANDLE_EXCEPTIONS_ENABLED 0x00000001
-
-#define PROCESS_HANDLE_RAISE_EXCEPTION_ON_INVALID_HANDLE_CLOSE_DISABLED 0x00000000
-#define PROCESS_HANDLE_RAISE_EXCEPTION_ON_INVALID_HANDLE_CLOSE_ENABLED 0x00000001
-
-typedef struct _PROCESS_HANDLE_TRACING_ENABLE
-{
- ULONG Flags;
-} PROCESS_HANDLE_TRACING_ENABLE, *PPROCESS_HANDLE_TRACING_ENABLE;
-
-#define PROCESS_HANDLE_TRACING_MAX_SLOTS 0x20000
-
-typedef struct _PROCESS_HANDLE_TRACING_ENABLE_EX
-{
- ULONG Flags;
- ULONG TotalSlots;
-} PROCESS_HANDLE_TRACING_ENABLE_EX, *PPROCESS_HANDLE_TRACING_ENABLE_EX;
-
-#define PROCESS_HANDLE_TRACING_MAX_STACKS 16
-
-#define PROCESS_HANDLE_TRACE_TYPE_OPEN 1
-#define PROCESS_HANDLE_TRACE_TYPE_CLOSE 2
-#define PROCESS_HANDLE_TRACE_TYPE_BADREF 3
-
-typedef struct _PROCESS_HANDLE_TRACING_ENTRY
-{
- HANDLE Handle;
- CLIENT_ID ClientId;
- ULONG Type;
- PVOID Stacks[PROCESS_HANDLE_TRACING_MAX_STACKS];
-} PROCESS_HANDLE_TRACING_ENTRY, *PPROCESS_HANDLE_TRACING_ENTRY;
-
-typedef struct _PROCESS_HANDLE_TRACING_QUERY
-{
- _In_opt_ HANDLE Handle;
- _Out_ ULONG TotalTraces;
- _Out_ _Field_size_(TotalTraces) PROCESS_HANDLE_TRACING_ENTRY HandleTrace[1];
-} PROCESS_HANDLE_TRACING_QUERY, *PPROCESS_HANDLE_TRACING_QUERY;
-
-#endif
-
-typedef struct _THREAD_TLS_INFORMATION
-{
- ULONG Flags;
- PVOID NewTlsData;
- PVOID OldTlsData;
- HANDLE ThreadId;
-} THREAD_TLS_INFORMATION, *PTHREAD_TLS_INFORMATION;
-
-typedef enum _PROCESS_TLS_INFORMATION_TYPE
-{
- ProcessTlsReplaceIndex,
- ProcessTlsReplaceVector,
- MaxProcessTlsOperation
-} PROCESS_TLS_INFORMATION_TYPE, *PPROCESS_TLS_INFORMATION_TYPE;
-
-typedef struct _PROCESS_TLS_INFORMATION
-{
- ULONG Flags;
- ULONG OperationType;
- ULONG ThreadDataCount;
- ULONG TlsIndex;
- ULONG PreviousCount;
- _Field_size_(ThreadDataCount) THREAD_TLS_INFORMATION ThreadData[1];
-} PROCESS_TLS_INFORMATION, *PPROCESS_TLS_INFORMATION;
-
-typedef struct _PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION
-{
- ULONG Version;
- ULONG Reserved;
- PVOID Callback;
-} PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION, *PPROCESS_INSTRUMENTATION_CALLBACK_INFORMATION;
-
-typedef struct _PROCESS_STACK_ALLOCATION_INFORMATION
-{
- SIZE_T ReserveSize;
- SIZE_T ZeroBits;
- PVOID StackBase;
-} PROCESS_STACK_ALLOCATION_INFORMATION, *PPROCESS_STACK_ALLOCATION_INFORMATION;
-
-typedef struct _PROCESS_STACK_ALLOCATION_INFORMATION_EX
-{
- ULONG PreferredNode;
- ULONG Reserved0;
- ULONG Reserved1;
- ULONG Reserved2;
- PROCESS_STACK_ALLOCATION_INFORMATION AllocInfo;
-} PROCESS_STACK_ALLOCATION_INFORMATION_EX, *PPROCESS_STACK_ALLOCATION_INFORMATION_EX;
-
-typedef union _PROCESS_AFFINITY_UPDATE_MODE
-{
- ULONG Flags;
- struct
- {
- ULONG EnableAutoUpdate : 1;
- ULONG Permanent : 1;
- ULONG Reserved : 30;
- };
-} PROCESS_AFFINITY_UPDATE_MODE, *PPROCESS_AFFINITY_UPDATE_MODE;
-
-typedef union _PROCESS_MEMORY_ALLOCATION_MODE
-{
- ULONG Flags;
- struct
- {
- ULONG TopDown : 1;
- ULONG Reserved : 31;
- };
-} PROCESS_MEMORY_ALLOCATION_MODE, *PPROCESS_MEMORY_ALLOCATION_MODE;
-
-typedef struct _PROCESS_HANDLE_INFORMATION
-{
- ULONG HandleCount;
- ULONG HandleCountHighWatermark;
-} PROCESS_HANDLE_INFORMATION, *PPROCESS_HANDLE_INFORMATION;
-
-typedef struct _PROCESS_CYCLE_TIME_INFORMATION
-{
- ULONGLONG AccumulatedCycles;
- ULONGLONG CurrentCycleCount;
-} PROCESS_CYCLE_TIME_INFORMATION, *PPROCESS_CYCLE_TIME_INFORMATION;
-
-typedef struct _PROCESS_WINDOW_INFORMATION
-{
- ULONG WindowFlags;
- USHORT WindowTitleLength;
- _Field_size_bytes_(WindowTitleLength) WCHAR WindowTitle[1];
-} PROCESS_WINDOW_INFORMATION, *PPROCESS_WINDOW_INFORMATION;
-
-typedef struct _PROCESS_HANDLE_TABLE_ENTRY_INFO
-{
- HANDLE HandleValue;
- ULONG_PTR HandleCount;
- ULONG_PTR PointerCount;
- ULONG GrantedAccess;
- ULONG ObjectTypeIndex;
- ULONG HandleAttributes;
- ULONG Reserved;
-} PROCESS_HANDLE_TABLE_ENTRY_INFO, *PPROCESS_HANDLE_TABLE_ENTRY_INFO;
-
-typedef struct _PROCESS_HANDLE_SNAPSHOT_INFORMATION
-{
- ULONG_PTR NumberOfHandles;
- ULONG_PTR Reserved;
- _Field_size_(NumberOfHandles) PROCESS_HANDLE_TABLE_ENTRY_INFO Handles[1];
-} PROCESS_HANDLE_SNAPSHOT_INFORMATION, *PPROCESS_HANDLE_SNAPSHOT_INFORMATION;
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-#if !defined(NTDDI_WIN10_FE) || (NTDDI_VERSION < NTDDI_WIN10_FE)
-typedef struct _PROCESS_MITIGATION_REDIRECTION_TRUST_POLICY
-{
- union {
- ULONG Flags;
- struct {
- ULONG EnforceRedirectionTrust : 1;
- ULONG AuditRedirectionTrust : 1;
- ULONG ReservedFlags : 30;
- };
- };
-} PROCESS_MITIGATION_REDIRECTION_TRUST_POLICY, *PPROCESS_MITIGATION_REDIRECTION_TRUST_POLICY;
-#endif
-
-#if !defined(NTDDI_WIN10_NI) || (NTDDI_VERSION < NTDDI_WIN10_NI)
-#define ProcessUserPointerAuthPolicy 17
-#define ProcessSEHOPPolicy 18
-
-typedef struct _PROCESS_MITIGATION_USER_POINTER_AUTH_POLICY {
- union {
- ULONG Flags;
- struct {
- ULONG EnablePointerAuthUserIp : 1;
- ULONG ReservedFlags : 31;
- };
- };
-} PROCESS_MITIGATION_USER_POINTER_AUTH_POLICY, *PPROCESS_MITIGATION_USER_POINTER_AUTH_POLICY;
-
-typedef struct _PROCESS_MITIGATION_SEHOP_POLICY {
- union {
- ULONG Flags;
- struct {
- ULONG EnableSehop : 1;
- ULONG ReservedFlags : 31;
- };
- };
-} PROCESS_MITIGATION_SEHOP_POLICY, *PPROCESS_MITIGATION_SEHOP_POLICY;
-#endif
-
-typedef struct _PROCESS_MITIGATION_POLICY_INFORMATION
-{
- PROCESS_MITIGATION_POLICY Policy;
- union
- {
- PROCESS_MITIGATION_ASLR_POLICY ASLRPolicy;
- PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY StrictHandleCheckPolicy;
- PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY SystemCallDisablePolicy;
- PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY ExtensionPointDisablePolicy;
- PROCESS_MITIGATION_DYNAMIC_CODE_POLICY DynamicCodePolicy;
- PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY ControlFlowGuardPolicy;
- PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY SignaturePolicy;
- PROCESS_MITIGATION_FONT_DISABLE_POLICY FontDisablePolicy;
- PROCESS_MITIGATION_IMAGE_LOAD_POLICY ImageLoadPolicy;
- PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY SystemCallFilterPolicy;
- PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY PayloadRestrictionPolicy;
- PROCESS_MITIGATION_CHILD_PROCESS_POLICY ChildProcessPolicy;
- PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY SideChannelIsolationPolicy;
- PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY UserShadowStackPolicy;
- PROCESS_MITIGATION_REDIRECTION_TRUST_POLICY RedirectionTrustPolicy;
- PROCESS_MITIGATION_USER_POINTER_AUTH_POLICY UserPointerAuthPolicy;
- PROCESS_MITIGATION_SEHOP_POLICY SEHOPPolicy;
- };
-} PROCESS_MITIGATION_POLICY_INFORMATION, *PPROCESS_MITIGATION_POLICY_INFORMATION;
-
-// private
-typedef struct _PROCESS_DYNAMIC_FUNCTION_TABLE_INFORMATION
-{
- struct _DYNAMIC_FUNCTION_TABLE* DynamicFunctionTable;
- BOOLEAN Remove;
-} PROCESS_DYNAMIC_FUNCTION_TABLE_INFORMATION, *PPROCESS_DYNAMIC_FUNCTION_TABLE_INFORMATION;
-
-typedef struct _PROCESS_KEEPALIVE_COUNT_INFORMATION
-{
- ULONG WakeCount;
- ULONG NoWakeCount;
-} PROCESS_KEEPALIVE_COUNT_INFORMATION, *PPROCESS_KEEPALIVE_COUNT_INFORMATION;
-
-typedef struct _PROCESS_REVOKE_FILE_HANDLES_INFORMATION
-{
- UNICODE_STRING TargetDevicePath;
-} PROCESS_REVOKE_FILE_HANDLES_INFORMATION, *PPROCESS_REVOKE_FILE_HANDLES_INFORMATION;
-
-// begin_private
-
-typedef enum _PROCESS_WORKING_SET_OPERATION
-{
- ProcessWorkingSetSwap,
- ProcessWorkingSetEmpty,
- ProcessWorkingSetOperationMax
-} PROCESS_WORKING_SET_OPERATION;
-
-typedef struct _PROCESS_WORKING_SET_CONTROL
-{
- ULONG Version;
- PROCESS_WORKING_SET_OPERATION Operation;
- ULONG Flags;
-} PROCESS_WORKING_SET_CONTROL, *PPROCESS_WORKING_SET_CONTROL;
-
-typedef enum _PS_PROTECTED_TYPE
-{
- PsProtectedTypeNone,
- PsProtectedTypeProtectedLight,
- PsProtectedTypeProtected,
- PsProtectedTypeMax
-} PS_PROTECTED_TYPE;
-
-typedef enum _PS_PROTECTED_SIGNER
-{
- PsProtectedSignerNone,
- PsProtectedSignerAuthenticode,
- PsProtectedSignerCodeGen,
- PsProtectedSignerAntimalware,
- PsProtectedSignerLsa,
- PsProtectedSignerWindows,
- PsProtectedSignerWinTcb,
- PsProtectedSignerWinSystem,
- PsProtectedSignerApp,
- PsProtectedSignerMax
-} PS_PROTECTED_SIGNER;
-
-#define PS_PROTECTED_SIGNER_MASK 0xFF
-#define PS_PROTECTED_AUDIT_MASK 0x08
-#define PS_PROTECTED_TYPE_MASK 0x07
-
-// vProtectionLevel.Level = PsProtectedValue(PsProtectedSignerCodeGen, FALSE, PsProtectedTypeProtectedLight)
-#define PsProtectedValue(aSigner, aAudit, aType) ( \
- ((aSigner & PS_PROTECTED_SIGNER_MASK) << 4) | \
- ((aAudit & PS_PROTECTED_AUDIT_MASK) << 3) | \
- (aType & PS_PROTECTED_TYPE_MASK)\
- )
-
-// InitializePsProtection(&vProtectionLevel, PsProtectedSignerCodeGen, FALSE, PsProtectedTypeProtectedLight)
-#define InitializePsProtection(aProtectionLevelPtr, aSigner, aAudit, aType) { \
- (aProtectionLevelPtr)->Signer = aSigner; \
- (aProtectionLevelPtr)->Audit = aAudit; \
- (aProtectionLevelPtr)->Type = aType; \
- }
-
-typedef struct _PS_PROTECTION
-{
- union
- {
- UCHAR Level;
- struct
- {
- UCHAR Type : 3;
- UCHAR Audit : 1;
- UCHAR Signer : 4;
- };
- };
-} PS_PROTECTION, *PPS_PROTECTION;
-
-typedef struct _PROCESS_FAULT_INFORMATION
-{
- ULONG FaultFlags;
- ULONG AdditionalInfo;
-} PROCESS_FAULT_INFORMATION, *PPROCESS_FAULT_INFORMATION;
-
-typedef struct _PROCESS_TELEMETRY_ID_INFORMATION
-{
- ULONG HeaderSize;
- ULONG ProcessId;
- ULONGLONG ProcessStartKey;
- ULONGLONG CreateTime;
- ULONGLONG CreateInterruptTime;
- ULONGLONG CreateUnbiasedInterruptTime;
- ULONGLONG ProcessSequenceNumber;
- ULONGLONG SessionCreateTime;
- ULONG SessionId;
- ULONG BootId;
- ULONG ImageChecksum;
- ULONG ImageTimeDateStamp;
- ULONG UserSidOffset;
- ULONG ImagePathOffset;
- ULONG PackageNameOffset;
- ULONG RelativeAppNameOffset;
- ULONG CommandLineOffset;
-} PROCESS_TELEMETRY_ID_INFORMATION, *PPROCESS_TELEMETRY_ID_INFORMATION;
-
-typedef struct _PROCESS_COMMIT_RELEASE_INFORMATION
-{
- ULONG Version;
- struct
- {
- ULONG Eligible : 1;
- ULONG ReleaseRepurposedMemResetCommit : 1;
- ULONG ForceReleaseMemResetCommit : 1;
- ULONG Spare : 29;
- };
- SIZE_T CommitDebt;
- SIZE_T CommittedMemResetSize;
- SIZE_T RepurposedMemResetSize;
-} PROCESS_COMMIT_RELEASE_INFORMATION, *PPROCESS_COMMIT_RELEASE_INFORMATION;
-
-typedef struct _PROCESS_JOB_MEMORY_INFO
-{
- ULONGLONG SharedCommitUsage;
- ULONGLONG PrivateCommitUsage;
- ULONGLONG PeakPrivateCommitUsage;
- ULONGLONG PrivateCommitLimit;
- ULONGLONG TotalCommitLimit;
-} PROCESS_JOB_MEMORY_INFO, *PPROCESS_JOB_MEMORY_INFO;
-
-typedef struct _PROCESS_CHILD_PROCESS_INFORMATION
-{
- BOOLEAN ProhibitChildProcesses;
- BOOLEAN AlwaysAllowSecureChildProcess; // REDSTONE3
- BOOLEAN AuditProhibitChildProcesses;
-} PROCESS_CHILD_PROCESS_INFORMATION, *PPROCESS_CHILD_PROCESS_INFORMATION;
-
-#define POWER_THROTTLING_PROCESS_CURRENT_VERSION 1
-#define POWER_THROTTLING_PROCESS_EXECUTION_SPEED 0x1
-#define POWER_THROTTLING_PROCESS_DELAYTIMERS 0x2
-#define POWER_THROTTLING_PROCESS_IGNORE_TIMER_RESOLUTION 0x4 // since WIN11
-#define POWER_THROTTLING_PROCESS_VALID_FLAGS ((POWER_THROTTLING_PROCESS_EXECUTION_SPEED | POWER_THROTTLING_PROCESS_DELAYTIMERS | POWER_THROTTLING_PROCESS_IGNORE_TIMER_RESOLUTION))
-
-typedef struct _POWER_THROTTLING_PROCESS_STATE
-{
- ULONG Version;
- ULONG ControlMask;
- ULONG StateMask;
-} POWER_THROTTLING_PROCESS_STATE, *PPOWER_THROTTLING_PROCESS_STATE;
-
-// rev (tyranid)
-#define WIN32K_SYSCALL_FILTER_STATE_ENABLE 0x1
-#define WIN32K_SYSCALL_FILTER_STATE_AUDIT 0x2
-
-typedef struct _WIN32K_SYSCALL_FILTER
-{
- ULONG FilterState;
- ULONG FilterSet;
-} WIN32K_SYSCALL_FILTER, *PWIN32K_SYSCALL_FILTER;
-
-typedef struct _JOBOBJECT_WAKE_FILTER *PJOBOBJECT_WAKE_FILTER; // from ntpsapi.h
-
-typedef struct _PROCESS_WAKE_INFORMATION
-{
- ULONGLONG NotificationChannel;
- ULONG WakeCounters[7];
- PJOBOBJECT_WAKE_FILTER WakeFilter;
-} PROCESS_WAKE_INFORMATION, *PPROCESS_WAKE_INFORMATION;
-
-typedef struct _PROCESS_ENERGY_TRACKING_STATE
-{
- ULONG StateUpdateMask;
- ULONG StateDesiredValue;
- ULONG StateSequence;
- ULONG UpdateTag : 1;
- WCHAR Tag[64];
-} PROCESS_ENERGY_TRACKING_STATE, *PPROCESS_ENERGY_TRACKING_STATE;
-
-typedef struct _MANAGE_WRITES_TO_EXECUTABLE_MEMORY
-{
- ULONG Version : 8;
- ULONG ProcessEnableWriteExceptions : 1;
- ULONG ThreadAllowWrites : 1;
- ULONG Spare : 22;
- PVOID KernelWriteToExecutableSignal; // 19H1
-} MANAGE_WRITES_TO_EXECUTABLE_MEMORY, *PMANAGE_WRITES_TO_EXECUTABLE_MEMORY;
-
-#define POWER_THROTTLING_THREAD_CURRENT_VERSION 1
-#define POWER_THROTTLING_THREAD_EXECUTION_SPEED 0x1
-#define POWER_THROTTLING_THREAD_VALID_FLAGS (POWER_THROTTLING_THREAD_EXECUTION_SPEED)
-
-typedef struct _POWER_THROTTLING_THREAD_STATE
-{
- ULONG Version;
- ULONG ControlMask;
- ULONG StateMask;
-} POWER_THROTTLING_THREAD_STATE, *PPOWER_THROTTLING_THREAD_STATE;
-
-#define PROCESS_READWRITEVM_LOGGING_ENABLE_READVM 1
-#define PROCESS_READWRITEVM_LOGGING_ENABLE_WRITEVM 2
-#define PROCESS_READWRITEVM_LOGGING_ENABLE_READVM_V 1UL
-#define PROCESS_READWRITEVM_LOGGING_ENABLE_WRITEVM_V 2UL
-
-typedef union _PROCESS_READWRITEVM_LOGGING_INFORMATION
-{
- UCHAR Flags;
- struct
- {
- UCHAR EnableReadVmLogging : 1;
- UCHAR EnableWriteVmLogging : 1;
- UCHAR Unused : 6;
- };
-} PROCESS_READWRITEVM_LOGGING_INFORMATION, *PPROCESS_READWRITEVM_LOGGING_INFORMATION;
-
-typedef struct _PROCESS_UPTIME_INFORMATION
-{
- ULONGLONG QueryInterruptTime;
- ULONGLONG QueryUnbiasedTime;
- ULONGLONG EndInterruptTime;
- ULONGLONG TimeSinceCreation;
- ULONGLONG Uptime;
- ULONGLONG SuspendedTime;
- struct
- {
- ULONG HangCount : 4;
- ULONG GhostCount : 4;
- ULONG Crashed : 1;
- ULONG Terminated : 1;
- };
-} PROCESS_UPTIME_INFORMATION, *PPROCESS_UPTIME_INFORMATION;
-
-typedef union _PROCESS_SYSTEM_RESOURCE_MANAGEMENT
-{
- ULONG Flags;
- struct
- {
- ULONG Foreground : 1;
- ULONG Reserved : 31;
- };
-} PROCESS_SYSTEM_RESOURCE_MANAGEMENT, *PPROCESS_SYSTEM_RESOURCE_MANAGEMENT;
-
-typedef struct _PROCESS_SECURITY_DOMAIN_INFORMATION
-{
- ULONGLONG SecurityDomain;
-} PROCESS_SECURITY_DOMAIN_INFORMATION, *PPROCESS_SECURITY_DOMAIN_INFORMATION;
-
-typedef struct _PROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION
-{
- HANDLE ProcessHandle;
-} PROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION, *PPROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION;
-
-typedef union _PROCESS_LOGGING_INFORMATION
-{
- ULONG Flags;
- struct
- {
- ULONG EnableReadVmLogging : 1;
- ULONG EnableWriteVmLogging : 1;
- ULONG EnableProcessSuspendResumeLogging : 1;
- ULONG EnableThreadSuspendResumeLogging : 1;
- ULONG EnableLocalExecProtectVmLogging : 1;
- ULONG EnableRemoteExecProtectVmLogging : 1;
- ULONG Reserved : 26;
- };
-} PROCESS_LOGGING_INFORMATION, *PPROCESS_LOGGING_INFORMATION;
-
-typedef struct _PROCESS_LEAP_SECOND_INFORMATION
-{
- ULONG Flags;
- ULONG Reserved;
-} PROCESS_LEAP_SECOND_INFORMATION, *PPROCESS_LEAP_SECOND_INFORMATION;
-
-typedef struct _PROCESS_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION
-{
- ULONGLONG ReserveSize;
- ULONGLONG CommitSize;
- ULONG PreferredNode;
- ULONG Reserved;
- PVOID Ssp;
-} PROCESS_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION, *PPROCESS_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION;
-
-typedef struct _PROCESS_FREE_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION
-{
- PVOID Ssp;
-} PROCESS_FREE_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION, *PPROCESS_FREE_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION;
-
-typedef struct _PROCESS_SYSCALL_PROVIDER_INFORMATION
-{
- GUID ProviderId;
- UCHAR Level;
-} PROCESS_SYSCALL_PROVIDER_INFORMATION, *PPROCESS_SYSCALL_PROVIDER_INFORMATION;
-
-//typedef struct _PROCESS_DYNAMIC_ENFORCED_ADDRESS_RANGE
-//{
-// ULONG_PTR BaseAddress;
-// SIZE_T Size;
-// ULONG Flags;
-//} PROCESS_DYNAMIC_ENFORCED_ADDRESS_RANGE, *PPROCESS_DYNAMIC_ENFORCED_ADDRESS_RANGE;
-//
-//typedef struct _PROCESS_DYNAMIC_ENFORCED_ADDRESS_RANGES_INFORMATION
-//{
-// USHORT NumberOfRanges;
-// USHORT Reserved;
-// ULONG Reserved2;
-// PPROCESS_DYNAMIC_ENFORCED_ADDRESS_RANGE Ranges;
-//} PROCESS_DYNAMIC_ENFORCED_ADDRESS_RANGES_INFORMATION, *PPROCESS_DYNAMIC_ENFORCED_ADDRESS_RANGES_INFORMATION;
-
-typedef struct _PROCESS_MEMBERSHIP_INFORMATION
-{
- ULONG ServerSiloId;
-} PROCESS_MEMBERSHIP_INFORMATION, *PPROCESS_MEMBERSHIP_INFORMATION;
-
-// end_private
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryPortInformationProcess(
- VOID
- );
-
-#endif
-
-// Thread information structures
-
-typedef struct _THREAD_BASIC_INFORMATION
-{
- NTSTATUS ExitStatus;
- PTEB TebBaseAddress;
- CLIENT_ID ClientId;
- KAFFINITY AffinityMask;
- KPRIORITY Priority;
- KPRIORITY BasePriority;
-} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
-
-typedef struct _THREAD_LAST_SYSCALL_INFORMATION
-{
- PVOID FirstArgument;
- USHORT SystemCallNumber;
-#ifdef WIN64
- USHORT Pad[0x3]; // since REDSTONE2
-#else
- USHORT Pad[0x1]; // since REDSTONE2
-#endif
- ULONG64 WaitTime;
-} THREAD_LAST_SYSCALL_INFORMATION, *PTHREAD_LAST_SYSCALL_INFORMATION;
-
-typedef struct _THREAD_CYCLE_TIME_INFORMATION
-{
- ULONGLONG AccumulatedCycles;
- ULONGLONG CurrentCycleCount;
-} THREAD_CYCLE_TIME_INFORMATION, *PTHREAD_CYCLE_TIME_INFORMATION;
-
-typedef struct _THREAD_TEB_INFORMATION
-{
- PVOID TebInformation; // buffer to place data in
- ULONG TebOffset; // offset in TEB to begin reading from
- ULONG BytesToRead; // number of bytes to read
-} THREAD_TEB_INFORMATION, *PTHREAD_TEB_INFORMATION;
-
-// symbols
-typedef struct _COUNTER_READING
-{
- HARDWARE_COUNTER_TYPE Type;
- ULONG Index;
- ULONG64 Start;
- ULONG64 Total;
-} COUNTER_READING, *PCOUNTER_READING;
-
-// symbols
-typedef struct _THREAD_PERFORMANCE_DATA
-{
- USHORT Size;
- USHORT Version;
- PROCESSOR_NUMBER ProcessorNumber;
- ULONG ContextSwitches;
- ULONG HwCountersCount;
- ULONG64 UpdateCount;
- ULONG64 WaitReasonBitMap;
- ULONG64 HardwareCounters;
- COUNTER_READING CycleTime;
- COUNTER_READING HwCounters[MAX_HW_COUNTERS];
-} THREAD_PERFORMANCE_DATA, *PTHREAD_PERFORMANCE_DATA;
-
-typedef struct _THREAD_PROFILING_INFORMATION
-{
- ULONG64 HardwareCounters;
- ULONG Flags;
- ULONG Enable;
- PTHREAD_PERFORMANCE_DATA PerformanceData;
-} THREAD_PROFILING_INFORMATION, *PTHREAD_PROFILING_INFORMATION;
-
-typedef struct _RTL_UMS_CONTEXT
-{
- SINGLE_LIST_ENTRY Link;
- CONTEXT Context;
- PVOID Teb;
- PVOID UserContext;
- volatile ULONG ScheduledThread : 1;
- volatile ULONG Suspended : 1;
- volatile ULONG VolatileContext : 1;
- volatile ULONG Terminated : 1;
- volatile ULONG DebugActive : 1;
- volatile ULONG RunningOnSelfThread : 1;
- volatile ULONG DenyRunningOnSelfThread : 1;
- volatile LONG Flags;
- volatile ULONG64 KernelUpdateLock : 2;
- volatile ULONG64 PrimaryClientID : 62;
- volatile ULONG64 ContextLock;
- struct _RTL_UMS_CONTEXT* PrimaryUmsContext;
- ULONG SwitchCount;
- ULONG KernelYieldCount;
- ULONG MixedYieldCount;
- ULONG YieldCount;
-} RTL_UMS_CONTEXT, *PRTL_UMS_CONTEXT;
-
-typedef enum _THREAD_UMS_INFORMATION_COMMAND
-{
- UmsInformationCommandInvalid,
- UmsInformationCommandAttach,
- UmsInformationCommandDetach,
- UmsInformationCommandQuery
-} THREAD_UMS_INFORMATION_COMMAND;
-
-typedef struct _RTL_UMS_COMPLETION_LIST
-{
- PSINGLE_LIST_ENTRY ThreadListHead;
- PVOID CompletionEvent;
- ULONG CompletionFlags;
- SINGLE_LIST_ENTRY InternalListHead;
-} RTL_UMS_COMPLETION_LIST, *PRTL_UMS_COMPLETION_LIST;
-
-typedef struct _THREAD_UMS_INFORMATION
-{
- THREAD_UMS_INFORMATION_COMMAND Command;
- PRTL_UMS_COMPLETION_LIST CompletionList;
- PRTL_UMS_CONTEXT UmsContext;
- union
- {
- ULONG Flags;
- struct
- {
- ULONG IsUmsSchedulerThread : 1;
- ULONG IsUmsWorkerThread : 1;
- ULONG SpareBits : 30;
- };
- };
-} THREAD_UMS_INFORMATION, *PTHREAD_UMS_INFORMATION;
-
-typedef struct _THREAD_NAME_INFORMATION
-{
- UNICODE_STRING ThreadName;
-} THREAD_NAME_INFORMATION, *PTHREAD_NAME_INFORMATION;
-
-typedef struct _ALPC_WORK_ON_BEHALF_TICKET
-{
- ULONG ThreadId;
- ULONG ThreadCreationTimeLow;
-} ALPC_WORK_ON_BEHALF_TICKET, *PALPC_WORK_ON_BEHALF_TICKET;
-
-typedef struct _RTL_WORK_ON_BEHALF_TICKET_EX
-{
- ALPC_WORK_ON_BEHALF_TICKET Ticket;
- union
- {
- ULONG Flags;
- struct
- {
- ULONG CurrentThread : 1;
- ULONG Reserved1 : 31;
- };
- };
- ULONG Reserved2;
-} RTL_WORK_ON_BEHALF_TICKET_EX, *PRTL_WORK_ON_BEHALF_TICKET_EX;
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-typedef enum _SUBSYSTEM_INFORMATION_TYPE
-{
- SubsystemInformationTypeWin32,
- SubsystemInformationTypeWSL,
- MaxSubsystemInformationType
-} SUBSYSTEM_INFORMATION_TYPE;
-#endif
-
-typedef enum _THREAD_WORKLOAD_CLASS
-{
- ThreadWorkloadClassDefault,
- ThreadWorkloadClassGraphics,
- MaxThreadWorkloadClass
-} THREAD_WORKLOAD_CLASS;
-
-#if defined(_ARM64_)
-
-#define CONTEXT_ARM 0x00200000L
-
-#define CONTEXT_ARM_CONTROL (CONTEXT_ARM | 0x1L)
-#define CONTEXT_ARM_INTEGER (CONTEXT_ARM | 0x2L)
-#define CONTEXT_ARM_FLOATING_POINT (CONTEXT_ARM | 0x4L)
-#define CONTEXT_ARM_DEBUG_REGISTERS (CONTEXT_ARM | 0x8L)
-
-#define CONTEXT_ARM_FULL (CONTEXT_ARM_CONTROL | CONTEXT_ARM_INTEGER | CONTEXT_ARM_FLOATING_POINT)
-
-#define CONTEXT_ARM_ALL (CONTEXT_ARM_CONTROL | CONTEXT_ARM_INTEGER | CONTEXT_ARM_FLOATING_POINT | CONTEXT_ARM_DEBUG_REGISTERS)
-
-#define ARM_MAX_BREAKPOINTS 8
-#define ARM_MAX_WATCHPOINTS 1
-
-typedef struct _ARM_NT_NEON128 {
- ULONGLONG Low;
- LONGLONG High;
-} ARM_NT_NEON128, *PARM_NT_NEON128;
-
-typedef struct DECLSPEC_ALIGN(8) DECLSPEC_NOINITALL _ARM_NT_CONTEXT {
-
- //
- // Control flags.
- //
-
- DWORD ContextFlags;
-
- //
- // Integer registers
- //
-
- DWORD R0;
- DWORD R1;
- DWORD R2;
- DWORD R3;
- DWORD R4;
- DWORD R5;
- DWORD R6;
- DWORD R7;
- DWORD R8;
- DWORD R9;
- DWORD R10;
- DWORD R11;
- DWORD R12;
-
- //
- // Control Registers
- //
-
- DWORD Sp;
- DWORD Lr;
- DWORD Pc;
- DWORD Cpsr;
-
- //
- // Floating Point/NEON Registers
- //
-
- DWORD Fpscr;
- DWORD Padding;
- union {
- ARM_NT_NEON128 Q[16];
- ULONGLONG D[32];
- DWORD S[32];
- } DUMMYUNIONNAME;
-
- //
- // Debug registers
- //
-
- DWORD Bvr[ARM_MAX_BREAKPOINTS];
- DWORD Bcr[ARM_MAX_BREAKPOINTS];
- DWORD Wvr[ARM_MAX_WATCHPOINTS];
- DWORD Wcr[ARM_MAX_WATCHPOINTS];
-
- DWORD Padding2[2];
-
-} ARM_NT_CONTEXT, *PARM_NT_CONTEXT;
-
-#endif
-
-// Processes
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateProcess(
- _Out_ PHANDLE ProcessHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ HANDLE ParentProcess,
- _In_ BOOLEAN InheritObjectTable,
- _In_opt_ HANDLE SectionHandle,
- _In_opt_ HANDLE DebugPort,
- _In_opt_ HANDLE TokenHandle
- );
-
-// begin_rev
-#define PROCESS_CREATE_FLAGS_BREAKAWAY 0x00000001 // NtCreateProcessEx & NtCreateUserProcess
-#define PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT 0x00000002 // NtCreateProcessEx & NtCreateUserProcess
-#define PROCESS_CREATE_FLAGS_INHERIT_HANDLES 0x00000004 // NtCreateProcessEx & NtCreateUserProcess
-#define PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE 0x00000008 // NtCreateProcessEx only
-#define PROCESS_CREATE_FLAGS_LARGE_PAGES 0x00000010 // NtCreateProcessEx only, requires SeLockMemory
-#define PROCESS_CREATE_FLAGS_LARGE_PAGE_SYSTEM_DLL 0x00000020 // NtCreateProcessEx only, requires SeLockMemory
-#define PROCESS_CREATE_FLAGS_PROTECTED_PROCESS 0x00000040 // NtCreateUserProcess only
-#define PROCESS_CREATE_FLAGS_CREATE_SESSION 0x00000080 // NtCreateProcessEx & NtCreateUserProcess, requires SeLoadDriver
-#define PROCESS_CREATE_FLAGS_INHERIT_FROM_PARENT 0x00000100 // NtCreateProcessEx & NtCreateUserProcess
-#define PROCESS_CREATE_FLAGS_SUSPENDED 0x00000200 // NtCreateProcessEx & NtCreateUserProcess
-#define PROCESS_CREATE_FLAGS_FORCE_BREAKAWAY 0x00000400 // NtCreateProcessEx & NtCreateUserProcess, requires SeTcb
-#define PROCESS_CREATE_FLAGS_MINIMAL_PROCESS 0x00000800 // NtCreateProcessEx only
-#define PROCESS_CREATE_FLAGS_RELEASE_SECTION 0x00001000 // NtCreateProcessEx & NtCreateUserProcess
-#define PROCESS_CREATE_FLAGS_CLONE_MINIMAL 0x00002000 // NtCreateProcessEx only
-#define PROCESS_CREATE_FLAGS_CLONE_MINIMAL_REDUCED_COMMIT 0x00004000 //
-#define PROCESS_CREATE_FLAGS_AUXILIARY_PROCESS 0x00008000 // NtCreateProcessEx & NtCreateUserProcess, requires SeTcb
-#define PROCESS_CREATE_FLAGS_CREATE_STORE 0x00020000 // NtCreateProcessEx & NtCreateUserProcess
-#define PROCESS_CREATE_FLAGS_USE_PROTECTED_ENVIRONMENT 0x00040000 // NtCreateProcessEx & NtCreateUserProcess
-// end_rev
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateProcessEx(
- _Out_ PHANDLE ProcessHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ HANDLE ParentProcess,
- _In_ ULONG Flags, // PROCESS_CREATE_FLAGS_*
- _In_opt_ HANDLE SectionHandle,
- _In_opt_ HANDLE DebugPort,
- _In_opt_ HANDLE TokenHandle,
- _Reserved_ ULONG Reserved // JobMemberLevel
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenProcess(
- _Out_ PHANDLE ProcessHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_opt_ PCLIENT_ID ClientId
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtTerminateProcess(
- _In_opt_ HANDLE ProcessHandle,
- _In_ NTSTATUS ExitStatus
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSuspendProcess(
- _In_ HANDLE ProcessHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtResumeProcess(
- _In_ HANDLE ProcessHandle
- );
-
-#define NtCurrentProcess() ((HANDLE)(LONG_PTR)-1)
-#define ZwCurrentProcess() NtCurrentProcess()
-#define NtCurrentThread() ((HANDLE)(LONG_PTR)-2)
-#define ZwCurrentThread() NtCurrentThread()
-#define NtCurrentSession() ((HANDLE)(LONG_PTR)-3)
-#define ZwCurrentSession() NtCurrentSession()
-#define NtCurrentPeb() (NtCurrentTeb()->ProcessEnvironmentBlock)
-
-// Windows 8 and above
-#define NtCurrentProcessToken() ((HANDLE)(LONG_PTR)-4) // NtOpenProcessToken(NtCurrentProcess())
-#define NtCurrentThreadToken() ((HANDLE)(LONG_PTR)-5) // NtOpenThreadToken(NtCurrentThread())
-#define NtCurrentThreadEffectiveToken() ((HANDLE)(LONG_PTR)-6) // NtOpenThreadToken(NtCurrentThread()) + NtOpenProcessToken(NtCurrentProcess())
-
-#define NtCurrentSilo() ((HANDLE)(LONG_PTR)-1)
-
-// Not NT, but useful.
-EXTERN_C IMAGE_DOS_HEADER __ImageBase;
-#define NtCurrentImageBase() ((PVOID)&__ImageBase)
-
-// Not NT, but useful.
-#define NtCurrentProcessId() (NtCurrentTeb()->ClientId.UniqueProcess)
-#define NtCurrentThreadId() (NtCurrentTeb()->ClientId.UniqueThread)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryInformationProcess(
- _In_ HANDLE ProcessHandle,
- _In_ PROCESSINFOCLASS ProcessInformationClass,
- _Out_writes_bytes_(ProcessInformationLength) PVOID ProcessInformation,
- _In_ ULONG ProcessInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-#if (PHNT_VERSION >= PHNT_WS03)
-
-#define PROCESS_GET_NEXT_FLAGS_PREVIOUS_PROCESS 0x00000001
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtGetNextProcess(
- _In_opt_ HANDLE ProcessHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ ULONG HandleAttributes,
- _In_ ULONG Flags,
- _Out_ PHANDLE NewProcessHandle
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WS03)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtGetNextThread(
- _In_ HANDLE ProcessHandle,
- _In_opt_ HANDLE ThreadHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ ULONG HandleAttributes,
- _In_ ULONG Flags,
- _Out_ PHANDLE NewThreadHandle
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetInformationProcess(
- _In_ HANDLE ProcessHandle,
- _In_ PROCESSINFOCLASS ProcessInformationClass,
- _In_reads_bytes_(ProcessInformationLength) PVOID ProcessInformation,
- _In_ ULONG ProcessInformationLength
- );
-
-#endif
-
-#define STATECHANGE_SET_ATTRIBUTES 0x0001
-
-typedef enum _PROCESS_STATE_CHANGE_TYPE
-{
- ProcessStateChangeSuspend,
- ProcessStateChangeResume,
- ProcessStateChangeMax,
-} PROCESS_STATE_CHANGE_TYPE, *PPROCESS_STATE_CHANGE_TYPE;
-
-#if (PHNT_VERSION >= PHNT_WIN11)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateProcessStateChange(
- _Out_ PHANDLE ProcessStateChangeHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ HANDLE ProcessHandle,
- _In_opt_ ULONG64 Reserved
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtChangeProcessState(
- _In_ HANDLE ProcessStateChangeHandle,
- _In_ HANDLE ProcessHandle,
- _In_ PROCESS_STATE_CHANGE_TYPE StateChangeType,
- _In_opt_ PVOID ExtendedInformation,
- _In_opt_ SIZE_T ExtendedInformationLength,
- _In_opt_ ULONG64 Reserved
- );
-
-#endif
-
-typedef enum _THREAD_STATE_CHANGE_TYPE
-{
- ThreadStateChangeSuspend,
- ThreadStateChangeResume,
- ThreadStateChangeMax,
-} THREAD_STATE_CHANGE_TYPE, *PTHREAD_STATE_CHANGE_TYPE;
-
-#if (PHNT_VERSION >= PHNT_WIN11)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateThreadStateChange(
- _Out_ PHANDLE ThreadStateChangeHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ HANDLE ThreadHandle,
- _In_opt_ ULONG64 Reserved
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtChangeThreadState(
- _In_ HANDLE ThreadStateChangeHandle,
- _In_ HANDLE ThreadHandle,
- _In_ THREAD_STATE_CHANGE_TYPE StateChangeType,
- _In_opt_ PVOID ExtendedInformation,
- _In_opt_ SIZE_T ExtendedInformationLength,
- _In_opt_ ULONG64 Reserved
- );
-
-#endif
-
-// Threads
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateThread(
- _Out_ PHANDLE ThreadHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ HANDLE ProcessHandle,
- _Out_ PCLIENT_ID ClientId,
- _In_ PCONTEXT ThreadContext,
- _In_ PINITIAL_TEB InitialTeb,
- _In_ BOOLEAN CreateSuspended
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenThread(
- _Out_ PHANDLE ThreadHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_opt_ PCLIENT_ID ClientId
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtTerminateThread(
- _In_opt_ HANDLE ThreadHandle,
- _In_ NTSTATUS ExitStatus
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSuspendThread(
- _In_ HANDLE ThreadHandle,
- _Out_opt_ PULONG PreviousSuspendCount
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtResumeThread(
- _In_ HANDLE ThreadHandle,
- _Out_opt_ PULONG PreviousSuspendCount
- );
-
-NTSYSCALLAPI
-ULONG
-NTAPI
-NtGetCurrentProcessorNumber(
- VOID
- );
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-NTSYSCALLAPI
-ULONG
-NTAPI
-NtGetCurrentProcessorNumberEx(
- _Out_opt_ PPROCESSOR_NUMBER ProcessorNumber
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtGetContextThread(
- _In_ HANDLE ThreadHandle,
- _Inout_ PCONTEXT ThreadContext
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetContextThread(
- _In_ HANDLE ThreadHandle,
- _In_ PCONTEXT ThreadContext
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryInformationThread(
- _In_ HANDLE ThreadHandle,
- _In_ THREADINFOCLASS ThreadInformationClass,
- _Out_writes_bytes_(ThreadInformationLength) PVOID ThreadInformation,
- _In_ ULONG ThreadInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetInformationThread(
- _In_ HANDLE ThreadHandle,
- _In_ THREADINFOCLASS ThreadInformationClass,
- _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation,
- _In_ ULONG ThreadInformationLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAlertThread(
- _In_ HANDLE ThreadHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAlertResumeThread(
- _In_ HANDLE ThreadHandle,
- _Out_opt_ PULONG PreviousSuspendCount
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtTestAlert(
- VOID
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtImpersonateThread(
- _In_ HANDLE ServerThreadHandle,
- _In_ HANDLE ClientThreadHandle,
- _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQos
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtRegisterThreadTerminatePort(
- _In_ HANDLE PortHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetLdtEntries(
- _In_ ULONG Selector0,
- _In_ ULONG Entry0Low,
- _In_ ULONG Entry0Hi,
- _In_ ULONG Selector1,
- _In_ ULONG Entry1Low,
- _In_ ULONG Entry1Hi
- );
-
-typedef VOID (NTAPI* PPS_APC_ROUTINE)(
- _In_opt_ PVOID ApcArgument1,
- _In_opt_ PVOID ApcArgument2,
- _In_opt_ PVOID ApcArgument3
- );
-
-#define Wow64EncodeApcRoutine(ApcRoutine) \
- ((PVOID)((0 - ((LONG_PTR)(ApcRoutine))) << 2))
-
-#define Wow64DecodeApcRoutine(ApcRoutine) \
- ((PVOID)(0 - (((LONG_PTR)(ApcRoutine)) >> 2)))
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueueApcThread(
- _In_ HANDLE ThreadHandle,
- _In_ PPS_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcArgument1,
- _In_opt_ PVOID ApcArgument2,
- _In_opt_ PVOID ApcArgument3
- );
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-
-#define QUEUE_USER_APC_SPECIAL_USER_APC ((HANDLE)0x1)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueueApcThreadEx(
- _In_ HANDLE ThreadHandle,
- _In_opt_ HANDLE ReserveHandle, // NtAllocateReserveObject // SPECIAL_USER_APC
- _In_ PPS_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcArgument1,
- _In_opt_ PVOID ApcArgument2,
- _In_opt_ PVOID ApcArgument3
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN11)
-
-// QUEUE_USER_APC_FLAGS enum (dmex)
-#define QUEUE_USER_APC_FLAGS_NONE 0x0
-#define QUEUE_USER_APC_FLAGS_SPECIAL_USER_APC 0x1
-#define QUEUE_USER_APC_CALLBACK_DATA_CONTEXT 0x00010000 // APC_CALLBACK_DATA
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueueApcThreadEx2(
- _In_ HANDLE ThreadHandle,
- _In_opt_ HANDLE ReserveHandle, // NtAllocateReserveObject
- _In_ ULONG ApcFlags, // QUEUE_USER_APC_FLAGS
- _In_ PPS_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcArgument1,
- _In_opt_ PVOID ApcArgument2,
- _In_opt_ PVOID ApcArgument3
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-
-// rev
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAlertThreadByThreadId(
- _In_ HANDLE ThreadId
- );
-
-// rev
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtWaitForAlertByThreadId(
- _In_ PVOID Address,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-#endif
-
-#endif
-
-// User processes and threads
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-// Attributes (Win32 CreateProcess)
-
-// PROC_THREAD_ATTRIBUTE_NUM (dmex)
-#define ProcThreadAttributeParentProcess 0 // in HANDLE
-#define ProcThreadAttributeExtendedFlags 1 // in ULONG (EXTENDED_PROCESS_CREATION_FLAG_*)
-#define ProcThreadAttributeHandleList 2 // in HANDLE[]
-#define ProcThreadAttributeGroupAffinity 3 // in GROUP_AFFINITY // since WIN7
-#define ProcThreadAttributePreferredNode 4 // in USHORT
-#define ProcThreadAttributeIdealProcessor 5 // in PROCESSOR_NUMBER
-#define ProcThreadAttributeUmsThread 6 // in UMS_CREATE_THREAD_ATTRIBUTES
-#define ProcThreadAttributeMitigationPolicy 7 // in ULONG, ULONG64, or ULONG64[2]
-#define ProcThreadAttributePackageFullName 8 // in WCHAR[] // since WIN8
-#define ProcThreadAttributeSecurityCapabilities 9 // in SECURITY_CAPABILITIES
-#define ProcThreadAttributeConsoleReference 10 // BaseGetConsoleReference (kernelbase.dll)
-#define ProcThreadAttributeProtectionLevel 11 // in ULONG (PROTECTION_LEVEL_*) // since WINBLUE
-#define ProcThreadAttributeOsMaxVersionTested 12 // in MAXVERSIONTESTED_INFO // since THRESHOLD // (from exe.manifest)
-#define ProcThreadAttributeJobList 13 // in HANDLE[]
-#define ProcThreadAttributeChildProcessPolicy 14 // in ULONG (PROCESS_CREATION_CHILD_PROCESS_*) // since THRESHOLD2
-#define ProcThreadAttributeAllApplicationPackagesPolicy 15 // in ULONG (PROCESS_CREATION_ALL_APPLICATION_PACKAGES_*) // since REDSTONE
-#define ProcThreadAttributeWin32kFilter 16 // in WIN32K_SYSCALL_FILTER
-#define ProcThreadAttributeSafeOpenPromptOriginClaim 17 // in SE_SAFE_OPEN_PROMPT_RESULTS
-#define ProcThreadAttributeDesktopAppPolicy 18 // in ULONG (PROCESS_CREATION_DESKTOP_APP_*) // since RS2
-#define ProcThreadAttributeBnoIsolation 19 // in PROC_THREAD_BNOISOLATION_ATTRIBUTE
-#define ProcThreadAttributePseudoConsole 22 // in HANDLE (HPCON) // since RS5
-#define ProcThreadAttributeIsolationManifest 23 // in ISOLATION_MANIFEST_PROPERTIES // rev (diversenok) // since 19H2+
-#define ProcThreadAttributeMitigationAuditPolicy 24 // in ULONG, ULONG64, or ULONG64[2] // since 21H1
-#define ProcThreadAttributeMachineType 25 // in USHORT // since 21H2
-#define ProcThreadAttributeComponentFilter 26 // in ULONG
-#define ProcThreadAttributeEnableOptionalXStateFeatures 27 // in ULONG64 // since WIN11
-#define ProcThreadAttributeCreateStore 28 // ULONG // rev (diversenok)
-#define ProcThreadAttributeTrustedApp 29
-
-#ifndef PROC_THREAD_ATTRIBUTE_EXTENDED_FLAGS
-#define PROC_THREAD_ATTRIBUTE_EXTENDED_FLAGS \
- ProcThreadAttributeValue(ProcThreadAttributeExtendedFlags, FALSE, TRUE, TRUE)
-#endif
-#ifndef PROC_THREAD_ATTRIBUTE_PACKAGE_FULL_NAME
-#define PROC_THREAD_ATTRIBUTE_PACKAGE_FULL_NAME \
- ProcThreadAttributeValue(ProcThreadAttributePackageFullName, FALSE, TRUE, FALSE)
-#endif
-#ifndef PROC_THREAD_ATTRIBUTE_CONSOLE_REFERENCE
-#define PROC_THREAD_ATTRIBUTE_CONSOLE_REFERENCE \
- ProcThreadAttributeValue(ProcThreadAttributeConsoleReference, FALSE, TRUE, FALSE)
-#endif
-#ifndef PROC_THREAD_ATTRIBUTE_OSMAXVERSIONTESTED
-#define PROC_THREAD_ATTRIBUTE_OSMAXVERSIONTESTED \
- ProcThreadAttributeValue(ProcThreadAttributeOsMaxVersionTested, FALSE, TRUE, FALSE)
-#endif
-#ifndef PROC_THREAD_ATTRIBUTE_SAFE_OPEN_PROMPT_ORIGIN_CLAIM
-#define PROC_THREAD_ATTRIBUTE_SAFE_OPEN_PROMPT_ORIGIN_CLAIM \
- ProcThreadAttributeValue(ProcThreadAttributeSafeOpenPromptOriginClaim, FALSE, TRUE, FALSE)
-#endif
-#ifndef PROC_THREAD_ATTRIBUTE_BNO_ISOLATION
-#define PROC_THREAD_ATTRIBUTE_BNO_ISOLATION \
- ProcThreadAttributeValue(ProcThreadAttributeBnoIsolation, FALSE, TRUE, FALSE)
-#endif
-#ifndef PROC_THREAD_ATTRIBUTE_ISOLATION_MANIFEST
-#define PROC_THREAD_ATTRIBUTE_ISOLATION_MANIFEST \
- ProcThreadAttributeValue(ProcThreadAttributeIsolationManifest, FALSE, TRUE, FALSE)
-#endif
-#ifndef PROC_THREAD_ATTRIBUTE_CREATE_STORE
-#define PROC_THREAD_ATTRIBUTE_CREATE_STORE \
- ProcThreadAttributeValue(ProcThreadAttributeCreateStore, FALSE, TRUE, FALSE)
-#endif
-#ifndef PROC_THREAD_ATTRIBUTE_TRUSTED_APP
-#define PROC_THREAD_ATTRIBUTE_TRUSTED_APP \
- ProcThreadAttributeValue(ProcThreadAttributeTrustedApp, FALSE, TRUE, FALSE)
-#endif
-
-// private
-typedef struct _PROC_THREAD_ATTRIBUTE
-{
- ULONG_PTR Attribute;
- SIZE_T Size;
- ULONG_PTR Value;
-} PROC_THREAD_ATTRIBUTE, *PPROC_THREAD_ATTRIBUTE;
-
-// private
-typedef struct _PROC_THREAD_ATTRIBUTE_LIST
-{
- ULONG PresentFlags;
- ULONG AttributeCount;
- ULONG LastAttribute;
- ULONG SpareUlong0;
- PPROC_THREAD_ATTRIBUTE ExtendedFlagsAttribute;
- _Field_size_(AttributeCount) PROC_THREAD_ATTRIBUTE Attributes[1];
-} PROC_THREAD_ATTRIBUTE_LIST, *PPROC_THREAD_ATTRIBUTE_LIST;
-
-// private
-#define EXTENDED_PROCESS_CREATION_FLAG_ELEVATION_HANDLED 0x00000001
-#define EXTENDED_PROCESS_CREATION_FLAG_FORCELUA 0x00000002
-#define EXTENDED_PROCESS_CREATION_FLAG_FORCE_BREAKAWAY 0x00000004 // requires SeTcbPrivilege // since WINBLUE
-
-#define PROTECTION_LEVEL_WINTCB_LIGHT 0x00000000
-#define PROTECTION_LEVEL_WINDOWS 0x00000001
-#define PROTECTION_LEVEL_WINDOWS_LIGHT 0x00000002
-#define PROTECTION_LEVEL_ANTIMALWARE_LIGHT 0x00000003
-#define PROTECTION_LEVEL_LSA_LIGHT 0x00000004
-#define PROTECTION_LEVEL_WINTCB 0x00000005
-#define PROTECTION_LEVEL_CODEGEN_LIGHT 0x00000006
-#define PROTECTION_LEVEL_AUTHENTICODE 0x00000007
-#define PROTECTION_LEVEL_PPL_APP 0x00000008
-
-#define PROTECTION_LEVEL_SAME 0xFFFFFFFF
-#define PROTECTION_LEVEL_NONE 0xFFFFFFFE
-
-// private
-typedef enum _SE_SAFE_OPEN_PROMPT_EXPERIENCE_RESULTS
-{
- SeSafeOpenExperienceNone = 0x00,
- SeSafeOpenExperienceCalled = 0x01,
- SeSafeOpenExperienceAppRepCalled = 0x02,
- SeSafeOpenExperiencePromptDisplayed = 0x04,
- SeSafeOpenExperienceUAC = 0x08,
- SeSafeOpenExperienceUninstaller = 0x10,
- SeSafeOpenExperienceIgnoreUnknownOrBad = 0x20,
- SeSafeOpenExperienceDefenderTrustedInstaller = 0x40,
- SeSafeOpenExperienceMOTWPresent = 0x80,
- SeSafeOpenExperienceElevatedNoPropagation = 0x100
-} SE_SAFE_OPEN_PROMPT_EXPERIENCE_RESULTS;
-
-// private
-typedef struct _SE_SAFE_OPEN_PROMPT_RESULTS
-{
- SE_SAFE_OPEN_PROMPT_EXPERIENCE_RESULTS Results;
- WCHAR Path[MAX_PATH];
-} SE_SAFE_OPEN_PROMPT_RESULTS, *PSE_SAFE_OPEN_PROMPT_RESULTS;
-
-typedef struct _PROC_THREAD_BNOISOLATION_ATTRIBUTE
-{
- BOOL IsolationEnabled;
- WCHAR IsolationPrefix[0x88];
-} PROC_THREAD_BNOISOLATION_ATTRIBUTE, *PPROC_THREAD_BNOISOLATION_ATTRIBUTE;
-
-// private
-typedef struct _ISOLATION_MANIFEST_PROPERTIES
-{
- UNICODE_STRING InstancePath;
- UNICODE_STRING FriendlyName;
- UNICODE_STRING Description;
- ULONG_PTR Level;
-} ISOLATION_MANIFEST_PROPERTIES, *PISOLATION_MANIFEST_PROPERTIES;
-
-// Attributes (Native)
-
-// private
-typedef enum _PS_ATTRIBUTE_NUM
-{
- PsAttributeParentProcess, // in HANDLE
- PsAttributeDebugObject, // in HANDLE
- PsAttributeToken, // in HANDLE
- PsAttributeClientId, // out PCLIENT_ID
- PsAttributeTebAddress, // out PTEB *
- PsAttributeImageName, // in PWSTR
- PsAttributeImageInfo, // out PSECTION_IMAGE_INFORMATION
- PsAttributeMemoryReserve, // in PPS_MEMORY_RESERVE
- PsAttributePriorityClass, // in UCHAR
- PsAttributeErrorMode, // in ULONG
- PsAttributeStdHandleInfo, // 10, in PPS_STD_HANDLE_INFO
- PsAttributeHandleList, // in HANDLE[]
- PsAttributeGroupAffinity, // in PGROUP_AFFINITY
- PsAttributePreferredNode, // in PUSHORT
- PsAttributeIdealProcessor, // in PPROCESSOR_NUMBER
- PsAttributeUmsThread, // ? in PUMS_CREATE_THREAD_ATTRIBUTES
- PsAttributeMitigationOptions, // in PPS_MITIGATION_OPTIONS_MAP (PROCESS_CREATION_MITIGATION_POLICY_*) // since WIN8
- PsAttributeProtectionLevel, // in PS_PROTECTION // since WINBLUE
- PsAttributeSecureProcess, // in PPS_TRUSTLET_CREATE_ATTRIBUTES, since THRESHOLD
- PsAttributeJobList, // in HANDLE[]
- PsAttributeChildProcessPolicy, // 20, in PULONG (PROCESS_CREATION_CHILD_PROCESS_*) // since THRESHOLD2
- PsAttributeAllApplicationPackagesPolicy, // in PULONG (PROCESS_CREATION_ALL_APPLICATION_PACKAGES_*) // since REDSTONE
- PsAttributeWin32kFilter, // in PWIN32K_SYSCALL_FILTER
- PsAttributeSafeOpenPromptOriginClaim, // in SE_SAFE_OPEN_PROMPT_RESULTS
- PsAttributeBnoIsolation, // in PPS_BNO_ISOLATION_PARAMETERS // since REDSTONE2
- PsAttributeDesktopAppPolicy, // in PULONG (PROCESS_CREATION_DESKTOP_APP_*)
- PsAttributeChpe, // in BOOLEAN // since REDSTONE3
- PsAttributeMitigationAuditOptions, // in PPS_MITIGATION_AUDIT_OPTIONS_MAP (PROCESS_CREATION_MITIGATION_AUDIT_POLICY_*) // since 21H1
- PsAttributeMachineType, // in USHORT // since 21H2
- PsAttributeComponentFilter,
- PsAttributeEnableOptionalXStateFeatures, // since WIN11
- PsAttributeMax
-} PS_ATTRIBUTE_NUM;
-
-// private
-#define PS_ATTRIBUTE_NUMBER_MASK 0x0000ffff
-#define PS_ATTRIBUTE_THREAD 0x00010000 // may be used with thread creation
-#define PS_ATTRIBUTE_INPUT 0x00020000 // input only
-#define PS_ATTRIBUTE_ADDITIVE 0x00040000 // "accumulated" e.g. bitmasks, counters, etc.
-
-// begin_rev
-
-#define PsAttributeValue(Number, Thread, Input, Additive) \
- (((Number) & PS_ATTRIBUTE_NUMBER_MASK) | \
- ((Thread) ? PS_ATTRIBUTE_THREAD : 0) | \
- ((Input) ? PS_ATTRIBUTE_INPUT : 0) | \
- ((Additive) ? PS_ATTRIBUTE_ADDITIVE : 0))
-
-#define PS_ATTRIBUTE_PARENT_PROCESS \
- PsAttributeValue(PsAttributeParentProcess, FALSE, TRUE, TRUE)
-#define PS_ATTRIBUTE_DEBUG_OBJECT \
- PsAttributeValue(PsAttributeDebugObject, FALSE, TRUE, TRUE)
-#define PS_ATTRIBUTE_TOKEN \
- PsAttributeValue(PsAttributeToken, FALSE, TRUE, TRUE)
-#define PS_ATTRIBUTE_CLIENT_ID \
- PsAttributeValue(PsAttributeClientId, TRUE, FALSE, FALSE)
-#define PS_ATTRIBUTE_TEB_ADDRESS \
- PsAttributeValue(PsAttributeTebAddress, TRUE, FALSE, FALSE)
-#define PS_ATTRIBUTE_IMAGE_NAME \
- PsAttributeValue(PsAttributeImageName, FALSE, TRUE, FALSE)
-#define PS_ATTRIBUTE_IMAGE_INFO \
- PsAttributeValue(PsAttributeImageInfo, FALSE, FALSE, FALSE)
-#define PS_ATTRIBUTE_MEMORY_RESERVE \
- PsAttributeValue(PsAttributeMemoryReserve, FALSE, TRUE, FALSE)
-#define PS_ATTRIBUTE_PRIORITY_CLASS \
- PsAttributeValue(PsAttributePriorityClass, FALSE, TRUE, FALSE)
-#define PS_ATTRIBUTE_ERROR_MODE \
- PsAttributeValue(PsAttributeErrorMode, FALSE, TRUE, FALSE)
-#define PS_ATTRIBUTE_STD_HANDLE_INFO \
- PsAttributeValue(PsAttributeStdHandleInfo, FALSE, TRUE, FALSE)
-#define PS_ATTRIBUTE_HANDLE_LIST \
- PsAttributeValue(PsAttributeHandleList, FALSE, TRUE, FALSE)
-#define PS_ATTRIBUTE_GROUP_AFFINITY \
- PsAttributeValue(PsAttributeGroupAffinity, TRUE, TRUE, FALSE)
-#define PS_ATTRIBUTE_PREFERRED_NODE \
- PsAttributeValue(PsAttributePreferredNode, FALSE, TRUE, FALSE)
-#define PS_ATTRIBUTE_IDEAL_PROCESSOR \
- PsAttributeValue(PsAttributeIdealProcessor, TRUE, TRUE, FALSE)
-#define PS_ATTRIBUTE_UMS_THREAD \
- PsAttributeValue(PsAttributeUmsThread, TRUE, TRUE, FALSE)
-#define PS_ATTRIBUTE_MITIGATION_OPTIONS \
- PsAttributeValue(PsAttributeMitigationOptions, FALSE, TRUE, FALSE)
-#define PS_ATTRIBUTE_PROTECTION_LEVEL \
- PsAttributeValue(PsAttributeProtectionLevel, FALSE, TRUE, TRUE)
-#define PS_ATTRIBUTE_SECURE_PROCESS \
- PsAttributeValue(PsAttributeSecureProcess, FALSE, TRUE, FALSE)
-#define PS_ATTRIBUTE_JOB_LIST \
- PsAttributeValue(PsAttributeJobList, FALSE, TRUE, FALSE)
-#define PS_ATTRIBUTE_CHILD_PROCESS_POLICY \
- PsAttributeValue(PsAttributeChildProcessPolicy, FALSE, TRUE, FALSE)
-#define PS_ATTRIBUTE_ALL_APPLICATION_PACKAGES_POLICY \
- PsAttributeValue(PsAttributeAllApplicationPackagesPolicy, FALSE, TRUE, FALSE)
-#define PS_ATTRIBUTE_WIN32K_FILTER \
- PsAttributeValue(PsAttributeWin32kFilter, FALSE, TRUE, FALSE)
-#define PS_ATTRIBUTE_SAFE_OPEN_PROMPT_ORIGIN_CLAIM \
- PsAttributeValue(PsAttributeSafeOpenPromptOriginClaim, FALSE, TRUE, FALSE)
-#define PS_ATTRIBUTE_BNO_ISOLATION \
- PsAttributeValue(PsAttributeBnoIsolation, FALSE, TRUE, FALSE)
-#define PS_ATTRIBUTE_DESKTOP_APP_POLICY \
- PsAttributeValue(PsAttributeDesktopAppPolicy, FALSE, TRUE, FALSE)
-#define PS_ATTRIBUTE_CHPE \
- PsAttributeValue(PsAttributeChpe, FALSE, TRUE, TRUE)
-#define PS_ATTRIBUTE_MITIGATION_AUDIT_OPTIONS \
- PsAttributeValue(PsAttributeMitigationAuditOptions, FALSE, TRUE, FALSE)
-#define PS_ATTRIBUTE_MACHINE_TYPE \
- PsAttributeValue(PsAttributeMachineType, FALSE, TRUE, TRUE)
-#define PS_ATTRIBUTE_COMPONENT_FILTER \
- PsAttributeValue(PsAttributeComponentFilter, FALSE, TRUE, FALSE)
-#define PS_ATTRIBUTE_ENABLE_OPTIONAL_XSTATE_FEATURES \
- PsAttributeValue(PsAttributeEnableOptionalXStateFeatures, TRUE, TRUE, FALSE)
-
-// end_rev
-
-// begin_private
-
-typedef struct _PS_ATTRIBUTE
-{
- ULONG_PTR Attribute;
- SIZE_T Size;
- union
- {
- ULONG_PTR Value;
- PVOID ValuePtr;
- };
- PSIZE_T ReturnLength;
-} PS_ATTRIBUTE, *PPS_ATTRIBUTE;
-
-typedef struct _PS_ATTRIBUTE_LIST
-{
- SIZE_T TotalLength;
- PS_ATTRIBUTE Attributes[1];
-} PS_ATTRIBUTE_LIST, *PPS_ATTRIBUTE_LIST;
-
-typedef struct _PS_MEMORY_RESERVE
-{
- PVOID ReserveAddress;
- SIZE_T ReserveSize;
-} PS_MEMORY_RESERVE, *PPS_MEMORY_RESERVE;
-
-typedef enum _PS_STD_HANDLE_STATE
-{
- PsNeverDuplicate,
- PsRequestDuplicate, // duplicate standard handles specified by PseudoHandleMask, and only if StdHandleSubsystemType matches the image subsystem
- PsAlwaysDuplicate, // always duplicate standard handles
- PsMaxStdHandleStates
-} PS_STD_HANDLE_STATE;
-
-// begin_rev
-#define PS_STD_INPUT_HANDLE 0x1
-#define PS_STD_OUTPUT_HANDLE 0x2
-#define PS_STD_ERROR_HANDLE 0x4
-// end_rev
-
-typedef struct _PS_STD_HANDLE_INFO
-{
- union
- {
- ULONG Flags;
- struct
- {
- ULONG StdHandleState : 2; // PS_STD_HANDLE_STATE
- ULONG PseudoHandleMask : 3; // PS_STD_*
- };
- };
- ULONG StdHandleSubsystemType;
-} PS_STD_HANDLE_INFO, *PPS_STD_HANDLE_INFO;
-
-typedef union _PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS
-{
- UCHAR Trustlet : 1;
- UCHAR Ntos : 1;
- UCHAR WriteHandle : 1;
- UCHAR ReadHandle : 1;
- UCHAR Reserved : 4;
- UCHAR AccessRights;
-} PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS, *PPS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS;
-
-typedef struct _PS_TRUSTLET_ATTRIBUTE_TYPE
-{
- union
- {
- struct
- {
- UCHAR Version;
- UCHAR DataCount;
- UCHAR SemanticType;
- PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS AccessRights;
- };
- ULONG AttributeType;
- };
-} PS_TRUSTLET_ATTRIBUTE_TYPE, *PPS_TRUSTLET_ATTRIBUTE_TYPE;
-
-typedef struct _PS_TRUSTLET_ATTRIBUTE_HEADER
-{
- PS_TRUSTLET_ATTRIBUTE_TYPE AttributeType;
- ULONG InstanceNumber : 8;
- ULONG Reserved : 24;
-} PS_TRUSTLET_ATTRIBUTE_HEADER, *PPS_TRUSTLET_ATTRIBUTE_HEADER;
-
-typedef struct _PS_TRUSTLET_ATTRIBUTE_DATA
-{
- PS_TRUSTLET_ATTRIBUTE_HEADER Header;
- ULONGLONG Data[1];
-} PS_TRUSTLET_ATTRIBUTE_DATA, *PPS_TRUSTLET_ATTRIBUTE_DATA;
-
-typedef struct _PS_TRUSTLET_CREATE_ATTRIBUTES
-{
- ULONGLONG TrustletIdentity;
- PS_TRUSTLET_ATTRIBUTE_DATA Attributes[1];
-} PS_TRUSTLET_CREATE_ATTRIBUTES, *PPS_TRUSTLET_CREATE_ATTRIBUTES;
-
-// private
-typedef struct _PS_BNO_ISOLATION_PARAMETERS
-{
- UNICODE_STRING IsolationPrefix;
- ULONG HandleCount;
- PVOID *Handles;
- BOOLEAN IsolationEnabled;
-} PS_BNO_ISOLATION_PARAMETERS, *PPS_BNO_ISOLATION_PARAMETERS;
-
-// private
-typedef enum _PS_MITIGATION_OPTION
-{
- PS_MITIGATION_OPTION_NX,
- PS_MITIGATION_OPTION_SEHOP,
- PS_MITIGATION_OPTION_FORCE_RELOCATE_IMAGES,
- PS_MITIGATION_OPTION_HEAP_TERMINATE,
- PS_MITIGATION_OPTION_BOTTOM_UP_ASLR,
- PS_MITIGATION_OPTION_HIGH_ENTROPY_ASLR,
- PS_MITIGATION_OPTION_STRICT_HANDLE_CHECKS,
- PS_MITIGATION_OPTION_WIN32K_SYSTEM_CALL_DISABLE,
- PS_MITIGATION_OPTION_EXTENSION_POINT_DISABLE,
- PS_MITIGATION_OPTION_PROHIBIT_DYNAMIC_CODE,
- PS_MITIGATION_OPTION_CONTROL_FLOW_GUARD,
- PS_MITIGATION_OPTION_BLOCK_NON_MICROSOFT_BINARIES,
- PS_MITIGATION_OPTION_FONT_DISABLE,
- PS_MITIGATION_OPTION_IMAGE_LOAD_NO_REMOTE,
- PS_MITIGATION_OPTION_IMAGE_LOAD_NO_LOW_LABEL,
- PS_MITIGATION_OPTION_IMAGE_LOAD_PREFER_SYSTEM32,
- PS_MITIGATION_OPTION_RETURN_FLOW_GUARD,
- PS_MITIGATION_OPTION_LOADER_INTEGRITY_CONTINUITY,
- PS_MITIGATION_OPTION_STRICT_CONTROL_FLOW_GUARD,
- PS_MITIGATION_OPTION_RESTRICT_SET_THREAD_CONTEXT,
- PS_MITIGATION_OPTION_ROP_STACKPIVOT, // since REDSTONE3
- PS_MITIGATION_OPTION_ROP_CALLER_CHECK,
- PS_MITIGATION_OPTION_ROP_SIMEXEC,
- PS_MITIGATION_OPTION_EXPORT_ADDRESS_FILTER,
- PS_MITIGATION_OPTION_EXPORT_ADDRESS_FILTER_PLUS,
- PS_MITIGATION_OPTION_RESTRICT_CHILD_PROCESS_CREATION,
- PS_MITIGATION_OPTION_IMPORT_ADDRESS_FILTER,
- PS_MITIGATION_OPTION_MODULE_TAMPERING_PROTECTION,
- PS_MITIGATION_OPTION_RESTRICT_INDIRECT_BRANCH_PREDICTION,
- PS_MITIGATION_OPTION_SPECULATIVE_STORE_BYPASS_DISABLE, // since REDSTONE5
- PS_MITIGATION_OPTION_ALLOW_DOWNGRADE_DYNAMIC_CODE_POLICY,
- PS_MITIGATION_OPTION_CET_USER_SHADOW_STACKS,
- PS_MITIGATION_OPTION_USER_CET_SET_CONTEXT_IP_VALIDATION, // since 21H1
- PS_MITIGATION_OPTION_BLOCK_NON_CET_BINARIES,
- PS_MITIGATION_OPTION_CET_DYNAMIC_APIS_OUT_OF_PROC_ONLY,
- PS_MITIGATION_OPTION_REDIRECTION_TRUST, // since 22H1
- PS_MITIGATION_OPTION_RESTRICT_CORE_SHARING,
-} PS_MITIGATION_OPTION;
-
-// windows-internals-book:"Chapter 5"
-typedef enum _PS_CREATE_STATE
-{
- PsCreateInitialState,
- PsCreateFailOnFileOpen,
- PsCreateFailOnSectionCreate,
- PsCreateFailExeFormat,
- PsCreateFailMachineMismatch,
- PsCreateFailExeName, // Debugger specified
- PsCreateSuccess,
- PsCreateMaximumStates
-} PS_CREATE_STATE;
-
-typedef struct _PS_CREATE_INFO
-{
- SIZE_T Size;
- PS_CREATE_STATE State;
- union
- {
- // PsCreateInitialState
- struct
- {
- union
- {
- ULONG InitFlags;
- struct
- {
- UCHAR WriteOutputOnExit : 1;
- UCHAR DetectManifest : 1;
- UCHAR IFEOSkipDebugger : 1;
- UCHAR IFEODoNotPropagateKeyState : 1;
- UCHAR SpareBits1 : 4;
- UCHAR SpareBits2 : 8;
- USHORT ProhibitedImageCharacteristics : 16;
- };
- };
- ACCESS_MASK AdditionalFileAccess;
- } InitState;
-
- // PsCreateFailOnSectionCreate
- struct
- {
- HANDLE FileHandle;
- } FailSection;
-
- // PsCreateFailExeFormat
- struct
- {
- USHORT DllCharacteristics;
- } ExeFormat;
-
- // PsCreateFailExeName
- struct
- {
- HANDLE IFEOKey;
- } ExeName;
-
- // PsCreateSuccess
- struct
- {
- union
- {
- ULONG OutputFlags;
- struct
- {
- UCHAR ProtectedProcess : 1;
- UCHAR AddressSpaceOverride : 1;
- UCHAR DevOverrideEnabled : 1; // from Image File Execution Options
- UCHAR ManifestDetected : 1;
- UCHAR ProtectedProcessLight : 1;
- UCHAR SpareBits1 : 3;
- UCHAR SpareBits2 : 8;
- USHORT SpareBits3 : 16;
- };
- };
- HANDLE FileHandle;
- HANDLE SectionHandle;
- ULONGLONG UserProcessParametersNative;
- ULONG UserProcessParametersWow64;
- ULONG CurrentParameterFlags;
- ULONGLONG PebAddressNative;
- ULONG PebAddressWow64;
- ULONGLONG ManifestAddress;
- ULONG ManifestSize;
- } SuccessState;
- };
-} PS_CREATE_INFO, *PPS_CREATE_INFO;
-
-// end_private
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateUserProcess(
- _Out_ PHANDLE ProcessHandle,
- _Out_ PHANDLE ThreadHandle,
- _In_ ACCESS_MASK ProcessDesiredAccess,
- _In_ ACCESS_MASK ThreadDesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ProcessObjectAttributes,
- _In_opt_ POBJECT_ATTRIBUTES ThreadObjectAttributes,
- _In_ ULONG ProcessFlags, // PROCESS_CREATE_FLAGS_*
- _In_ ULONG ThreadFlags, // THREAD_CREATE_FLAGS_*
- _In_opt_ PVOID ProcessParameters, // PRTL_USER_PROCESS_PARAMETERS
- _Inout_ PPS_CREATE_INFO CreateInfo,
- _In_opt_ PPS_ATTRIBUTE_LIST AttributeList
- );
-#endif
-
-// begin_rev
-#define THREAD_CREATE_FLAGS_NONE 0x00000000
-#define THREAD_CREATE_FLAGS_CREATE_SUSPENDED 0x00000001 // NtCreateUserProcess & NtCreateThreadEx
-#define THREAD_CREATE_FLAGS_SKIP_THREAD_ATTACH 0x00000002 // NtCreateThreadEx only
-#define THREAD_CREATE_FLAGS_HIDE_FROM_DEBUGGER 0x00000004 // NtCreateThreadEx only
-#define THREAD_CREATE_FLAGS_LOADER_WORKER 0x00000010 // NtCreateThreadEx only
-#define THREAD_CREATE_FLAGS_SKIP_LOADER_INIT 0x00000020 // NtCreateThreadEx only
-#define THREAD_CREATE_FLAGS_BYPASS_PROCESS_FREEZE 0x00000040 // NtCreateThreadEx only
-// end_rev
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-typedef NTSTATUS (NTAPI *PUSER_THREAD_START_ROUTINE)(
- _In_ PVOID ThreadParameter
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateThreadEx(
- _Out_ PHANDLE ThreadHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ HANDLE ProcessHandle,
- _In_ PUSER_THREAD_START_ROUTINE StartRoutine,
- _In_opt_ PVOID Argument,
- _In_ ULONG CreateFlags, // THREAD_CREATE_FLAGS_*
- _In_ SIZE_T ZeroBits,
- _In_ SIZE_T StackSize,
- _In_ SIZE_T MaximumStackSize,
- _In_opt_ PPS_ATTRIBUTE_LIST AttributeList
- );
-
-#endif
-
-#endif
-
-// Job objects
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-// JOBOBJECTINFOCLASS
-// Note: We don't use an enum since it conflicts with the Windows SDK.
-#define JobObjectBasicAccountingInformation 1 // q: JOBOBJECT_BASIC_ACCOUNTING_INFORMATION
-#define JobObjectBasicLimitInformation 2 // q; s: JOBOBJECT_BASIC_LIMIT_INFORMATION
-#define JobObjectBasicProcessIdList 3 // q: JOBOBJECT_BASIC_PROCESS_ID_LIST
-#define JobObjectBasicUIRestrictions 4 // q; s: JOBOBJECT_BASIC_UI_RESTRICTIONS
-#define JobObjectSecurityLimitInformation 5 // JOBOBJECT_SECURITY_LIMIT_INFORMATION
-#define JobObjectEndOfJobTimeInformation 6 // q; s: JOBOBJECT_END_OF_JOB_TIME_INFORMATION
-#define JobObjectAssociateCompletionPortInformation 7 // s: JOBOBJECT_ASSOCIATE_COMPLETION_PORT
-#define JobObjectBasicAndIoAccountingInformation 8 // q: JOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION
-#define JobObjectExtendedLimitInformation 9 // q; s: JOBOBJECT_EXTENDED_LIMIT_INFORMATION[V2]
-#define JobObjectJobSetInformation 10 // JOBOBJECT_JOBSET_INFORMATION
-#define JobObjectGroupInformation 11 // USHORT
-#define JobObjectNotificationLimitInformation 12 // JOBOBJECT_NOTIFICATION_LIMIT_INFORMATION
-#define JobObjectLimitViolationInformation 13 // JOBOBJECT_LIMIT_VIOLATION_INFORMATION
-#define JobObjectGroupInformationEx 14 // GROUP_AFFINITY (ARRAY)
-#define JobObjectCpuRateControlInformation 15 // JOBOBJECT_CPU_RATE_CONTROL_INFORMATION
-#define JobObjectCompletionFilter 16
-#define JobObjectCompletionCounter 17
-#define JobObjectFreezeInformation 18 // JOBOBJECT_FREEZE_INFORMATION
-#define JobObjectExtendedAccountingInformation 19 // JOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION
-#define JobObjectWakeInformation 20 // JOBOBJECT_WAKE_INFORMATION
-#define JobObjectBackgroundInformation 21
-#define JobObjectSchedulingRankBiasInformation 22
-#define JobObjectTimerVirtualizationInformation 23
-#define JobObjectCycleTimeNotification 24
-#define JobObjectClearEvent 25
-#define JobObjectInterferenceInformation 26 // JOBOBJECT_INTERFERENCE_INFORMATION
-#define JobObjectClearPeakJobMemoryUsed 27
-#define JobObjectMemoryUsageInformation 28 // JOBOBJECT_MEMORY_USAGE_INFORMATION // JOBOBJECT_MEMORY_USAGE_INFORMATION_V2
-#define JobObjectSharedCommit 29
-#define JobObjectContainerId 30 // JOBOBJECT_CONTAINER_IDENTIFIER_V2
-#define JobObjectIoRateControlInformation 31 // JOBOBJECT_IO_RATE_CONTROL_INFORMATION_NATIVE, JOBOBJECT_IO_RATE_CONTROL_INFORMATION_NATIVE_V2, JOBOBJECT_IO_RATE_CONTROL_INFORMATION_NATIVE_V3
-#define JobObjectNetRateControlInformation 32 // JOBOBJECT_NET_RATE_CONTROL_INFORMATION
-#define JobObjectNotificationLimitInformation2 33 // JOBOBJECT_NOTIFICATION_LIMIT_INFORMATION_2
-#define JobObjectLimitViolationInformation2 34 // JOBOBJECT_LIMIT_VIOLATION_INFORMATION_2
-#define JobObjectCreateSilo 35
-#define JobObjectSiloBasicInformation 36 // SILOOBJECT_BASIC_INFORMATION
-#define JobObjectSiloRootDirectory 37 // SILOOBJECT_ROOT_DIRECTORY
-#define JobObjectServerSiloBasicInformation 38 // SERVERSILO_BASIC_INFORMATION
-#define JobObjectServerSiloUserSharedData 39 // SILO_USER_SHARED_DATA // NtQueryInformationJobObject(NULL, 39, Buffer, sizeof(SILO_USER_SHARED_DATA), 0);
-#define JobObjectServerSiloInitialize 40 // SERVERSILO_INIT_INFORMATION
-#define JobObjectServerSiloRunningState 41
-#define JobObjectIoAttribution 42 // JOBOBJECT_IO_ATTRIBUTION_INFORMATION
-#define JobObjectMemoryPartitionInformation 43
-#define JobObjectContainerTelemetryId 44
-#define JobObjectSiloSystemRoot 45
-#define JobObjectEnergyTrackingState 46 // JOBOBJECT_ENERGY_TRACKING_STATE
-#define JobObjectThreadImpersonationInformation 47
-#define JobObjectIoPriorityLimit 48 // JOBOBJECT_IO_PRIORITY_LIMIT
-#define JobObjectPagePriorityLimit 49 // JOBOBJECT_PAGE_PRIORITY_LIMIT
-#define MaxJobObjectInfoClass 50
-
-// rev // extended limit v2
-#define JOB_OBJECT_LIMIT_SILO_READY 0x00400000
-
-// private
-typedef struct _JOBOBJECT_EXTENDED_LIMIT_INFORMATION_V2
-{
- JOBOBJECT_BASIC_LIMIT_INFORMATION BasicLimitInformation;
- IO_COUNTERS IoInfo;
- SIZE_T ProcessMemoryLimit;
- SIZE_T JobMemoryLimit;
- SIZE_T PeakProcessMemoryUsed;
- SIZE_T PeakJobMemoryUsed;
- SIZE_T JobTotalMemoryLimit;
-} JOBOBJECT_EXTENDED_LIMIT_INFORMATION_V2, *PJOBOBJECT_EXTENDED_LIMIT_INFORMATION_V2;
-
-// private
-typedef struct _JOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION
-{
- JOBOBJECT_BASIC_ACCOUNTING_INFORMATION BasicInfo;
- IO_COUNTERS IoInfo;
- PROCESS_DISK_COUNTERS DiskIoInfo;
- ULONG64 ContextSwitches;
- LARGE_INTEGER TotalCycleTime;
- ULONG64 ReadyTime;
- PROCESS_ENERGY_VALUES EnergyValues;
-} JOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION, *PJOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION;
-
-// private
-typedef struct _JOBOBJECT_WAKE_INFORMATION
-{
- HANDLE NotificationChannel;
- ULONG64 WakeCounters[7];
-} JOBOBJECT_WAKE_INFORMATION, *PJOBOBJECT_WAKE_INFORMATION;
-
-// private
-typedef struct _JOBOBJECT_WAKE_INFORMATION_V1
-{
- HANDLE NotificationChannel;
- ULONG64 WakeCounters[4];
-} JOBOBJECT_WAKE_INFORMATION_V1, *PJOBOBJECT_WAKE_INFORMATION_V1;
-
-// private
-typedef struct _JOBOBJECT_INTERFERENCE_INFORMATION
-{
- ULONG64 Count;
-} JOBOBJECT_INTERFERENCE_INFORMATION, *PJOBOBJECT_INTERFERENCE_INFORMATION;
-
-// private
-typedef struct _JOBOBJECT_WAKE_FILTER
-{
- ULONG HighEdgeFilter;
- ULONG LowEdgeFilter;
-} JOBOBJECT_WAKE_FILTER, *PJOBOBJECT_WAKE_FILTER;
-
-// private
-typedef struct _JOBOBJECT_FREEZE_INFORMATION
-{
- union
- {
- ULONG Flags;
- struct
- {
- ULONG FreezeOperation : 1;
- ULONG FilterOperation : 1;
- ULONG SwapOperation : 1;
- ULONG Reserved : 29;
- };
- };
- BOOLEAN Freeze;
- BOOLEAN Swap;
- UCHAR Reserved0[2];
- JOBOBJECT_WAKE_FILTER WakeFilter;
-} JOBOBJECT_FREEZE_INFORMATION, *PJOBOBJECT_FREEZE_INFORMATION;
-
-// private
-typedef struct _JOBOBJECT_CONTAINER_IDENTIFIER_V2
-{
- GUID ContainerId;
- GUID ContainerTelemetryId;
- ULONG JobId;
-} JOBOBJECT_CONTAINER_IDENTIFIER_V2, *PJOBOBJECT_CONTAINER_IDENTIFIER_V2;
-
-// private
-typedef struct _JOBOBJECT_MEMORY_USAGE_INFORMATION
-{
- ULONG64 JobMemory;
- ULONG64 PeakJobMemoryUsed;
-} JOBOBJECT_MEMORY_USAGE_INFORMATION, *PJOBOBJECT_MEMORY_USAGE_INFORMATION;
-
-// private
-typedef struct _JOBOBJECT_MEMORY_USAGE_INFORMATION_V2
-{
- JOBOBJECT_MEMORY_USAGE_INFORMATION BasicInfo;
- ULONG64 JobSharedMemory;
- ULONG64 Reserved[2];
-} JOBOBJECT_MEMORY_USAGE_INFORMATION_V2, *PJOBOBJECT_MEMORY_USAGE_INFORMATION_V2;
-
-// private
-typedef struct _SILO_USER_SHARED_DATA
-{
- ULONG ServiceSessionId;
- ULONG ActiveConsoleId;
- LONGLONG ConsoleSessionForegroundProcessId;
- NT_PRODUCT_TYPE NtProductType;
- ULONG SuiteMask;
- ULONG SharedUserSessionId; // since RS2
- BOOLEAN IsMultiSessionSku;
- WCHAR NtSystemRoot[260];
- USHORT UserModeGlobalLogger[16];
- ULONG TimeZoneId; // since 21H2
- LONG TimeZoneBiasStamp;
- KSYSTEM_TIME TimeZoneBias;
- LARGE_INTEGER TimeZoneBiasEffectiveStart;
- LARGE_INTEGER TimeZoneBiasEffectiveEnd;
-} SILO_USER_SHARED_DATA, *PSILO_USER_SHARED_DATA;
-
-// rev
-#define SILO_OBJECT_ROOT_DIRECTORY_SHADOW_ROOT 0x00000001
-#define SILO_OBJECT_ROOT_DIRECTORY_INITIALIZE 0x00000002
-#define SILO_OBJECT_ROOT_DIRECTORY_SHADOW_DOS_DEVICES 0x00000004
-
-// private
-typedef struct _SILOOBJECT_ROOT_DIRECTORY
-{
- union
- {
- ULONG ControlFlags; // SILO_OBJECT_ROOT_DIRECTORY_*
- UNICODE_STRING Path;
- };
-} SILOOBJECT_ROOT_DIRECTORY, *PSILOOBJECT_ROOT_DIRECTORY;
-
-// private
-typedef struct _SERVERSILO_INIT_INFORMATION
-{
- HANDLE DeleteEvent;
- BOOLEAN IsDownlevelContainer;
-} SERVERSILO_INIT_INFORMATION, * PSERVERSILO_INIT_INFORMATION;
-
-// private
-typedef struct _JOBOBJECT_ENERGY_TRACKING_STATE
-{
- ULONG64 Value;
- ULONG UpdateMask;
- ULONG DesiredState;
-} JOBOBJECT_ENERGY_TRACKING_STATE, *PJOBOBJECT_ENERGY_TRACKING_STATE;
-
-// private
-typedef enum _JOBOBJECT_IO_PRIORITY_LIMIT_FLAGS
-{
- JOBOBJECT_IO_PRIORITY_LIMIT_ENABLE = 0x1,
- JOBOBJECT_IO_PRIORITY_LIMIT_VALID_FLAGS = 0x1,
-} JOBOBJECT_IO_PRIORITY_LIMIT_FLAGS;
-
-// private
-typedef struct _JOBOBJECT_IO_PRIORITY_LIMIT
-{
- JOBOBJECT_IO_PRIORITY_LIMIT_FLAGS Flags;
- ULONG Priority;
-} JOBOBJECT_IO_PRIORITY_LIMIT, *PJOBOBJECT_IO_PRIORITY_LIMIT;
-
-// private
-typedef enum _JOBOBJECT_PAGE_PRIORITY_LIMIT_FLAGS
-{
- JOBOBJECT_PAGE_PRIORITY_LIMIT_ENABLE = 0x1,
- JOBOBJECT_PAGE_PRIORITY_LIMIT_VALID_FLAGS = 0x1,
-} JOBOBJECT_PAGE_PRIORITY_LIMIT_FLAGS;
-
-// private
-typedef struct _JOBOBJECT_PAGE_PRIORITY_LIMIT
-{
- JOBOBJECT_PAGE_PRIORITY_LIMIT_FLAGS Flags;
- ULONG Priority;
-} JOBOBJECT_PAGE_PRIORITY_LIMIT, *PJOBOBJECT_PAGE_PRIORITY_LIMIT;
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateJobObject(
- _Out_ PHANDLE JobHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenJobObject(
- _Out_ PHANDLE JobHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAssignProcessToJobObject(
- _In_ HANDLE JobHandle,
- _In_ HANDLE ProcessHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtTerminateJobObject(
- _In_ HANDLE JobHandle,
- _In_ NTSTATUS ExitStatus
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtIsProcessInJob(
- _In_ HANDLE ProcessHandle,
- _In_opt_ HANDLE JobHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryInformationJobObject(
- _In_opt_ HANDLE JobHandle,
- _In_ JOBOBJECTINFOCLASS JobObjectInformationClass,
- _Out_writes_bytes_(JobObjectInformationLength) PVOID JobObjectInformation,
- _In_ ULONG JobObjectInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetInformationJobObject(
- _In_ HANDLE JobHandle,
- _In_ JOBOBJECTINFOCLASS JobObjectInformationClass,
- _In_reads_bytes_(JobObjectInformationLength) PVOID JobObjectInformation,
- _In_ ULONG JobObjectInformationLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateJobSet(
- _In_ ULONG NumJob,
- _In_reads_(NumJob) PJOB_SET_ARRAY UserJobSet,
- _In_ ULONG Flags
- );
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtRevertContainerImpersonation(
- VOID
- );
-#endif
-
-#endif
-
-// Reserve objects
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-// private
-typedef enum _MEMORY_RESERVE_TYPE
-{
- MemoryReserveUserApc,
- MemoryReserveIoCompletion,
- MemoryReserveTypeMax
-} MEMORY_RESERVE_TYPE;
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAllocateReserveObject(
- _Out_ PHANDLE MemoryReserveHandle,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ MEMORY_RESERVE_TYPE Type
- );
-#endif
-
-// Process snapshotting
-
-#if (PHNT_VERSION >= PHNT_WINBLUE)
-// rev
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-PssNtCaptureSnapshot(
- _Out_ PHANDLE SnapshotHandle,
- _In_ HANDLE ProcessHandle,
- _In_ ULONG CaptureFlags,
- _In_ ULONG ThreadContextFlags
- );
-#endif
-
-// rev
-#define MEMORY_BULK_INFORMATION_FLAG_BASIC 0x00000001
-
-// rev
-typedef struct _NTPSS_MEMORY_BULK_INFORMATION
-{
- ULONG QueryFlags;
- ULONG NumberOfEntries;
- PVOID NextValidAddress;
-} NTPSS_MEMORY_BULK_INFORMATION, *PNTPSS_MEMORY_BULK_INFORMATION;
-
-#if (PHNT_VERSION >= PHNT_20H1)
-// rev
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtPssCaptureVaSpaceBulk(
- _In_ HANDLE ProcessHandle,
- _In_opt_ PVOID BaseAddress,
- _In_ PNTPSS_MEMORY_BULK_INFORMATION BulkInformation,
- _In_ SIZE_T BulkInformationLength,
- _Out_opt_ PSIZE_T ReturnLength
- );
-#endif
-
-#endif
-
-#endif
diff --git a/deps/phnt-nightly/ntregapi.h b/deps/phnt-nightly/ntregapi.h
deleted file mode 100644
index cb4ec08..0000000
--- a/deps/phnt-nightly/ntregapi.h
+++ /dev/null
@@ -1,887 +0,0 @@
-/*
- * Registry support functions
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTREGAPI_H
-#define _NTREGAPI_H
-
-// Boot condition flags (NtInitializeRegistry)
-
-#define REG_INIT_BOOT_SM 0x0000
-#define REG_INIT_BOOT_SETUP 0x0001
-#define REG_INIT_BOOT_ACCEPTED_BASE 0x0002
-#define REG_INIT_BOOT_ACCEPTED_MAX REG_INIT_BOOT_ACCEPTED_BASE + 999
-
-#define REG_MAX_KEY_VALUE_NAME_LENGTH 32767
-#define REG_MAX_KEY_NAME_LENGTH 512
-
-typedef enum _KEY_INFORMATION_CLASS
-{
- KeyBasicInformation, // KEY_BASIC_INFORMATION
- KeyNodeInformation, // KEY_NODE_INFORMATION
- KeyFullInformation, // KEY_FULL_INFORMATION
- KeyNameInformation, // KEY_NAME_INFORMATION
- KeyCachedInformation, // KEY_CACHED_INFORMATION
- KeyFlagsInformation, // KEY_FLAGS_INFORMATION
- KeyVirtualizationInformation, // KEY_VIRTUALIZATION_INFORMATION
- KeyHandleTagsInformation, // KEY_HANDLE_TAGS_INFORMATION
- KeyTrustInformation, // KEY_TRUST_INFORMATION
- KeyLayerInformation, // KEY_LAYER_INFORMATION
- MaxKeyInfoClass
-} KEY_INFORMATION_CLASS;
-
-typedef struct _KEY_BASIC_INFORMATION
-{
- LARGE_INTEGER LastWriteTime;
- ULONG TitleIndex;
- ULONG NameLength;
- _Field_size_bytes_(NameLength) WCHAR Name[1];
-} KEY_BASIC_INFORMATION, *PKEY_BASIC_INFORMATION;
-
-typedef struct _KEY_NODE_INFORMATION
-{
- LARGE_INTEGER LastWriteTime;
- ULONG TitleIndex;
- ULONG ClassOffset;
- ULONG ClassLength;
- ULONG NameLength;
- _Field_size_bytes_(NameLength) WCHAR Name[1];
- // ...
- // WCHAR Class[1];
-} KEY_NODE_INFORMATION, *PKEY_NODE_INFORMATION;
-
-typedef struct _KEY_FULL_INFORMATION
-{
- LARGE_INTEGER LastWriteTime;
- ULONG TitleIndex;
- ULONG ClassOffset;
- ULONG ClassLength;
- ULONG SubKeys;
- ULONG MaxNameLength;
- ULONG MaxClassLength;
- ULONG Values;
- ULONG MaxValueNameLength;
- ULONG MaxValueDataLength;
- WCHAR Class[1];
-} KEY_FULL_INFORMATION, *PKEY_FULL_INFORMATION;
-
-typedef struct _KEY_NAME_INFORMATION
-{
- ULONG NameLength;
- _Field_size_bytes_(NameLength) WCHAR Name[1];
-} KEY_NAME_INFORMATION, *PKEY_NAME_INFORMATION;
-
-typedef struct _KEY_CACHED_INFORMATION
-{
- LARGE_INTEGER LastWriteTime;
- ULONG TitleIndex;
- ULONG SubKeys;
- ULONG MaxNameLength;
- ULONG Values;
- ULONG MaxValueNameLength;
- ULONG MaxValueDataLength;
- ULONG NameLength;
- _Field_size_bytes_(NameLength) WCHAR Name[1];
-} KEY_CACHED_INFORMATION, *PKEY_CACHED_INFORMATION;
-
-// rev
-#define REG_FLAG_VOLATILE 0x0001
-#define REG_FLAG_LINK 0x0002
-
-// msdn
-#define REG_KEY_DONT_VIRTUALIZE 0x0002
-#define REG_KEY_DONT_SILENT_FAIL 0x0004
-#define REG_KEY_RECURSE_FLAG 0x0008
-
-// private
-typedef struct _KEY_FLAGS_INFORMATION
-{
- ULONG Wow64Flags;
- ULONG KeyFlags; // REG_FLAG_*
- ULONG ControlFlags; // REG_KEY_*
-} KEY_FLAGS_INFORMATION, *PKEY_FLAGS_INFORMATION;
-
-typedef struct _KEY_VIRTUALIZATION_INFORMATION
-{
- ULONG VirtualizationCandidate : 1; // Tells whether the key is part of the virtualization namespace scope (only HKLM\Software for now).
- ULONG VirtualizationEnabled : 1; // Tells whether virtualization is enabled on this key. Can be 1 only if above flag is 1.
- ULONG VirtualTarget : 1; // Tells if the key is a virtual key. Can be 1 only if above 2 are 0. Valid only on the virtual store key handles.
- ULONG VirtualStore : 1; // Tells if the key is a part of the virtual store path. Valid only on the virtual store key handles.
- ULONG VirtualSource : 1; // Tells if the key has ever been virtualized, can be 1 only if VirtualizationCandidate is 1.
- ULONG Reserved : 27;
-} KEY_VIRTUALIZATION_INFORMATION, *PKEY_VIRTUALIZATION_INFORMATION;
-
-// private
-typedef struct _KEY_TRUST_INFORMATION
-{
- ULONG TrustedKey : 1;
- ULONG Reserved : 31;
-} KEY_TRUST_INFORMATION, *PKEY_TRUST_INFORMATION;
-
-// private
-typedef struct _KEY_LAYER_INFORMATION
-{
- ULONG IsTombstone : 1;
- ULONG IsSupersedeLocal : 1;
- ULONG IsSupersedeTree : 1;
- ULONG ClassIsInherited : 1;
- ULONG Reserved : 28;
-} KEY_LAYER_INFORMATION, *PKEY_LAYER_INFORMATION;
-
-typedef enum _KEY_SET_INFORMATION_CLASS
-{
- KeyWriteTimeInformation, // KEY_WRITE_TIME_INFORMATION
- KeyWow64FlagsInformation, // KEY_WOW64_FLAGS_INFORMATION
- KeyControlFlagsInformation, // KEY_CONTROL_FLAGS_INFORMATION
- KeySetVirtualizationInformation, // KEY_SET_VIRTUALIZATION_INFORMATION
- KeySetDebugInformation,
- KeySetHandleTagsInformation, // KEY_HANDLE_TAGS_INFORMATION
- KeySetLayerInformation, // KEY_SET_LAYER_INFORMATION
- MaxKeySetInfoClass
-} KEY_SET_INFORMATION_CLASS;
-
-typedef struct _KEY_WRITE_TIME_INFORMATION
-{
- LARGE_INTEGER LastWriteTime;
-} KEY_WRITE_TIME_INFORMATION, *PKEY_WRITE_TIME_INFORMATION;
-
-typedef struct _KEY_WOW64_FLAGS_INFORMATION
-{
- ULONG UserFlags;
-} KEY_WOW64_FLAGS_INFORMATION, *PKEY_WOW64_FLAGS_INFORMATION;
-
-typedef struct _KEY_HANDLE_TAGS_INFORMATION
-{
- ULONG HandleTags;
-} KEY_HANDLE_TAGS_INFORMATION, *PKEY_HANDLE_TAGS_INFORMATION;
-
-typedef struct _KEY_SET_LAYER_INFORMATION
-{
- ULONG IsTombstone : 1;
- ULONG IsSupersedeLocal : 1;
- ULONG IsSupersedeTree : 1;
- ULONG ClassIsInherited : 1;
- ULONG Reserved : 28;
-} KEY_SET_LAYER_INFORMATION, *PKEY_SET_LAYER_INFORMATION;
-
-typedef struct _KEY_CONTROL_FLAGS_INFORMATION
-{
- ULONG ControlFlags;
-} KEY_CONTROL_FLAGS_INFORMATION, *PKEY_CONTROL_FLAGS_INFORMATION;
-
-typedef struct _KEY_SET_VIRTUALIZATION_INFORMATION
-{
- ULONG VirtualTarget : 1;
- ULONG VirtualStore : 1;
- ULONG VirtualSource : 1; // true if key has been virtualized at least once
- ULONG Reserved : 29;
-} KEY_SET_VIRTUALIZATION_INFORMATION, *PKEY_SET_VIRTUALIZATION_INFORMATION;
-
-typedef enum _KEY_VALUE_INFORMATION_CLASS
-{
- KeyValueBasicInformation, // KEY_VALUE_BASIC_INFORMATION
- KeyValueFullInformation, // KEY_VALUE_FULL_INFORMATION
- KeyValuePartialInformation, // KEY_VALUE_PARTIAL_INFORMATION
- KeyValueFullInformationAlign64,
- KeyValuePartialInformationAlign64, // KEY_VALUE_PARTIAL_INFORMATION_ALIGN64
- KeyValueLayerInformation, // KEY_VALUE_LAYER_INFORMATION
- MaxKeyValueInfoClass
-} KEY_VALUE_INFORMATION_CLASS;
-
-typedef struct _KEY_VALUE_BASIC_INFORMATION
-{
- ULONG TitleIndex;
- ULONG Type;
- ULONG NameLength;
- _Field_size_bytes_(NameLength) WCHAR Name[1];
-} KEY_VALUE_BASIC_INFORMATION, *PKEY_VALUE_BASIC_INFORMATION;
-
-typedef struct _KEY_VALUE_FULL_INFORMATION
-{
- ULONG TitleIndex;
- ULONG Type;
- ULONG DataOffset;
- ULONG DataLength;
- ULONG NameLength;
- _Field_size_bytes_(NameLength) WCHAR Name[1];
- // ...
- // UCHAR Data[1];
-} KEY_VALUE_FULL_INFORMATION, *PKEY_VALUE_FULL_INFORMATION;
-
-typedef struct _KEY_VALUE_PARTIAL_INFORMATION
-{
- ULONG TitleIndex;
- ULONG Type;
- ULONG DataLength;
- _Field_size_bytes_(DataLength) UCHAR Data[1];
-} KEY_VALUE_PARTIAL_INFORMATION, *PKEY_VALUE_PARTIAL_INFORMATION;
-
-typedef struct _KEY_VALUE_PARTIAL_INFORMATION_ALIGN64
-{
- ULONG Type;
- ULONG DataLength;
- _Field_size_bytes_(DataLength) UCHAR Data[1];
-} KEY_VALUE_PARTIAL_INFORMATION_ALIGN64, *PKEY_VALUE_PARTIAL_INFORMATION_ALIGN64;
-
-// private
-typedef struct _KEY_VALUE_LAYER_INFORMATION
-{
- ULONG IsTombstone : 1;
- ULONG Reserved : 31;
-} KEY_VALUE_LAYER_INFORMATION, *PKEY_VALUE_LAYER_INFORMATION;
-
-// private
-typedef enum _CM_EXTENDED_PARAMETER_TYPE
-{
- CmExtendedParameterInvalidType,
- CmExtendedParameterTrustClassKey,
- CmExtendedParameterEvent,
- CmExtendedParameterFileAccessToken,
- CmExtendedParameterMax,
-} CM_EXTENDED_PARAMETER_TYPE;
-
-#define CM_EXTENDED_PARAMETER_TYPE_BITS 8
-
-// private
-typedef struct DECLSPEC_ALIGN(8) _CM_EXTENDED_PARAMETER
-{
- struct
- {
- ULONG64 Type : CM_EXTENDED_PARAMETER_TYPE_BITS;
- ULONG64 Reserved : 64 - CM_EXTENDED_PARAMETER_TYPE_BITS;
- };
-
- union
- {
- ULONG64 ULong64;
- PVOID Pointer;
- SIZE_T Size;
- HANDLE Handle;
- ULONG ULong;
- ACCESS_MASK AccessMask;
- };
-} CM_EXTENDED_PARAMETER, *PCM_EXTENDED_PARAMETER;
-
-typedef struct _KEY_VALUE_ENTRY
-{
- PUNICODE_STRING ValueName;
- ULONG DataLength;
- ULONG DataOffset;
- ULONG Type;
-} KEY_VALUE_ENTRY, *PKEY_VALUE_ENTRY;
-
-typedef enum _REG_ACTION
-{
- KeyAdded,
- KeyRemoved,
- KeyModified
-} REG_ACTION;
-
-typedef struct _REG_NOTIFY_INFORMATION
-{
- ULONG NextEntryOffset;
- REG_ACTION Action;
- ULONG KeyLength;
- _Field_size_bytes_(KeyLength) WCHAR Key[1];
-} REG_NOTIFY_INFORMATION, *PREG_NOTIFY_INFORMATION;
-
-typedef struct _KEY_PID_ARRAY
-{
- HANDLE ProcessId;
- UNICODE_STRING KeyName;
-} KEY_PID_ARRAY, *PKEY_PID_ARRAY;
-
-typedef struct _KEY_OPEN_SUBKEYS_INFORMATION
-{
- ULONG Count;
- KEY_PID_ARRAY KeyArray[1];
-} KEY_OPEN_SUBKEYS_INFORMATION, *PKEY_OPEN_SUBKEYS_INFORMATION;
-
-// Differencing registry & virtualization // since REDSTONE
-
-// rev
-#define VR_DEVICE_NAME L"\\Device\\VRegDriver"
-
-// rev
-#define IOCTL_VR_INITIALIZE_JOB_FOR_VREG CTL_CODE(FILE_DEVICE_UNKNOWN, 1, METHOD_BUFFERED, FILE_ANY_ACCESS) // in: VR_INITIALIZE_JOB_FOR_VREG
-#define IOCTL_VR_LOAD_DIFFERENCING_HIVE CTL_CODE(FILE_DEVICE_UNKNOWN, 2, METHOD_BUFFERED, FILE_ANY_ACCESS) // in: VR_LOAD_DIFFERENCING_HIVE
-#define IOCTL_VR_CREATE_NAMESPACE_NODE CTL_CODE(FILE_DEVICE_UNKNOWN, 3, METHOD_BUFFERED, FILE_ANY_ACCESS) // in: VR_CREATE_NAMESPACE_NODE
-#define IOCTL_VR_MODIFY_FLAGS CTL_CODE(FILE_DEVICE_UNKNOWN, 4, METHOD_BUFFERED, FILE_ANY_ACCESS) // in: VR_MODIFY_FLAGS
-#define IOCTL_VR_CREATE_MULTIPLE_NAMESPACE_NODES CTL_CODE(FILE_DEVICE_UNKNOWN, 5, METHOD_BUFFERED, FILE_ANY_ACCESS) // in: VR_CREATE_MULTIPLE_NAMESPACE_NODES
-#define IOCTL_VR_UNLOAD_DYNAMICALLY_LOADED_HIVES CTL_CODE(FILE_DEVICE_UNKNOWN, 6, METHOD_BUFFERED, FILE_ANY_ACCESS) // in: VR_UNLOAD_DYNAMICALLY_LOADED_HIVES
-#define IOCTL_VR_GET_VIRTUAL_ROOT_KEY CTL_CODE(FILE_DEVICE_UNKNOWN, 7, METHOD_BUFFERED, FILE_ANY_ACCESS) // in: VR_GET_VIRTUAL_ROOT; out: VR_GET_VIRTUAL_ROOT_RESULT
-#define IOCTL_VR_LOAD_DIFFERENCING_HIVE_FOR_HOST CTL_CODE(FILE_DEVICE_UNKNOWN, 8, METHOD_BUFFERED, FILE_ANY_ACCESS) // in: VR_LOAD_DIFFERENCING_HIVE_FOR_HOST
-#define IOCTL_VR_UNLOAD_DIFFERENCING_HIVE_FOR_HOST CTL_CODE(FILE_DEVICE_UNKNOWN, 9, METHOD_BUFFERED, FILE_ANY_ACCESS) // in: VR_UNLOAD_DIFFERENCING_HIVE_FOR_HOST
-
-// private
-typedef struct _VR_INITIALIZE_JOB_FOR_VREG
-{
- HANDLE Job;
-} VR_INITIALIZE_JOB_FOR_VREG, *PVR_INITIALIZE_JOB_FOR_VREG;
-
-// rev
-#define VR_FLAG_INHERIT_TRUST_CLASS 0x00000001
-#define VR_FLAG_WRITE_THROUGH_HIVE 0x00000002 // since REDSTONE2
-#define VR_FLAG_LOCAL_MACHINE_TRUST_CLASS 0x00000004 // since 21H1
-
-// rev + private
-typedef struct _VR_LOAD_DIFFERENCING_HIVE
-{
- HANDLE Job;
- ULONG NextLayerIsHost;
- ULONG Flags; // VR_FLAG_*
- ULONG LoadFlags; // NtLoadKeyEx flags
- WORD KeyPathLength;
- WORD HivePathLength;
- WORD NextLayerKeyPathLength;
- HANDLE FileAccessToken; // since 20H1
- WCHAR Strings[ANYSIZE_ARRAY];
- // ...
- // WCHAR KeyPath[1];
- // WCHAR HivePath[1];
- // WCHAR NextLayerKeyPath[1];
-} VR_LOAD_DIFFERENCING_HIVE, *PVR_LOAD_DIFFERENCING_HIVE;
-
-// rev + private
-typedef struct _VR_CREATE_NAMESPACE_NODE
-{
- HANDLE Job;
- WORD ContainerPathLength;
- WORD HostPathLength;
- ULONG Flags;
- ACCESS_MASK AccessMask; // since 20H1
- WCHAR Strings[ANYSIZE_ARRAY];
- // ...
- // WCHAR ContainerPath[1];
- // WCHAR HostPath[1];
-} VR_CREATE_NAMESPACE_NODE, *PVR_CREATE_NAMESPACE_NODE;
-
-// private
-typedef struct _VR_MODIFY_FLAGS
-{
- HANDLE Job;
- ULONG AddFlags;
- ULONG RemoveFlags;
-} VR_MODIFY_FLAGS, *PVR_MODIFY_FLAGS;
-
-// private
-typedef struct _NAMESPACE_NODE_DATA
-{
- ACCESS_MASK AccessMask;
- WORD ContainerPathLength;
- WORD HostPathLength;
- ULONG Flags;
- WCHAR Strings[ANYSIZE_ARRAY];
- // ...
- // WCHAR ContainerPath[1];
- // WCHAR HostPath[1];
-} NAMESPACE_NODE_DATA, *PNAMESPACE_NODE_DATA;
-
-// private
-typedef struct _VR_CREATE_MULTIPLE_NAMESPACE_NODES
-{
- HANDLE Job;
- ULONG NumNewKeys;
- NAMESPACE_NODE_DATA Keys[1];
-} VR_CREATE_MULTIPLE_NAMESPACE_NODES, *PVR_CREATE_MULTIPLE_NAMESPACE_NODES;
-
-// private
-typedef struct _VR_UNLOAD_DYNAMICALLY_LOADED_HIVES
-{
- HANDLE Job;
-} VR_UNLOAD_DYNAMICALLY_LOADED_HIVES, *PVR_UNLOAD_DYNAMICALLY_LOADED_HIVES;
-
-// rev
-#define VR_KEY_COMROOT 0 // \Registry\ComRoot\Classes
-#define VR_KEY_MACHINE_SOFTWARE 1 // \Registry\Machine\Software // since REDSTONE2
-#define VR_KEY_CONTROL_SET 2 // \Registry\Machine\System\ControlSet001 // since REDSTONE2
-
-// rev
-typedef struct _VR_GET_VIRTUAL_ROOT
-{
- HANDLE Job;
- ULONG Index; // VR_KEY_* // since REDSTONE2
-} VR_GET_VIRTUAL_ROOT, *PVR_GET_VIRTUAL_ROOT;
-
-// rev
-typedef struct _VR_GET_VIRTUAL_ROOT_RESULT
-{
- HANDLE Key;
-} VR_GET_VIRTUAL_ROOT_RESULT, *PVR_GET_VIRTUAL_ROOT_RESULT;
-
-// rev
-typedef struct _VR_LOAD_DIFFERENCING_HIVE_FOR_HOST
-{
- ULONG LoadFlags; // NtLoadKeyEx flags
- ULONG Flags; // VR_FLAG_* // since REDSTONE2
- WORD KeyPathLength;
- WORD HivePathLength;
- WORD NextLayerKeyPathLength;
- HANDLE FileAccessToken; // since 20H1
- WCHAR Strings[ANYSIZE_ARRAY];
- // ...
- // WCHAR KeyPath[1];
- // WCHAR HivePath[1];
- // WCHAR NextLayerKeyPath[1];
-} VR_LOAD_DIFFERENCING_HIVE_FOR_HOST, *PVR_LOAD_DIFFERENCING_HIVE_FOR_HOST;
-
-// rev
-typedef struct _VR_UNLOAD_DIFFERENCING_HIVE_FOR_HOST
-{
- ULONG Reserved;
- WORD TargetKeyPathLength;
- WCHAR TargetKeyPath[ANYSIZE_ARRAY];
-} VR_UNLOAD_DIFFERENCING_HIVE_FOR_HOST, *PVR_UNLOAD_DIFFERENCING_HIVE_FOR_HOST;
-
-// System calls
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateKey(
- _Out_ PHANDLE KeyHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _Reserved_ ULONG TitleIndex,
- _In_opt_ PUNICODE_STRING Class,
- _In_ ULONG CreateOptions,
- _Out_opt_ PULONG Disposition
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateKeyTransacted(
- _Out_ PHANDLE KeyHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _Reserved_ ULONG TitleIndex,
- _In_opt_ PUNICODE_STRING Class,
- _In_ ULONG CreateOptions,
- _In_ HANDLE TransactionHandle,
- _Out_opt_ PULONG Disposition
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenKey(
- _Out_ PHANDLE KeyHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenKeyTransacted(
- _Out_ PHANDLE KeyHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ HANDLE TransactionHandle
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenKeyEx(
- _Out_ PHANDLE KeyHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ ULONG OpenOptions
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenKeyTransactedEx(
- _Out_ PHANDLE KeyHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ ULONG OpenOptions,
- _In_ HANDLE TransactionHandle
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtDeleteKey(
- _In_ HANDLE KeyHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtRenameKey(
- _In_ HANDLE KeyHandle,
- _In_ PUNICODE_STRING NewName
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtDeleteValueKey(
- _In_ HANDLE KeyHandle,
- _In_ PUNICODE_STRING ValueName
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryKey(
- _In_ HANDLE KeyHandle,
- _In_ KEY_INFORMATION_CLASS KeyInformationClass,
- _Out_writes_bytes_opt_(Length) PVOID KeyInformation,
- _In_ ULONG Length,
- _Out_ PULONG ResultLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetInformationKey(
- _In_ HANDLE KeyHandle,
- _In_ KEY_SET_INFORMATION_CLASS KeySetInformationClass,
- _In_reads_bytes_(KeySetInformationLength) PVOID KeySetInformation,
- _In_ ULONG KeySetInformationLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryValueKey(
- _In_ HANDLE KeyHandle,
- _In_ PUNICODE_STRING ValueName,
- _In_ KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
- _Out_writes_bytes_opt_(Length) PVOID KeyValueInformation,
- _In_ ULONG Length,
- _Out_ PULONG ResultLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetValueKey(
- _In_ HANDLE KeyHandle,
- _In_ PUNICODE_STRING ValueName,
- _In_opt_ ULONG TitleIndex,
- _In_ ULONG Type,
- _In_reads_bytes_opt_(DataSize) PVOID Data,
- _In_ ULONG DataSize
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryMultipleValueKey(
- _In_ HANDLE KeyHandle,
- _Inout_updates_(EntryCount) PKEY_VALUE_ENTRY ValueEntries,
- _In_ ULONG EntryCount,
- _Out_writes_bytes_(*BufferLength) PVOID ValueBuffer,
- _Inout_ PULONG BufferLength,
- _Out_opt_ PULONG RequiredBufferLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtEnumerateKey(
- _In_ HANDLE KeyHandle,
- _In_ ULONG Index,
- _In_ KEY_INFORMATION_CLASS KeyInformationClass,
- _Out_writes_bytes_opt_(Length) PVOID KeyInformation,
- _In_ ULONG Length,
- _Out_ PULONG ResultLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtEnumerateValueKey(
- _In_ HANDLE KeyHandle,
- _In_ ULONG Index,
- _In_ KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
- _Out_writes_bytes_opt_(Length) PVOID KeyValueInformation,
- _In_ ULONG Length,
- _Out_ PULONG ResultLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtFlushKey(
- _In_ HANDLE KeyHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCompactKeys(
- _In_ ULONG Count,
- _In_reads_(Count) HANDLE KeyArray[]
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCompressKey(
- _In_ HANDLE KeyHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtLoadKey(
- _In_ POBJECT_ATTRIBUTES TargetKey,
- _In_ POBJECT_ATTRIBUTES SourceFile
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtLoadKey2(
- _In_ POBJECT_ATTRIBUTES TargetKey,
- _In_ POBJECT_ATTRIBUTES SourceFile,
- _In_ ULONG Flags
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtLoadKeyEx(
- _In_ POBJECT_ATTRIBUTES TargetKey,
- _In_ POBJECT_ATTRIBUTES SourceFile,
- _In_ ULONG Flags,
- _In_opt_ HANDLE TrustClassKey, // this and below were added on Win10
- _In_opt_ HANDLE Event,
- _In_opt_ ACCESS_MASK DesiredAccess,
- _Out_opt_ PHANDLE RootHandle,
- _Reserved_ PVOID Reserved // previously PIO_STATUS_BLOCK
- );
-
-// rev by tyranid
-#if (PHNT_VERSION >= PHNT_20H1)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtLoadKey3(
- _In_ POBJECT_ATTRIBUTES TargetKey,
- _In_ POBJECT_ATTRIBUTES SourceFile,
- _In_ ULONG Flags,
- _In_reads_(ExtendedParameterCount) PCM_EXTENDED_PARAMETER ExtendedParameters,
- _In_ ULONG ExtendedParameterCount,
- _In_opt_ ACCESS_MASK DesiredAccess,
- _Out_opt_ PHANDLE RootHandle,
- _Reserved_ PVOID Reserved
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtReplaceKey(
- _In_ POBJECT_ATTRIBUTES NewFile,
- _In_ HANDLE TargetHandle,
- _In_ POBJECT_ATTRIBUTES OldFile
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSaveKey(
- _In_ HANDLE KeyHandle,
- _In_ HANDLE FileHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSaveKeyEx(
- _In_ HANDLE KeyHandle,
- _In_ HANDLE FileHandle,
- _In_ ULONG Format
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSaveMergedKeys(
- _In_ HANDLE HighPrecedenceKeyHandle,
- _In_ HANDLE LowPrecedenceKeyHandle,
- _In_ HANDLE FileHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtRestoreKey(
- _In_ HANDLE KeyHandle,
- _In_ HANDLE FileHandle,
- _In_ ULONG Flags
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtUnloadKey(
- _In_ POBJECT_ATTRIBUTES TargetKey
- );
-
-//
-// NtUnloadKey2 Flags (from winnt.h)
-//
-//#define REG_FORCE_UNLOAD 1
-//#define REG_UNLOAD_LEGAL_FLAGS (REG_FORCE_UNLOAD)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtUnloadKey2(
- _In_ POBJECT_ATTRIBUTES TargetKey,
- _In_ ULONG Flags
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtUnloadKeyEx(
- _In_ POBJECT_ATTRIBUTES TargetKey,
- _In_opt_ HANDLE Event
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtNotifyChangeKey(
- _In_ HANDLE KeyHandle,
- _In_opt_ HANDLE Event,
- _In_opt_ PIO_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_ ULONG CompletionFilter,
- _In_ BOOLEAN WatchTree,
- _Out_writes_bytes_opt_(BufferSize) PVOID Buffer,
- _In_ ULONG BufferSize,
- _In_ BOOLEAN Asynchronous
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtNotifyChangeMultipleKeys(
- _In_ HANDLE MasterKeyHandle,
- _In_opt_ ULONG Count,
- _In_reads_opt_(Count) OBJECT_ATTRIBUTES SubordinateObjects[],
- _In_opt_ HANDLE Event,
- _In_opt_ PIO_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_ ULONG CompletionFilter,
- _In_ BOOLEAN WatchTree,
- _Out_writes_bytes_opt_(BufferSize) PVOID Buffer,
- _In_ ULONG BufferSize,
- _In_ BOOLEAN Asynchronous
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryOpenSubKeys(
- _In_ POBJECT_ATTRIBUTES TargetKey,
- _Out_ PULONG HandleCount
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryOpenSubKeysEx(
- _In_ POBJECT_ATTRIBUTES TargetKey,
- _In_ ULONG BufferLength,
- _Out_writes_bytes_opt_(BufferLength) PVOID Buffer,
- _Out_ PULONG RequiredSize
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtInitializeRegistry(
- _In_ USHORT BootCondition
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtLockRegistryKey(
- _In_ HANDLE KeyHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtLockProductActivationKeys(
- _Inout_opt_ ULONG *pPrivateVer,
- _Out_opt_ ULONG *pSafeMode
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtFreezeRegistry(
- _In_ ULONG TimeOutInSeconds
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtThawRegistry(
- VOID
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_REDSTONE)
-NTSTATUS NtCreateRegistryTransaction(
- _Out_ HANDLE *RegistryTransactionHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjAttributes,
- _Reserved_ ULONG CreateOptions
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_REDSTONE)
-NTSTATUS NtOpenRegistryTransaction(
- _Out_ HANDLE *RegistryTransactionHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjAttributes
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_REDSTONE)
-NTSTATUS NtCommitRegistryTransaction(
- _In_ HANDLE RegistryTransactionHandle,
- _Reserved_ ULONG Flags
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_REDSTONE)
-NTSTATUS NtRollbackRegistryTransaction(
- _In_ HANDLE RegistryTransactionHandle,
- _Reserved_ ULONG Flags
- );
-#endif
-
-#endif
diff --git a/deps/phnt-nightly/ntrtl.h b/deps/phnt-nightly/ntrtl.h
deleted file mode 100644
index e51f0f6..0000000
--- a/deps/phnt-nightly/ntrtl.h
+++ /dev/null
@@ -1,10249 +0,0 @@
-/*
- * RTL support functions
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTRTL_H
-#define _NTRTL_H
-
-#define RtlOffsetToPointer(Base, Offset) ((PCHAR)(((PCHAR)(Base)) + ((ULONG_PTR)(Offset))))
-#define RtlPointerToOffset(Base, Pointer) ((ULONG)(((PCHAR)(Pointer)) - ((PCHAR)(Base))))
-
-#define RTL_PTR_ADD(Pointer, Value) ((PVOID)((ULONG_PTR)(Pointer) + (ULONG_PTR)(Value)))
-#define RTL_PTR_SUBTRACT(Pointer, Value) ((PVOID)((ULONG_PTR)(Pointer) - (ULONG_PTR)(Value)))
-
-#define RTL_MILLISEC_TO_100NANOSEC(m) ((m) * 10000ui64)
-#define RTL_SEC_TO_100NANOSEC(s) ((s) * 10000000ui64)
-#define RTL_SEC_TO_MILLISEC(s) ((s) * 1000ui64)
-
-#define RTL_MEG (1024UL * 1024UL)
-#define RTL_IMAGE_MAX_DOS_HEADER (256UL * RTL_MEG)
-
-// Linked lists
-
-FORCEINLINE VOID InitializeListHead(
- _Out_ PLIST_ENTRY ListHead
- )
-{
- ListHead->Flink = ListHead->Blink = ListHead;
-}
-
-_Check_return_ FORCEINLINE BOOLEAN IsListEmpty(
- _In_ PLIST_ENTRY ListHead
- )
-{
- return ListHead->Flink == ListHead;
-}
-
-FORCEINLINE BOOLEAN RemoveEntryList(
- _In_ PLIST_ENTRY Entry
- )
-{
- PLIST_ENTRY Blink;
- PLIST_ENTRY Flink;
-
- Flink = Entry->Flink;
- Blink = Entry->Blink;
- Blink->Flink = Flink;
- Flink->Blink = Blink;
-
- return Flink == Blink;
-}
-
-FORCEINLINE PLIST_ENTRY RemoveHeadList(
- _Inout_ PLIST_ENTRY ListHead
- )
-{
- PLIST_ENTRY Flink;
- PLIST_ENTRY Entry;
-
- Entry = ListHead->Flink;
- Flink = Entry->Flink;
- ListHead->Flink = Flink;
- Flink->Blink = ListHead;
-
- return Entry;
-}
-
-FORCEINLINE PLIST_ENTRY RemoveTailList(
- _Inout_ PLIST_ENTRY ListHead
- )
-{
- PLIST_ENTRY Blink;
- PLIST_ENTRY Entry;
-
- Entry = ListHead->Blink;
- Blink = Entry->Blink;
- ListHead->Blink = Blink;
- Blink->Flink = ListHead;
-
- return Entry;
-}
-
-FORCEINLINE VOID InsertTailList(
- _Inout_ PLIST_ENTRY ListHead,
- _Inout_ PLIST_ENTRY Entry
- )
-{
- PLIST_ENTRY Blink;
-
- Blink = ListHead->Blink;
- Entry->Flink = ListHead;
- Entry->Blink = Blink;
- Blink->Flink = Entry;
- ListHead->Blink = Entry;
-}
-
-FORCEINLINE VOID InsertHeadList(
- _Inout_ PLIST_ENTRY ListHead,
- _Inout_ PLIST_ENTRY Entry
- )
-{
- PLIST_ENTRY Flink;
-
- Flink = ListHead->Flink;
- Entry->Flink = Flink;
- Entry->Blink = ListHead;
- Flink->Blink = Entry;
- ListHead->Flink = Entry;
-}
-
-FORCEINLINE VOID AppendTailList(
- _Inout_ PLIST_ENTRY ListHead,
- _Inout_ PLIST_ENTRY ListToAppend
- )
-{
- PLIST_ENTRY ListEnd = ListHead->Blink;
-
- ListHead->Blink->Flink = ListToAppend;
- ListHead->Blink = ListToAppend->Blink;
- ListToAppend->Blink->Flink = ListHead;
- ListToAppend->Blink = ListEnd;
-}
-
-FORCEINLINE PSINGLE_LIST_ENTRY PopEntryList(
- _Inout_ PSINGLE_LIST_ENTRY ListHead
- )
-{
- PSINGLE_LIST_ENTRY FirstEntry;
-
- FirstEntry = ListHead->Next;
-
- if (FirstEntry)
- ListHead->Next = FirstEntry->Next;
-
- return FirstEntry;
-}
-
-FORCEINLINE VOID PushEntryList(
- _Inout_ PSINGLE_LIST_ENTRY ListHead,
- _Inout_ PSINGLE_LIST_ENTRY Entry
- )
-{
- Entry->Next = ListHead->Next;
- ListHead->Next = Entry;
-}
-
-// AVL and splay trees
-
-typedef enum _TABLE_SEARCH_RESULT
-{
- TableEmptyTree,
- TableFoundNode,
- TableInsertAsLeft,
- TableInsertAsRight
-} TABLE_SEARCH_RESULT;
-
-typedef enum _RTL_GENERIC_COMPARE_RESULTS
-{
- GenericLessThan,
- GenericGreaterThan,
- GenericEqual
-} RTL_GENERIC_COMPARE_RESULTS;
-
-typedef RTL_GENERIC_COMPARE_RESULTS (NTAPI *PRTL_AVL_COMPARE_ROUTINE)(
- _In_ struct _RTL_AVL_TABLE *Table,
- _In_ PVOID FirstStruct,
- _In_ PVOID SecondStruct
- );
-
-typedef PVOID (NTAPI *PRTL_AVL_ALLOCATE_ROUTINE)(
- _In_ struct _RTL_AVL_TABLE *Table,
- _In_ CLONG ByteSize
- );
-
-typedef VOID (NTAPI *PRTL_AVL_FREE_ROUTINE)(
- _In_ struct _RTL_AVL_TABLE *Table,
- _In_ _Post_invalid_ PVOID Buffer
- );
-
-typedef NTSTATUS (NTAPI *PRTL_AVL_MATCH_FUNCTION)(
- _In_ struct _RTL_AVL_TABLE *Table,
- _In_ PVOID UserData,
- _In_ PVOID MatchData
- );
-
-typedef struct _RTL_BALANCED_LINKS
-{
- struct _RTL_BALANCED_LINKS *Parent;
- struct _RTL_BALANCED_LINKS *LeftChild;
- struct _RTL_BALANCED_LINKS *RightChild;
- CHAR Balance;
- UCHAR Reserved[3];
-} RTL_BALANCED_LINKS, *PRTL_BALANCED_LINKS;
-
-typedef struct _RTL_AVL_TABLE
-{
- RTL_BALANCED_LINKS BalancedRoot;
- PVOID OrderedPointer;
- ULONG WhichOrderedElement;
- ULONG NumberGenericTableElements;
- ULONG DepthOfTree;
- PRTL_BALANCED_LINKS RestartKey;
- ULONG DeleteCount;
- PRTL_AVL_COMPARE_ROUTINE CompareRoutine;
- PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine;
- PRTL_AVL_FREE_ROUTINE FreeRoutine;
- PVOID TableContext;
-} RTL_AVL_TABLE, *PRTL_AVL_TABLE;
-
-NTSYSAPI
-VOID
-NTAPI
-RtlInitializeGenericTableAvl(
- _Out_ PRTL_AVL_TABLE Table,
- _In_ PRTL_AVL_COMPARE_ROUTINE CompareRoutine,
- _In_ PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine,
- _In_ PRTL_AVL_FREE_ROUTINE FreeRoutine,
- _In_opt_ PVOID TableContext
- );
-
-NTSYSAPI
-PVOID
-NTAPI
-RtlInsertElementGenericTableAvl(
- _In_ PRTL_AVL_TABLE Table,
- _In_reads_bytes_(BufferSize) PVOID Buffer,
- _In_ CLONG BufferSize,
- _Out_opt_ PBOOLEAN NewElement
- );
-
-NTSYSAPI
-PVOID
-NTAPI
-RtlInsertElementGenericTableFullAvl(
- _In_ PRTL_AVL_TABLE Table,
- _In_reads_bytes_(BufferSize) PVOID Buffer,
- _In_ CLONG BufferSize,
- _Out_opt_ PBOOLEAN NewElement,
- _In_ PVOID NodeOrParent,
- _In_ TABLE_SEARCH_RESULT SearchResult
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlDeleteElementGenericTableAvl(
- _In_ PRTL_AVL_TABLE Table,
- _In_ PVOID Buffer
- );
-
-_Check_return_
-NTSYSAPI
-PVOID
-NTAPI
-RtlLookupElementGenericTableAvl(
- _In_ PRTL_AVL_TABLE Table,
- _In_ PVOID Buffer
- );
-
-NTSYSAPI
-PVOID
-NTAPI
-RtlLookupElementGenericTableFullAvl(
- _In_ PRTL_AVL_TABLE Table,
- _In_ PVOID Buffer,
- _Out_ PVOID *NodeOrParent,
- _Out_ TABLE_SEARCH_RESULT *SearchResult
- );
-
-_Check_return_
-NTSYSAPI
-PVOID
-NTAPI
-RtlEnumerateGenericTableAvl(
- _In_ PRTL_AVL_TABLE Table,
- _In_ BOOLEAN Restart
- );
-
-_Check_return_
-NTSYSAPI
-PVOID
-NTAPI
-RtlEnumerateGenericTableWithoutSplayingAvl(
- _In_ PRTL_AVL_TABLE Table,
- _Inout_ PVOID *RestartKey
- );
-
-_Check_return_
-NTSYSAPI
-PVOID
-NTAPI
-RtlLookupFirstMatchingElementGenericTableAvl(
- _In_ PRTL_AVL_TABLE Table,
- _In_ PVOID Buffer,
- _Out_ PVOID *RestartKey
- );
-
-_Check_return_
-NTSYSAPI
-PVOID
-NTAPI
-RtlEnumerateGenericTableLikeADirectory(
- _In_ PRTL_AVL_TABLE Table,
- _In_opt_ PRTL_AVL_MATCH_FUNCTION MatchFunction,
- _In_opt_ PVOID MatchData,
- _In_ ULONG NextFlag,
- _Inout_ PVOID *RestartKey,
- _Inout_ PULONG DeleteCount,
- _In_ PVOID Buffer
- );
-
-_Check_return_
-NTSYSAPI
-PVOID
-NTAPI
-RtlGetElementGenericTableAvl(
- _In_ PRTL_AVL_TABLE Table,
- _In_ ULONG I
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlNumberGenericTableElementsAvl(
- _In_ PRTL_AVL_TABLE Table
- );
-
-_Check_return_
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsGenericTableEmptyAvl(
- _In_ PRTL_AVL_TABLE Table
- );
-
-typedef struct _RTL_SPLAY_LINKS
-{
- struct _RTL_SPLAY_LINKS *Parent;
- struct _RTL_SPLAY_LINKS *LeftChild;
- struct _RTL_SPLAY_LINKS *RightChild;
-} RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS;
-
-#define RtlInitializeSplayLinks(Links) \
-{ \
- PRTL_SPLAY_LINKS _SplayLinks; \
- _SplayLinks = (PRTL_SPLAY_LINKS)(Links); \
- _SplayLinks->Parent = _SplayLinks; \
- _SplayLinks->LeftChild = NULL; \
- _SplayLinks->RightChild = NULL; \
-}
-
-#define RtlParent(Links) ((PRTL_SPLAY_LINKS)(Links)->Parent)
-#define RtlLeftChild(Links) ((PRTL_SPLAY_LINKS)(Links)->LeftChild)
-#define RtlRightChild(Links) ((PRTL_SPLAY_LINKS)(Links)->RightChild)
-#define RtlIsRoot(Links) ((RtlParent(Links) == (PRTL_SPLAY_LINKS)(Links)))
-#define RtlIsLeftChild(Links) ((RtlLeftChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links)))
-#define RtlIsRightChild(Links) ((RtlRightChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links)))
-
-#define RtlInsertAsLeftChild(ParentLinks, ChildLinks) \
-{ \
- PRTL_SPLAY_LINKS _SplayParent; \
- PRTL_SPLAY_LINKS _SplayChild; \
- _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
- _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
- _SplayParent->LeftChild = _SplayChild; \
- _SplayChild->Parent = _SplayParent; \
-}
-
-#define RtlInsertAsRightChild(ParentLinks, ChildLinks) \
-{ \
- PRTL_SPLAY_LINKS _SplayParent; \
- PRTL_SPLAY_LINKS _SplayChild; \
- _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
- _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
- _SplayParent->RightChild = _SplayChild; \
- _SplayChild->Parent = _SplayParent; \
-}
-
-NTSYSAPI
-PRTL_SPLAY_LINKS
-NTAPI
-RtlSplay(
- _Inout_ PRTL_SPLAY_LINKS Links
- );
-
-NTSYSAPI
-PRTL_SPLAY_LINKS
-NTAPI
-RtlDelete(
- _In_ PRTL_SPLAY_LINKS Links
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlDeleteNoSplay(
- _In_ PRTL_SPLAY_LINKS Links,
- _Inout_ PRTL_SPLAY_LINKS *Root
- );
-
-_Check_return_
-NTSYSAPI
-PRTL_SPLAY_LINKS
-NTAPI
-RtlSubtreeSuccessor(
- _In_ PRTL_SPLAY_LINKS Links
- );
-
-_Check_return_
-NTSYSAPI
-PRTL_SPLAY_LINKS
-NTAPI
-RtlSubtreePredecessor(
- _In_ PRTL_SPLAY_LINKS Links
- );
-
-_Check_return_
-NTSYSAPI
-PRTL_SPLAY_LINKS
-NTAPI
-RtlRealSuccessor(
- _In_ PRTL_SPLAY_LINKS Links
- );
-
-_Check_return_
-NTSYSAPI
-PRTL_SPLAY_LINKS
-NTAPI
-RtlRealPredecessor(
- _In_ PRTL_SPLAY_LINKS Links
- );
-
-struct _RTL_GENERIC_TABLE;
-
-typedef RTL_GENERIC_COMPARE_RESULTS (NTAPI *PRTL_GENERIC_COMPARE_ROUTINE)(
- _In_ struct _RTL_GENERIC_TABLE *Table,
- _In_ PVOID FirstStruct,
- _In_ PVOID SecondStruct
- );
-
-typedef PVOID (NTAPI *PRTL_GENERIC_ALLOCATE_ROUTINE)(
- _In_ struct _RTL_GENERIC_TABLE *Table,
- _In_ CLONG ByteSize
- );
-
-typedef VOID (NTAPI *PRTL_GENERIC_FREE_ROUTINE)(
- _In_ struct _RTL_GENERIC_TABLE *Table,
- _In_ _Post_invalid_ PVOID Buffer
- );
-
-typedef struct _RTL_GENERIC_TABLE
-{
- PRTL_SPLAY_LINKS TableRoot;
- LIST_ENTRY InsertOrderList;
- PLIST_ENTRY OrderedPointer;
- ULONG WhichOrderedElement;
- ULONG NumberGenericTableElements;
- PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine;
- PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine;
- PRTL_GENERIC_FREE_ROUTINE FreeRoutine;
- PVOID TableContext;
-} RTL_GENERIC_TABLE, *PRTL_GENERIC_TABLE;
-
-NTSYSAPI
-VOID
-NTAPI
-RtlInitializeGenericTable(
- _Out_ PRTL_GENERIC_TABLE Table,
- _In_ PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine,
- _In_ PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine,
- _In_ PRTL_GENERIC_FREE_ROUTINE FreeRoutine,
- _In_opt_ PVOID TableContext
- );
-
-NTSYSAPI
-PVOID
-NTAPI
-RtlInsertElementGenericTable(
- _In_ PRTL_GENERIC_TABLE Table,
- _In_reads_bytes_(BufferSize) PVOID Buffer,
- _In_ CLONG BufferSize,
- _Out_opt_ PBOOLEAN NewElement
- );
-
-NTSYSAPI
-PVOID
-NTAPI
-RtlInsertElementGenericTableFull(
- _In_ PRTL_GENERIC_TABLE Table,
- _In_reads_bytes_(BufferSize) PVOID Buffer,
- _In_ CLONG BufferSize,
- _Out_opt_ PBOOLEAN NewElement,
- _In_ PVOID NodeOrParent,
- _In_ TABLE_SEARCH_RESULT SearchResult
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlDeleteElementGenericTable(
- _In_ PRTL_GENERIC_TABLE Table,
- _In_ PVOID Buffer
- );
-
-_Check_return_
-NTSYSAPI
-PVOID
-NTAPI
-RtlLookupElementGenericTable(
- _In_ PRTL_GENERIC_TABLE Table,
- _In_ PVOID Buffer
- );
-
-NTSYSAPI
-PVOID
-NTAPI
-RtlLookupElementGenericTableFull(
- _In_ PRTL_GENERIC_TABLE Table,
- _In_ PVOID Buffer,
- _Out_ PVOID *NodeOrParent,
- _Out_ TABLE_SEARCH_RESULT *SearchResult
- );
-
-_Check_return_
-NTSYSAPI
-PVOID
-NTAPI
-RtlEnumerateGenericTable(
- _In_ PRTL_GENERIC_TABLE Table,
- _In_ BOOLEAN Restart
- );
-
-_Check_return_
-NTSYSAPI
-PVOID
-NTAPI
-RtlEnumerateGenericTableWithoutSplaying(
- _In_ PRTL_GENERIC_TABLE Table,
- _Inout_ PVOID *RestartKey
- );
-
-_Check_return_
-NTSYSAPI
-PVOID
-NTAPI
-RtlGetElementGenericTable(
- _In_ PRTL_GENERIC_TABLE Table,
- _In_ ULONG I
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlNumberGenericTableElements(
- _In_ PRTL_GENERIC_TABLE Table
- );
-
-_Check_return_
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsGenericTableEmpty(
- _In_ PRTL_GENERIC_TABLE Table
- );
-
-// RB trees
-
-typedef struct _RTL_RB_TREE
-{
- PRTL_BALANCED_NODE Root;
- PRTL_BALANCED_NODE Min;
-} RTL_RB_TREE, *PRTL_RB_TREE;
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-
-// rev
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlRbInsertNodeEx(
- _In_ PRTL_RB_TREE Tree,
- _In_opt_ PRTL_BALANCED_NODE Parent,
- _In_ BOOLEAN Right,
- _Out_ PRTL_BALANCED_NODE Node
- );
-
-// rev
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlRbRemoveNode(
- _In_ PRTL_RB_TREE Tree,
- _In_ PRTL_BALANCED_NODE Node
- );
-
-#endif
-
-// Hash tables
-
-// begin_ntddk
-
-#define RTL_HASH_ALLOCATED_HEADER 0x00000001
-#define RTL_HASH_RESERVED_SIGNATURE 0
-
-typedef struct _RTL_DYNAMIC_HASH_TABLE_ENTRY
-{
- LIST_ENTRY Linkage;
- ULONG_PTR Signature;
-} RTL_DYNAMIC_HASH_TABLE_ENTRY, *PRTL_DYNAMIC_HASH_TABLE_ENTRY;
-
-#define HASH_ENTRY_KEY(x) ((x)->Signature)
-
-typedef struct _RTL_DYNAMIC_HASH_TABLE_CONTEXT
-{
- PLIST_ENTRY ChainHead;
- PLIST_ENTRY PrevLinkage;
- ULONG_PTR Signature;
-} RTL_DYNAMIC_HASH_TABLE_CONTEXT, *PRTL_DYNAMIC_HASH_TABLE_CONTEXT;
-
-typedef struct _RTL_DYNAMIC_HASH_TABLE_ENUMERATOR
-{
- RTL_DYNAMIC_HASH_TABLE_ENTRY HashEntry;
- PLIST_ENTRY ChainHead;
- ULONG BucketIndex;
-} RTL_DYNAMIC_HASH_TABLE_ENUMERATOR, *PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR;
-
-typedef struct _RTL_DYNAMIC_HASH_TABLE
-{
- // Entries initialized at creation.
- ULONG Flags;
- ULONG Shift;
-
- // Entries used in bucket computation.
- ULONG TableSize;
- ULONG Pivot;
- ULONG DivisorMask;
-
- // Counters.
- ULONG NumEntries;
- ULONG NonEmptyBuckets;
- ULONG NumEnumerators;
-
- // The directory. This field is for internal use only.
- PVOID Directory;
-} RTL_DYNAMIC_HASH_TABLE, *PRTL_DYNAMIC_HASH_TABLE;
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-
-FORCEINLINE
-VOID
-RtlInitHashTableContext(
- _Inout_ PRTL_DYNAMIC_HASH_TABLE_CONTEXT Context
- )
-{
- Context->ChainHead = NULL;
- Context->PrevLinkage = NULL;
-}
-
-FORCEINLINE
-VOID
-RtlInitHashTableContextFromEnumerator(
- _Inout_ PRTL_DYNAMIC_HASH_TABLE_CONTEXT Context,
- _In_ PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR Enumerator
- )
-{
- Context->ChainHead = Enumerator->ChainHead;
- Context->PrevLinkage = Enumerator->HashEntry.Linkage.Blink;
-}
-
-FORCEINLINE
-VOID
-RtlReleaseHashTableContext(
- _Inout_ PRTL_DYNAMIC_HASH_TABLE_CONTEXT Context
- )
-{
- UNREFERENCED_PARAMETER(Context);
- return;
-}
-
-FORCEINLINE
-ULONG
-RtlTotalBucketsHashTable(
- _In_ PRTL_DYNAMIC_HASH_TABLE HashTable
- )
-{
- return HashTable->TableSize;
-}
-
-FORCEINLINE
-ULONG
-RtlNonEmptyBucketsHashTable(
- _In_ PRTL_DYNAMIC_HASH_TABLE HashTable
- )
-{
- return HashTable->NonEmptyBuckets;
-}
-
-FORCEINLINE
-ULONG
-RtlEmptyBucketsHashTable(
- _In_ PRTL_DYNAMIC_HASH_TABLE HashTable
- )
-{
- return HashTable->TableSize - HashTable->NonEmptyBuckets;
-}
-
-FORCEINLINE
-ULONG
-RtlTotalEntriesHashTable(
- _In_ PRTL_DYNAMIC_HASH_TABLE HashTable
- )
-{
- return HashTable->NumEntries;
-}
-
-FORCEINLINE
-ULONG
-RtlActiveEnumeratorsHashTable(
- _In_ PRTL_DYNAMIC_HASH_TABLE HashTable
- )
-{
- return HashTable->NumEnumerators;
-}
-
-_Must_inspect_result_
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlCreateHashTable(
- _Inout_ _When_(*HashTable == NULL, __drv_allocatesMem(Mem)) PRTL_DYNAMIC_HASH_TABLE *HashTable,
- _In_ ULONG Shift,
- _In_ _Reserved_ ULONG Flags
- );
-
-NTSYSAPI
-LOGICAL
-NTAPI
-RtlDeleteHashTable(
- _In_ PRTL_DYNAMIC_HASH_TABLE HashTable
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlInsertEntryHashTable(
- _In_ PRTL_DYNAMIC_HASH_TABLE HashTable,
- _In_ PRTL_DYNAMIC_HASH_TABLE_ENTRY Entry,
- _In_ ULONG_PTR Signature,
- _Inout_opt_ PRTL_DYNAMIC_HASH_TABLE_CONTEXT Context
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlRemoveEntryHashTable(
- _In_ PRTL_DYNAMIC_HASH_TABLE HashTable,
- _In_ PRTL_DYNAMIC_HASH_TABLE_ENTRY Entry,
- _Inout_opt_ PRTL_DYNAMIC_HASH_TABLE_CONTEXT Context
- );
-
-_Must_inspect_result_
-NTSYSAPI
-PRTL_DYNAMIC_HASH_TABLE_ENTRY
-NTAPI
-RtlLookupEntryHashTable(
- _In_ PRTL_DYNAMIC_HASH_TABLE HashTable,
- _In_ ULONG_PTR Signature,
- _Out_opt_ PRTL_DYNAMIC_HASH_TABLE_CONTEXT Context
- );
-
-_Must_inspect_result_
-NTSYSAPI
-PRTL_DYNAMIC_HASH_TABLE_ENTRY
-NTAPI
-RtlGetNextEntryHashTable(
- _In_ PRTL_DYNAMIC_HASH_TABLE HashTable,
- _In_ PRTL_DYNAMIC_HASH_TABLE_CONTEXT Context
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlInitEnumerationHashTable(
- _In_ PRTL_DYNAMIC_HASH_TABLE HashTable,
- _Out_ PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR Enumerator
- );
-
-_Must_inspect_result_
-NTSYSAPI
-PRTL_DYNAMIC_HASH_TABLE_ENTRY
-NTAPI
-RtlEnumerateEntryHashTable(
- _In_ PRTL_DYNAMIC_HASH_TABLE HashTable,
- _Inout_ PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR Enumerator
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlEndEnumerationHashTable(
- _In_ PRTL_DYNAMIC_HASH_TABLE HashTable,
- _Inout_ PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR Enumerator
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlInitWeakEnumerationHashTable(
- _In_ PRTL_DYNAMIC_HASH_TABLE HashTable,
- _Out_ PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR Enumerator
- );
-
-_Must_inspect_result_
-NTSYSAPI
-PRTL_DYNAMIC_HASH_TABLE_ENTRY
-NTAPI
-RtlWeaklyEnumerateEntryHashTable(
- _In_ PRTL_DYNAMIC_HASH_TABLE HashTable,
- _Inout_ PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR Enumerator
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlEndWeakEnumerationHashTable(
- _In_ PRTL_DYNAMIC_HASH_TABLE HashTable,
- _Inout_ PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR Enumerator
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlExpandHashTable(
- _In_ PRTL_DYNAMIC_HASH_TABLE HashTable
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlContractHashTable(
- _In_ PRTL_DYNAMIC_HASH_TABLE HashTable
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlInitStrongEnumerationHashTable(
- _In_ PRTL_DYNAMIC_HASH_TABLE HashTable,
- _Out_ PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR Enumerator
- );
-
-_Must_inspect_result_
-NTSYSAPI
-PRTL_DYNAMIC_HASH_TABLE_ENTRY
-NTAPI
-RtlStronglyEnumerateEntryHashTable(
- _In_ PRTL_DYNAMIC_HASH_TABLE HashTable,
- _Inout_ PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR Enumerator
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlEndStrongEnumerationHashTable(
- _In_ PRTL_DYNAMIC_HASH_TABLE HashTable,
- _Inout_ PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR Enumerator
- );
-
-#endif
-
-// end_ntddk
-
-// Critical sections
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlInitializeCriticalSection(
- _Out_ PRTL_CRITICAL_SECTION CriticalSection
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlInitializeCriticalSectionAndSpinCount(
- _Inout_ PRTL_CRITICAL_SECTION CriticalSection,
- _In_ ULONG SpinCount
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlInitializeCriticalSectionEx(
- _Out_ PRTL_CRITICAL_SECTION CriticalSection,
- _In_ ULONG SpinCount,
- _In_ ULONG Flags
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDeleteCriticalSection(
- _Inout_ PRTL_CRITICAL_SECTION CriticalSection
- );
-
-_Acquires_exclusive_lock_(*CriticalSection)
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlEnterCriticalSection(
- _Inout_ PRTL_CRITICAL_SECTION CriticalSection
- );
-
-_Releases_exclusive_lock_(*CriticalSection)
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlLeaveCriticalSection(
- _Inout_ PRTL_CRITICAL_SECTION CriticalSection
- );
-
-_When_(return != 0, _Acquires_exclusive_lock_(*CriticalSection))
-NTSYSAPI
-LOGICAL
-NTAPI
-RtlTryEnterCriticalSection(
- _Inout_ PRTL_CRITICAL_SECTION CriticalSection
- );
-
-NTSYSAPI
-LOGICAL
-NTAPI
-RtlIsCriticalSectionLocked(
- _In_ PRTL_CRITICAL_SECTION CriticalSection
- );
-
-NTSYSAPI
-LOGICAL
-NTAPI
-RtlIsCriticalSectionLockedByThread(
- _In_ PRTL_CRITICAL_SECTION CriticalSection
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlGetCriticalSectionRecursionCount(
- _In_ PRTL_CRITICAL_SECTION CriticalSection
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlSetCriticalSectionSpinCount(
- _Inout_ PRTL_CRITICAL_SECTION CriticalSection,
- _In_ ULONG SpinCount
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSAPI
-HANDLE
-NTAPI
-RtlQueryCriticalSectionOwner(
- _In_ HANDLE EventHandle
- );
-#endif
-
-NTSYSAPI
-VOID
-NTAPI
-RtlCheckForOrphanedCriticalSections(
- _In_ HANDLE ThreadHandle
- );
-
-// Resources
-
-typedef struct _RTL_RESOURCE
-{
- RTL_CRITICAL_SECTION CriticalSection;
-
- HANDLE SharedSemaphore;
- volatile ULONG NumberOfWaitingShared;
- HANDLE ExclusiveSemaphore;
- volatile ULONG NumberOfWaitingExclusive;
-
- volatile LONG NumberOfActive; // negative: exclusive acquire; zero: not acquired; positive: shared acquire(s)
- HANDLE ExclusiveOwnerThread;
-
- ULONG Flags; // RTL_RESOURCE_FLAG_*
-
- PRTL_RESOURCE_DEBUG DebugInfo;
-} RTL_RESOURCE, *PRTL_RESOURCE;
-
-#define RTL_RESOURCE_FLAG_LONG_TERM ((ULONG)0x00000001)
-
-NTSYSAPI
-VOID
-NTAPI
-RtlInitializeResource(
- _Out_ PRTL_RESOURCE Resource
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlDeleteResource(
- _Inout_ PRTL_RESOURCE Resource
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlAcquireResourceShared(
- _Inout_ PRTL_RESOURCE Resource,
- _In_ BOOLEAN Wait
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlAcquireResourceExclusive(
- _Inout_ PRTL_RESOURCE Resource,
- _In_ BOOLEAN Wait
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlReleaseResource(
- _Inout_ PRTL_RESOURCE Resource
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlConvertSharedToExclusive(
- _Inout_ PRTL_RESOURCE Resource
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlConvertExclusiveToShared(
- _Inout_ PRTL_RESOURCE Resource
- );
-
-// Slim reader-writer locks, condition variables, and barriers
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-// winbase:InitializeSRWLock
-NTSYSAPI
-VOID
-NTAPI
-RtlInitializeSRWLock(
- _Out_ PRTL_SRWLOCK SRWLock
- );
-
-// winbase:AcquireSRWLockExclusive
-_Acquires_exclusive_lock_(*SRWLock)
-NTSYSAPI
-VOID
-NTAPI
-RtlAcquireSRWLockExclusive(
- _Inout_ PRTL_SRWLOCK SRWLock
- );
-
-// winbase:AcquireSRWLockShared
-_Acquires_shared_lock_(*SRWLock)
-NTSYSAPI
-VOID
-NTAPI
-RtlAcquireSRWLockShared(
- _Inout_ PRTL_SRWLOCK SRWLock
- );
-
-// winbase:ReleaseSRWLockExclusive
-_Releases_exclusive_lock_(*SRWLock)
-NTSYSAPI
-VOID
-NTAPI
-RtlReleaseSRWLockExclusive(
- _Inout_ PRTL_SRWLOCK SRWLock
- );
-
-// winbase:ReleaseSRWLockShared
-_Releases_shared_lock_(*SRWLock)
-NTSYSAPI
-VOID
-NTAPI
-RtlReleaseSRWLockShared(
- _Inout_ PRTL_SRWLOCK SRWLock
- );
-
-// winbase:TryAcquireSRWLockExclusive
-_When_(return != 0, _Acquires_exclusive_lock_(*SRWLock))
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlTryAcquireSRWLockExclusive(
- _Inout_ PRTL_SRWLOCK SRWLock
- );
-
-// winbase:TryAcquireSRWLockShared
-_When_(return != 0, _Acquires_shared_lock_(*SRWLock))
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlTryAcquireSRWLockShared(
- _Inout_ PRTL_SRWLOCK SRWLock
- );
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-// rev
-NTSYSAPI
-VOID
-NTAPI
-RtlAcquireReleaseSRWLockExclusive(
- _Inout_ PRTL_SRWLOCK SRWLock
- );
-#endif
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-// winbase:InitializeConditionVariable
-NTSYSAPI
-VOID
-NTAPI
-RtlInitializeConditionVariable(
- _Out_ PRTL_CONDITION_VARIABLE ConditionVariable
- );
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSleepConditionVariableCS(
- _Inout_ PRTL_CONDITION_VARIABLE ConditionVariable,
- _Inout_ PRTL_CRITICAL_SECTION CriticalSection,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSleepConditionVariableSRW(
- _Inout_ PRTL_CONDITION_VARIABLE ConditionVariable,
- _Inout_ PRTL_SRWLOCK SRWLock,
- _In_opt_ PLARGE_INTEGER Timeout,
- _In_ ULONG Flags
- );
-
-// winbase:WakeConditionVariable
-NTSYSAPI
-VOID
-NTAPI
-RtlWakeConditionVariable(
- _Inout_ PRTL_CONDITION_VARIABLE ConditionVariable
- );
-
-// winbase:WakeAllConditionVariable
-NTSYSAPI
-VOID
-NTAPI
-RtlWakeAllConditionVariable(
- _Inout_ PRTL_CONDITION_VARIABLE ConditionVariable
- );
-
-#endif
-
-// begin_rev
-#define RTL_BARRIER_FLAGS_SPIN_ONLY 0x00000001 // never block on event - always spin
-#define RTL_BARRIER_FLAGS_BLOCK_ONLY 0x00000002 // always block on event - never spin
-#define RTL_BARRIER_FLAGS_NO_DELETE 0x00000004 // use if barrier will never be deleted
-// end_rev
-
-// begin_private
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlInitBarrier(
- _Out_ PRTL_BARRIER Barrier,
- _In_ ULONG TotalThreads,
- _In_ ULONG SpinCount
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDeleteBarrier(
- _In_ PRTL_BARRIER Barrier
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlBarrier(
- _Inout_ PRTL_BARRIER Barrier,
- _In_ ULONG Flags
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlBarrierForDelete(
- _Inout_ PRTL_BARRIER Barrier,
- _In_ ULONG Flags
- );
-
-#endif
-
-// end_private
-
-// Wait on address
-
-// begin_rev
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlWaitOnAddress(
- _In_reads_bytes_(AddressSize) volatile VOID *Address,
- _In_reads_bytes_(AddressSize) PVOID CompareAddress,
- _In_ SIZE_T AddressSize,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlWakeAddressAll(
- _In_ PVOID Address
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlWakeAddressSingle(
- _In_ PVOID Address
- );
-
-#endif
-
-// end_rev
-
-#if (PHNT_VERSION >= PHNT_WIN11_22H2)
-FORCEINLINE
-VOID
-RtlCopyVolatileMemory(
- _Out_writes_bytes_(Size) VOID *Destination,
- _In_reads_bytes_(Size) volatile const VOID *Source,
- _In_ SIZE_T Size
- )
-{
- RtlCopyMemory(Destination, (const VOID *)Source, Size);
- BarrierAfterRead();
-}
-#endif
-
-FORCEINLINE
-HANDLE
-RtlReadHandleNoFence(
- _In_reads_bytes_(sizeof(HANDLE)) volatile CONST HANDLE *Address
- )
-{
- return (HANDLE)ReadPointerNoFence((PVOID *)Address);
-}
-
-// Strings
-
-FORCEINLINE
-VOID
-NTAPI
-RtlInitEmptyAnsiString(
- _Out_ PANSI_STRING AnsiString,
- _Pre_maybenull_ _Pre_readable_size_(MaximumLength) PCHAR Buffer,
- _In_ USHORT MaximumLength
- )
-{
- memset(AnsiString, 0, sizeof(ANSI_STRING));
- AnsiString->MaximumLength = MaximumLength;
- AnsiString->Buffer = Buffer;
-}
-
-#ifndef PHNT_NO_INLINE_INIT_STRING
-FORCEINLINE VOID RtlInitString(
- _Out_ PSTRING DestinationString,
- _In_opt_ PCSTR SourceString
- )
-{
- if (SourceString)
- DestinationString->MaximumLength = (DestinationString->Length = (USHORT)strlen(SourceString)) + sizeof(ANSI_NULL);
- else
- DestinationString->MaximumLength = DestinationString->Length = 0;
-
- DestinationString->Buffer = (PCHAR)SourceString;
-}
-#else
-NTSYSAPI
-VOID
-NTAPI
-RtlInitString(
- _Out_ PSTRING DestinationString,
- _In_opt_ PCSTR SourceString
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlInitStringEx(
- _Out_ PSTRING DestinationString,
- _In_opt_z_ PCSZ SourceString
- );
-#endif
-
-#ifndef PHNT_NO_INLINE_INIT_STRING
-FORCEINLINE VOID RtlInitAnsiString(
- _Out_ PANSI_STRING DestinationString,
- _In_opt_ PCSTR SourceString
- )
-{
- if (SourceString)
- DestinationString->MaximumLength = (DestinationString->Length = (USHORT)strlen(SourceString)) + sizeof(ANSI_NULL);
- else
- DestinationString->MaximumLength = DestinationString->Length = 0;
-
- DestinationString->Buffer = (PCHAR)SourceString;
-}
-#else
-NTSYSAPI
-VOID
-NTAPI
-RtlInitAnsiString(
- _Out_ PANSI_STRING DestinationString,
- _In_opt_ PCSTR SourceString
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WS03)
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlInitAnsiStringEx(
- _Out_ PANSI_STRING DestinationString,
- _In_opt_z_ PCSZ SourceString
- );
-#endif
-
-NTSYSAPI
-VOID
-NTAPI
-RtlFreeAnsiString(
- _Inout_ _At_(AnsiString->Buffer, _Frees_ptr_opt_) PANSI_STRING AnsiString
- );
-
-#if (PHNT_VERSION >= PHNT_20H1)
-NTSYSAPI
-VOID
-NTAPI
-RtlInitUTF8String(
- _Out_ PUTF8_STRING DestinationString,
- _In_opt_z_ PCSZ SourceString
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlInitUTF8StringEx(
- _Out_ PUTF8_STRING DestinationString,
- _In_opt_z_ PCSZ SourceString
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlFreeUTF8String(
- _Inout_ _At_(Utf8String->Buffer, _Frees_ptr_opt_) PUTF8_STRING Utf8String
- );
-#endif
-
-NTSYSAPI
-VOID
-NTAPI
-RtlFreeOemString(
- _Inout_ POEM_STRING OemString
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlCopyString(
- _In_ PSTRING DestinationString,
- _In_opt_ PSTRING SourceString
- );
-
-NTSYSAPI
-CHAR
-NTAPI
-RtlUpperChar(
- _In_ CHAR Character
- );
-
-_Must_inspect_result_
-NTSYSAPI
-LONG
-NTAPI
-RtlCompareString(
- _In_ PSTRING String1,
- _In_ PSTRING String2,
- _In_ BOOLEAN CaseInSensitive
- );
-
-_Must_inspect_result_
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlEqualString(
- _In_ PSTRING String1,
- _In_ PSTRING String2,
- _In_ BOOLEAN CaseInSensitive
- );
-
-_Must_inspect_result_
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlPrefixString(
- _In_ PSTRING String1,
- _In_ PSTRING String2,
- _In_ BOOLEAN CaseInSensitive
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAppendStringToString(
- _Inout_ PSTRING Destination,
- _In_ PSTRING Source
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAppendAsciizToString(
- _In_ PSTRING Destination,
- _In_opt_ PCSTR Source
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlUpperString(
- _Inout_ PSTRING DestinationString,
- _In_ const STRING* SourceString
- );
-
-FORCEINLINE
-BOOLEAN
-RtlIsNullOrEmptyUnicodeString(
- _In_opt_ PUNICODE_STRING String
- )
-{
- return !String || String->Length == 0;
-}
-
-FORCEINLINE
-VOID
-NTAPI
-RtlInitEmptyUnicodeString(
- _Out_ PUNICODE_STRING DestinationString,
- _Writable_bytes_(MaximumLength) _When_(MaximumLength != 0, _Notnull_) PWCHAR Buffer,
- _In_ USHORT MaximumLength
- )
-{
- memset(DestinationString, 0, sizeof(UNICODE_STRING));
- DestinationString->MaximumLength = MaximumLength;
- DestinationString->Buffer = Buffer;
-}
-
-#ifndef PHNT_NO_INLINE_INIT_STRING
-FORCEINLINE VOID RtlInitUnicodeString(
- _Out_ PUNICODE_STRING DestinationString,
- _In_opt_z_ PCWSTR SourceString
- )
-{
- if (SourceString)
- DestinationString->MaximumLength = (DestinationString->Length = (USHORT)(wcslen(SourceString) * sizeof(WCHAR))) + sizeof(UNICODE_NULL);
- else
- DestinationString->MaximumLength = DestinationString->Length = 0;
-
- DestinationString->Buffer = (PWCH)SourceString;
-}
-#else
-NTSYSAPI
-VOID
-NTAPI
-RtlInitUnicodeString(
- _Out_ PUNICODE_STRING DestinationString,
- _In_opt_z_ PCWSTR SourceString
- );
-#endif
-
-#ifndef PHNT_NO_INLINE_INIT_STRING
-FORCEINLINE NTSTATUS RtlInitUnicodeStringEx(
- _Out_ PUNICODE_STRING DestinationString,
- _In_opt_z_ PCWSTR SourceString
- )
-{
- size_t stringLength;
-
- DestinationString->Length = 0;
- DestinationString->Buffer = (PWCH)SourceString;
-
- if (!SourceString)
- return STATUS_SUCCESS;
-
- stringLength = wcslen(SourceString);
-
- if (stringLength <= UNICODE_STRING_MAX_CHARS - 1)
- {
- DestinationString->Length = (USHORT)stringLength * sizeof(WCHAR);
- DestinationString->MaximumLength = DestinationString->Length + sizeof(UNICODE_NULL);
- return STATUS_SUCCESS;
- }
-
- return STATUS_NAME_TOO_LONG;
-}
-#else
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlInitUnicodeStringEx(
- _Out_ PUNICODE_STRING DestinationString,
- _In_opt_z_ PCWSTR SourceString
- );
-#endif
-
-_Success_(return != 0)
-_Must_inspect_result_
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlCreateUnicodeString(
- _Out_ PUNICODE_STRING DestinationString,
- _In_z_ PCWSTR SourceString
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlCreateUnicodeStringFromAsciiz(
- _Out_ PUNICODE_STRING DestinationString,
- _In_ PCSTR SourceString
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlFreeUnicodeString(
- _Inout_ _At_(UnicodeString->Buffer, _Frees_ptr_opt_) PUNICODE_STRING UnicodeString
- );
-
-#define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE (0x00000001)
-#define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING (0x00000002)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDuplicateUnicodeString(
- _In_ ULONG Flags,
- _In_ PUNICODE_STRING StringIn,
- _Out_ PUNICODE_STRING StringOut
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlCopyUnicodeString(
- _In_ PUNICODE_STRING DestinationString,
- _In_opt_ PCUNICODE_STRING SourceString
- );
-
-NTSYSAPI
-WCHAR
-NTAPI
-RtlUpcaseUnicodeChar(
- _In_ WCHAR SourceCharacter
- );
-
-NTSYSAPI
-WCHAR
-NTAPI
-RtlDowncaseUnicodeChar(
- _In_ WCHAR SourceCharacter
- );
-
-_Must_inspect_result_
-NTSYSAPI
-LONG
-NTAPI
-RtlCompareUnicodeString(
- _In_ PUNICODE_STRING String1,
- _In_ PUNICODE_STRING String2,
- _In_ BOOLEAN CaseInSensitive
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-_Must_inspect_result_
-NTSYSAPI
-LONG
-NTAPI
-RtlCompareUnicodeStrings(
- _In_reads_(String1Length) PCWCH String1,
- _In_ SIZE_T String1Length,
- _In_reads_(String2Length) PCWCH String2,
- _In_ SIZE_T String2Length,
- _In_ BOOLEAN CaseInSensitive
- );
-#endif
-
-_Must_inspect_result_
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlEqualUnicodeString(
- _In_ PUNICODE_STRING String1,
- _In_ PUNICODE_STRING String2,
- _In_ BOOLEAN CaseInSensitive
- );
-
-#define HASH_STRING_ALGORITHM_DEFAULT 0
-#define HASH_STRING_ALGORITHM_X65599 1
-#define HASH_STRING_ALGORITHM_INVALID 0xffffffff
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlHashUnicodeString(
- _In_ PUNICODE_STRING String,
- _In_ BOOLEAN CaseInSensitive,
- _In_ ULONG HashAlgorithm,
- _Out_ PULONG HashValue
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlValidateUnicodeString(
- _In_ ULONG Flags,
- _In_ PUNICODE_STRING String
- );
-
-_Must_inspect_result_
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlPrefixUnicodeString(
- _In_ PUNICODE_STRING String1,
- _In_ PUNICODE_STRING String2,
- _In_ BOOLEAN CaseInSensitive
- );
-
-#if (PHNT_MODE == PHNT_MODE_KERNEL && PHNT_VERSION >= PHNT_THRESHOLD)
-_Must_inspect_result_
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlSuffixUnicodeString(
- _In_ PUNICODE_STRING String1,
- _In_ PUNICODE_STRING String2,
- _In_ BOOLEAN CaseInSensitive
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-_Must_inspect_result_
-NTSYSAPI
-PWCHAR
-NTAPI
-RtlFindUnicodeSubstring(
- _In_ PUNICODE_STRING FullString,
- _In_ PUNICODE_STRING SearchString,
- _In_ BOOLEAN CaseInSensitive
- );
-#endif
-
-#define RTL_FIND_CHAR_IN_UNICODE_STRING_START_AT_END 0x00000001
-#define RTL_FIND_CHAR_IN_UNICODE_STRING_COMPLEMENT_CHAR_SET 0x00000002
-#define RTL_FIND_CHAR_IN_UNICODE_STRING_CASE_INSENSITIVE 0x00000004
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlFindCharInUnicodeString(
- _In_ ULONG Flags,
- _In_ PUNICODE_STRING StringToSearch,
- _In_ PUNICODE_STRING CharSet,
- _Out_ PUSHORT NonInclusivePrefixLength
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAppendUnicodeStringToString(
- _In_ PUNICODE_STRING Destination,
- _In_ PCUNICODE_STRING Source
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAppendUnicodeToString(
- _In_ PUNICODE_STRING Destination,
- _In_opt_ PCWSTR Source
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUpcaseUnicodeString(
- _Inout_ PUNICODE_STRING DestinationString,
- _In_ PUNICODE_STRING SourceString,
- _In_ BOOLEAN AllocateDestinationString
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDowncaseUnicodeString(
- _Inout_ PUNICODE_STRING DestinationString,
- _In_ PUNICODE_STRING SourceString,
- _In_ BOOLEAN AllocateDestinationString
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlEraseUnicodeString(
- _Inout_ PUNICODE_STRING String
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAnsiStringToUnicodeString(
- _Inout_ PUNICODE_STRING DestinationString,
- _In_ PANSI_STRING SourceString,
- _In_ BOOLEAN AllocateDestinationString
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUnicodeStringToAnsiString(
- _Inout_ PANSI_STRING DestinationString,
- _In_ PUNICODE_STRING SourceString,
- _In_ BOOLEAN AllocateDestinationString
- );
-
-// rev
-NTSYSAPI
-ULONG
-NTAPI
-RtlUnicodeStringToAnsiSize(
- _In_ PUNICODE_STRING SourceString
- );
-
-#if (PHNT_VERSION >= PHNT_20H1)
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUnicodeStringToUTF8String(
- _Inout_ PUTF8_STRING DestinationString,
- _In_ PCUNICODE_STRING SourceString,
- _In_ BOOLEAN AllocateDestinationString
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUTF8StringToUnicodeString(
- _Inout_ PUNICODE_STRING DestinationString,
- _In_ PUTF8_STRING SourceString,
- _In_ BOOLEAN AllocateDestinationString
- );
-#endif
-
-NTSYSAPI
-WCHAR
-NTAPI
-RtlAnsiCharToUnicodeChar(
- _Inout_ PUCHAR *SourceCharacter
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUpcaseUnicodeStringToAnsiString(
- _Inout_ PANSI_STRING DestinationString,
- _In_ PUNICODE_STRING SourceString,
- _In_ BOOLEAN AllocateDestinationString
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlOemStringToUnicodeString(
- _Inout_ PUNICODE_STRING DestinationString,
- _In_ POEM_STRING SourceString,
- _In_ BOOLEAN AllocateDestinationString
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUnicodeStringToOemString(
- _Inout_ POEM_STRING DestinationString,
- _In_ PUNICODE_STRING SourceString,
- _In_ BOOLEAN AllocateDestinationString
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUpcaseUnicodeStringToOemString(
- _Inout_ POEM_STRING DestinationString,
- _In_ PUNICODE_STRING SourceString,
- _In_ BOOLEAN AllocateDestinationString
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlOemStringToCountedUnicodeString(
- _Inout_ PUNICODE_STRING DestinationString,
- _In_ PCOEM_STRING SourceString,
- _In_ BOOLEAN AllocateDestinationString
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUnicodeStringToCountedOemString(
- _Inout_ POEM_STRING DestinationString,
- _In_ PUNICODE_STRING SourceString,
- _In_ BOOLEAN AllocateDestinationString
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUpcaseUnicodeStringToCountedOemString(
- _Inout_ POEM_STRING DestinationString,
- _In_ PUNICODE_STRING SourceString,
- _In_ BOOLEAN AllocateDestinationString
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlMultiByteToUnicodeN(
- _Out_writes_bytes_to_(MaxBytesInUnicodeString, *BytesInUnicodeString) PWCH UnicodeString,
- _In_ ULONG MaxBytesInUnicodeString,
- _Out_opt_ PULONG BytesInUnicodeString,
- _In_reads_bytes_(BytesInMultiByteString) PCSTR MultiByteString,
- _In_ ULONG BytesInMultiByteString
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlMultiByteToUnicodeSize(
- _Out_ PULONG BytesInUnicodeString,
- _In_reads_bytes_(BytesInMultiByteString) PCSTR MultiByteString,
- _In_ ULONG BytesInMultiByteString
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUnicodeToMultiByteN(
- _Out_writes_bytes_to_(MaxBytesInMultiByteString, *BytesInMultiByteString) PCHAR MultiByteString,
- _In_ ULONG MaxBytesInMultiByteString,
- _Out_opt_ PULONG BytesInMultiByteString,
- _In_reads_bytes_(BytesInUnicodeString) PCWCH UnicodeString,
- _In_ ULONG BytesInUnicodeString
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUnicodeToMultiByteSize(
- _Out_ PULONG BytesInMultiByteString,
- _In_reads_bytes_(BytesInUnicodeString) PCWCH UnicodeString,
- _In_ ULONG BytesInUnicodeString
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUpcaseUnicodeToMultiByteN(
- _Out_writes_bytes_to_(MaxBytesInMultiByteString, *BytesInMultiByteString) PCHAR MultiByteString,
- _In_ ULONG MaxBytesInMultiByteString,
- _Out_opt_ PULONG BytesInMultiByteString,
- _In_reads_bytes_(BytesInUnicodeString) PCWCH UnicodeString,
- _In_ ULONG BytesInUnicodeString
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlOemToUnicodeN(
- _Out_writes_bytes_to_(MaxBytesInUnicodeString, *BytesInUnicodeString) PWSTR UnicodeString,
- _In_ ULONG MaxBytesInUnicodeString,
- _Out_opt_ PULONG BytesInUnicodeString,
- _In_reads_bytes_(BytesInOemString) PCCH OemString,
- _In_ ULONG BytesInOemString
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUnicodeToOemN(
- _Out_writes_bytes_to_(MaxBytesInOemString, *BytesInOemString) PCHAR OemString,
- _In_ ULONG MaxBytesInOemString,
- _Out_opt_ PULONG BytesInOemString,
- _In_reads_bytes_(BytesInUnicodeString) PCWCH UnicodeString,
- _In_ ULONG BytesInUnicodeString
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUpcaseUnicodeToOemN(
- _Out_writes_bytes_to_(MaxBytesInOemString, *BytesInOemString) PCHAR OemString,
- _In_ ULONG MaxBytesInOemString,
- _Out_opt_ PULONG BytesInOemString,
- _In_reads_bytes_(BytesInUnicodeString) PCWCH UnicodeString,
- _In_ ULONG BytesInUnicodeString
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlConsoleMultiByteToUnicodeN(
- _Out_writes_bytes_to_(MaxBytesInUnicodeString, *BytesInUnicodeString) PWCH UnicodeString,
- _In_ ULONG MaxBytesInUnicodeString,
- _Out_opt_ PULONG BytesInUnicodeString,
- _In_reads_bytes_(BytesInMultiByteString) PCCH MultiByteString,
- _In_ ULONG BytesInMultiByteString,
- _Out_ PULONG pdwSpecialChar
- );
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUTF8ToUnicodeN(
- _Out_writes_bytes_to_(UnicodeStringMaxByteCount, *UnicodeStringActualByteCount) PWSTR UnicodeStringDestination,
- _In_ ULONG UnicodeStringMaxByteCount,
- _Out_opt_ PULONG UnicodeStringActualByteCount,
- _In_reads_bytes_(UTF8StringByteCount) PCCH UTF8StringSource,
- _In_ ULONG UTF8StringByteCount
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUnicodeToUTF8N(
- _Out_writes_bytes_to_(UTF8StringMaxByteCount, *UTF8StringActualByteCount) PCHAR UTF8StringDestination,
- _In_ ULONG UTF8StringMaxByteCount,
- _Out_opt_ PULONG UTF8StringActualByteCount,
- _In_reads_bytes_(UnicodeStringByteCount) PCWCH UnicodeStringSource,
- _In_ ULONG UnicodeStringByteCount
- );
-#endif
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCustomCPToUnicodeN(
- _In_ PCPTABLEINFO CustomCP,
- _Out_writes_bytes_to_(MaxBytesInUnicodeString, *BytesInUnicodeString) PWCH UnicodeString,
- _In_ ULONG MaxBytesInUnicodeString,
- _Out_opt_ PULONG BytesInUnicodeString,
- _In_reads_bytes_(BytesInCustomCPString) PCH CustomCPString,
- _In_ ULONG BytesInCustomCPString
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUnicodeToCustomCPN(
- _In_ PCPTABLEINFO CustomCP,
- _Out_writes_bytes_to_(MaxBytesInCustomCPString, *BytesInCustomCPString) PCH CustomCPString,
- _In_ ULONG MaxBytesInCustomCPString,
- _Out_opt_ PULONG BytesInCustomCPString,
- _In_reads_bytes_(BytesInUnicodeString) PWCH UnicodeString,
- _In_ ULONG BytesInUnicodeString
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUpcaseUnicodeToCustomCPN(
- _In_ PCPTABLEINFO CustomCP,
- _Out_writes_bytes_to_(MaxBytesInCustomCPString, *BytesInCustomCPString) PCH CustomCPString,
- _In_ ULONG MaxBytesInCustomCPString,
- _Out_opt_ PULONG BytesInCustomCPString,
- _In_reads_bytes_(BytesInUnicodeString) PWCH UnicodeString,
- _In_ ULONG BytesInUnicodeString
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlInitCodePageTable(
- _In_reads_z_(2) PUSHORT TableBase,
- _Inout_ PCPTABLEINFO CodePageTable
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlInitNlsTables(
- _In_ PUSHORT AnsiNlsBase,
- _In_ PUSHORT OemNlsBase,
- _In_ PUSHORT LanguageNlsBase,
- _Out_ PNLSTABLEINFO TableInfo // PCPTABLEINFO?
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlResetRtlTranslations(
- _In_ PNLSTABLEINFO TableInfo
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsTextUnicode(
- _In_ PVOID Buffer,
- _In_ ULONG Size,
- _Inout_opt_ PULONG Result
- );
-
-typedef enum _RTL_NORM_FORM
-{
- NormOther = 0x0,
- NormC = 0x1,
- NormD = 0x2,
- NormKC = 0x5,
- NormKD = 0x6,
- NormIdna = 0xd,
- DisallowUnassigned = 0x100,
- NormCDisallowUnassigned = 0x101,
- NormDDisallowUnassigned = 0x102,
- NormKCDisallowUnassigned = 0x105,
- NormKDDisallowUnassigned = 0x106,
- NormIdnaDisallowUnassigned = 0x10d
-} RTL_NORM_FORM;
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlNormalizeString(
- _In_ ULONG NormForm, // RTL_NORM_FORM
- _In_ PCWSTR SourceString,
- _In_ LONG SourceStringLength,
- _Out_writes_to_(*DestinationStringLength, *DestinationStringLength) PWSTR DestinationString,
- _Inout_ PLONG DestinationStringLength
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlIsNormalizedString(
- _In_ ULONG NormForm, // RTL_NORM_FORM
- _In_ PCWSTR SourceString,
- _In_ LONG SourceStringLength,
- _Out_ PBOOLEAN Normalized
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-// ntifs:FsRtlIsNameInExpression
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsNameInExpression(
- _In_ PUNICODE_STRING Expression,
- _In_ PUNICODE_STRING Name,
- _In_ BOOLEAN IgnoreCase,
- _In_opt_ PWCH UpcaseTable
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_REDSTONE4)
-// rev
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsNameInUnUpcasedExpression(
- _In_ PUNICODE_STRING Expression,
- _In_ PUNICODE_STRING Name,
- _In_ BOOLEAN IgnoreCase,
- _In_opt_ PWCH UpcaseTable
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_19H1)
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlDoesNameContainWildCards(
- _In_ PUNICODE_STRING Expression
- );
-#endif
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlEqualDomainName(
- _In_ PUNICODE_STRING String1,
- _In_ PUNICODE_STRING String2
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlEqualComputerName(
- _In_ PUNICODE_STRING String1,
- _In_ PUNICODE_STRING String2
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDnsHostNameToComputerName(
- _Out_ PUNICODE_STRING ComputerNameString,
- _In_ PUNICODE_STRING DnsHostNameString,
- _In_ BOOLEAN AllocateComputerNameString
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlStringFromGUID(
- _In_ PGUID Guid,
- _Out_ PUNICODE_STRING GuidString
- );
-
-#if (PHNT_VERSION >= PHNT_WINBLUE)
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlStringFromGUIDEx(
- _In_ PGUID Guid,
- _Inout_ PUNICODE_STRING GuidString,
- _In_ BOOLEAN AllocateGuidString
- );
-
-#endif
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGUIDFromString(
- _In_ PUNICODE_STRING GuidString,
- _Out_ PGUID Guid
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-NTSYSAPI
-LONG
-NTAPI
-RtlCompareAltitudes(
- _In_ PUNICODE_STRING Altitude1,
- _In_ PUNICODE_STRING Altitude2
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlIdnToAscii(
- _In_ ULONG Flags,
- _In_ PCWSTR SourceString,
- _In_ LONG SourceStringLength,
- _Out_writes_to_(*DestinationStringLength, *DestinationStringLength) PWSTR DestinationString,
- _Inout_ PLONG DestinationStringLength
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlIdnToUnicode(
- _In_ ULONG Flags,
- _In_ PCWSTR SourceString,
- _In_ LONG SourceStringLength,
- _Out_writes_to_(*DestinationStringLength, *DestinationStringLength) PWSTR DestinationString,
- _Inout_ PLONG DestinationStringLength
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlIdnToNameprepUnicode(
- _In_ ULONG Flags,
- _In_ PCWSTR SourceString,
- _In_ LONG SourceStringLength,
- _Out_writes_to_(*DestinationStringLength, *DestinationStringLength) PWSTR DestinationString,
- _Inout_ PLONG DestinationStringLength
- );
-
-#endif
-
-// Prefix
-
-typedef struct _PREFIX_TABLE_ENTRY
-{
- CSHORT NodeTypeCode;
- CSHORT NameLength;
- struct _PREFIX_TABLE_ENTRY *NextPrefixTree;
- RTL_SPLAY_LINKS Links;
- PSTRING Prefix;
-} PREFIX_TABLE_ENTRY, *PPREFIX_TABLE_ENTRY;
-
-typedef struct _PREFIX_TABLE
-{
- CSHORT NodeTypeCode;
- CSHORT NameLength;
- PPREFIX_TABLE_ENTRY NextPrefixTree;
-} PREFIX_TABLE, *PPREFIX_TABLE;
-
-NTSYSAPI
-VOID
-NTAPI
-PfxInitialize(
- _Out_ PPREFIX_TABLE PrefixTable
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-PfxInsertPrefix(
- _In_ PPREFIX_TABLE PrefixTable,
- _In_ PSTRING Prefix,
- _Out_ PPREFIX_TABLE_ENTRY PrefixTableEntry
- );
-
-NTSYSAPI
-VOID
-NTAPI
-PfxRemovePrefix(
- _In_ PPREFIX_TABLE PrefixTable,
- _In_ PPREFIX_TABLE_ENTRY PrefixTableEntry
- );
-
-NTSYSAPI
-PPREFIX_TABLE_ENTRY
-NTAPI
-PfxFindPrefix(
- _In_ PPREFIX_TABLE PrefixTable,
- _In_ PSTRING FullName
- );
-
-typedef struct _UNICODE_PREFIX_TABLE_ENTRY
-{
- CSHORT NodeTypeCode;
- CSHORT NameLength;
- struct _UNICODE_PREFIX_TABLE_ENTRY *NextPrefixTree;
- struct _UNICODE_PREFIX_TABLE_ENTRY *CaseMatch;
- RTL_SPLAY_LINKS Links;
- PUNICODE_STRING Prefix;
-} UNICODE_PREFIX_TABLE_ENTRY, *PUNICODE_PREFIX_TABLE_ENTRY;
-
-typedef struct _UNICODE_PREFIX_TABLE
-{
- CSHORT NodeTypeCode;
- CSHORT NameLength;
- PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree;
- PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry;
-} UNICODE_PREFIX_TABLE, *PUNICODE_PREFIX_TABLE;
-
-NTSYSAPI
-VOID
-NTAPI
-RtlInitializeUnicodePrefix(
- _Out_ PUNICODE_PREFIX_TABLE PrefixTable
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlInsertUnicodePrefix(
- _In_ PUNICODE_PREFIX_TABLE PrefixTable,
- _In_ PUNICODE_STRING Prefix,
- _Out_ PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlRemoveUnicodePrefix(
- _In_ PUNICODE_PREFIX_TABLE PrefixTable,
- _In_ PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry
- );
-
-NTSYSAPI
-PUNICODE_PREFIX_TABLE_ENTRY
-NTAPI
-RtlFindUnicodePrefix(
- _In_ PUNICODE_PREFIX_TABLE PrefixTable,
- _In_ PUNICODE_STRING FullName,
- _In_ ULONG CaseInsensitiveIndex
- );
-
-NTSYSAPI
-PUNICODE_PREFIX_TABLE_ENTRY
-NTAPI
-RtlNextUnicodePrefix(
- _In_ PUNICODE_PREFIX_TABLE PrefixTable,
- _In_ BOOLEAN Restart
- );
-
-// Compression
-
-typedef struct _COMPRESSED_DATA_INFO
-{
- USHORT CompressionFormatAndEngine; // COMPRESSION_FORMAT_* and COMPRESSION_ENGINE_*
-
- UCHAR CompressionUnitShift;
- UCHAR ChunkShift;
- UCHAR ClusterShift;
- UCHAR Reserved;
-
- USHORT NumberOfChunks;
-
- ULONG CompressedChunkSizes[1];
-} COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO;
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetCompressionWorkSpaceSize(
- _In_ USHORT CompressionFormatAndEngine,
- _Out_ PULONG CompressBufferWorkSpaceSize,
- _Out_ PULONG CompressFragmentWorkSpaceSize
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCompressBuffer(
- _In_ USHORT CompressionFormatAndEngine,
- _In_reads_bytes_(UncompressedBufferSize) PUCHAR UncompressedBuffer,
- _In_ ULONG UncompressedBufferSize,
- _Out_writes_bytes_to_(CompressedBufferSize, *FinalCompressedSize) PUCHAR CompressedBuffer,
- _In_ ULONG CompressedBufferSize,
- _In_ ULONG UncompressedChunkSize,
- _Out_ PULONG FinalCompressedSize,
- _In_ PVOID WorkSpace
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDecompressBuffer(
- _In_ USHORT CompressionFormat,
- _Out_writes_bytes_to_(UncompressedBufferSize, *FinalUncompressedSize) PUCHAR UncompressedBuffer,
- _In_ ULONG UncompressedBufferSize,
- _In_reads_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer,
- _In_ ULONG CompressedBufferSize,
- _Out_ PULONG FinalUncompressedSize
- );
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDecompressBufferEx(
- _In_ USHORT CompressionFormat,
- _Out_writes_bytes_to_(UncompressedBufferSize, *FinalUncompressedSize) PUCHAR UncompressedBuffer,
- _In_ ULONG UncompressedBufferSize,
- _In_reads_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer,
- _In_ ULONG CompressedBufferSize,
- _Out_ PULONG FinalUncompressedSize,
- _In_opt_ PVOID WorkSpace
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WINBLUE)
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDecompressBufferEx2(
- _In_ USHORT CompressionFormat,
- _Out_writes_bytes_to_(UncompressedBufferSize, *FinalUncompressedSize) PUCHAR UncompressedBuffer,
- _In_ ULONG UncompressedBufferSize,
- _In_reads_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer,
- _In_ ULONG CompressedBufferSize,
- _In_ ULONG UncompressedChunkSize,
- _Out_ PULONG FinalUncompressedSize,
- _In_opt_ PVOID WorkSpace
- );
-#endif
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDecompressFragment(
- _In_ USHORT CompressionFormat,
- _Out_writes_bytes_to_(UncompressedFragmentSize, *FinalUncompressedSize) PUCHAR UncompressedFragment,
- _In_ ULONG UncompressedFragmentSize,
- _In_reads_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer,
- _In_ ULONG CompressedBufferSize,
- _In_range_(<, CompressedBufferSize) ULONG FragmentOffset,
- _Out_ PULONG FinalUncompressedSize,
- _In_ PVOID WorkSpace
- );
-
-#if (PHNT_VERSION >= PHNT_WINBLUE)
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDecompressFragmentEx(
- _In_ USHORT CompressionFormat,
- _Out_writes_bytes_to_(UncompressedFragmentSize, *FinalUncompressedSize) PUCHAR UncompressedFragment,
- _In_ ULONG UncompressedFragmentSize,
- _In_reads_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer,
- _In_ ULONG CompressedBufferSize,
- _In_range_(<, CompressedBufferSize) ULONG FragmentOffset,
- _In_ ULONG UncompressedChunkSize,
- _Out_ PULONG FinalUncompressedSize,
- _In_ PVOID WorkSpace
- );
-#endif
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDescribeChunk(
- _In_ USHORT CompressionFormat,
- _Inout_ PUCHAR *CompressedBuffer,
- _In_ PUCHAR EndOfCompressedBufferPlus1,
- _Out_ PUCHAR *ChunkBuffer,
- _Out_ PULONG ChunkSize
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlReserveChunk(
- _In_ USHORT CompressionFormat,
- _Inout_ PUCHAR *CompressedBuffer,
- _In_ PUCHAR EndOfCompressedBufferPlus1,
- _Out_ PUCHAR *ChunkBuffer,
- _In_ ULONG ChunkSize
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDecompressChunks(
- _Out_writes_bytes_(UncompressedBufferSize) PUCHAR UncompressedBuffer,
- _In_ ULONG UncompressedBufferSize,
- _In_reads_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer,
- _In_ ULONG CompressedBufferSize,
- _In_reads_bytes_(CompressedTailSize) PUCHAR CompressedTail,
- _In_ ULONG CompressedTailSize,
- _In_ PCOMPRESSED_DATA_INFO CompressedDataInfo
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCompressChunks(
- _In_reads_bytes_(UncompressedBufferSize) PUCHAR UncompressedBuffer,
- _In_ ULONG UncompressedBufferSize,
- _Out_writes_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer,
- _In_range_(>=, (UncompressedBufferSize - (UncompressedBufferSize / 16))) ULONG CompressedBufferSize,
- _Inout_updates_bytes_(CompressedDataInfoLength) PCOMPRESSED_DATA_INFO CompressedDataInfo,
- _In_range_(>, sizeof(COMPRESSED_DATA_INFO)) ULONG CompressedDataInfoLength,
- _In_ PVOID WorkSpace
- );
-
-// Locale
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlConvertLCIDToString(
- _In_ LCID LcidValue,
- _In_ ULONG Base,
- _In_ ULONG Padding, // string is padded to this width
- _Out_writes_(Size) PWSTR pResultBuf,
- _In_ ULONG Size
- );
-
-// private
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsValidLocaleName(
- _In_ PCWSTR LocaleName,
- _In_ ULONG Flags
- );
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetParentLocaleName(
- _In_ PCWSTR LocaleName,
- _Inout_ PUNICODE_STRING ParentLocaleName,
- _In_ ULONG Flags,
- _In_ BOOLEAN AllocateDestinationString
- );
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlLcidToLocaleName(
- _In_ LCID lcid, // sic
- _Inout_ PUNICODE_STRING LocaleName,
- _In_ ULONG Flags,
- _In_ BOOLEAN AllocateDestinationString
- );
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlLocaleNameToLcid(
- _In_ PCWSTR LocaleName,
- _Out_ PLCID lcid,
- _In_ ULONG Flags
- );
-
-// private
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlLCIDToCultureName(
- _In_ LCID Lcid,
- _Inout_ PUNICODE_STRING String
- );
-
-// private
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlCultureNameToLCID(
- _In_ PUNICODE_STRING String,
- _Out_ PLCID Lcid
- );
-
-// private
-NTSYSAPI
-VOID
-NTAPI
-RtlCleanUpTEBLangLists(
- VOID
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-
-// rev from GetThreadPreferredUILanguages
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetThreadPreferredUILanguages(
- _In_ ULONG Flags, // MUI_LANGUAGE_NAME
- _Out_ PULONG NumberOfLanguages,
- _Out_writes_opt_(*ReturnLength) PZZWSTR Languages,
- _Inout_ PULONG ReturnLength
- );
-
-// rev from GetProcessPreferredUILanguages
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetProcessPreferredUILanguages(
- _In_ ULONG Flags, // MUI_LANGUAGE_NAME
- _Out_ PULONG NumberOfLanguages,
- _Out_writes_opt_(*ReturnLength) PZZWSTR Languages,
- _Inout_ PULONG ReturnLength
- );
-
-// rev from GetSystemPreferredUILanguages
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetSystemPreferredUILanguages(
- _In_ ULONG Flags, // MUI_LANGUAGE_NAME
- _In_ PCWSTR LocaleName,
- _Out_ PULONG NumberOfLanguages,
- _Out_writes_opt_(*ReturnLength) PZZWSTR Languages,
- _Inout_ PULONG ReturnLength
- );
-
-// rev from GetSystemDefaultUILanguage
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlpGetSystemDefaultUILanguage(
- _Out_ LANGID DefaultUILanguageId,
- _Inout_ PLCID Lcid
- );
-
-// rev from GetUserPreferredUILanguages
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetUserPreferredUILanguages(
- _In_ ULONG Flags, // MUI_LANGUAGE_NAME
- _In_ PCWSTR LocaleName,
- _Out_ PULONG NumberOfLanguages,
- _Out_writes_opt_(*ReturnLength) PZZWSTR Languages,
- _Inout_ PULONG ReturnLength
- );
-
-// rev from GetUILanguageInfo
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetUILanguageInfo(
- _In_ ULONG Flags,
- _In_ PCZZWSTR Languages,
- _Out_writes_opt_(*NumberOfFallbackLanguages) PZZWSTR FallbackLanguages,
- _Inout_opt_ PULONG NumberOfFallbackLanguages,
- _Out_ PULONG Attributes
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetLocaleFileMappingAddress(
- _Out_ PVOID *BaseAddress,
- _Out_ PLCID DefaultLocaleId,
- _Out_ PLARGE_INTEGER DefaultCasingTableSize,
- _Out_opt_ PULONG CurrentNLSVersion
- );
-
-#endif
-
-// PEB
-
-NTSYSAPI
-PPEB
-NTAPI
-RtlGetCurrentPeb(
- VOID
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAcquirePebLock(
- VOID
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlReleasePebLock(
- VOID
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSAPI
-LOGICAL
-NTAPI
-RtlTryAcquirePebLock(
- VOID
- );
-#endif
-
-#if (PHNT_VERSION < PHNT_VISTA)
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAllocateFromPeb(
- _In_ ULONG Size,
- _Out_ PVOID *Block
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlFreeToPeb(
- _In_ PVOID Block,
- _In_ ULONG Size
- );
-#endif
-
-// Processes
-
-typedef struct _CURDIR
-{
- UNICODE_STRING DosPath;
- HANDLE Handle;
-} CURDIR, *PCURDIR;
-
-#define RTL_USER_PROC_CURDIR_CLOSE 0x00000002
-#define RTL_USER_PROC_CURDIR_INHERIT 0x00000003
-
-typedef struct _RTL_DRIVE_LETTER_CURDIR
-{
- USHORT Flags;
- USHORT Length;
- ULONG TimeStamp;
- STRING DosPath;
-} RTL_DRIVE_LETTER_CURDIR, *PRTL_DRIVE_LETTER_CURDIR;
-
-#define RTL_MAX_DRIVE_LETTERS 32
-#define RTL_DRIVE_LETTER_VALID (USHORT)0x0001
-
-typedef struct _RTL_USER_PROCESS_PARAMETERS
-{
- ULONG MaximumLength;
- ULONG Length;
-
- ULONG Flags;
- ULONG DebugFlags;
-
- HANDLE ConsoleHandle;
- ULONG ConsoleFlags;
- HANDLE StandardInput;
- HANDLE StandardOutput;
- HANDLE StandardError;
-
- CURDIR CurrentDirectory;
- UNICODE_STRING DllPath;
- UNICODE_STRING ImagePathName;
- UNICODE_STRING CommandLine;
- PVOID Environment;
-
- ULONG StartingX;
- ULONG StartingY;
- ULONG CountX;
- ULONG CountY;
- ULONG CountCharsX;
- ULONG CountCharsY;
- ULONG FillAttribute;
-
- ULONG WindowFlags;
- ULONG ShowWindowFlags;
- UNICODE_STRING WindowTitle;
- UNICODE_STRING DesktopInfo;
- UNICODE_STRING ShellInfo;
- UNICODE_STRING RuntimeData;
- RTL_DRIVE_LETTER_CURDIR CurrentDirectories[RTL_MAX_DRIVE_LETTERS];
-
- ULONG_PTR EnvironmentSize;
- ULONG_PTR EnvironmentVersion;
-
- PVOID PackageDependencyData;
- ULONG ProcessGroupId;
- ULONG LoaderThreads;
-
- UNICODE_STRING RedirectionDllName; // REDSTONE4
- UNICODE_STRING HeapPartitionName; // 19H1
- ULONG_PTR DefaultThreadpoolCpuSetMasks;
- ULONG DefaultThreadpoolCpuSetMaskCount;
- ULONG DefaultThreadpoolThreadMaximum;
- ULONG HeapMemoryTypeMask; // WIN11
-} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;
-
-#define RTL_USER_PROC_PARAMS_NORMALIZED 0x00000001
-#define RTL_USER_PROC_PROFILE_USER 0x00000002
-#define RTL_USER_PROC_PROFILE_KERNEL 0x00000004
-#define RTL_USER_PROC_PROFILE_SERVER 0x00000008
-#define RTL_USER_PROC_RESERVE_1MB 0x00000020
-#define RTL_USER_PROC_RESERVE_16MB 0x00000040
-#define RTL_USER_PROC_CASE_SENSITIVE 0x00000080
-#define RTL_USER_PROC_DISABLE_HEAP_DECOMMIT 0x00000100
-#define RTL_USER_PROC_DLL_REDIRECTION_LOCAL 0x00001000
-#define RTL_USER_PROC_APP_MANIFEST_PRESENT 0x00002000
-#define RTL_USER_PROC_IMAGE_KEY_MISSING 0x00004000
-#define RTL_USER_PROC_OPTIN_PROCESS 0x00020000
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCreateProcessParameters(
- _Out_ PRTL_USER_PROCESS_PARAMETERS *pProcessParameters,
- _In_ PUNICODE_STRING ImagePathName,
- _In_opt_ PUNICODE_STRING DllPath,
- _In_opt_ PUNICODE_STRING CurrentDirectory,
- _In_opt_ PUNICODE_STRING CommandLine,
- _In_opt_ PVOID Environment,
- _In_opt_ PUNICODE_STRING WindowTitle,
- _In_opt_ PUNICODE_STRING DesktopInfo,
- _In_opt_ PUNICODE_STRING ShellInfo,
- _In_opt_ PUNICODE_STRING RuntimeData
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCreateProcessParametersEx(
- _Out_ PRTL_USER_PROCESS_PARAMETERS *pProcessParameters,
- _In_ PUNICODE_STRING ImagePathName,
- _In_opt_ PUNICODE_STRING DllPath,
- _In_opt_ PUNICODE_STRING CurrentDirectory,
- _In_opt_ PUNICODE_STRING CommandLine,
- _In_opt_ PVOID Environment,
- _In_opt_ PUNICODE_STRING WindowTitle,
- _In_opt_ PUNICODE_STRING DesktopInfo,
- _In_opt_ PUNICODE_STRING ShellInfo,
- _In_opt_ PUNICODE_STRING RuntimeData,
- _In_ ULONG Flags // pass RTL_USER_PROC_PARAMS_NORMALIZED to keep parameters normalized
- );
-#endif
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDestroyProcessParameters(
- _In_ _Post_invalid_ PRTL_USER_PROCESS_PARAMETERS ProcessParameters
- );
-
-NTSYSAPI
-PRTL_USER_PROCESS_PARAMETERS
-NTAPI
-RtlNormalizeProcessParams(
- _Inout_ PRTL_USER_PROCESS_PARAMETERS ProcessParameters
- );
-
-NTSYSAPI
-PRTL_USER_PROCESS_PARAMETERS
-NTAPI
-RtlDeNormalizeProcessParams(
- _Inout_ PRTL_USER_PROCESS_PARAMETERS ProcessParameters
- );
-
-typedef struct _RTL_USER_PROCESS_INFORMATION
-{
- ULONG Length;
- HANDLE ProcessHandle;
- HANDLE ThreadHandle;
- CLIENT_ID ClientId;
- SECTION_IMAGE_INFORMATION ImageInformation;
-} RTL_USER_PROCESS_INFORMATION, *PRTL_USER_PROCESS_INFORMATION;
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCreateUserProcess(
- _In_ PUNICODE_STRING NtImagePathName,
- _In_ ULONG AttributesDeprecated,
- _In_ PRTL_USER_PROCESS_PARAMETERS ProcessParameters,
- _In_opt_ PSECURITY_DESCRIPTOR ProcessSecurityDescriptor,
- _In_opt_ PSECURITY_DESCRIPTOR ThreadSecurityDescriptor,
- _In_opt_ HANDLE ParentProcess,
- _In_ BOOLEAN InheritHandles,
- _In_opt_ HANDLE DebugPort,
- _In_opt_ HANDLE TokenHandle, // used to be ExceptionPort
- _Out_ PRTL_USER_PROCESS_INFORMATION ProcessInformation
- );
-
-#if (PHNT_VERSION >= PHNT_REDSTONE2)
-
-#define RTL_USER_PROCESS_EXTENDED_PARAMETERS_VERSION 1
-
-// private
-typedef struct _RTL_USER_PROCESS_EXTENDED_PARAMETERS
-{
- USHORT Version;
- USHORT NodeNumber;
- PSECURITY_DESCRIPTOR ProcessSecurityDescriptor;
- PSECURITY_DESCRIPTOR ThreadSecurityDescriptor;
- HANDLE ParentProcess;
- HANDLE DebugPort;
- HANDLE TokenHandle;
- HANDLE JobHandle;
-} RTL_USER_PROCESS_EXTENDED_PARAMETERS, *PRTL_USER_PROCESS_EXTENDED_PARAMETERS;
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCreateUserProcessEx(
- _In_ PUNICODE_STRING NtImagePathName,
- _In_ PRTL_USER_PROCESS_PARAMETERS ProcessParameters,
- _In_ BOOLEAN InheritHandles,
- _In_opt_ PRTL_USER_PROCESS_EXTENDED_PARAMETERS ProcessExtendedParameters,
- _Out_ PRTL_USER_PROCESS_INFORMATION ProcessInformation
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-DECLSPEC_NORETURN
-NTSYSAPI
-VOID
-NTAPI
-RtlExitUserProcess(
- _In_ NTSTATUS ExitStatus
- );
-#else
-
-#define RtlExitUserProcess RtlExitUserProcess_R
-
-DECLSPEC_NORETURN
-FORCEINLINE VOID RtlExitUserProcess_R(
- _In_ NTSTATUS ExitStatus
- )
-{
- ExitProcess(ExitStatus);
-}
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-// begin_rev
-#define RTL_CLONE_PROCESS_FLAGS_CREATE_SUSPENDED 0x00000001
-#define RTL_CLONE_PROCESS_FLAGS_INHERIT_HANDLES 0x00000002
-#define RTL_CLONE_PROCESS_FLAGS_NO_SYNCHRONIZE 0x00000004 // don't update synchronization objects
-// end_rev
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCloneUserProcess(
- _In_ ULONG ProcessFlags,
- _In_opt_ PSECURITY_DESCRIPTOR ProcessSecurityDescriptor,
- _In_opt_ PSECURITY_DESCRIPTOR ThreadSecurityDescriptor,
- _In_opt_ HANDLE DebugPort,
- _Out_ PRTL_USER_PROCESS_INFORMATION ProcessInformation
- );
-
-// private
-NTSYSAPI
-VOID
-NTAPI
-RtlUpdateClonedCriticalSection(
- _Inout_ PRTL_CRITICAL_SECTION CriticalSection
- );
-
-// private
-NTSYSAPI
-VOID
-NTAPI
-RtlUpdateClonedSRWLock(
- _Inout_ PRTL_SRWLOCK SRWLock,
- _In_ LOGICAL Shared // TRUE to set to shared acquire
- );
-
-// rev
-#define RTL_PROCESS_REFLECTION_FLAGS_INHERIT_HANDLES 0x2
-#define RTL_PROCESS_REFLECTION_FLAGS_NO_SUSPEND 0x4
-#define RTL_PROCESS_REFLECTION_FLAGS_NO_SYNCHRONIZE 0x8
-#define RTL_PROCESS_REFLECTION_FLAGS_NO_CLOSE_EVENT 0x10
-
-// private
-typedef struct _RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION
-{
- HANDLE ReflectionProcessHandle;
- HANDLE ReflectionThreadHandle;
- CLIENT_ID ReflectionClientId;
-} RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION, *PRTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION;
-
-typedef RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION PROCESS_REFLECTION_INFORMATION, *PPROCESS_REFLECTION_INFORMATION;
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCreateProcessReflection(
- _In_ HANDLE ProcessHandle,
- _In_ ULONG Flags, // RTL_PROCESS_REFLECTION_FLAGS_*
- _In_opt_ PVOID StartRoutine,
- _In_opt_ PVOID StartContext,
- _In_opt_ HANDLE EventHandle,
- _Out_opt_ PRTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION ReflectionInformation
- );
-#endif
-
-#endif
-
-NTSYSAPI
-NTSTATUS
-STDAPIVCALLTYPE
-RtlSetProcessIsCritical(
- _In_ BOOLEAN NewValue,
- _Out_opt_ PBOOLEAN OldValue,
- _In_ BOOLEAN CheckFlag
- );
-
-NTSYSAPI
-NTSTATUS
-STDAPIVCALLTYPE
-RtlSetThreadIsCritical(
- _In_ BOOLEAN NewValue,
- _Out_opt_ PBOOLEAN OldValue,
- _In_ BOOLEAN CheckFlag
- );
-
-// rev
-NTSYSAPI
-PVOID
-NTAPI
-RtlSetThreadSubProcessTag(
- _In_ PVOID SubProcessTag
- );
-
-// rev
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlValidProcessProtection(
- _In_ PS_PROTECTION ProcessProtection
- );
-
-// rev
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlTestProtectedAccess(
- _In_ PS_PROTECTION Source,
- _In_ PS_PROTECTION Target
- );
-
-#if (PHNT_VERSION >= PHNT_REDSTONE3)
-// rev
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsCurrentProcess( // NtCompareObjects(NtCurrentProcess(), ProcessHandle)
- _In_ HANDLE ProcessHandle
- );
-
-// rev
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsCurrentThread( // NtCompareObjects(NtCurrentThread(), ThreadHandle)
- _In_ HANDLE ThreadHandle
- );
-#endif
-
-// Threads
-
-typedef NTSTATUS (NTAPI *PUSER_THREAD_START_ROUTINE)(
- _In_ PVOID ThreadParameter
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCreateUserThread(
- _In_ HANDLE ProcessHandle,
- _In_opt_ PSECURITY_DESCRIPTOR ThreadSecurityDescriptor,
- _In_ BOOLEAN CreateSuspended,
- _In_opt_ ULONG ZeroBits,
- _In_opt_ SIZE_T MaximumStackSize,
- _In_opt_ SIZE_T CommittedStackSize,
- _In_ PUSER_THREAD_START_ROUTINE StartAddress,
- _In_opt_ PVOID Parameter,
- _Out_opt_ PHANDLE ThreadHandle,
- _Out_opt_ PCLIENT_ID ClientId
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA) // should be PHNT_WINXP, but is PHNT_VISTA for consistency with RtlExitUserProcess
-DECLSPEC_NORETURN
-NTSYSAPI
-VOID
-NTAPI
-RtlExitUserThread(
- _In_ NTSTATUS ExitStatus
- );
-#else
-
-#define RtlExitUserThread RtlExitUserThread_R
-
-DECLSPEC_NORETURN
-FORCEINLINE VOID RtlExitUserThread_R(
- _In_ NTSTATUS ExitStatus
- )
-{
- ExitThread(ExitStatus);
-}
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-// rev
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsCurrentThreadAttachExempt(
- VOID
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCreateUserStack(
- _In_opt_ SIZE_T CommittedStackSize,
- _In_opt_ SIZE_T MaximumStackSize,
- _In_opt_ ULONG_PTR ZeroBits,
- _In_ SIZE_T PageSize,
- _In_ ULONG_PTR ReserveAlignment,
- _Out_ PINITIAL_TEB InitialTeb
- );
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlFreeUserStack(
- _In_ PVOID AllocationBase
- );
-
-#endif
-
-// Extended thread context
-
-typedef struct _CONTEXT_CHUNK
-{
- LONG Offset; // Offset may be negative.
- ULONG Length;
-} CONTEXT_CHUNK, *PCONTEXT_CHUNK;
-
-typedef struct _CONTEXT_EX
-{
- CONTEXT_CHUNK All;
- CONTEXT_CHUNK Legacy;
- CONTEXT_CHUNK XState;
- CONTEXT_CHUNK KernelCet;
-} CONTEXT_EX, *PCONTEXT_EX;
-
-#if defined(_AMD64_) || defined(_ARM64_) || defined(_ARM64EC_)
-#define CONTEXT_ALIGN 0x10
-#else
-#define CONTEXT_ALIGN 0x8
-#endif
-
-#if defined(_AMD64_)
-#define CONTEXT_FRAME_LENGTH 0x4D0
-#define CONTEXT_EX_PADDING 0x10
-#elif defined(_ARM64_) || defined(_ARM64EC_)
-#define CONTEXT_FRAME_LENGTH 0x390
-#define CONTEXT_EX_PADDING 0x10
-#elif defined(_M_ARM)
-#define CONTEXT_FRAME_LENGTH 0x1a0
-#define CONTEXT_EX_PADDING 0x8
-#else
-#define CONTEXT_FRAME_LENGTH 0x2CC
-#define CONTEXT_EX_PADDING 0x4
-#endif
-
-#define CONTEXT_ALIGNMENT(Size, Align) \
- (((ULONG_PTR)(Size) + (Align) - 1) & ~((Align) - 1))
-
-#define CONTEXT_EX_LENGTH \
- CONTEXT_ALIGNMENT(sizeof(CONTEXT_EX), CONTEXT_ALIGN)
-
-C_ASSERT(CONTEXT_FRAME_LENGTH == sizeof(CONTEXT));
-C_ASSERT(CONTEXT_EX_LENGTH == 0x20);
-
-#define RTL_CONTEXT_EX_OFFSET(ContextEx, Chunk) ((ContextEx)->Chunk.Offset)
-#define RTL_CONTEXT_EX_LENGTH(ContextEx, Chunk) ((ContextEx)->Chunk.Length)
-#define RTL_CONTEXT_EX_CHUNK(Base, Layout, Chunk) ((PVOID)((PCHAR)(Base) + RTL_CONTEXT_EX_OFFSET(Layout, Chunk)))
-#define RTL_CONTEXT_OFFSET(Context, Chunk) RTL_CONTEXT_EX_OFFSET((PCONTEXT_EX)(Context + 1), Chunk)
-#define RTL_CONTEXT_LENGTH(Context, Chunk) RTL_CONTEXT_EX_LENGTH((PCONTEXT_EX)(Context + 1), Chunk)
-#define RTL_CONTEXT_CHUNK(Context, Chunk) RTL_CONTEXT_EX_CHUNK((PCONTEXT_EX)(Context + 1), (PCONTEXT_EX)(Context + 1), Chunk)
-
-#if defined(_M_AMD64)
-// returns constant 0xf0e0d0c0a0908070 (dmex)
-NTSYSAPI
-ULONG64
-NTAPI
-RtlInitializeContext(
- _Reserved_ HANDLE Reserved,
- _Out_ PCONTEXT Context,
- _In_opt_ PVOID Parameter,
- _In_opt_ PVOID InitialPc,
- _In_opt_ PVOID InitialSp
- );
-#else
-// returns status of NtWriteVirtualMemory (dmex)
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlInitializeContext(
- _In_ HANDLE ProcessHandle,
- _Out_ PCONTEXT Context,
- _In_opt_ PVOID Parameter,
- _In_opt_ PVOID InitialPc,
- _In_opt_ PVOID InitialSp
- );
-#endif
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlInitializeExtendedContext(
- _Out_ PCONTEXT Context,
- _In_ ULONG ContextFlags,
- _Out_ PCONTEXT_EX* ContextEx
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlInitializeExtendedContext2(
- _Out_ PCONTEXT Context,
- _In_ ULONG ContextFlags,
- _Out_ PCONTEXT_EX* ContextEx,
- _In_ ULONG64 EnabledExtendedFeatures // RtlGetEnabledExtendedFeatures(-1)
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCopyContext(
- _Inout_ PCONTEXT Context,
- _In_ ULONG ContextFlags,
- _Out_ PCONTEXT Source
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCopyExtendedContext(
- _Out_ PCONTEXT_EX Destination,
- _In_ ULONG ContextFlags,
- _In_ PCONTEXT_EX Source
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetExtendedContextLength(
- _In_ ULONG ContextFlags,
- _Out_ PULONG ContextLength
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetExtendedContextLength2(
- _In_ ULONG ContextFlags,
- _Out_ PULONG ContextLength,
- _In_ ULONG64 EnabledExtendedFeatures // RtlGetEnabledExtendedFeatures(-1)
- );
-
-NTSYSAPI
-ULONG64
-NTAPI
-RtlGetExtendedFeaturesMask(
- _In_ PCONTEXT_EX ContextEx
- );
-
-NTSYSAPI
-PVOID
-NTAPI
-RtlLocateExtendedFeature(
- _In_ PCONTEXT_EX ContextEx,
- _In_ ULONG FeatureId,
- _Out_opt_ PULONG Length
- );
-
-NTSYSAPI
-PCONTEXT
-NTAPI
-RtlLocateLegacyContext(
- _In_ PCONTEXT_EX ContextEx,
- _Out_opt_ PULONG Length
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlSetExtendedFeaturesMask(
- _In_ PCONTEXT_EX ContextEx,
- _In_ ULONG64 FeatureMask
- );
-
-#ifdef _WIN64
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlWow64GetThreadContext(
- _In_ HANDLE ThreadHandle,
- _Inout_ PWOW64_CONTEXT ThreadContext
- );
-#endif
-
-#ifdef _WIN64
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlWow64SetThreadContext(
- _In_ HANDLE ThreadHandle,
- _In_ PWOW64_CONTEXT ThreadContext
- );
-#endif
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlRemoteCall(
- _In_ HANDLE ProcessHandle,
- _In_ HANDLE ThreadHandle,
- _In_ PVOID CallSite,
- _In_ ULONG ArgumentCount,
- _In_opt_ PULONG_PTR Arguments,
- _In_ BOOLEAN PassContext,
- _In_ BOOLEAN AlreadySuspended
- );
-
-// Vectored Exception Handlers
-
-NTSYSAPI
-PVOID
-NTAPI
-RtlAddVectoredExceptionHandler(
- _In_ ULONG First,
- _In_ PVECTORED_EXCEPTION_HANDLER Handler
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlRemoveVectoredExceptionHandler(
- _In_ PVOID Handle
- );
-
-NTSYSAPI
-PVOID
-NTAPI
-RtlAddVectoredContinueHandler(
- _In_ ULONG First,
- _In_ PVECTORED_EXCEPTION_HANDLER Handler
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlRemoveVectoredContinueHandler(
- _In_ PVOID Handle
- );
-
-// Runtime exception handling
-
-typedef ULONG (NTAPI *PRTLP_UNHANDLED_EXCEPTION_FILTER)(
- _In_ PEXCEPTION_POINTERS ExceptionInfo
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlSetUnhandledExceptionFilter(
- _In_ PRTLP_UNHANDLED_EXCEPTION_FILTER UnhandledExceptionFilter
- );
-
-// rev
-NTSYSAPI
-LONG
-NTAPI
-RtlUnhandledExceptionFilter(
- _In_ PEXCEPTION_POINTERS ExceptionPointers
- );
-
-// rev
-NTSYSAPI
-LONG
-NTAPI
-RtlUnhandledExceptionFilter2(
- _In_ PEXCEPTION_POINTERS ExceptionPointers,
- _In_ ULONG Flags
- );
-
-// rev
-NTSYSAPI
-LONG
-NTAPI
-RtlKnownExceptionFilter(
- _In_ PEXCEPTION_POINTERS ExceptionPointers
- );
-
-#ifdef _WIN64
-
-// private
-typedef enum _FUNCTION_TABLE_TYPE
-{
- RF_SORTED,
- RF_UNSORTED,
- RF_CALLBACK,
- RF_KERNEL_DYNAMIC
-} FUNCTION_TABLE_TYPE;
-
-// private
-typedef struct _DYNAMIC_FUNCTION_TABLE
-{
- LIST_ENTRY ListEntry;
- PRUNTIME_FUNCTION FunctionTable;
- LARGE_INTEGER TimeStamp;
- ULONG64 MinimumAddress;
- ULONG64 MaximumAddress;
- ULONG64 BaseAddress;
- PGET_RUNTIME_FUNCTION_CALLBACK Callback;
- PVOID Context;
- PWSTR OutOfProcessCallbackDll;
- FUNCTION_TABLE_TYPE Type;
- ULONG EntryCount;
- RTL_BALANCED_NODE TreeNodeMin;
- RTL_BALANCED_NODE TreeNodeMax;
-} DYNAMIC_FUNCTION_TABLE, *PDYNAMIC_FUNCTION_TABLE;
-
-// rev
-NTSYSAPI
-PLIST_ENTRY
-NTAPI
-RtlGetFunctionTableListHead(
- VOID
- );
-
-#endif
-
-// Activation Contexts
-
-#define INVALID_ACTIVATION_CONTEXT ((HANDLE)(LONG_PTR)-1)
-#define ACTCTX_PROCESS_DEFAULT ((HANDLE)(LONG_PTR)0)
-#define ACTCTX_EMPTY ((HANDLE)(LONG_PTR)-3)
-#define ACTCTX_SYSTEM_DEFAULT ((HANDLE)(LONG_PTR)-4)
-#define IS_SPECIAL_ACTCTX(x) (((((LONG_PTR)(x)) - 1) | 7) == -1)
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetActiveActivationContext(
- _Out_ PACTIVATION_CONTEXT ActivationContext
- );
-
-// private
-NTSYSAPI
-VOID
-NTAPI
-RtlAddRefActivationContext(
- _In_ PACTIVATION_CONTEXT ActivationContext
- );
-
-// private
-NTSYSAPI
-VOID
-NTAPI
-RtlReleaseActivationContext(
- _In_ PACTIVATION_CONTEXT ActivationContext
- );
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlZombifyActivationContext(
- _In_ PACTIVATION_CONTEXT ActivationContext
- );
-
-// private
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsActivationContextActive(
- _In_ PACTIVATION_CONTEXT ActivationContext
- );
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlActivateActivationContext(
- _Reserved_ ULONG Flags,
- _In_ PACTIVATION_CONTEXT ActivationContext,
- _Out_ PULONG_PTR Cookie
- );
-
-#define RTL_ACTIVATE_ACTIVATION_CONTEXT_EX_FLAG_RELEASE_ON_STACK_DEALLOCATION 0x00000001
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlActivateActivationContextEx(
- _In_ ULONG Flags,
- _In_ PTEB Teb,
- _In_ PACTIVATION_CONTEXT ActivationContext,
- _Out_ PULONG_PTR Cookie
- );
-
-#define RTL_DEACTIVATE_ACTIVATION_CONTEXT_FLAG_FORCE_EARLY_DEACTIVATION 0x00000001
-
-// private
-NTSYSAPI
-VOID
-NTAPI
-RtlDeactivateActivationContext(
- _In_ ULONG Flags,
- _In_ ULONG_PTR Cookie
- );
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCreateActivationContext(
- _Reserved_ ULONG Flags,
- _In_ PACTIVATION_CONTEXT_DATA ActivationContextData,
- _In_opt_ ULONG ExtraBytes,
- _In_opt_ PACTIVATION_CONTEXT_NOTIFY_ROUTINE NotificationRoutine,
- _In_opt_ PVOID NotificationContext,
- _Out_ PACTIVATION_CONTEXT *ActivationContext
- );
-
-#define FIND_ACTIVATION_CONTEXT_SECTION_KEY_RETURN_ACTIVATION_CONTEXT 0x00000001
-#define FIND_ACTIVATION_CONTEXT_SECTION_KEY_RETURN_FLAGS 0x00000002
-#define FIND_ACTIVATION_CONTEXT_SECTION_KEY_RETURN_ASSEMBLY_METADATA 0x00000004
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlFindActivationContextSectionString(
- _In_ ULONG Flags,
- _In_opt_ PGUID ExtensionGuid,
- _In_ ULONG SectionId, // ACTIVATION_CONTEXT_SECTION_*
- _In_ PUNICODE_STRING StringToFind,
- _Inout_ PACTCTX_SECTION_KEYED_DATA ReturnedData
- );
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlFindActivationContextSectionGuid(
- _In_ ULONG Flags,
- _In_opt_ PGUID ExtensionGuid,
- _In_ ULONG SectionId, // ACTIVATION_CONTEXT_SECTION_*
- _In_ PGUID GuidToFind,
- _Inout_ PACTCTX_SECTION_KEYED_DATA ReturnedData
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueryActivationContextApplicationSettings(
- _Reserved_ ULONG Flags,
- _In_ PACTIVATION_CONTEXT ActivationContext,
- _In_ PWSTR SettingsNameSpace,
- _In_ PWSTR SettingName,
- _Out_writes_bytes_(BufferLength) PWSTR Buffer,
- _In_ SIZE_T BufferLength,
- _Out_opt_ PSIZE_T RequiredLength
- );
-
-// ACTIVATION_CONTEXT_INFO_CLASS
-// ActivationContextBasicInformation // q: ACTIVATION_CONTEXT_BASIC_INFORMATION
-// ActivationContextDetailedInformation // q: ACTIVATION_CONTEXT_DETAILED_INFORMATION
-// AssemblyDetailedInformationInActivationContext // q: ACTIVATION_CONTEXT_ASSEMBLY_DETAILED_INFORMATION
-// FileInformationInAssemblyOfAssemblyInActivationContext // q: ASSEMBLY_FILE_DETAILED_INFORMATION
-// RunlevelInformationInActivationContext // q: ACTIVATION_CONTEXT_RUN_LEVEL_INFORMATION
-// CompatibilityInformationInActivationContext // q: ACTIVATION_CONTEXT_COMPATIBILITY_INFORMATION[_LEGACY]
-// ActivationContextManifestResourceName // q: ULONG
-
-#define RTL_QUERY_INFORMATION_ACTIVATION_CONTEXT_FLAG_USE_ACTIVE_ACTIVATION_CONTEXT 0x00000001
-#define RTL_QUERY_INFORMATION_ACTIVATION_CONTEXT_FLAG_ACTIVATION_CONTEXT_IS_MODULE 0x00000002
-#define RTL_QUERY_INFORMATION_ACTIVATION_CONTEXT_FLAG_ACTIVATION_CONTEXT_IS_ADDRESS 0x00000004
-#define RTL_QUERY_INFORMATION_ACTIVATION_CONTEXT_FLAG_NO_ADDREF 0x80000000
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueryInformationActivationContext(
- _In_ ULONG Flags,
- _In_opt_ PACTIVATION_CONTEXT ActivationContext,
- _In_opt_ PACTIVATION_CONTEXT_QUERY_INDEX SubInstanceIndex,
- _In_ ACTIVATION_CONTEXT_INFO_CLASS ActivationContextInformationClass,
- _Out_writes_bytes_(ActivationContextInformationLength) PVOID ActivationContextInformation,
- _In_ SIZE_T ActivationContextInformationLength,
- _Out_opt_ PSIZE_T ReturnLength
- );
-
-#ifdef PHNT_INLINE_ACTIVE_ACTIVATION_CONTEXT
-// private
-FORCEINLINE
-NTSTATUS
-NTAPI
-RtlQueryInformationActiveActivationContext(
- _In_ ACTIVATION_CONTEXT_INFO_CLASS ActivationContextInformationClass,
- _Out_writes_bytes_(ActivationContextInformationLength) PVOID ActivationContextInformation,
- _In_ SIZE_T ActivationContextInformationLength,
- _Out_opt_ PSIZE_T ReturnLength
- )
-{
- return RtlQueryInformationActivationContext(
- RTL_QUERY_INFORMATION_ACTIVATION_CONTEXT_FLAG_USE_ACTIVE_ACTIVATION_CONTEXT,
- NULL,
- 0,
- ActivationContextInformationClass,
- ActivationContextInformation,
- ActivationContextInformationLength,
- ReturnLength
- );
-}
-#else
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueryInformationActiveActivationContext(
- _In_ ACTIVATION_CONTEXT_INFO_CLASS ActivationContextInformationClass,
- _Out_writes_bytes_(ActivationContextInformationLength) PVOID ActivationContextInformation,
- _In_ SIZE_T ActivationContextInformationLength,
- _Out_opt_ PSIZE_T ReturnLength
- );
-#endif
-
-// Images
-
-NTSYSAPI
-PIMAGE_NT_HEADERS
-NTAPI
-RtlImageNtHeader(
- _In_ PVOID BaseOfImage
- );
-
-#define RTL_IMAGE_NT_HEADER_EX_FLAG_NO_RANGE_CHECK 0x00000001
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlImageNtHeaderEx(
- _In_ ULONG Flags,
- _In_ PVOID BaseOfImage,
- _In_ ULONG64 Size,
- _Out_ PIMAGE_NT_HEADERS *OutHeaders
- );
-
-NTSYSAPI
-PVOID
-NTAPI
-RtlAddressInSectionTable(
- _In_ PIMAGE_NT_HEADERS NtHeaders,
- _In_ PVOID BaseOfImage,
- _In_ ULONG VirtualAddress
- );
-
-NTSYSAPI
-PIMAGE_SECTION_HEADER
-NTAPI
-RtlSectionTableFromVirtualAddress(
- _In_ PIMAGE_NT_HEADERS NtHeaders,
- _In_ PVOID BaseOfImage,
- _In_ ULONG VirtualAddress
- );
-
-NTSYSAPI
-PVOID
-NTAPI
-RtlImageDirectoryEntryToData(
- _In_ PVOID BaseOfImage,
- _In_ BOOLEAN MappedAsImage,
- _In_ USHORT DirectoryEntry,
- _Out_ PULONG Size
- );
-
-NTSYSAPI
-PIMAGE_SECTION_HEADER
-NTAPI
-RtlImageRvaToSection(
- _In_ PIMAGE_NT_HEADERS NtHeaders,
- _In_ PVOID BaseOfImage,
- _In_ ULONG Rva
- );
-
-NTSYSAPI
-PVOID
-NTAPI
-RtlImageRvaToVa(
- _In_ PIMAGE_NT_HEADERS NtHeaders,
- _In_ PVOID BaseOfImage,
- _In_ ULONG Rva,
- _Out_opt_ PIMAGE_SECTION_HEADER *LastRvaSection
- );
-
-#if (PHNT_VERSION >= PHNT_REDSTONE)
-
-// rev
-NTSYSAPI
-PVOID
-NTAPI
-RtlFindExportedRoutineByName(
- _In_ PVOID BaseOfImage,
- _In_ PCSTR RoutineName
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGuardCheckLongJumpTarget(
- _In_ PVOID PcValue,
- _In_ BOOL IsFastFail,
- _Out_ PBOOL IsLongJumpTarget
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN11_22H2)
-NTSYSAPI
-VOID
-NTAPI
-RtlValidateUserCallTarget(
- _In_ PVOID Address,
- _Out_ PULONG Flags
- );
-#endif
-
-// Memory
-
-_Must_inspect_result_
-NTSYSAPI
-SIZE_T
-NTAPI
-RtlCompareMemoryUlong(
- _In_reads_bytes_(Length) PVOID Source,
- _In_ SIZE_T Length,
- _In_ ULONG Pattern
- );
-
-#if defined(_M_AMD64)
-FORCEINLINE
-VOID
-RtlFillMemoryUlong(
- _Out_writes_bytes_all_(Length) PVOID Destination,
- _In_ SIZE_T Length,
- _In_ ULONG Pattern
- )
-{
- PULONG Address = (PULONG)Destination;
-
- //
- // If the number of DWORDs is not zero, then fill the specified buffer
- // with the specified pattern.
- //
-
- if ((Length /= 4) != 0) {
-
- //
- // If the destination is not quadword aligned (ignoring low bits),
- // then align the destination by storing one DWORD.
- //
-
- if (((ULONG64)Address & 4) != 0) {
- *Address = Pattern;
- if ((Length -= 1) == 0) {
- return;
- }
-
- Address += 1;
- }
-
- //
- // If the number of QWORDs is not zero, then fill the destination
- // buffer a QWORD at a time.
- //
-
- __stosq((PULONG64)(Address),
- Pattern | ((ULONG64)Pattern << 32),
- Length / 2);
-
- if ((Length & 1) != 0) {
- Address[Length - 1] = Pattern;
- }
- }
-
- return;
-}
-#else
-NTSYSAPI
-VOID
-NTAPI
-RtlFillMemoryUlong(
- _Out_writes_bytes_all_(Length) PVOID Destination,
- _In_ SIZE_T Length,
- _In_ ULONG Pattern
- );
-#endif
-
-#if defined(_M_AMD64)
-
-#define RtlFillMemoryUlonglong(Destination, Length, Pattern) \
- __stosq((PULONG64)(Destination), Pattern, (Length) / 8)
-
-#else
-NTSYSAPI
-VOID
-NTAPI
-RtlFillMemoryUlonglong(
- _Out_writes_bytes_all_(Length) PVOID Destination,
- _In_ SIZE_T Length,
- _In_ ULONGLONG Pattern
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_19H2)
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsZeroMemory(
- _In_ PVOID Buffer,
- _In_ SIZE_T Length
- );
-#endif
-
-// Environment
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCreateEnvironment(
- _In_ BOOLEAN CloneCurrentEnvironment,
- _Out_ PVOID *Environment
- );
-
-// begin_rev
-#define RTL_CREATE_ENVIRONMENT_TRANSLATE 0x1 // translate from multi-byte to Unicode
-#define RTL_CREATE_ENVIRONMENT_TRANSLATE_FROM_OEM 0x2 // translate from OEM to Unicode (Translate flag must also be set)
-#define RTL_CREATE_ENVIRONMENT_EMPTY 0x4 // create empty environment block
-// end_rev
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCreateEnvironmentEx(
- _In_opt_ PVOID SourceEnvironment,
- _Out_ PVOID *Environment,
- _In_ ULONG Flags
- );
-#endif
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDestroyEnvironment(
- _In_ _Post_invalid_ PVOID Environment
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetCurrentEnvironment(
- _In_ PVOID Environment,
- _Out_opt_ PVOID *PreviousEnvironment
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetEnvironmentVar(
- _Inout_opt_ PVOID *Environment,
- _In_reads_(NameLength) PCWSTR Name,
- _In_ SIZE_T NameLength,
- _In_reads_(ValueLength) PCWSTR Value,
- _In_opt_ SIZE_T ValueLength
- );
-#endif
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetEnvironmentVariable(
- _Inout_opt_ PVOID *Environment,
- _In_ PUNICODE_STRING Name,
- _In_opt_ PUNICODE_STRING Value
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueryEnvironmentVariable(
- _In_opt_ PVOID Environment,
- _In_reads_(NameLength) PCWSTR Name,
- _In_ SIZE_T NameLength,
- _Out_writes_opt_(ValueLength) PWSTR Value,
- _In_opt_ SIZE_T ValueLength,
- _Out_ PSIZE_T ReturnLength
- );
-#endif
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueryEnvironmentVariable_U(
- _In_opt_ PVOID Environment,
- _In_ PUNICODE_STRING Name,
- _Inout_ PUNICODE_STRING Value
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlExpandEnvironmentStrings(
- _In_opt_ PVOID Environment,
- _In_reads_(SourceLength) PCWSTR Source,
- _In_ SIZE_T SourceLength,
- _Out_writes_(DestinationLength) PWSTR Destination,
- _In_ SIZE_T DestinationLength,
- _Out_opt_ PSIZE_T ReturnLength
- );
-#endif
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlExpandEnvironmentStrings_U(
- _In_opt_ PVOID Environment,
- _In_ PUNICODE_STRING Source,
- _Inout_ PUNICODE_STRING Destination,
- _Out_opt_ PULONG ReturnedLength
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetEnvironmentStrings(
- _In_ PCWCHAR NewEnvironment,
- _In_ SIZE_T NewEnvironmentSize
- );
-
-// Directory and path support
-
-typedef struct _RTLP_CURDIR_REF
-{
- LONG ReferenceCount;
- HANDLE DirectoryHandle;
-} RTLP_CURDIR_REF, *PRTLP_CURDIR_REF;
-
-typedef struct _RTL_RELATIVE_NAME_U
-{
- UNICODE_STRING RelativeName;
- HANDLE ContainingDirectory;
- PRTLP_CURDIR_REF CurDirRef;
-} RTL_RELATIVE_NAME_U, *PRTL_RELATIVE_NAME_U;
-
-typedef enum _RTL_PATH_TYPE
-{
- RtlPathTypeUnknown,
- RtlPathTypeUncAbsolute,
- RtlPathTypeDriveAbsolute,
- RtlPathTypeDriveRelative,
- RtlPathTypeRooted,
- RtlPathTypeRelative,
- RtlPathTypeLocalDevice,
- RtlPathTypeRootLocalDevice
-} RTL_PATH_TYPE;
-
-// Data exports (ntdll.lib/ntdllp.lib)
-
-NTSYSAPI PWSTR RtlNtdllName;
-NTSYSAPI UNICODE_STRING RtlDosPathSeperatorsString;
-NTSYSAPI UNICODE_STRING RtlAlternateDosPathSeperatorString;
-NTSYSAPI UNICODE_STRING RtlNtPathSeperatorString;
-
-#ifndef PHNT_INLINE_SEPERATOR_STRINGS
-#define RtlNtdllName L"ntdll.dll"
-#define RtlDosPathSeperatorsString ((UNICODE_STRING)RTL_CONSTANT_STRING(L"\\/"))
-#define RtlAlternateDosPathSeperatorString ((UNICODE_STRING)RTL_CONSTANT_STRING(L"/"))
-#define RtlNtPathSeperatorString ((UNICODE_STRING)RTL_CONSTANT_STRING(L"\\"))
-
-#define RtlDosDevicesPrefix ((UNICODE_STRING)RTL_CONSTANT_STRING(L"\\??\\"))
-#define RtlDosDevicesUncPrefix ((UNICODE_STRING)RTL_CONSTANT_STRING(L"\\??\\UNC\\"))
-#define RtlSlashSlashDot ((UNICODE_STRING)RTL_CONSTANT_STRING(L"\\\\.\\"))
-#define RtlNullString ((UNICODE_STRING)RTL_CONSTANT_STRING(L""))
-#define RtlWin32NtRootSlash ((UNICODE_STRING)RTL_CONSTANT_STRING(L"\\\\?\\"))
-#define RtlWin32NtRoot ((UNICODE_STRING)RTL_CONSTANT_STRING(L"\\\\?"))
-#define RtlWin32NtUncRoot ((UNICODE_STRING)RTL_CONSTANT_STRING(L"\\\\?\\UNC"))
-#define RtlWin32NtUncRootSlash ((UNICODE_STRING)RTL_CONSTANT_STRING(L"\\\\?\\UNC\\"))
-#define RtlDefaultExtension ((UNICODE_STRING)RTL_CONSTANT_STRING(L".DLL"))
-#endif
-
-// Path functions
-
-NTSYSAPI
-RTL_PATH_TYPE
-NTAPI
-RtlDetermineDosPathNameType_U(
- _In_ PCWSTR DosFileName
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlIsDosDeviceName_U(
- _In_ PCWSTR DosFileName
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlGetFullPathName_U(
- _In_ PCWSTR FileName,
- _In_ ULONG BufferLength,
- _Out_writes_bytes_(BufferLength) PWSTR Buffer,
- _Out_opt_ PWSTR *FilePart
- );
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetFullPathName_UEx(
- _In_ PCWSTR FileName,
- _In_ ULONG BufferLength,
- _Out_writes_bytes_(BufferLength) PWSTR Buffer,
- _Out_opt_ PWSTR *FilePart,
- _Out_opt_ ULONG *BytesRequired
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WS03)
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetFullPathName_UstrEx(
- _In_ PUNICODE_STRING FileName,
- _Inout_ PUNICODE_STRING StaticString,
- _Out_opt_ PUNICODE_STRING DynamicString,
- _Out_opt_ PUNICODE_STRING *StringUsed,
- _Out_opt_ SIZE_T *FilePartPrefixCch,
- _Out_opt_ PBOOLEAN NameInvalid,
- _Out_ RTL_PATH_TYPE *InputPathType,
- _Out_opt_ SIZE_T *BytesRequired
- );
-#endif
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlGetCurrentDirectory_U(
- _In_ ULONG BufferLength,
- _Out_writes_bytes_(BufferLength) PWSTR Buffer
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetCurrentDirectory_U(
- _In_ PUNICODE_STRING PathName
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlGetLongestNtPathLength(
- VOID
- );
-
-// rev
-typedef struct _RTL_BUFFER
-{
- PUCHAR Buffer;
- PUCHAR StaticBuffer;
- SIZE_T Size;
- SIZE_T StaticSize;
-} RTL_BUFFER, *PRTL_BUFFER;
-
-// rev
-typedef struct _RTL_UNICODE_STRING_BUFFER
-{
- UNICODE_STRING String;
- RTL_BUFFER ByteBuffer;
- UCHAR MinimumStaticBufferForTerminalNul[2];
-} RTL_UNICODE_STRING_BUFFER, *PRTL_UNICODE_STRING_BUFFER;
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlNtPathNameToDosPathName(
- _Reserved_ ULONG Flags,
- _Inout_ PRTL_UNICODE_STRING_BUFFER Path,
- _Out_opt_ PULONG Disposition, // RtlDetermineDosPathNameType_U
- _Out_opt_ PWSTR* FilePart
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlDosPathNameToNtPathName_U(
- _In_ PCWSTR DosFileName,
- _Out_ PUNICODE_STRING NtFileName,
- _Out_opt_ PWSTR *FilePart,
- _Out_opt_ PRTL_RELATIVE_NAME_U RelativeName
- );
-
-#if (PHNT_VERSION >= PHNT_WS03)
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDosPathNameToNtPathName_U_WithStatus(
- _In_ PCWSTR DosFileName,
- _Out_ PUNICODE_STRING NtFileName,
- _Out_opt_ PWSTR *FilePart,
- _Out_opt_ PRTL_RELATIVE_NAME_U RelativeName
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_REDSTONE3)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDosLongPathNameToNtPathName_U_WithStatus(
- _In_ PCWSTR DosFileName,
- _Out_ PUNICODE_STRING NtFileName,
- _Out_opt_ PWSTR *FilePart,
- _Out_opt_ PRTL_RELATIVE_NAME_U RelativeName
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WS03)
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlDosPathNameToRelativeNtPathName_U(
- _In_ PCWSTR DosFileName,
- _Out_ PUNICODE_STRING NtFileName,
- _Out_opt_ PWSTR *FilePart,
- _Out_opt_ PRTL_RELATIVE_NAME_U RelativeName
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WS03)
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDosPathNameToRelativeNtPathName_U_WithStatus(
- _In_ PCWSTR DosFileName,
- _Out_ PUNICODE_STRING NtFileName,
- _Out_opt_ PWSTR *FilePart,
- _Out_opt_ PRTL_RELATIVE_NAME_U RelativeName
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_REDSTONE3)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDosLongPathNameToRelativeNtPathName_U_WithStatus(
- _In_ PCWSTR DosFileName,
- _Out_ PUNICODE_STRING NtFileName,
- _Out_opt_ PWSTR *FilePart,
- _Out_opt_ PRTL_RELATIVE_NAME_U RelativeName
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WS03)
-NTSYSAPI
-VOID
-NTAPI
-RtlReleaseRelativeName(
- _Inout_ PRTL_RELATIVE_NAME_U RelativeName
- );
-#endif
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlDosSearchPath_U(
- _In_ PCWSTR Path,
- _In_ PCWSTR FileName,
- _In_opt_ PCWSTR Extension,
- _In_ ULONG BufferLength,
- _Out_writes_bytes_(BufferLength) PWSTR Buffer,
- _Out_opt_ PWSTR *FilePart
- );
-
-#define RTL_DOS_SEARCH_PATH_FLAG_APPLY_ISOLATION_REDIRECTION 0x00000001
-#define RTL_DOS_SEARCH_PATH_FLAG_DISALLOW_DOT_RELATIVE_PATH_SEARCH 0x00000002
-#define RTL_DOS_SEARCH_PATH_FLAG_APPLY_DEFAULT_EXTENSION_WHEN_NOT_RELATIVE_PATH_EVEN_IF_FILE_HAS_EXTENSION 0x00000004
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDosSearchPath_Ustr(
- _In_ ULONG Flags,
- _In_ PUNICODE_STRING Path,
- _In_ PUNICODE_STRING FileName,
- _In_opt_ PUNICODE_STRING DefaultExtension,
- _Out_opt_ PUNICODE_STRING StaticString,
- _Out_opt_ PUNICODE_STRING DynamicString,
- _Out_opt_ PCUNICODE_STRING *FullFileNameOut,
- _Out_opt_ SIZE_T *FilePartPrefixCch,
- _Out_opt_ SIZE_T *BytesRequired
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlDoesFileExists_U(
- _In_ PCWSTR FileName
- );
-
-// ros
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDosApplyFileIsolationRedirection_Ustr(
- _In_ ULONG Flags,
- _In_ PUNICODE_STRING OriginalName,
- _In_ PUNICODE_STRING Extension,
- _In_opt_ PUNICODE_STRING StaticString,
- _In_opt_ PUNICODE_STRING DynamicString,
- _In_opt_ PUNICODE_STRING* NewName,
- _In_ PULONG NewFlags,
- _In_ PSIZE_T FileNameSize,
- _In_ PSIZE_T RequiredLength
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetLengthWithoutLastFullDosOrNtPathElement(
- _Reserved_ ULONG Flags,
- _In_ PUNICODE_STRING PathString,
- _Out_ PULONG Length
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetLengthWithoutTrailingPathSeperators(
- _Reserved_ ULONG Flags,
- _In_ PUNICODE_STRING PathString,
- _Out_ PULONG Length
- );
-
-typedef struct _GENERATE_NAME_CONTEXT
-{
- USHORT Checksum;
- BOOLEAN CheckSumInserted;
- UCHAR NameLength;
- WCHAR NameBuffer[8];
- ULONG ExtensionLength;
- WCHAR ExtensionBuffer[4];
- ULONG LastIndexValue;
-} GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT;
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGenerate8dot3Name(
- _In_ PUNICODE_STRING Name,
- _In_ BOOLEAN AllowExtendedCharacters,
- _Inout_ PGENERATE_NAME_CONTEXT Context,
- _Inout_ PUNICODE_STRING Name8dot3
- );
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlComputePrivatizedDllName_U(
- _In_ PUNICODE_STRING DllName,
- _Out_ PUNICODE_STRING RealName,
- _Out_ PUNICODE_STRING LocalName
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetSearchPath(
- _Out_ PWSTR *SearchPath
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetSearchPathMode(
- _In_ ULONG Flags
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetExePath(
- _In_ PCWSTR DosPathName,
- _Out_ PWSTR* SearchPath
- );
-
-// rev
-NTSYSAPI
-VOID
-NTAPI
-RtlReleasePath(
- _In_ PWSTR Path
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_REDSTONE)
-// rev
-NTSYSAPI
-ULONG
-NTAPI
-RtlReplaceSystemDirectoryInPath(
- _Inout_ PUNICODE_STRING Destination,
- _In_ USHORT Machine, // IMAGE_FILE_MACHINE_I386
- _In_ USHORT TargetMachine, // IMAGE_FILE_MACHINE_TARGET_HOST
- _In_ BOOLEAN IncludePathSeperator
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN10_21H2)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlWow64GetProcessMachines(
- _In_ HANDLE ProcessHandle,
- _Out_ PUSHORT ProcessMachine,
- _Out_ PUSHORT NativeMachine
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN11)
-// rev
-#define IMAGE_FILE_NATIVE_MACHINE_I386 0x1
-#define IMAGE_FILE_NATIVE_MACHINE_AMD64 0x2
-#define IMAGE_FILE_NATIVE_MACHINE_ARMNT 0x4
-#define IMAGE_FILE_NATIVE_MACHINE_ARM64 0x8
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetImageFileMachines(
- _In_ PCWSTR FileName,
- _Out_ PUSHORT FileMachines
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_REDSTONE2)
-
-#ifdef PHNT_INLINE_SYSTEMROOT
-// rev
-FORCEINLINE
-PWSTR
-NTAPI
-RtlGetNtSystemRoot(
- VOID
- )
-{
- if (NtCurrentPeb()->SharedData && NtCurrentPeb()->SharedData->ServiceSessionId) // RtlGetCurrentServiceSessionId
- return NtCurrentPeb()->SharedData->NtSystemRoot;
- else
- return USER_SHARED_DATA->NtSystemRoot;
-}
-#else
-// private
-NTSYSAPI
-PWSTR
-NTAPI
-RtlGetNtSystemRoot(
- VOID
- );
-#endif
-
-#ifdef PHNT_INLINE_LONGPATH
-// rev
-FORCEINLINE
-BOOLEAN
-NTAPI
-RtlAreLongPathsEnabled(
- VOID
- )
-{
- return NtCurrentPeb()->IsLongPathAwareProcess;
-}
-#else
-// rev
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlAreLongPathsEnabled(
- VOID
- );
-#endif
-
-#endif
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsThreadWithinLoaderCallout(
- VOID
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlDllShutdownInProgress(
- VOID
- );
-
-// Heaps
-
-typedef struct _RTL_HEAP_ENTRY
-{
- SIZE_T Size;
- USHORT Flags;
- USHORT AllocatorBackTraceIndex;
- union
- {
- struct
- {
- SIZE_T Settable;
- ULONG Tag;
- } s1;
- struct
- {
- SIZE_T CommittedSize;
- PVOID FirstBlock;
- } s2;
- } u;
-} RTL_HEAP_ENTRY, *PRTL_HEAP_ENTRY;
-
-#define RTL_HEAP_BUSY (USHORT)0x0001
-#define RTL_HEAP_SEGMENT (USHORT)0x0002
-#define RTL_HEAP_SETTABLE_VALUE (USHORT)0x0010
-#define RTL_HEAP_SETTABLE_FLAG1 (USHORT)0x0020
-#define RTL_HEAP_SETTABLE_FLAG2 (USHORT)0x0040
-#define RTL_HEAP_SETTABLE_FLAG3 (USHORT)0x0080
-#define RTL_HEAP_SETTABLE_FLAGS (USHORT)0x00e0
-#define RTL_HEAP_UNCOMMITTED_RANGE (USHORT)0x1000
-#define RTL_HEAP_PROTECTED_ENTRY (USHORT)0x2000
-#define RTL_HEAP_LARGE_ALLOC (USHORT)0x4000
-#define RTL_HEAP_LFH_ALLOC (USHORT)0x8000
-
-typedef struct _RTL_HEAP_TAG
-{
- ULONG NumberOfAllocations;
- ULONG NumberOfFrees;
- SIZE_T BytesAllocated;
- USHORT TagIndex;
- USHORT CreatorBackTraceIndex;
- WCHAR TagName[24];
-} RTL_HEAP_TAG, *PRTL_HEAP_TAG;
-
-// Windows 7/8/10
-typedef struct _RTL_HEAP_INFORMATION_V1
-{
- PVOID BaseAddress;
- ULONG Flags;
- USHORT EntryOverhead;
- USHORT CreatorBackTraceIndex;
- SIZE_T BytesAllocated;
- SIZE_T BytesCommitted;
- ULONG NumberOfTags;
- ULONG NumberOfEntries;
- ULONG NumberOfPseudoTags;
- ULONG PseudoTagGranularity;
- ULONG Reserved[5];
- PRTL_HEAP_TAG Tags;
- PRTL_HEAP_ENTRY Entries;
-} RTL_HEAP_INFORMATION_V1, *PRTL_HEAP_INFORMATION_V1;
-
-// Windows 11 > 22000
-typedef struct _RTL_HEAP_INFORMATION_V2
-{
- PVOID BaseAddress;
- ULONG Flags;
- USHORT EntryOverhead;
- USHORT CreatorBackTraceIndex;
- SIZE_T BytesAllocated;
- SIZE_T BytesCommitted;
- ULONG NumberOfTags;
- ULONG NumberOfEntries;
- ULONG NumberOfPseudoTags;
- ULONG PseudoTagGranularity;
- ULONG Reserved[5];
- PRTL_HEAP_TAG Tags;
- PRTL_HEAP_ENTRY Entries;
- ULONG64 HeapTag;
-} RTL_HEAP_INFORMATION_V2, *PRTL_HEAP_INFORMATION_V2;
-
-#define RTL_HEAP_SIGNATURE 0xFFEEFFEEUL
-#define RTL_HEAP_SEGMENT_SIGNATURE 0xDDEEDDEEUL
-
-typedef struct _RTL_PROCESS_HEAPS_V1
-{
- ULONG NumberOfHeaps;
- _Field_size_(NumberOfHeaps) RTL_HEAP_INFORMATION_V1 Heaps[1];
-} RTL_PROCESS_HEAPS_V1, *PRTL_PROCESS_HEAPS_V1;
-
-typedef struct _RTL_PROCESS_HEAPS_V2
-{
- ULONG NumberOfHeaps;
- _Field_size_(NumberOfHeaps) RTL_HEAP_INFORMATION_V2 Heaps[1];
-} RTL_PROCESS_HEAPS_V2, *PRTL_PROCESS_HEAPS_V2;
-
-// Segment heap parameters.
-
-typedef enum _RTL_MEMORY_TYPE
-{
- MemoryTypePaged,
- MemoryTypeNonPaged,
- MemoryType64KPage,
- MemoryTypeLargePage,
- MemoryTypeHugePage,
- MemoryTypeCustom,
- MemoryTypeMax
-} RTL_MEMORY_TYPE, *PRTL_MEMORY_TYPE;
-
-typedef enum _HEAP_MEMORY_INFO_CLASS
-{
- HeapMemoryBasicInformation
-} HEAP_MEMORY_INFO_CLASS;
-
-typedef NTSTATUS ALLOCATE_VIRTUAL_MEMORY_EX_CALLBACK(
- _Inout_ HANDLE CallbackContext,
- _In_ HANDLE ProcessHandle,
- _Inout_ _At_ (*BaseAddress, _Readable_bytes_ (*RegionSize) _Writable_bytes_ (*RegionSize) _Post_readable_byte_size_ (*RegionSize)) PVOID* BaseAddress,
- _Inout_ PSIZE_T RegionSize,
- _In_ ULONG AllocationType,
- _In_ ULONG PageProtection,
- _Inout_updates_opt_(ExtendedParameterCount) PMEM_EXTENDED_PARAMETER ExtendedParameters,
- _In_ ULONG ExtendedParameterCount
- );
-
-typedef ALLOCATE_VIRTUAL_MEMORY_EX_CALLBACK *PALLOCATE_VIRTUAL_MEMORY_EX_CALLBACK;
-
-typedef NTSTATUS FREE_VIRTUAL_MEMORY_EX_CALLBACK(
- _Inout_ HANDLE CallbackContext,
- _In_ HANDLE ProcessHandle,
- _Inout_ __drv_freesMem(Mem) PVOID *BaseAddress,
- _Inout_ PSIZE_T RegionSize,
- _In_ ULONG FreeType
- );
-
-typedef FREE_VIRTUAL_MEMORY_EX_CALLBACK *PFREE_VIRTUAL_MEMORY_EX_CALLBACK;
-
-typedef NTSTATUS QUERY_VIRTUAL_MEMORY_CALLBACK(
- _Inout_ HANDLE CallbackContext,
- _In_ HANDLE ProcessHandle,
- _In_opt_ PVOID BaseAddress,
- _In_ HEAP_MEMORY_INFO_CLASS MemoryInformationClass,
- _Out_writes_bytes_(MemoryInformationLength) PVOID MemoryInformation,
- _In_ SIZE_T MemoryInformationLength,
- _Out_opt_ PSIZE_T ReturnLength
- );
-
-typedef QUERY_VIRTUAL_MEMORY_CALLBACK *PQUERY_VIRTUAL_MEMORY_CALLBACK;
-
-typedef struct _RTL_SEGMENT_HEAP_VA_CALLBACKS
-{
- HANDLE CallbackContext;
- PALLOCATE_VIRTUAL_MEMORY_EX_CALLBACK AllocateVirtualMemory;
- PFREE_VIRTUAL_MEMORY_EX_CALLBACK FreeVirtualMemory;
- PQUERY_VIRTUAL_MEMORY_CALLBACK QueryVirtualMemory;
-} RTL_SEGMENT_HEAP_VA_CALLBACKS, *PRTL_SEGMENT_HEAP_VA_CALLBACKS;
-
-#define RTL_SEGHEAP_MEM_SOURCE_ANY_NODE ((ULONG)-1)
-
-typedef struct _RTL_SEGMENT_HEAP_MEMORY_SOURCE
-{
- ULONG Flags;
- ULONG MemoryTypeMask; // Mask of RTL_MEMORY_TYPE members.
- ULONG NumaNode;
- union
- {
- HANDLE PartitionHandle;
- RTL_SEGMENT_HEAP_VA_CALLBACKS *Callbacks;
- };
- SIZE_T Reserved[2];
-} RTL_SEGMENT_HEAP_MEMORY_SOURCE, *PRTL_SEGMENT_HEAP_MEMORY_SOURCE;
-
-#define SEGMENT_HEAP_PARAMETERS_VERSION 3
-#define SEGMENT_HEAP_FLG_USE_PAGE_HEAP 0x1
-#define SEGMENT_HEAP_PARAMS_VALID_FLAGS SEGMENT_HEAP_FLG_USE_PAGE_HEAP
-
-typedef struct _RTL_SEGMENT_HEAP_PARAMETERS
-{
- USHORT Version;
- USHORT Size;
- ULONG Flags;
- RTL_SEGMENT_HEAP_MEMORY_SOURCE MemorySource;
- SIZE_T Reserved[4];
-} RTL_SEGMENT_HEAP_PARAMETERS, *PRTL_SEGMENT_HEAP_PARAMETERS;
-
-// Heap parameters.
-
-typedef
-_Function_class_(RTL_HEAP_COMMIT_ROUTINE)
-NTSTATUS
-NTAPI
-RTL_HEAP_COMMIT_ROUTINE(
- _In_ PVOID Base,
- _Inout_ PVOID* CommitAddress,
- _Inout_ PSIZE_T CommitSize
- );
-
-typedef RTL_HEAP_COMMIT_ROUTINE* PRTL_HEAP_COMMIT_ROUTINE;
-
-typedef struct _RTL_HEAP_PARAMETERS
-{
- ULONG Length;
- SIZE_T SegmentReserve;
- SIZE_T SegmentCommit;
- SIZE_T DeCommitFreeBlockThreshold;
- SIZE_T DeCommitTotalFreeThreshold;
- SIZE_T MaximumAllocationSize;
- SIZE_T VirtualMemoryThreshold;
- SIZE_T InitialCommit;
- SIZE_T InitialReserve;
- PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
- SIZE_T Reserved[2];
-} RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS;
-
-#define HEAP_SETTABLE_USER_VALUE 0x00000100
-#define HEAP_SETTABLE_USER_FLAG1 0x00000200
-#define HEAP_SETTABLE_USER_FLAG2 0x00000400
-#define HEAP_SETTABLE_USER_FLAG3 0x00000800
-#define HEAP_SETTABLE_USER_FLAGS 0x00000e00
-
-#define HEAP_CLASS_0 0x00000000 // Process heap
-#define HEAP_CLASS_1 0x00001000 // Private heap
-#define HEAP_CLASS_2 0x00002000 // Kernel heap
-#define HEAP_CLASS_3 0x00003000 // GDI heap
-#define HEAP_CLASS_4 0x00004000 // User heap
-#define HEAP_CLASS_5 0x00005000 // Console heap
-#define HEAP_CLASS_6 0x00006000 // User desktop heap
-#define HEAP_CLASS_7 0x00007000 // CSR shared heap
-#define HEAP_CLASS_8 0x00008000 // CSR port heap
-#define HEAP_CLASS_MASK 0x0000f000
-
-_Must_inspect_result_
-NTSYSAPI
-PVOID
-NTAPI
-RtlCreateHeap(
- _In_ ULONG Flags,
- _In_opt_ PVOID HeapBase,
- _In_opt_ SIZE_T ReserveSize,
- _In_opt_ SIZE_T CommitSize,
- _In_opt_ PVOID Lock,
- _When_((Flags & HEAP_CREATE_SEGMENT_HEAP) != 0, _In_reads_bytes_opt_(sizeof(RTL_SEGMENT_HEAP_PARAMETERS)))
- _When_((Flags & HEAP_CREATE_SEGMENT_HEAP) == 0, _In_reads_bytes_opt_(sizeof(RTL_HEAP_PARAMETERS)))
- _In_opt_ PVOID Parameters
- );
-
-NTSYSAPI
-PVOID
-NTAPI
-RtlDestroyHeap(
- _In_ _Post_invalid_ PVOID HeapHandle
- );
-
-NTSYSAPI
-_Success_(return != 0)
-_Must_inspect_result_
-_Ret_maybenull_
-_Post_writable_byte_size_(Size)
-__drv_allocatesMem(Mem)
-DECLSPEC_ALLOCATOR
-PVOID
-NTAPI
-RtlAllocateHeap(
- _In_ PVOID HeapHandle,
- _In_opt_ ULONG Flags,
- _In_ SIZE_T Size
- );
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-_Success_(return != 0)
-NTSYSAPI
-LOGICAL
-NTAPI
-RtlFreeHeap(
- _In_ PVOID HeapHandle,
- _In_opt_ ULONG Flags,
- _Frees_ptr_opt_ PVOID BaseAddress
- );
-#else
-_Success_(return)
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlFreeHeap(
- _In_ PVOID HeapHandle,
- _In_opt_ ULONG Flags,
- _Frees_ptr_opt_ PVOID BaseAddress
- );
-#endif
-
-NTSYSAPI
-SIZE_T
-NTAPI
-RtlSizeHeap(
- _In_ PVOID HeapHandle,
- _In_ ULONG Flags,
- _In_ PVOID BaseAddress
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlZeroHeap(
- _In_ PVOID HeapHandle,
- _In_ ULONG Flags
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlProtectHeap(
- _In_ PVOID HeapHandle,
- _In_ BOOLEAN MakeReadOnly
- );
-
-#define RtlProcessHeap() (NtCurrentPeb()->ProcessHeap)
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlLockHeap(
- _In_ PVOID HeapHandle
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlUnlockHeap(
- _In_ PVOID HeapHandle
- );
-
-NTSYSAPI
-_Success_(return != 0)
-_Must_inspect_result_
-_Ret_maybenull_
-_Post_writable_byte_size_(Size)
-_When_(Size > 0, __drv_allocatesMem(Mem))
-DECLSPEC_ALLOCATOR
-PVOID
-NTAPI
-RtlReAllocateHeap(
- _In_ PVOID HeapHandle,
- _In_ ULONG Flags,
- _Frees_ptr_opt_ PVOID BaseAddress,
- _In_ SIZE_T Size
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlGetUserInfoHeap(
- _In_ PVOID HeapHandle,
- _In_ ULONG Flags,
- _In_ PVOID BaseAddress,
- _Out_opt_ PVOID *UserValue,
- _Out_opt_ PULONG UserFlags
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlSetUserValueHeap(
- _In_ PVOID HeapHandle,
- _In_ ULONG Flags,
- _In_ PVOID BaseAddress,
- _In_ PVOID UserValue
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlSetUserFlagsHeap(
- _In_ PVOID HeapHandle,
- _In_ ULONG Flags,
- _In_ PVOID BaseAddress,
- _In_ ULONG UserFlagsReset,
- _In_ ULONG UserFlagsSet
- );
-
-typedef struct _RTL_HEAP_TAG_INFO
-{
- ULONG NumberOfAllocations;
- ULONG NumberOfFrees;
- SIZE_T BytesAllocated;
-} RTL_HEAP_TAG_INFO, *PRTL_HEAP_TAG_INFO;
-
-#define RTL_HEAP_MAKE_TAG HEAP_MAKE_TAG_FLAGS
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlCreateTagHeap(
- _In_ PVOID HeapHandle,
- _In_ ULONG Flags,
- _In_opt_ PWSTR TagPrefix,
- _In_ PWSTR TagNames
- );
-
-NTSYSAPI
-PWSTR
-NTAPI
-RtlQueryTagHeap(
- _In_ PVOID HeapHandle,
- _In_ ULONG Flags,
- _In_ USHORT TagIndex,
- _In_ BOOLEAN ResetCounters,
- _Out_opt_ PRTL_HEAP_TAG_INFO TagInfo
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlExtendHeap(
- _In_ PVOID HeapHandle,
- _In_ ULONG Flags,
- _In_ PVOID Base,
- _In_ SIZE_T Size
- );
-
-NTSYSAPI
-SIZE_T
-NTAPI
-RtlCompactHeap(
- _In_ PVOID HeapHandle,
- _In_ ULONG Flags
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlValidateHeap(
- _In_opt_ PVOID HeapHandle,
- _In_ ULONG Flags,
- _In_opt_ PVOID BaseAddress
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlValidateProcessHeaps(
- VOID
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlGetProcessHeaps(
- _In_ ULONG NumberOfHeaps,
- _Out_ PVOID *ProcessHeaps
- );
-
-_Function_class_(RTL_ENUM_HEAPS_ROUTINE)
-typedef NTSTATUS (NTAPI RTL_ENUM_HEAPS_ROUTINE)(
- _In_ PVOID HeapHandle,
- _In_ PVOID Parameter
- );
-typedef RTL_ENUM_HEAPS_ROUTINE *PRTL_ENUM_HEAPS_ROUTINE;
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlEnumProcessHeaps(
- _In_ PRTL_ENUM_HEAPS_ROUTINE EnumRoutine,
- _In_ PVOID Parameter
- );
-
-typedef struct _RTL_HEAP_USAGE_ENTRY
-{
- struct _RTL_HEAP_USAGE_ENTRY *Next;
- PVOID Address;
- SIZE_T Size;
- USHORT AllocatorBackTraceIndex;
- USHORT TagIndex;
-} RTL_HEAP_USAGE_ENTRY, *PRTL_HEAP_USAGE_ENTRY;
-
-typedef struct _RTL_HEAP_USAGE
-{
- ULONG Length;
- SIZE_T BytesAllocated;
- SIZE_T BytesCommitted;
- SIZE_T BytesReserved;
- SIZE_T BytesReservedMaximum;
- PRTL_HEAP_USAGE_ENTRY Entries;
- PRTL_HEAP_USAGE_ENTRY AddedEntries;
- PRTL_HEAP_USAGE_ENTRY RemovedEntries;
- ULONG_PTR Reserved[8];
-} RTL_HEAP_USAGE, *PRTL_HEAP_USAGE;
-
-#define HEAP_USAGE_ALLOCATED_BLOCKS HEAP_REALLOC_IN_PLACE_ONLY
-#define HEAP_USAGE_FREE_BUFFER HEAP_ZERO_MEMORY
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUsageHeap(
- _In_ PVOID HeapHandle,
- _In_ ULONG Flags,
- _Inout_ PRTL_HEAP_USAGE Usage
- );
-
-typedef struct _RTL_HEAP_WALK_ENTRY
-{
- PVOID DataAddress;
- SIZE_T DataSize;
- UCHAR OverheadBytes;
- UCHAR SegmentIndex;
- USHORT Flags;
- union
- {
- struct
- {
- SIZE_T Settable;
- USHORT TagIndex;
- USHORT AllocatorBackTraceIndex;
- ULONG Reserved[2];
- } Block;
- struct
- {
- ULONG CommittedSize;
- ULONG UnCommittedSize;
- PVOID FirstEntry;
- PVOID LastEntry;
- } Segment;
- };
-} RTL_HEAP_WALK_ENTRY, *PRTL_HEAP_WALK_ENTRY;
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlWalkHeap(
- _In_ PVOID HeapHandle,
- _Inout_ PRTL_HEAP_WALK_ENTRY Entry
- );
-
-// HEAP_INFORMATION_CLASS
-#define HeapCompatibilityInformation 0x0 // q; s: ULONG
-#define HeapEnableTerminationOnCorruption 0x1 // q; s: NULL
-#define HeapExtendedInformation 0x2 // q; s: HEAP_EXTENDED_INFORMATION
-#define HeapOptimizeResources 0x3 // q; s: HEAP_OPTIMIZE_RESOURCES_INFORMATION
-#define HeapTaggingInformation 0x4
-#define HeapStackDatabase 0x5 // q: RTL_HEAP_STACK_QUERY; s: RTL_HEAP_STACK_CONTROL
-#define HeapMemoryLimit 0x6 // since 19H2
-#define HeapTag 0x7 // since 20H1
-#define HeapDetailedFailureInformation 0x80000001
-#define HeapSetDebuggingInformation 0x80000002 // q; s: HEAP_DEBUGGING_INFORMATION
-
-typedef enum _HEAP_COMPATIBILITY_MODE
-{
- HEAP_COMPATIBILITY_STANDARD = 0UL,
- HEAP_COMPATIBILITY_LAL = 1UL,
- HEAP_COMPATIBILITY_LFH = 2UL,
-} HEAP_COMPATIBILITY_MODE;
-
-typedef struct _RTLP_TAG_INFO
-{
- GUID Id;
- ULONG_PTR CurrentAllocatedBytes;
-} RTLP_TAG_INFO, *PRTLP_TAG_INFO;
-
-typedef struct _RTLP_HEAP_TAGGING_INFO
-{
- USHORT Version;
- USHORT Flags;
- PVOID ProcessHandle;
- ULONG_PTR EntriesCount;
- RTLP_TAG_INFO Entries[1];
-} RTLP_HEAP_TAGGING_INFO, *PRTLP_HEAP_TAGGING_INFO;
-
-typedef struct _PROCESS_HEAP_INFORMATION
-{
- SIZE_T ReserveSize;
- SIZE_T CommitSize;
- ULONG NumberOfHeaps;
- ULONG_PTR FirstHeapInformationOffset;
-} PROCESS_HEAP_INFORMATION, *PPROCESS_HEAP_INFORMATION;
-
-typedef struct _HEAP_REGION_INFORMATION
-{
- PVOID Address;
- SIZE_T ReserveSize;
- SIZE_T CommitSize;
- ULONG_PTR FirstRangeInformationOffset;
- ULONG_PTR NextRegionInformationOffset;
-} HEAP_REGION_INFORMATION, *PHEAP_REGION_INFORMATION;
-
-typedef struct _HEAP_RANGE_INFORMATION
-{
- PVOID Address;
- SIZE_T Size;
- ULONG Type;
- ULONG Protection;
- ULONG_PTR FirstBlockInformationOffset;
- ULONG_PTR NextRangeInformationOffset;
-} HEAP_RANGE_INFORMATION, *PHEAP_RANGE_INFORMATION;
-
-typedef struct _HEAP_BLOCK_INFORMATION
-{
- PVOID Address;
- ULONG Flags;
- SIZE_T DataSize;
- ULONG_PTR OverheadSize;
- ULONG_PTR NextBlockInformationOffset;
-} HEAP_BLOCK_INFORMATION, *PHEAP_BLOCK_INFORMATION;
-
-typedef struct _HEAP_INFORMATION
-{
- PVOID Address;
- ULONG Mode;
- SIZE_T ReserveSize;
- SIZE_T CommitSize;
- ULONG_PTR FirstRegionInformationOffset;
- ULONG_PTR NextHeapInformationOffset;
-} HEAP_INFORMATION, *PHEAP_INFORMATION;
-
-typedef struct _SEGMENT_HEAP_PERFORMANCE_COUNTER_INFORMATION
-{
- SIZE_T SegmentReserveSize;
- SIZE_T SegmentCommitSize;
- ULONG_PTR SegmentCount;
- SIZE_T AllocatedSize;
- SIZE_T LargeAllocReserveSize;
- SIZE_T LargeAllocCommitSize;
-} SEGMENT_HEAP_PERFORMANCE_COUNTER_INFORMATION, *PSEGMENT_HEAP_PERFORMANCE_COUNTER_INFORMATION;
-
-#define HeapPerformanceCountersInformationStandardHeapVersion 0x1
-#define HeapPerformanceCountersInformationSegmentHeapVersion 0x2
-
-typedef struct _HEAP_PERFORMANCE_COUNTERS_INFORMATION
-{
- ULONG Size;
- ULONG Version;
- ULONG HeapIndex;
- ULONG LastHeapIndex;
- PVOID BaseAddress;
- SIZE_T ReserveSize;
- SIZE_T CommitSize;
- ULONG SegmentCount;
- SIZE_T LargeUCRMemory;
- ULONG UCRLength;
- SIZE_T AllocatedSpace;
- SIZE_T FreeSpace;
- ULONG FreeListLength;
- ULONG Contention;
- ULONG VirtualBlocks;
- ULONG CommitRate;
- ULONG DecommitRate;
- SEGMENT_HEAP_PERFORMANCE_COUNTER_INFORMATION SegmentHeapPerfInformation; // since WIN8
-} HEAP_PERFORMANCE_COUNTERS_INFORMATION, *PHEAP_PERFORMANCE_COUNTERS_INFORMATION;
-
-typedef struct _HEAP_INFORMATION_ITEM
-{
- ULONG Level;
- SIZE_T Size;
- union
- {
- PROCESS_HEAP_INFORMATION ProcessHeapInformation;
- HEAP_INFORMATION HeapInformation;
- HEAP_REGION_INFORMATION HeapRegionInformation;
- HEAP_RANGE_INFORMATION HeapRangeInformation;
- HEAP_BLOCK_INFORMATION HeapBlockInformation;
- HEAP_PERFORMANCE_COUNTERS_INFORMATION HeapPerfInformation;
- ULONG_PTR DynamicStart;
- };
-} HEAP_INFORMATION_ITEM, *PHEAP_INFORMATION_ITEM;
-
-typedef NTSTATUS (NTAPI *PRTL_HEAP_EXTENDED_ENUMERATION_ROUTINE)(
- _In_ PHEAP_INFORMATION_ITEM Information,
- _In_opt_ PVOID Context
- );
-
-// HEAP_EXTENDED_INFORMATION Level
-#define HeapExtendedProcessHeapInformationLevel 0x1
-#define HeapExtendedHeapInformationLevel 0x2
-#define HeapExtendedHeapRegionInformationLevel 0x3
-#define HeapExtendedHeapRangeInformationLevel 0x4
-#define HeapExtendedHeapBlockInformationLevel 0x5
-#define HeapExtendedHeapHeapPerfInformationLevel 0x80000000
-
-typedef struct _HEAP_EXTENDED_INFORMATION
-{
- HANDLE ProcessHandle;
- PVOID HeapHandle;
- ULONG Level;
- PRTL_HEAP_EXTENDED_ENUMERATION_ROUTINE CallbackRoutine;
- PVOID CallbackContext;
- union
- {
- PROCESS_HEAP_INFORMATION ProcessHeapInformation;
- HEAP_INFORMATION HeapInformation;
- };
-} HEAP_EXTENDED_INFORMATION, *PHEAP_EXTENDED_INFORMATION;
-
-// rev
-typedef NTSTATUS (NTAPI *RTL_HEAP_STACK_WRITE_ROUTINE)(
- _In_ PVOID Information, // TODO: 3 missing structures (dmex)
- _In_ ULONG Size,
- _In_opt_ PVOID Context
- );
-
-// rev
-typedef struct _RTLP_HEAP_STACK_TRACE_SERIALIZATION_INIT
-{
- ULONG Count;
- ULONG Total;
- ULONG Flags;
-} RTLP_HEAP_STACK_TRACE_SERIALIZATION_INIT, *PRTLP_HEAP_STACK_TRACE_SERIALIZATION_INIT;
-
-// rev
-typedef struct _RTLP_HEAP_STACK_TRACE_SERIALIZATION_HEADER
-{
- USHORT Version;
- USHORT PointerSize;
- PVOID Heap;
- SIZE_T TotalCommit;
- SIZE_T TotalReserve;
-} RTLP_HEAP_STACK_TRACE_SERIALIZATION_HEADER, *PRTLP_HEAP_STACK_TRACE_SERIALIZATION_HEADER;
-
-// rev
-typedef struct _RTLP_HEAP_STACK_TRACE_SERIALIZATION_ALLOCATION
-{
- PVOID Address;
- ULONG Flags;
- SIZE_T DataSize;
-} RTLP_HEAP_STACK_TRACE_SERIALIZATION_ALLOCATION, *PRTLP_HEAP_STACK_TRACE_SERIALIZATION_ALLOCATION;
-
-// rev
-typedef struct _RTLP_HEAP_STACK_TRACE_SERIALIZATION_STACKFRAME
-{
- PVOID StackFrame[8];
-} RTLP_HEAP_STACK_TRACE_SERIALIZATION_STACKFRAME, *PRTLP_HEAP_STACK_TRACE_SERIALIZATION_STACKFRAME;
-
-#define HEAP_STACK_QUERY_VERSION 0x2
-
-typedef struct _RTL_HEAP_STACK_QUERY
-{
- ULONG Version;
- HANDLE ProcessHandle;
- RTL_HEAP_STACK_WRITE_ROUTINE WriteRoutine;
- PVOID SerializationContext;
- UCHAR QueryLevel;
- UCHAR Flags;
-} RTL_HEAP_STACK_QUERY, *PRTL_HEAP_STACK_QUERY;
-
-#define HEAP_STACK_CONTROL_VERSION 0x1
-#define HEAP_STACK_CONTROL_FLAGS_STACKTRACE_ENABLE 0x1
-#define HEAP_STACK_CONTROL_FLAGS_STACKTRACE_DISABLE 0x2
-
-typedef struct _RTL_HEAP_STACK_CONTROL
-{
- USHORT Version;
- USHORT Flags;
- HANDLE ProcessHandle;
-} RTL_HEAP_STACK_CONTROL, *PRTL_HEAP_STACK_CONTROL;
-
-// rev
-typedef NTSTATUS (NTAPI *PRTL_HEAP_DEBUGGING_INTERCEPTOR_ROUTINE)(
- _In_ PVOID HeapHandle,
- _In_ ULONG Action,
- _In_ ULONG StackFramesToCapture,
- _In_ PVOID *StackTrace
- );
-
-// rev
-typedef NTSTATUS (NTAPI *PRTL_HEAP_LEAK_ENUMERATION_ROUTINE)(
- _In_ LONG Reserved,
- _In_ PVOID HeapHandle,
- _In_ PVOID BaseAddress,
- _In_ SIZE_T BlockSize,
- _In_ ULONG StackTraceDepth,
- _In_ PVOID *StackTrace
- );
-
-// symbols
-typedef struct _HEAP_DEBUGGING_INFORMATION
-{
- PRTL_HEAP_DEBUGGING_INTERCEPTOR_ROUTINE InterceptorFunction;
- USHORT InterceptorValue;
- ULONG ExtendedOptions;
- ULONG StackTraceDepth;
- SIZE_T MinTotalBlockSize;
- SIZE_T MaxTotalBlockSize;
- PRTL_HEAP_LEAK_ENUMERATION_ROUTINE HeapLeakEnumerationRoutine;
-} HEAP_DEBUGGING_INFORMATION, *PHEAP_DEBUGGING_INFORMATION;
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueryHeapInformation(
- _In_opt_ PVOID HeapHandle,
- _In_ HEAP_INFORMATION_CLASS HeapInformationClass,
- _Out_opt_ PVOID HeapInformation,
- _In_opt_ SIZE_T HeapInformationLength,
- _Out_opt_ PSIZE_T ReturnLength
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetHeapInformation(
- _In_opt_ PVOID HeapHandle,
- _In_ HEAP_INFORMATION_CLASS HeapInformationClass,
- _In_opt_ PVOID HeapInformation,
- _In_opt_ SIZE_T HeapInformationLength
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlMultipleAllocateHeap(
- _In_ PVOID HeapHandle,
- _In_ ULONG Flags,
- _In_ SIZE_T Size,
- _In_ ULONG Count,
- _Out_ PVOID *Array
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlMultipleFreeHeap(
- _In_ PVOID HeapHandle,
- _In_ ULONG Flags,
- _In_ ULONG Count,
- _In_ PVOID *Array
- );
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-NTSYSAPI
-VOID
-NTAPI
-RtlDetectHeapLeaks(
- VOID
- );
-#endif
-
-NTSYSAPI
-VOID
-NTAPI
-RtlFlushHeaps(
- VOID
- );
-
-// Memory zones
-
-// begin_private
-
-typedef struct _RTL_MEMORY_ZONE_SEGMENT
-{
- struct _RTL_MEMORY_ZONE_SEGMENT *NextSegment;
- SIZE_T Size;
- PVOID Next;
- PVOID Limit;
-} RTL_MEMORY_ZONE_SEGMENT, *PRTL_MEMORY_ZONE_SEGMENT;
-
-typedef struct _RTL_MEMORY_ZONE
-{
- RTL_MEMORY_ZONE_SEGMENT Segment;
- RTL_SRWLOCK Lock;
- ULONG LockCount;
- PRTL_MEMORY_ZONE_SEGMENT FirstSegment;
-} RTL_MEMORY_ZONE, *PRTL_MEMORY_ZONE;
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCreateMemoryZone(
- _Out_ PVOID *MemoryZone,
- _In_ SIZE_T InitialSize,
- _Reserved_ ULONG Flags
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDestroyMemoryZone(
- _In_ _Post_invalid_ PVOID MemoryZone
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAllocateMemoryZone(
- _In_ PVOID MemoryZone,
- _In_ SIZE_T BlockSize,
- _Out_ PVOID *Block
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlResetMemoryZone(
- _In_ PVOID MemoryZone
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlLockMemoryZone(
- _In_ PVOID MemoryZone
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUnlockMemoryZone(
- _In_ PVOID MemoryZone
- );
-
-#endif
-
-// Memory block lookaside lists
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCreateMemoryBlockLookaside(
- _Out_ PVOID *MemoryBlockLookaside,
- _Reserved_ ULONG Flags,
- _In_ ULONG InitialSize,
- _In_ ULONG MinimumBlockSize,
- _In_ ULONG MaximumBlockSize
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDestroyMemoryBlockLookaside(
- _In_ PVOID MemoryBlockLookaside
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAllocateMemoryBlockLookaside(
- _In_ PVOID MemoryBlockLookaside,
- _In_ ULONG BlockSize,
- _Out_ PVOID *Block
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlFreeMemoryBlockLookaside(
- _In_ PVOID MemoryBlockLookaside,
- _In_ PVOID Block
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlExtendMemoryBlockLookaside(
- _In_ PVOID MemoryBlockLookaside,
- _In_ ULONG Increment
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlResetMemoryBlockLookaside(
- _In_ PVOID MemoryBlockLookaside
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlLockMemoryBlockLookaside(
- _In_ PVOID MemoryBlockLookaside
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUnlockMemoryBlockLookaside(
- _In_ PVOID MemoryBlockLookaside
- );
-
-#endif
-
-// end_private
-
-// Transactions
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSAPI
-HANDLE
-NTAPI
-RtlGetCurrentTransaction(
- VOID
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSAPI
-LOGICAL
-NTAPI
-RtlSetCurrentTransaction(
- _In_opt_ HANDLE TransactionHandle
- );
-#endif
-
-// LUIDs
-
-FORCEINLINE BOOLEAN RtlIsEqualLuid( // RtlEqualLuid
- _In_ PLUID L1,
- _In_ PLUID L2
- )
-{
- return L1->LowPart == L2->LowPart &&
- L1->HighPart == L2->HighPart;
-}
-
-FORCEINLINE BOOLEAN RtlIsZeroLuid(
- _In_ PLUID L1
- )
-{
- return (L1->LowPart | L1->HighPart) == 0;
-}
-
-FORCEINLINE
-LUID
-NTAPI_INLINE
-RtlConvertLongToLuid(
- _In_ LONG Long
- )
-{
- LUID tempLuid;
- LARGE_INTEGER tempLi;
-
- tempLi.QuadPart = Long;
- tempLuid.LowPart = tempLi.LowPart;
- tempLuid.HighPart = tempLi.HighPart;
-
- return tempLuid;
-}
-
-FORCEINLINE
-LUID
-NTAPI_INLINE
-RtlConvertUlongToLuid(
- _In_ ULONG Ulong
- )
-{
- LUID tempLuid;
-
- tempLuid.LowPart = Ulong;
- tempLuid.HighPart = 0;
-
- return tempLuid;
-}
-
-NTSYSAPI
-VOID
-NTAPI
-RtlCopyLuid(
- _Out_ PLUID DestinationLuid,
- _In_ PLUID SourceLuid
- );
-
-// ros
-NTSYSAPI
-VOID
-NTAPI
-RtlCopyLuidAndAttributesArray(
- _In_ ULONG Count,
- _In_ PLUID_AND_ATTRIBUTES Src,
- _In_ PLUID_AND_ATTRIBUTES Dest
- );
-
-// Byte swap routines.
-
-#ifndef PHNT_RTL_BYTESWAP
-#define RtlUshortByteSwap(_x) _byteswap_ushort((USHORT)(_x))
-#define RtlUlongByteSwap(_x) _byteswap_ulong((_x))
-#define RtlUlonglongByteSwap(_x) _byteswap_uint64((_x))
-#else
-NTSYSAPI
-USHORT
-FASTCALL
-RtlUshortByteSwap(
- _In_ USHORT Source
- );
-
-NTSYSAPI
-ULONG
-FASTCALL
-RtlUlongByteSwap(
- _In_ ULONG Source
- );
-
-NTSYSAPI
-ULONGLONG
-FASTCALL
-RtlUlonglongByteSwap(
- _In_ ULONGLONG Source
- );
-#endif
-
-// Debugging
-
-// private
-typedef struct _RTL_PROCESS_MODULES *PRTL_PROCESS_MODULES;
-typedef struct _RTL_PROCESS_MODULE_INFORMATION_EX *PRTL_PROCESS_MODULE_INFORMATION_EX;
-typedef struct _RTL_PROCESS_BACKTRACES *PRTL_PROCESS_BACKTRACES;
-typedef struct _RTL_PROCESS_LOCKS *PRTL_PROCESS_LOCKS;
-
-typedef struct _RTL_PROCESS_VERIFIER_OPTIONS
-{
- ULONG SizeStruct;
- ULONG Option;
- UCHAR OptionData[1];
-} RTL_PROCESS_VERIFIER_OPTIONS, *PRTL_PROCESS_VERIFIER_OPTIONS;
-
-// private
-typedef struct _RTL_DEBUG_INFORMATION
-{
- HANDLE SectionHandleClient;
- PVOID ViewBaseClient;
- PVOID ViewBaseTarget;
- ULONG_PTR ViewBaseDelta;
- HANDLE EventPairClient;
- HANDLE EventPairTarget;
- HANDLE TargetProcessId;
- HANDLE TargetThreadHandle;
- ULONG Flags;
- SIZE_T OffsetFree;
- SIZE_T CommitSize;
- SIZE_T ViewSize;
- union
- {
- PRTL_PROCESS_MODULES Modules;
- PRTL_PROCESS_MODULE_INFORMATION_EX ModulesEx;
- };
- PRTL_PROCESS_BACKTRACES BackTraces;
- PVOID Heaps;
- PRTL_PROCESS_LOCKS Locks;
- PVOID SpecificHeap;
- HANDLE TargetProcessHandle;
- PRTL_PROCESS_VERIFIER_OPTIONS VerifierOptions;
- PVOID ProcessHeap;
- HANDLE CriticalSectionHandle;
- HANDLE CriticalSectionOwnerThread;
- PVOID Reserved[4];
-} RTL_DEBUG_INFORMATION, *PRTL_DEBUG_INFORMATION;
-
-NTSYSAPI
-PRTL_DEBUG_INFORMATION
-NTAPI
-RtlCreateQueryDebugBuffer(
- _In_opt_ ULONG MaximumCommit,
- _In_ BOOLEAN UseEventPair
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDestroyQueryDebugBuffer(
- _In_ PRTL_DEBUG_INFORMATION Buffer
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-// private
-NTSYSAPI
-PVOID
-NTAPI
-RtlCommitDebugInfo(
- _Inout_ PRTL_DEBUG_INFORMATION Buffer,
- _In_ SIZE_T Size
- );
-
-// private
-NTSYSAPI
-VOID
-NTAPI
-RtlDeCommitDebugInfo(
- _Inout_ PRTL_DEBUG_INFORMATION Buffer,
- _In_ PVOID p,
- _In_ SIZE_T Size
- );
-
-#endif
-
-#define RTL_QUERY_PROCESS_MODULES 0x00000001
-#define RTL_QUERY_PROCESS_BACKTRACES 0x00000002
-#define RTL_QUERY_PROCESS_HEAP_SUMMARY 0x00000004
-#define RTL_QUERY_PROCESS_HEAP_TAGS 0x00000008
-#define RTL_QUERY_PROCESS_HEAP_ENTRIES 0x00000010
-#define RTL_QUERY_PROCESS_LOCKS 0x00000020
-#define RTL_QUERY_PROCESS_MODULES32 0x00000040
-#define RTL_QUERY_PROCESS_VERIFIER_OPTIONS 0x00000080 // rev
-#define RTL_QUERY_PROCESS_MODULESEX 0x00000100 // rev
-#define RTL_QUERY_PROCESS_HEAP_SEGMENTS 0x00000200
-#define RTL_QUERY_PROCESS_CS_OWNER 0x00000400 // rev
-#define RTL_QUERY_PROCESS_NONINVASIVE 0x80000000
-#define RTL_QUERY_PROCESS_NONINVASIVE_CS_OWNER 0x80000800 // WIN11
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueryProcessDebugInformation(
- _In_ HANDLE UniqueProcessId,
- _In_ ULONG Flags,
- _Inout_ PRTL_DEBUG_INFORMATION Buffer
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetProcessDebugInformation(
- _In_ HANDLE UniqueProcessId,
- _In_ ULONG Flags,
- _Inout_ PRTL_DEBUG_INFORMATION Buffer
- );
-
-// rev
-FORCEINLINE
-BOOLEAN
-NTAPI
-RtlIsAnyDebuggerPresent(
- VOID
- )
-{
- BOOLEAN result;
-
- result = NtCurrentPeb()->BeingDebugged;
-
- if (!result)
- return USER_SHARED_DATA->KdDebuggerEnabled;
-
- return result;
-}
-
-// Messages
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlFindMessage(
- _In_ PVOID DllHandle,
- _In_ ULONG MessageTableId,
- _In_ ULONG MessageLanguageId,
- _In_ ULONG MessageId,
- _Out_ PMESSAGE_RESOURCE_ENTRY *MessageEntry
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlFormatMessage(
- _In_ PWSTR MessageFormat,
- _In_ ULONG MaximumWidth,
- _In_ BOOLEAN IgnoreInserts,
- _In_ BOOLEAN ArgumentsAreAnsi,
- _In_ BOOLEAN ArgumentsAreAnArray,
- _In_ va_list *Arguments,
- _Out_writes_bytes_to_(Length, *ReturnLength) PWSTR Buffer,
- _In_ ULONG Length,
- _Out_opt_ PULONG ReturnLength
- );
-
-typedef struct _PARSE_MESSAGE_CONTEXT
-{
- ULONG fFlags;
- ULONG cwSavColumn;
- SIZE_T iwSrc;
- SIZE_T iwDst;
- SIZE_T iwDstSpace;
- va_list lpvArgStart;
-} PARSE_MESSAGE_CONTEXT, *PPARSE_MESSAGE_CONTEXT;
-
-#define INIT_PARSE_MESSAGE_CONTEXT(ctx) { (ctx)->fFlags = 0; }
-#define TEST_PARSE_MESSAGE_CONTEXT_FLAG(ctx, flag) ((ctx)->fFlags & (flag))
-#define SET_PARSE_MESSAGE_CONTEXT_FLAG(ctx, flag) ((ctx)->fFlags |= (flag))
-#define CLEAR_PARSE_MESSAGE_CONTEXT_FLAG(ctx, flag) ((ctx)->fFlags &= ~(flag))
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlFormatMessageEx(
- _In_ PWSTR MessageFormat,
- _In_ ULONG MaximumWidth,
- _In_ BOOLEAN IgnoreInserts,
- _In_ BOOLEAN ArgumentsAreAnsi,
- _In_ BOOLEAN ArgumentsAreAnArray,
- _In_ va_list *Arguments,
- _Out_writes_bytes_to_(Length, *ReturnLength) PWSTR Buffer,
- _In_ ULONG Length,
- _Out_opt_ PULONG ReturnLength,
- _Out_opt_ PPARSE_MESSAGE_CONTEXT ParseContext
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetFileMUIPath(
- _In_ ULONG Flags,
- _In_ PCWSTR FilePath,
- _Inout_opt_ PWSTR Language,
- _Inout_ PULONG LanguageLength,
- _Out_opt_ PWSTR FileMUIPath,
- _Inout_ PULONG FileMUIPathLength,
- _Inout_ PULONGLONG Enumerator
- );
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlLoadString(
- _In_ PVOID DllHandle,
- _In_ ULONG StringId,
- _In_opt_ PCWSTR StringLanguage,
- _In_ ULONG Flags,
- _Out_ PCWSTR *ReturnString,
- _Out_opt_ PUSHORT ReturnStringLen,
- _Out_writes_(ReturnLanguageLen) PWSTR ReturnLanguageName,
- _Inout_opt_ PULONG ReturnLanguageLen
- );
-
-// Errors
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlNtStatusToDosError(
- _In_ NTSTATUS Status
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlNtStatusToDosErrorNoTeb(
- _In_ NTSTATUS Status
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetLastNtStatus(
- VOID
- );
-
-NTSYSAPI
-LONG
-NTAPI
-RtlGetLastWin32Error(
- VOID
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlSetLastWin32ErrorAndNtStatusFromNtStatus(
- _In_ NTSTATUS Status
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlSetLastWin32Error(
- _In_ LONG Win32Error
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlRestoreLastWin32Error(
- _In_ LONG Win32Error
- );
-
-#define RTL_ERRORMODE_FAILCRITICALERRORS 0x0010
-#define RTL_ERRORMODE_NOGPFAULTERRORBOX 0x0020
-#define RTL_ERRORMODE_NOOPENFILEERRORBOX 0x0040
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlGetThreadErrorMode(
- VOID
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetThreadErrorMode(
- _In_ ULONG NewMode,
- _Out_opt_ PULONG OldMode
- );
-
-// Windows Error Reporting
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlReportException(
- _In_ PEXCEPTION_RECORD ExceptionRecord,
- _In_ PCONTEXT ContextRecord,
- _In_ ULONG Flags
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_REDSTONE)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlReportExceptionEx(
- _In_ PEXCEPTION_RECORD ExceptionRecord,
- _In_ PCONTEXT ContextRecord,
- _In_ ULONG Flags,
- _In_ PLARGE_INTEGER Timeout
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlWerpReportException(
- _In_ ULONG ProcessId,
- _In_ HANDLE CrashReportSharedMem,
- _In_ ULONG Flags,
- _Out_ PHANDLE CrashVerticalProcessHandle
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlReportSilentProcessExit(
- _In_ HANDLE ProcessHandle,
- _In_ NTSTATUS ExitStatus
- );
-#endif
-
-// Random
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlUniform(
- _Inout_ PULONG Seed
- );
-
-_Ret_range_(<=, MAXLONG)
-NTSYSAPI
-ULONG
-NTAPI
-RtlRandom(
- _Inout_ PULONG Seed
- );
-
-_Ret_range_(<=, MAXLONG)
-NTSYSAPI
-ULONG
-NTAPI
-RtlRandomEx(
- _Inout_ PULONG Seed
- );
-
-#define RTL_IMPORT_TABLE_HASH_REVISION 1
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlComputeImportTableHash(
- _In_ HANDLE FileHandle,
- _Out_writes_bytes_(16) PCHAR Hash,
- _In_ ULONG ImportTableHashRevision // must be 1
- );
-
-// Integer conversion
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlIntegerToChar(
- _In_ ULONG Value,
- _In_opt_ ULONG Base,
- _In_ LONG OutputLength, // negative to pad to width
- _Out_ PSTR String
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCharToInteger(
- _In_ PCSTR String,
- _In_opt_ ULONG Base,
- _Out_ PULONG Value
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlLargeIntegerToChar(
- _In_ PLARGE_INTEGER Value,
- _In_opt_ ULONG Base,
- _In_ LONG OutputLength,
- _Out_ PSTR String
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlIntegerToUnicodeString(
- _In_ ULONG Value,
- _In_opt_ ULONG Base,
- _Inout_ PUNICODE_STRING String
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlInt64ToUnicodeString(
- _In_ ULONGLONG Value,
- _In_opt_ ULONG Base,
- _Inout_ PUNICODE_STRING String
- );
-
-#ifdef _WIN64
-#define RtlIntPtrToUnicodeString(Value, Base, String) RtlInt64ToUnicodeString(Value, Base, String)
-#else
-#define RtlIntPtrToUnicodeString(Value, Base, String) RtlIntegerToUnicodeString(Value, Base, String)
-#endif
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUnicodeStringToInteger(
- _In_ PUNICODE_STRING String,
- _In_opt_ ULONG Base,
- _Out_ PULONG Value
- );
-
-// IPv4/6 conversion
-
-typedef struct in_addr IN_ADDR, *PIN_ADDR;
-typedef struct in6_addr IN6_ADDR, *PIN6_ADDR;
-typedef IN_ADDR const *PCIN_ADDR;
-typedef IN6_ADDR const *PCIN6_ADDR;
-
-NTSYSAPI
-PWSTR
-NTAPI
-RtlIpv4AddressToStringW(
- _In_ PCIN_ADDR Address,
- _Out_writes_(16) PWSTR AddressString
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlIpv4AddressToStringExW(
- _In_ PCIN_ADDR Address,
- _In_ USHORT Port,
- _Out_writes_to_(*AddressStringLength, *AddressStringLength) PWSTR AddressString,
- _Inout_ PULONG AddressStringLength
- );
-
-NTSYSAPI
-PWSTR
-NTAPI
-RtlIpv6AddressToStringW(
- _In_ PCIN6_ADDR Address,
- _Out_writes_(46) PWSTR AddressString
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlIpv6AddressToStringExW(
- _In_ PCIN6_ADDR Address,
- _In_ ULONG ScopeId,
- _In_ USHORT Port,
- _Out_writes_to_(*AddressStringLength, *AddressStringLength) PWSTR AddressString,
- _Inout_ PULONG AddressStringLength
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlIpv4StringToAddressW(
- _In_ PCWSTR AddressString,
- _In_ BOOLEAN Strict,
- _Out_ LPCWSTR *Terminator,
- _Out_ PIN_ADDR Address
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlIpv4StringToAddressExW(
- _In_ PCWSTR AddressString,
- _In_ BOOLEAN Strict,
- _Out_ PIN_ADDR Address,
- _Out_ PUSHORT Port
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlIpv6StringToAddressW(
- _In_ PCWSTR AddressString,
- _Out_ PCWSTR *Terminator,
- _Out_ PIN6_ADDR Address
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlIpv6StringToAddressExW(
- _In_ PCWSTR AddressString,
- _Out_ PIN6_ADDR Address,
- _Out_ PULONG ScopeId,
- _Out_ PUSHORT Port
- );
-
-#define RtlIpv4AddressToString RtlIpv4AddressToStringW
-#define RtlIpv4AddressToStringEx RtlIpv4AddressToStringExW
-#define RtlIpv6AddressToString RtlIpv6AddressToStringW
-#define RtlIpv6AddressToStringEx RtlIpv6AddressToStringExW
-#define RtlIpv4StringToAddress RtlIpv4StringToAddressW
-#define RtlIpv4StringToAddressEx RtlIpv4StringToAddressExW
-#define RtlIpv6StringToAddress RtlIpv6StringToAddressW
-#define RtlIpv6StringToAddressEx RtlIpv6StringToAddressExW
-
-// Time
-
-typedef struct _TIME_FIELDS
-{
- CSHORT Year; // 1601...
- CSHORT Month; // 1..12
- CSHORT Day; // 1..31
- CSHORT Hour; // 0..23
- CSHORT Minute; // 0..59
- CSHORT Second; // 0..59
- CSHORT Milliseconds; // 0..999
- CSHORT Weekday; // 0..6 = Sunday..Saturday
-} TIME_FIELDS, *PTIME_FIELDS;
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlCutoverTimeToSystemTime(
- _In_ PTIME_FIELDS CutoverTime,
- _Out_ PLARGE_INTEGER SystemTime,
- _In_ PLARGE_INTEGER CurrentSystemTime,
- _In_ BOOLEAN ThisYear
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSystemTimeToLocalTime(
- _In_ PLARGE_INTEGER SystemTime,
- _Out_ PLARGE_INTEGER LocalTime
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlLocalTimeToSystemTime(
- _In_ PLARGE_INTEGER LocalTime,
- _Out_ PLARGE_INTEGER SystemTime
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlTimeToElapsedTimeFields(
- _In_ PLARGE_INTEGER Time,
- _Out_ PTIME_FIELDS TimeFields
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlTimeToTimeFields(
- _In_ PLARGE_INTEGER Time,
- _Out_ PTIME_FIELDS TimeFields
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlTimeFieldsToTime(
- _In_ PTIME_FIELDS TimeFields, // Weekday is ignored
- _Out_ PLARGE_INTEGER Time
- );
-
-#define SecondsToStartOf1980 11960006400
-#define SecondsToStartOf1970 11644473600
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlTimeToSecondsSince1980(
- _In_ PLARGE_INTEGER Time,
- _Out_ PULONG ElapsedSeconds
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlSecondsSince1980ToTime(
- _In_ ULONG ElapsedSeconds,
- _Out_ PLARGE_INTEGER Time
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlTimeToSecondsSince1970(
- _In_ PLARGE_INTEGER Time,
- _Out_ PULONG ElapsedSeconds
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlSecondsSince1970ToTime(
- _In_ ULONG ElapsedSeconds,
- _Out_ PLARGE_INTEGER Time
- );
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-NTSYSAPI
-LARGE_INTEGER
-NTAPI
-RtlGetSystemTimePrecise(
- VOID
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN10_21H2)
-NTSYSAPI
-KSYSTEM_TIME
-NTAPI
-RtlGetSystemTimeAndBias(
- _Out_ KSYSTEM_TIME TimeZoneBias,
- _Out_opt_ PLARGE_INTEGER TimeZoneBiasEffectiveStart,
- _Out_opt_ PLARGE_INTEGER TimeZoneBiasEffectiveEnd
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-NTSYSAPI
-LARGE_INTEGER
-NTAPI
-RtlGetInterruptTimePrecise(
- _Out_ PLARGE_INTEGER PerformanceCounter
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlQueryUnbiasedInterruptTime(
- _Out_ PLARGE_INTEGER InterruptTime
- );
-#endif
-
-// Time zones
-
-typedef struct _RTL_TIME_ZONE_INFORMATION
-{
- LONG Bias;
- WCHAR StandardName[32];
- TIME_FIELDS StandardStart;
- LONG StandardBias;
- WCHAR DaylightName[32];
- TIME_FIELDS DaylightStart;
- LONG DaylightBias;
-} RTL_TIME_ZONE_INFORMATION, *PRTL_TIME_ZONE_INFORMATION;
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueryTimeZoneInformation(
- _Out_ PRTL_TIME_ZONE_INFORMATION TimeZoneInformation
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetTimeZoneInformation(
- _In_ PRTL_TIME_ZONE_INFORMATION TimeZoneInformation
- );
-
-// Interlocked bit manipulation interfaces
-
-#define RtlInterlockedSetBits(Flags, Flag) \
- InterlockedOr((PLONG)(Flags), Flag)
-
-#define RtlInterlockedAndBits(Flags, Flag) \
- InterlockedAnd((PLONG)(Flags), Flag)
-
-#define RtlInterlockedClearBits(Flags, Flag) \
- RtlInterlockedAndBits(Flags, ~(Flag))
-
-#define RtlInterlockedXorBits(Flags, Flag) \
- InterlockedXor(Flags, Flag)
-
-#define RtlInterlockedSetBitsDiscardReturn(Flags, Flag) \
- (VOID) RtlInterlockedSetBits(Flags, Flag)
-
-#define RtlInterlockedAndBitsDiscardReturn(Flags, Flag) \
- (VOID) RtlInterlockedAndBits(Flags, Flag)
-
-#define RtlInterlockedClearBitsDiscardReturn(Flags, Flag) \
- RtlInterlockedAndBitsDiscardReturn(Flags, ~(Flag))
-
-// Bitmaps
-
-typedef struct _RTL_BITMAP
-{
- ULONG SizeOfBitMap;
- PULONG Buffer;
-} RTL_BITMAP, *PRTL_BITMAP;
-
-NTSYSAPI
-VOID
-NTAPI
-RtlInitializeBitMap(
- _Out_ PRTL_BITMAP BitMapHeader,
- _In_ PULONG BitMapBuffer,
- _In_ ULONG SizeOfBitMap
- );
-
-#if (PHNT_MODE == PHNT_MODE_KERNEL || PHNT_VERSION >= PHNT_WIN8)
-NTSYSAPI
-VOID
-NTAPI
-RtlClearBit(
- _In_ PRTL_BITMAP BitMapHeader,
- _In_range_(<, BitMapHeader->SizeOfBitMap) ULONG BitNumber
- );
-#endif
-
-#if (PHNT_MODE == PHNT_MODE_KERNEL || PHNT_VERSION >= PHNT_WIN8)
-NTSYSAPI
-VOID
-NTAPI
-RtlSetBit(
- _In_ PRTL_BITMAP BitMapHeader,
- _In_range_(<, BitMapHeader->SizeOfBitMap) ULONG BitNumber
- );
-#endif
-
-_Check_return_
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlTestBit(
- _In_ PRTL_BITMAP BitMapHeader,
- _In_range_(<, BitMapHeader->SizeOfBitMap) ULONG BitNumber
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlClearAllBits(
- _In_ PRTL_BITMAP BitMapHeader
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlSetAllBits(
- _In_ PRTL_BITMAP BitMapHeader
- );
-
-_Success_(return != -1)
-_Check_return_
-NTSYSAPI
-ULONG
-NTAPI
-RtlFindClearBits(
- _In_ PRTL_BITMAP BitMapHeader,
- _In_ ULONG NumberToFind,
- _In_ ULONG HintIndex
- );
-
-_Success_(return != -1)
-_Check_return_
-NTSYSAPI
-ULONG
-NTAPI
-RtlFindSetBits(
- _In_ PRTL_BITMAP BitMapHeader,
- _In_ ULONG NumberToFind,
- _In_ ULONG HintIndex
- );
-
-_Success_(return != -1)
-NTSYSAPI
-ULONG
-NTAPI
-RtlFindClearBitsAndSet(
- _In_ PRTL_BITMAP BitMapHeader,
- _In_ ULONG NumberToFind,
- _In_ ULONG HintIndex
- );
-
-_Success_(return != -1)
-NTSYSAPI
-ULONG
-NTAPI
-RtlFindSetBitsAndClear(
- _In_ PRTL_BITMAP BitMapHeader,
- _In_ ULONG NumberToFind,
- _In_ ULONG HintIndex
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlClearBits(
- _In_ PRTL_BITMAP BitMapHeader,
- _In_range_(0, BitMapHeader->SizeOfBitMap - NumberToClear) ULONG StartingIndex,
- _In_range_(0, BitMapHeader->SizeOfBitMap - StartingIndex) ULONG NumberToClear
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlSetBits(
- _In_ PRTL_BITMAP BitMapHeader,
- _In_range_(0, BitMapHeader->SizeOfBitMap - NumberToSet) ULONG StartingIndex,
- _In_range_(0, BitMapHeader->SizeOfBitMap - StartingIndex) ULONG NumberToSet
- );
-
-NTSYSAPI
-CCHAR
-NTAPI
-RtlFindMostSignificantBit(
- _In_ ULONGLONG Set
- );
-
-NTSYSAPI
-CCHAR
-NTAPI
-RtlFindLeastSignificantBit(
- _In_ ULONGLONG Set
- );
-
-typedef struct _RTL_BITMAP_RUN
-{
- ULONG StartingIndex;
- ULONG NumberOfBits;
-} RTL_BITMAP_RUN, *PRTL_BITMAP_RUN;
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlFindClearRuns(
- _In_ PRTL_BITMAP BitMapHeader,
- _Out_writes_to_(SizeOfRunArray, return) PRTL_BITMAP_RUN RunArray,
- _In_range_(>, 0) ULONG SizeOfRunArray,
- _In_ BOOLEAN LocateLongestRuns
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlFindLongestRunClear(
- _In_ PRTL_BITMAP BitMapHeader,
- _Out_ PULONG StartingIndex
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlFindFirstRunClear(
- _In_ PRTL_BITMAP BitMapHeader,
- _Out_ PULONG StartingIndex
- );
-
-_Check_return_
-FORCEINLINE
-BOOLEAN
-RtlCheckBit(
- _In_ PRTL_BITMAP BitMapHeader,
- _In_range_(<, BitMapHeader->SizeOfBitMap) ULONG BitPosition
- )
-{
-#ifdef _WIN64
- return BitTest64((LONG64 const *)BitMapHeader->Buffer, (LONG64)BitPosition);
-#else
- return (((PLONG)BitMapHeader->Buffer)[BitPosition / 32] >> (BitPosition % 32)) & 0x1;
-#endif
-}
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlNumberOfClearBits(
- _In_ PRTL_BITMAP BitMapHeader
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlNumberOfSetBits(
- _In_ PRTL_BITMAP BitMapHeader
- );
-
-_Check_return_
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlAreBitsClear(
- _In_ PRTL_BITMAP BitMapHeader,
- _In_ ULONG StartingIndex,
- _In_ ULONG Length
- );
-
-_Check_return_
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlAreBitsSet(
- _In_ PRTL_BITMAP BitMapHeader,
- _In_ ULONG StartingIndex,
- _In_ ULONG Length
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlFindNextForwardRunClear(
- _In_ PRTL_BITMAP BitMapHeader,
- _In_ ULONG FromIndex,
- _Out_ PULONG StartingRunIndex
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlFindLastBackwardRunClear(
- _In_ PRTL_BITMAP BitMapHeader,
- _In_ ULONG FromIndex,
- _Out_ PULONG StartingRunIndex
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlNumberOfSetBitsUlongPtr(
- _In_ ULONG_PTR Target
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-
-// rev
-NTSYSAPI
-VOID
-NTAPI
-RtlInterlockedClearBitRun(
- _In_ PRTL_BITMAP BitMapHeader,
- _In_range_(0, BitMapHeader->SizeOfBitMap - NumberToClear) ULONG StartingIndex,
- _In_range_(0, BitMapHeader->SizeOfBitMap - StartingIndex) ULONG NumberToClear
- );
-
-// rev
-NTSYSAPI
-VOID
-NTAPI
-RtlInterlockedSetBitRun(
- _In_ PRTL_BITMAP BitMapHeader,
- _In_range_(0, BitMapHeader->SizeOfBitMap - NumberToSet) ULONG StartingIndex,
- _In_range_(0, BitMapHeader->SizeOfBitMap - StartingIndex) ULONG NumberToSet
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-
-NTSYSAPI
-VOID
-NTAPI
-RtlCopyBitMap(
- _In_ PRTL_BITMAP Source,
- _In_ PRTL_BITMAP Destination,
- _In_range_(0, Destination->SizeOfBitMap - 1) ULONG TargetBit
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlExtractBitMap(
- _In_ PRTL_BITMAP Source,
- _In_ PRTL_BITMAP Destination,
- _In_range_(0, Source->SizeOfBitMap - 1) ULONG TargetBit,
- _In_range_(0, Source->SizeOfBitMap) ULONG NumberOfBits
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlNumberOfClearBitsInRange(
- _In_ PRTL_BITMAP BitMapHeader,
- _In_ ULONG StartingIndex,
- _In_ ULONG Length
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlNumberOfSetBitsInRange(
- _In_ PRTL_BITMAP BitMapHeader,
- _In_ ULONG StartingIndex,
- _In_ ULONG Length
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-
-// private
-typedef struct _RTL_BITMAP_EX
-{
- ULONG64 SizeOfBitMap;
- PULONG64 Buffer;
-} RTL_BITMAP_EX, *PRTL_BITMAP_EX;
-
-// rev
-NTSYSAPI
-VOID
-NTAPI
-RtlInitializeBitMapEx(
- _Out_ PRTL_BITMAP_EX BitMapHeader,
- _In_ PULONG64 BitMapBuffer,
- _In_ ULONG64 SizeOfBitMap
- );
-
-// rev
-_Check_return_
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlTestBitEx(
- _In_ PRTL_BITMAP_EX BitMapHeader,
- _In_range_(<, BitMapHeader->SizeOfBitMap) ULONG64 BitNumber
- );
-
-// rev
-NTSYSAPI
-VOID
-NTAPI
-RtlClearAllBitsEx(
- _In_ PRTL_BITMAP_EX BitMapHeader
- );
-
-// rev
-NTSYSAPI
-VOID
-NTAPI
-RtlClearBitEx(
- _In_ PRTL_BITMAP_EX BitMapHeader,
- _In_range_(<, BitMapHeader->SizeOfBitMap) ULONG64 BitNumber
- );
-
-// rev
-NTSYSAPI
-VOID
-NTAPI
-RtlSetBitEx(
- _In_ PRTL_BITMAP_EX BitMapHeader,
- _In_range_(<, BitMapHeader->SizeOfBitMap) ULONG64 BitNumber
- );
-
-// rev
-NTSYSAPI
-ULONG64
-NTAPI
-RtlFindSetBitsEx(
- _In_ PRTL_BITMAP_EX BitMapHeader,
- _In_ ULONG64 NumberToFind,
- _In_ ULONG64 HintIndex
- );
-
-NTSYSAPI
-ULONG64
-NTAPI
-RtlFindSetBitsAndClearEx(
- _In_ PRTL_BITMAP_EX BitMapHeader,
- _In_ ULONG64 NumberToFind,
- _In_ ULONG64 HintIndex
- );
-
-#endif
-
-// Handle tables
-
-typedef struct _RTL_HANDLE_TABLE_ENTRY
-{
- union
- {
- ULONG Flags; // allocated entries have the low bit set
- struct _RTL_HANDLE_TABLE_ENTRY *NextFree;
- };
-} RTL_HANDLE_TABLE_ENTRY, *PRTL_HANDLE_TABLE_ENTRY;
-
-#define RTL_HANDLE_ALLOCATED (USHORT)0x0001
-
-typedef struct _RTL_HANDLE_TABLE
-{
- ULONG MaximumNumberOfHandles;
- ULONG SizeOfHandleTableEntry;
- ULONG Reserved[2];
- PRTL_HANDLE_TABLE_ENTRY FreeHandles;
- PRTL_HANDLE_TABLE_ENTRY CommittedHandles;
- PRTL_HANDLE_TABLE_ENTRY UnCommittedHandles;
- PRTL_HANDLE_TABLE_ENTRY MaxReservedHandles;
-} RTL_HANDLE_TABLE, *PRTL_HANDLE_TABLE;
-
-NTSYSAPI
-VOID
-NTAPI
-RtlInitializeHandleTable(
- _In_ ULONG MaximumNumberOfHandles,
- _In_ ULONG SizeOfHandleTableEntry,
- _Out_ PRTL_HANDLE_TABLE HandleTable
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDestroyHandleTable(
- _Inout_ PRTL_HANDLE_TABLE HandleTable
- );
-
-NTSYSAPI
-PRTL_HANDLE_TABLE_ENTRY
-NTAPI
-RtlAllocateHandle(
- _In_ PRTL_HANDLE_TABLE HandleTable,
- _Out_opt_ PULONG HandleIndex
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlFreeHandle(
- _In_ PRTL_HANDLE_TABLE HandleTable,
- _In_ PRTL_HANDLE_TABLE_ENTRY Handle
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsValidHandle(
- _In_ PRTL_HANDLE_TABLE HandleTable,
- _In_ PRTL_HANDLE_TABLE_ENTRY Handle
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsValidIndexHandle(
- _In_ PRTL_HANDLE_TABLE HandleTable,
- _In_ ULONG HandleIndex,
- _Out_ PRTL_HANDLE_TABLE_ENTRY *Handle
- );
-
-// Atom tables
-
-#define RTL_ATOM_MAXIMUM_INTEGER_ATOM (RTL_ATOM)0xc000
-#define RTL_ATOM_INVALID_ATOM (RTL_ATOM)0x0000
-#define RTL_ATOM_TABLE_DEFAULT_NUMBER_OF_BUCKETS 37
-#define RTL_ATOM_MAXIMUM_NAME_LENGTH 255
-#define RTL_ATOM_PINNED 0x01
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCreateAtomTable(
- _In_ ULONG NumberOfBuckets,
- _Out_ PVOID *AtomTableHandle
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDestroyAtomTable(
- _In_ _Post_invalid_ PVOID AtomTableHandle
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlEmptyAtomTable(
- _In_ PVOID AtomTableHandle,
- _In_ BOOLEAN IncludePinnedAtoms
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAddAtomToAtomTable(
- _In_ PVOID AtomTableHandle,
- _In_ PWSTR AtomName,
- _Inout_opt_ PRTL_ATOM Atom
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlLookupAtomInAtomTable(
- _In_ PVOID AtomTableHandle,
- _In_ PWSTR AtomName,
- _Out_opt_ PRTL_ATOM Atom
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDeleteAtomFromAtomTable(
- _In_ PVOID AtomTableHandle,
- _In_ RTL_ATOM Atom
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlPinAtomInAtomTable(
- _In_ PVOID AtomTableHandle,
- _In_ RTL_ATOM Atom
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueryAtomInAtomTable(
- _In_ PVOID AtomTableHandle,
- _In_ RTL_ATOM Atom,
- _Out_opt_ PULONG AtomUsage,
- _Out_opt_ PULONG AtomFlags,
- _Inout_updates_bytes_to_opt_(*AtomNameLength, *AtomNameLength) PWSTR AtomName,
- _Inout_opt_ PULONG AtomNameLength
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// rev
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlGetIntegerAtom(
- _In_ PWSTR AtomName,
- _Out_opt_ PUSHORT IntegerAtom
- );
-#endif
-
-// SIDs
-
-_Must_inspect_result_
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlValidSid(
- _In_ PSID Sid
- );
-
-_Must_inspect_result_
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlEqualSid(
- _In_ PSID Sid1,
- _In_ PSID Sid2
- );
-
-_Must_inspect_result_
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlEqualPrefixSid(
- _In_ PSID Sid1,
- _In_ PSID Sid2
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlLengthRequiredSid(
- _In_ ULONG SubAuthorityCount
- );
-
-NTSYSAPI
-PVOID
-NTAPI
-RtlFreeSid(
- _In_ _Post_invalid_ PSID Sid
- );
-
-_Must_inspect_result_
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAllocateAndInitializeSid(
- _In_ PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
- _In_ UCHAR SubAuthorityCount,
- _In_ ULONG SubAuthority0,
- _In_ ULONG SubAuthority1,
- _In_ ULONG SubAuthority2,
- _In_ ULONG SubAuthority3,
- _In_ ULONG SubAuthority4,
- _In_ ULONG SubAuthority5,
- _In_ ULONG SubAuthority6,
- _In_ ULONG SubAuthority7,
- _Outptr_ PSID *Sid
- );
-
-#if (PHNT_VERSION >= PHNT_WINBLUE)
-_Must_inspect_result_
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAllocateAndInitializeSidEx(
- _In_ PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
- _In_ UCHAR SubAuthorityCount,
- _In_reads_(SubAuthorityCount) PULONG SubAuthorities,
- _Outptr_ PSID *Sid
- );
-#endif
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlInitializeSid(
- _Out_ PSID Sid,
- _In_ PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
- _In_ UCHAR SubAuthorityCount
- );
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlInitializeSidEx(
- _Out_writes_bytes_(SECURITY_SID_SIZE(SubAuthorityCount)) PSID Sid,
- _In_ PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
- _In_ UCHAR SubAuthorityCount,
- ...
- );
-#endif
-
-NTSYSAPI
-PSID_IDENTIFIER_AUTHORITY
-NTAPI
-RtlIdentifierAuthoritySid(
- _In_ PSID Sid
- );
-
-NTSYSAPI
-PULONG
-NTAPI
-RtlSubAuthoritySid(
- _In_ PSID Sid,
- _In_ ULONG SubAuthority
- );
-
-NTSYSAPI
-PUCHAR
-NTAPI
-RtlSubAuthorityCountSid(
- _In_ PSID Sid
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlLengthSid(
- _In_ PSID Sid
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCopySid(
- _In_ ULONG DestinationSidLength,
- _Out_writes_bytes_(DestinationSidLength) PSID DestinationSid,
- _In_ PSID SourceSid
- );
-
-// ros
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCopySidAndAttributesArray(
- _In_ ULONG Count,
- _In_ PSID_AND_ATTRIBUTES Src,
- _In_ ULONG SidAreaSize,
- _In_ PSID_AND_ATTRIBUTES Dest,
- _In_ PSID SidArea,
- _Out_ PSID *RemainingSidArea,
- _Out_ PULONG RemainingSidAreaSize
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCreateServiceSid(
- _In_ PUNICODE_STRING ServiceName,
- _Out_writes_bytes_opt_(*ServiceSidLength) PSID ServiceSid,
- _Inout_ PULONG ServiceSidLength
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSidDominates(
- _In_ PSID Sid1,
- _In_ PSID Sid2,
- _Out_ PBOOLEAN Dominates
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_WINBLUE)
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSidDominatesForTrust(
- _In_ PSID Sid1,
- _In_ PSID Sid2,
- _Out_ PBOOLEAN DominatesTrust // TokenProcessTrustLevel
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSidEqualLevel(
- _In_ PSID Sid1,
- _In_ PSID Sid2,
- _Out_ PBOOLEAN EqualLevel
- );
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSidIsHigherLevel(
- _In_ PSID Sid1,
- _In_ PSID Sid2,
- _Out_ PBOOLEAN HigherLevel
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCreateVirtualAccountSid(
- _In_ PUNICODE_STRING Name,
- _In_ ULONG BaseSubAuthority,
- _Out_writes_bytes_(*SidLength) PSID Sid,
- _Inout_ PULONG SidLength
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlReplaceSidInSd(
- _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_ PSID OldSid,
- _In_ PSID NewSid,
- _Out_ ULONG *NumChanges
- );
-#endif
-
-#define MAX_UNICODE_STACK_BUFFER_LENGTH 256
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlLengthSidAsUnicodeString(
- _In_ PSID Sid,
- _Out_ PULONG StringLength
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlConvertSidToUnicodeString(
- _Inout_ PUNICODE_STRING UnicodeString,
- _In_ PSID Sid,
- _In_ BOOLEAN AllocateDestinationString
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSidHashInitialize(
- _In_reads_(SidCount) PSID_AND_ATTRIBUTES SidAttr,
- _In_ ULONG SidCount,
- _Out_ PSID_AND_ATTRIBUTES_HASH SidAttrHash
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSAPI
-PSID_AND_ATTRIBUTES
-NTAPI
-RtlSidHashLookup(
- _In_ PSID_AND_ATTRIBUTES_HASH SidAttrHash,
- _In_ PSID Sid
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// rev
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsElevatedRid(
- _In_ PSID_AND_ATTRIBUTES SidAttr
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDeriveCapabilitySidsFromName(
- _Inout_ PUNICODE_STRING UnicodeString,
- _Out_ PSID CapabilityGroupSid,
- _Out_ PSID CapabilitySid
- );
-#endif
-
-// Security Descriptors
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCreateSecurityDescriptor(
- _Out_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_ ULONG Revision
- );
-
-_Check_return_
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlValidSecurityDescriptor(
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlLengthSecurityDescriptor(
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
- );
-
-_Check_return_
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlValidRelativeSecurityDescriptor(
- _In_reads_bytes_(SecurityDescriptorLength) PSECURITY_DESCRIPTOR SecurityDescriptorInput,
- _In_ ULONG SecurityDescriptorLength,
- _In_ SECURITY_INFORMATION RequiredInformation
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetControlSecurityDescriptor(
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _Out_ PSECURITY_DESCRIPTOR_CONTROL Control,
- _Out_ PULONG Revision
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetControlSecurityDescriptor(
- _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_ SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest,
- _In_ SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetAttributesSecurityDescriptor(
- _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_ SECURITY_DESCRIPTOR_CONTROL Control,
- _Out_ PULONG Revision
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlGetSecurityDescriptorRMControl(
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _Out_ PUCHAR RMControl
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlSetSecurityDescriptorRMControl(
- _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_opt_ PUCHAR RMControl
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetDaclSecurityDescriptor(
- _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_ BOOLEAN DaclPresent,
- _In_opt_ PACL Dacl,
- _In_ BOOLEAN DaclDefaulted
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetDaclSecurityDescriptor(
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _Out_ PBOOLEAN DaclPresent,
- _Outptr_result_maybenull_ PACL *Dacl,
- _Out_ PBOOLEAN DaclDefaulted
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetSaclSecurityDescriptor(
- _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_ BOOLEAN SaclPresent,
- _In_opt_ PACL Sacl,
- _In_ BOOLEAN SaclDefaulted
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetSaclSecurityDescriptor(
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _Out_ PBOOLEAN SaclPresent,
- _Out_ PACL *Sacl,
- _Out_ PBOOLEAN SaclDefaulted
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetOwnerSecurityDescriptor(
- _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_opt_ PSID Owner,
- _In_ BOOLEAN OwnerDefaulted
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetOwnerSecurityDescriptor(
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _Outptr_result_maybenull_ PSID *Owner,
- _Out_ PBOOLEAN OwnerDefaulted
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetGroupSecurityDescriptor(
- _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_opt_ PSID Group,
- _In_ BOOLEAN GroupDefaulted
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetGroupSecurityDescriptor(
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _Outptr_result_maybenull_ PSID *Group,
- _Out_ PBOOLEAN GroupDefaulted
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlMakeSelfRelativeSD(
- _In_ PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
- _Out_writes_bytes_(*BufferLength) PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
- _Inout_ PULONG BufferLength
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAbsoluteToSelfRelativeSD(
- _In_ PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
- _Out_writes_bytes_to_opt_(*BufferLength, *BufferLength) PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
- _Inout_ PULONG BufferLength
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSelfRelativeToAbsoluteSD(
- _In_ PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
- _Out_writes_bytes_to_opt_(*AbsoluteSecurityDescriptorSize, *AbsoluteSecurityDescriptorSize) PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
- _Inout_ PULONG AbsoluteSecurityDescriptorSize,
- _Out_writes_bytes_to_opt_(*DaclSize, *DaclSize) PACL Dacl,
- _Inout_ PULONG DaclSize,
- _Out_writes_bytes_to_opt_(*SaclSize, *SaclSize) PACL Sacl,
- _Inout_ PULONG SaclSize,
- _Out_writes_bytes_to_opt_(*OwnerSize, *OwnerSize) PSID Owner,
- _Inout_ PULONG OwnerSize,
- _Out_writes_bytes_to_opt_(*PrimaryGroupSize, *PrimaryGroupSize) PSID PrimaryGroup,
- _Inout_ PULONG PrimaryGroupSize
- );
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSelfRelativeToAbsoluteSD2(
- _Inout_ PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
- _Inout_ PULONG BufferSize
- );
-
-#if (PHNT_VERSION >= PHNT_19H2)
-__drv_maxIRQL(APC_LEVEL)
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlNormalizeSecurityDescriptor(
- _Inout_ PSECURITY_DESCRIPTOR *SecurityDescriptor,
- _In_ ULONG SecurityDescriptorLength,
- _Out_opt_ PSECURITY_DESCRIPTOR *NewSecurityDescriptor,
- _Out_opt_ PULONG NewSecurityDescriptorLength,
- _In_ BOOLEAN CheckOnly
- );
-#endif
-
-// Access masks
-
-#ifndef PHNT_NO_INLINE_ACCESSES_GRANTED
-FORCEINLINE
-BOOLEAN
-NTAPI
-RtlAreAllAccessesGranted(
- _In_ ACCESS_MASK GrantedAccess,
- _In_ ACCESS_MASK DesiredAccess
- )
-{
- return (~GrantedAccess & DesiredAccess) == 0;
-}
-
-FORCEINLINE
-BOOLEAN
-NTAPI
-RtlAreAnyAccessesGranted(
- _In_ ACCESS_MASK GrantedAccess,
- _In_ ACCESS_MASK DesiredAccess
- )
-{
- return (GrantedAccess & DesiredAccess) != 0;
-}
-#else
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlAreAllAccessesGranted(
- _In_ ACCESS_MASK GrantedAccess,
- _In_ ACCESS_MASK DesiredAccess
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlAreAnyAccessesGranted(
- _In_ ACCESS_MASK GrantedAccess,
- _In_ ACCESS_MASK DesiredAccess
- );
-#endif
-
-NTSYSAPI
-VOID
-NTAPI
-RtlMapGenericMask(
- _Inout_ PACCESS_MASK AccessMask,
- _In_ PGENERIC_MAPPING GenericMapping
- );
-
-// ACLs
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCreateAcl(
- _Out_writes_bytes_(AclLength) PACL Acl,
- _In_ ULONG AclLength,
- _In_ ULONG AclRevision
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlValidAcl(
- _In_ PACL Acl
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueryInformationAcl(
- _In_ PACL Acl,
- _Out_writes_bytes_(AclInformationLength) PVOID AclInformation,
- _In_ ULONG AclInformationLength,
- _In_ ACL_INFORMATION_CLASS AclInformationClass
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetInformationAcl(
- _Inout_ PACL Acl,
- _In_reads_bytes_(AclInformationLength) PVOID AclInformation,
- _In_ ULONG AclInformationLength,
- _In_ ACL_INFORMATION_CLASS AclInformationClass
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAddAce(
- _Inout_ PACL Acl,
- _In_ ULONG AceRevision,
- _In_ ULONG StartingAceIndex,
- _In_reads_bytes_(AceListLength) PVOID AceList,
- _In_ ULONG AceListLength
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDeleteAce(
- _Inout_ PACL Acl,
- _In_ ULONG AceIndex
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetAce(
- _In_ PACL Acl,
- _In_ ULONG AceIndex,
- _Outptr_ PVOID *Ace
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlFirstFreeAce(
- _In_ PACL Acl,
- _Out_ PVOID *FirstFree
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSAPI
-PVOID
-NTAPI
-RtlFindAceByType(
- _In_ PACL Acl,
- _In_ UCHAR AceType,
- _Out_opt_ PULONG Index
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlOwnerAcesPresent(
- _In_ PACL pAcl
- );
-#endif
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAddAccessAllowedAce(
- _Inout_ PACL Acl,
- _In_ ULONG AceRevision,
- _In_ ACCESS_MASK AccessMask,
- _In_ PSID Sid
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAddAccessAllowedAceEx(
- _Inout_ PACL Acl,
- _In_ ULONG AceRevision,
- _In_ ULONG AceFlags,
- _In_ ACCESS_MASK AccessMask,
- _In_ PSID Sid
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAddAccessDeniedAce(
- _Inout_ PACL Acl,
- _In_ ULONG AceRevision,
- _In_ ACCESS_MASK AccessMask,
- _In_ PSID Sid
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAddAccessDeniedAceEx(
- _Inout_ PACL Acl,
- _In_ ULONG AceRevision,
- _In_ ULONG AceFlags,
- _In_ ACCESS_MASK AccessMask,
- _In_ PSID Sid
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAddAuditAccessAce(
- _Inout_ PACL Acl,
- _In_ ULONG AceRevision,
- _In_ ACCESS_MASK AccessMask,
- _In_ PSID Sid,
- _In_ BOOLEAN AuditSuccess,
- _In_ BOOLEAN AuditFailure
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAddAuditAccessAceEx(
- _Inout_ PACL Acl,
- _In_ ULONG AceRevision,
- _In_ ULONG AceFlags,
- _In_ ACCESS_MASK AccessMask,
- _In_ PSID Sid,
- _In_ BOOLEAN AuditSuccess,
- _In_ BOOLEAN AuditFailure
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAddAccessAllowedObjectAce(
- _Inout_ PACL Acl,
- _In_ ULONG AceRevision,
- _In_ ULONG AceFlags,
- _In_ ACCESS_MASK AccessMask,
- _In_opt_ PGUID ObjectTypeGuid,
- _In_opt_ PGUID InheritedObjectTypeGuid,
- _In_ PSID Sid
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAddAccessDeniedObjectAce(
- _Inout_ PACL Acl,
- _In_ ULONG AceRevision,
- _In_ ULONG AceFlags,
- _In_ ACCESS_MASK AccessMask,
- _In_opt_ PGUID ObjectTypeGuid,
- _In_opt_ PGUID InheritedObjectTypeGuid,
- _In_ PSID Sid
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAddAuditAccessObjectAce(
- _Inout_ PACL Acl,
- _In_ ULONG AceRevision,
- _In_ ULONG AceFlags,
- _In_ ACCESS_MASK AccessMask,
- _In_opt_ PGUID ObjectTypeGuid,
- _In_opt_ PGUID InheritedObjectTypeGuid,
- _In_ PSID Sid,
- _In_ BOOLEAN AuditSuccess,
- _In_ BOOLEAN AuditFailure
- );
-
-// private
-#define COMPOUND_ACE_IMPERSONATION 1
-
-// private
-typedef struct _COMPOUND_ACCESS_ALLOWED_ACE
-{
- ACE_HEADER Header;
- ACCESS_MASK Mask;
- USHORT CompoundAceType; // COMPOUND_ACE_*
- USHORT Reserved;
- ULONG SidStart; // Server SID
- // Client SID follows
-} COMPOUND_ACCESS_ALLOWED_ACE, *PCOMPOUND_ACCESS_ALLOWED_ACE;
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAddCompoundAce(
- _Inout_ PACL Acl,
- _In_ ULONG AceRevision,
- _In_ UCHAR AceType, // COMPOUND_ACE_*
- _In_ ACCESS_MASK AccessMask,
- _In_ PSID ServerSid,
- _In_ PSID ClientSid
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAddMandatoryAce(
- _Inout_ PACL Acl,
- _In_ ULONG AceRevision,
- _In_ ULONG AceFlags,
- _In_ PSID Sid,
- _In_ UCHAR AceType,
- _In_ ACCESS_MASK AccessMask
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAddResourceAttributeAce(
- _Inout_ PACL Acl,
- _In_ ULONG AceRevision,
- _In_ ULONG AceFlags,
- _In_ ULONG AccessMask,
- _In_ PSID Sid,
- _In_ PCLAIM_SECURITY_ATTRIBUTES_INFORMATION AttributeInfo,
- _Out_ PULONG ReturnLength
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAddScopedPolicyIDAce(
- _Inout_ PACL Acl,
- _In_ ULONG AceRevision,
- _In_ ULONG AceFlags,
- _In_ ULONG AccessMask,
- _In_ PSID Sid
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAddProcessTrustLabelAce(
- _Inout_ PACL Acl,
- _In_ ULONG AceRevision,
- _In_ ULONG AceFlags,
- _In_ PSID ProcessTrustLabelSid,
- _In_ UCHAR AceType, // SYSTEM_PROCESS_TRUST_LABEL_ACE_TYPE
- _In_ ACCESS_MASK AccessMask
- );
-#endif
-
-// Named pipes
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDefaultNpAcl(
- _Out_ PACL *Acl
- );
-
-// Security objects
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlNewSecurityObject(
- _In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor,
- _In_opt_ PSECURITY_DESCRIPTOR CreatorDescriptor,
- _Out_ PSECURITY_DESCRIPTOR *NewDescriptor,
- _In_ BOOLEAN IsDirectoryObject,
- _In_opt_ HANDLE Token,
- _In_ PGENERIC_MAPPING GenericMapping
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlNewSecurityObjectEx(
- _In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor,
- _In_opt_ PSECURITY_DESCRIPTOR CreatorDescriptor,
- _Out_ PSECURITY_DESCRIPTOR *NewDescriptor,
- _In_opt_ GUID *ObjectType,
- _In_ BOOLEAN IsDirectoryObject,
- _In_ ULONG AutoInheritFlags, // SEF_*
- _In_opt_ HANDLE Token,
- _In_ PGENERIC_MAPPING GenericMapping
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlNewSecurityObjectWithMultipleInheritance(
- _In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor,
- _In_opt_ PSECURITY_DESCRIPTOR CreatorDescriptor,
- _Out_ PSECURITY_DESCRIPTOR *NewDescriptor,
- _In_opt_ GUID **ObjectType,
- _In_ ULONG GuidCount,
- _In_ BOOLEAN IsDirectoryObject,
- _In_ ULONG AutoInheritFlags, // SEF_*
- _In_opt_ HANDLE Token,
- _In_ PGENERIC_MAPPING GenericMapping
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDeleteSecurityObject(
- _Inout_ PSECURITY_DESCRIPTOR *ObjectDescriptor
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQuerySecurityObject(
- _In_ PSECURITY_DESCRIPTOR ObjectDescriptor,
- _In_ SECURITY_INFORMATION SecurityInformation,
- _Out_opt_ PSECURITY_DESCRIPTOR ResultantDescriptor,
- _In_ ULONG DescriptorLength,
- _Out_ PULONG ReturnLength
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetSecurityObject(
- _In_ SECURITY_INFORMATION SecurityInformation,
- _In_ PSECURITY_DESCRIPTOR ModificationDescriptor,
- _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
- _In_ PGENERIC_MAPPING GenericMapping,
- _In_opt_ HANDLE TokenHandle
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetSecurityObjectEx(
- _In_ SECURITY_INFORMATION SecurityInformation,
- _In_ PSECURITY_DESCRIPTOR ModificationDescriptor,
- _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
- _In_ ULONG AutoInheritFlags, // SEF_*
- _In_ PGENERIC_MAPPING GenericMapping,
- _In_opt_ HANDLE TokenHandle
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlConvertToAutoInheritSecurityObject(
- _In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor,
- _In_ PSECURITY_DESCRIPTOR CurrentSecurityDescriptor,
- _Out_ PSECURITY_DESCRIPTOR *NewSecurityDescriptor,
- _In_opt_ GUID *ObjectType,
- _In_ BOOLEAN IsDirectoryObject,
- _In_ PGENERIC_MAPPING GenericMapping
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlNewInstanceSecurityObject(
- _In_ BOOLEAN ParentDescriptorChanged,
- _In_ BOOLEAN CreatorDescriptorChanged,
- _In_ PLUID OldClientTokenModifiedId,
- _Out_ PLUID NewClientTokenModifiedId,
- _In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor,
- _In_opt_ PSECURITY_DESCRIPTOR CreatorDescriptor,
- _Out_ PSECURITY_DESCRIPTOR *NewDescriptor,
- _In_ BOOLEAN IsDirectoryObject,
- _In_ HANDLE TokenHandle,
- _In_ PGENERIC_MAPPING GenericMapping
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCopySecurityDescriptor(
- _In_ PSECURITY_DESCRIPTOR InputSecurityDescriptor,
- _Out_ PSECURITY_DESCRIPTOR *OutputSecurityDescriptor
- );
-
-// private
-typedef struct _RTL_ACE_DATA
-{
- UCHAR AceType;
- UCHAR InheritFlags;
- UCHAR AceFlags;
- ACCESS_MASK AccessMask;
- PSID* Sid;
-} RTL_ACE_DATA, *PRTL_ACE_DATA;
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCreateUserSecurityObject(
- _In_ PRTL_ACE_DATA AceData,
- _In_ ULONG AceCount,
- _In_ PSID OwnerSid,
- _In_ PSID GroupSid,
- _In_ BOOLEAN IsDirectoryObject,
- _In_ PGENERIC_MAPPING GenericMapping,
- _Out_ PSECURITY_DESCRIPTOR* NewSecurityDescriptor
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCreateAndSetSD(
- _In_ PRTL_ACE_DATA AceData,
- _In_ ULONG AceCount,
- _In_opt_ PSID OwnerSid,
- _In_opt_ PSID GroupSid,
- _Out_ PSECURITY_DESCRIPTOR* NewSecurityDescriptor
- );
-
-// Misc. security
-
-NTSYSAPI
-VOID
-NTAPI
-RtlRunEncodeUnicodeString(
- _Inout_ PUCHAR Seed,
- _Inout_ PUNICODE_STRING String
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlRunDecodeUnicodeString(
- _In_ UCHAR Seed,
- _Inout_ PUNICODE_STRING String
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlImpersonateSelf(
- _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlImpersonateSelfEx(
- _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
- _In_opt_ ACCESS_MASK AdditionalAccess,
- _Out_opt_ PHANDLE ThreadToken
- );
-#endif
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAdjustPrivilege(
- _In_ ULONG Privilege,
- _In_ BOOLEAN Enable,
- _In_ BOOLEAN Client,
- _Out_ PBOOLEAN WasEnabled
- );
-
-#define RTL_ACQUIRE_PRIVILEGE_REVERT 0x00000001
-#define RTL_ACQUIRE_PRIVILEGE_PROCESS 0x00000002
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAcquirePrivilege(
- _In_ PULONG Privilege,
- _In_ ULONG NumPriv,
- _In_ ULONG Flags,
- _Out_ PVOID *ReturnedState
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlReleasePrivilege(
- _In_ PVOID StatePointer
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlRemovePrivileges(
- _In_ HANDLE TokenHandle,
- _In_ PULONG PrivilegesToKeep,
- _In_ ULONG PrivilegeCount
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlIsUntrustedObject(
- _In_opt_ HANDLE Handle,
- _In_opt_ PVOID Object,
- _Out_ PBOOLEAN IsUntrustedObject
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlQueryValidationRunlevel(
- _In_opt_ PUNICODE_STRING ComponentName
- );
-
-#endif
-
-// Private namespaces
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-// rev
-#define BOUNDARY_DESCRIPTOR_ADD_APPCONTAINER_SID 0x0001
-
-// begin_private
-
-_Ret_maybenull_
-_Success_(return != NULL)
-NTSYSAPI
-POBJECT_BOUNDARY_DESCRIPTOR
-NTAPI
-RtlCreateBoundaryDescriptor(
- _In_ PUNICODE_STRING Name,
- _In_ ULONG Flags
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlDeleteBoundaryDescriptor(
- _In_ _Post_invalid_ POBJECT_BOUNDARY_DESCRIPTOR BoundaryDescriptor
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAddSIDToBoundaryDescriptor(
- _Inout_ POBJECT_BOUNDARY_DESCRIPTOR *BoundaryDescriptor,
- _In_ PSID RequiredSid
- );
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAddIntegrityLabelToBoundaryDescriptor(
- _Inout_ POBJECT_BOUNDARY_DESCRIPTOR *BoundaryDescriptor,
- _In_ PSID IntegrityLabel
- );
-#endif
-
-// end_private
-
-#endif
-
-// Version
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetVersion(
- _Out_ PRTL_OSVERSIONINFOEXW VersionInformation // PRTL_OSVERSIONINFOW
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlVerifyVersionInfo(
- _In_ PRTL_OSVERSIONINFOEXW VersionInformation, // PRTL_OSVERSIONINFOW
- _In_ ULONG TypeMask,
- _In_ ULONGLONG ConditionMask
- );
-
-// rev
-NTSYSAPI
-VOID
-NTAPI
-RtlGetNtVersionNumbers(
- _Out_opt_ PULONG NtMajorVersion,
- _Out_opt_ PULONG NtMinorVersion,
- _Out_opt_ PULONG NtBuildNumber
- );
-
-// System information
-
-// rev
-NTSYSAPI
-ULONG
-NTAPI
-RtlGetNtGlobalFlags(
- VOID
- );
-
-// rev
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlGetNtProductType(
- _Out_ PNT_PRODUCT_TYPE NtProductType
- );
-
-#if (PHNT_VERSION >= PHNT_REDSTONE)
-// private
-NTSYSAPI
-ULONG
-NTAPI
-RtlGetSuiteMask(
- VOID
- );
-#endif
-
-// Thread pool (old)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlRegisterWait(
- _Out_ PHANDLE WaitHandle,
- _In_ HANDLE Handle,
- _In_ WAITORTIMERCALLBACKFUNC Function,
- _In_opt_ PVOID Context,
- _In_ ULONG Milliseconds,
- _In_ ULONG Flags
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDeregisterWait(
- _In_ HANDLE WaitHandle
- );
-
-#define RTL_WAITER_DEREGISTER_WAIT_FOR_COMPLETION ((HANDLE)(LONG_PTR)-1)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDeregisterWaitEx(
- _In_ HANDLE WaitHandle,
- _In_opt_ HANDLE CompletionEvent // optional: RTL_WAITER_DEREGISTER_WAIT_FOR_COMPLETION
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueueWorkItem(
- _In_ WORKERCALLBACKFUNC Function,
- _In_opt_ PVOID Context,
- _In_ ULONG Flags
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetIoCompletionCallback(
- _In_ HANDLE FileHandle,
- _In_ APC_CALLBACK_FUNCTION CompletionProc,
- _In_ ULONG Flags
- );
-
-_Function_class_(RTL_START_POOL_THREAD)
-typedef NTSTATUS (NTAPI RTL_START_POOL_THREAD)(
- _In_ PTHREAD_START_ROUTINE Function,
- _In_ PVOID Parameter,
- _Out_ PHANDLE ThreadHandle
- );
-typedef RTL_START_POOL_THREAD *PRTL_START_POOL_THREAD;
-
-_Function_class_(RTL_EXIT_POOL_THREAD)
-typedef NTSTATUS (NTAPI RTL_EXIT_POOL_THREAD)(
- _In_ NTSTATUS ExitStatus
- );
-typedef RTL_EXIT_POOL_THREAD *PRTL_EXIT_POOL_THREAD;
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetThreadPoolStartFunc(
- _In_ PRTL_START_POOL_THREAD StartPoolThread,
- _In_ PRTL_EXIT_POOL_THREAD ExitPoolThread
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlUserThreadStart(
- _In_ PTHREAD_START_ROUTINE Function,
- _In_ PVOID Parameter
- );
-
-NTSYSAPI
-VOID
-NTAPI
-LdrInitializeThunk(
- _In_ PCONTEXT ContextRecord,
- _In_ PVOID Parameter
- );
-
-// Thread execution
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-RtlDelayExecution(
- _In_ BOOLEAN Alertable,
- _In_opt_ PLARGE_INTEGER DelayInterval
- );
-
-// Timer support
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCreateTimerQueue(
- _Out_ PHANDLE TimerQueueHandle
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCreateTimer(
- _In_ HANDLE TimerQueueHandle,
- _Out_ PHANDLE Handle,
- _In_ WAITORTIMERCALLBACKFUNC Function,
- _In_opt_ PVOID Context,
- _In_ ULONG DueTime,
- _In_ ULONG Period,
- _In_ ULONG Flags
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetTimer(
- _In_ HANDLE TimerQueueHandle,
- _Out_ PHANDLE Handle,
- _In_ WAITORTIMERCALLBACKFUNC Function,
- _In_opt_ PVOID Context,
- _In_ ULONG DueTime,
- _In_ ULONG Period,
- _In_ ULONG Flags
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUpdateTimer(
- _In_ HANDLE TimerQueueHandle,
- _In_ HANDLE TimerHandle,
- _In_ ULONG DueTime,
- _In_ ULONG Period
- );
-
-#define RTL_TIMER_DELETE_WAIT_FOR_COMPLETION ((HANDLE)(LONG_PTR)-1)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDeleteTimer(
- _In_ HANDLE TimerQueueHandle,
- _In_ HANDLE TimerToCancel,
- _In_opt_ HANDLE Event // optional: RTL_TIMER_DELETE_WAIT_FOR_COMPLETION
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDeleteTimerQueue(
- _In_ HANDLE TimerQueueHandle
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDeleteTimerQueueEx(
- _In_ HANDLE TimerQueueHandle,
- _In_opt_ HANDLE Event
- );
-
-// Registry access
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlFormatCurrentUserKeyPath(
- _Out_ PUNICODE_STRING CurrentUserKeyPath
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlOpenCurrentUser(
- _In_ ACCESS_MASK DesiredAccess,
- _Out_ PHANDLE CurrentUserKey
- );
-
-#define RTL_REGISTRY_ABSOLUTE 0
-#define RTL_REGISTRY_SERVICES 1 // \Registry\Machine\System\CurrentControlSet\Services
-#define RTL_REGISTRY_CONTROL 2 // \Registry\Machine\System\CurrentControlSet\Control
-#define RTL_REGISTRY_WINDOWS_NT 3 // \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion
-#define RTL_REGISTRY_DEVICEMAP 4 // \Registry\Machine\Hardware\DeviceMap
-#define RTL_REGISTRY_USER 5 // \Registry\User\CurrentUser
-#define RTL_REGISTRY_MAXIMUM 6
-#define RTL_REGISTRY_HANDLE 0x40000000
-#define RTL_REGISTRY_OPTIONAL 0x80000000
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCreateRegistryKey(
- _In_ ULONG RelativeTo,
- _In_ PWSTR Path
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCheckRegistryKey(
- _In_ ULONG RelativeTo,
- _In_ PWSTR Path
- );
-
-_Function_class_(RTL_QUERY_REGISTRY_ROUTINE)
-typedef NTSTATUS (NTAPI RTL_QUERY_REGISTRY_ROUTINE)(
- _In_ PWSTR ValueName,
- _In_ ULONG ValueType,
- _In_ PVOID ValueData,
- _In_ ULONG ValueLength,
- _In_opt_ PVOID Context,
- _In_opt_ PVOID EntryContext
- );
-typedef RTL_QUERY_REGISTRY_ROUTINE *PRTL_QUERY_REGISTRY_ROUTINE;
-
-typedef struct _RTL_QUERY_REGISTRY_TABLE
-{
- PRTL_QUERY_REGISTRY_ROUTINE QueryRoutine;
- ULONG Flags;
- PWSTR Name;
- PVOID EntryContext;
- ULONG DefaultType;
- PVOID DefaultData;
- ULONG DefaultLength;
-} RTL_QUERY_REGISTRY_TABLE, *PRTL_QUERY_REGISTRY_TABLE;
-
-#define RTL_QUERY_REGISTRY_SUBKEY 0x00000001
-#define RTL_QUERY_REGISTRY_TOPKEY 0x00000002
-#define RTL_QUERY_REGISTRY_REQUIRED 0x00000004
-#define RTL_QUERY_REGISTRY_NOVALUE 0x00000008
-#define RTL_QUERY_REGISTRY_NOEXPAND 0x00000010
-#define RTL_QUERY_REGISTRY_DIRECT 0x00000020
-#define RTL_QUERY_REGISTRY_DELETE 0x00000040
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueryRegistryValues(
- _In_ ULONG RelativeTo,
- _In_ PCWSTR Path,
- _Inout_ _At_(*(*QueryTable).EntryContext, _Pre_unknown_) PRTL_QUERY_REGISTRY_TABLE QueryTable,
- _In_opt_ PVOID Context,
- _In_opt_ PVOID Environment
- );
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueryRegistryValuesEx(
- _In_ ULONG RelativeTo,
- _In_ PCWSTR Path,
- _Inout_ _At_(*(*QueryTable).EntryContext, _Pre_unknown_) PRTL_QUERY_REGISTRY_TABLE QueryTable,
- _In_opt_ PVOID Context,
- _In_opt_ PVOID Environment
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_REDSTONE4)
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueryRegistryValueWithFallback(
- _In_opt_ HANDLE PrimaryHandle,
- _In_opt_ HANDLE FallbackHandle,
- _In_ PUNICODE_STRING ValueName,
- _In_ ULONG ValueLength,
- _Out_opt_ PULONG ValueType,
- _Out_writes_bytes_to_(ValueLength, *ResultLength) PVOID ValueData,
- _Out_range_(<= , ValueLength) PULONG ResultLength
- );
-#endif
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlWriteRegistryValue(
- _In_ ULONG RelativeTo,
- _In_ PCWSTR Path,
- _In_ PCWSTR ValueName,
- _In_ ULONG ValueType,
- _In_ PVOID ValueData,
- _In_ ULONG ValueLength
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDeleteRegistryValue(
- _In_ ULONG RelativeTo,
- _In_ PCWSTR Path,
- _In_ PCWSTR ValueName
- );
-
-// Thread profiling
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlEnableThreadProfiling(
- _In_ HANDLE ThreadHandle,
- _In_ ULONG Flags,
- _In_ ULONG64 HardwareCounters,
- _Out_ PVOID *PerformanceDataHandle
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDisableThreadProfiling(
- _In_ PVOID PerformanceDataHandle
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueryThreadProfiling(
- _In_ HANDLE ThreadHandle,
- _Out_ PBOOLEAN Enabled
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlReadThreadProfilingData(
- _In_ HANDLE PerformanceDataHandle,
- _In_ ULONG Flags,
- _Out_ PPERFORMANCE_DATA PerformanceData
- );
-
-#endif
-
-// WOW64
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetNativeSystemInformation(
- _In_ ULONG SystemInformationClass,
- _In_ PVOID NativeSystemInformation,
- _In_ ULONG InformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueueApcWow64Thread(
- _In_ HANDLE ThreadHandle,
- _In_ PPS_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcArgument1,
- _In_opt_ PVOID ApcArgument2,
- _In_opt_ PVOID ApcArgument3
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlWow64EnableFsRedirection(
- _In_ BOOLEAN Wow64FsEnableRedirection
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlWow64EnableFsRedirectionEx(
- _In_ PVOID Wow64FsEnableRedirection,
- _Out_ PVOID *OldFsRedirectionLevel
- );
-
-// Misc.
-
-NTSYSAPI
-ULONG32
-NTAPI
-RtlComputeCrc32(
- _In_ ULONG32 PartialCrc,
- _In_ PVOID Buffer,
- _In_ ULONG Length
- );
-
-NTSYSAPI
-PVOID
-NTAPI
-RtlEncodePointer(
- _In_ PVOID Ptr
- );
-
-NTSYSAPI
-PVOID
-NTAPI
-RtlDecodePointer(
- _In_ PVOID Ptr
- );
-
-NTSYSAPI
-PVOID
-NTAPI
-RtlEncodeSystemPointer(
- _In_ PVOID Ptr
- );
-
-NTSYSAPI
-PVOID
-NTAPI
-RtlDecodeSystemPointer(
- _In_ PVOID Ptr
- );
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlEncodeRemotePointer(
- _In_ HANDLE ProcessHandle,
- _In_ PVOID Pointer,
- _Out_ PVOID *EncodedPointer
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDecodeRemotePointer(
- _In_ HANDLE ProcessHandle,
- _In_ PVOID Pointer,
- _Out_ PVOID *DecodedPointer
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-
-// rev
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsProcessorFeaturePresent(
- _In_ ULONG ProcessorFeature
- );
-
-#endif
-
-// rev
-NTSYSAPI
-ULONG
-NTAPI
-RtlGetCurrentProcessorNumber(
- VOID
- );
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-
-// rev
-NTSYSAPI
-VOID
-NTAPI
-RtlGetCurrentProcessorNumberEx(
- _Out_ PPROCESSOR_NUMBER ProcessorNumber
- );
-
-#endif
-
-// Stack support
-
-NTSYSAPI
-VOID
-NTAPI
-RtlPushFrame(
- _In_ PTEB_ACTIVE_FRAME Frame
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlPopFrame(
- _In_ PTEB_ACTIVE_FRAME Frame
- );
-
-NTSYSAPI
-PTEB_ACTIVE_FRAME
-NTAPI
-RtlGetFrame(
- VOID
- );
-
-#define RTL_WALK_USER_MODE_STACK 0x00000001
-#define RTL_WALK_VALID_FLAGS 0x00000001
-#define RTL_STACK_WALKING_MODE_FRAMES_TO_SKIP_SHIFT 0x00000008
-
-// private
-NTSYSAPI
-ULONG
-NTAPI
-RtlWalkFrameChain(
- _Out_writes_(Count - (Flags >> RTL_STACK_WALKING_MODE_FRAMES_TO_SKIP_SHIFT)) PVOID *Callers,
- _In_ ULONG Count,
- _In_ ULONG Flags
- );
-
-// rev
-NTSYSAPI
-VOID
-NTAPI
-RtlGetCallersAddress( // Use the intrinsic _ReturnAddress instead.
- _Out_ PVOID *CallersAddress,
- _Out_ PVOID *CallersCaller
- );
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-
-NTSYSAPI
-ULONG64
-NTAPI
-RtlGetEnabledExtendedFeatures(
- _In_ ULONG64 FeatureMask
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_REDSTONE4)
-
-// msdn
-NTSYSAPI
-ULONG64
-NTAPI
-RtlGetEnabledExtendedAndSupervisorFeatures(
- _In_ ULONG64 FeatureMask
- );
-
-// msdn
-_Ret_maybenull_
-_Success_(return != NULL)
-NTSYSAPI
-PVOID
-NTAPI
-RtlLocateSupervisorFeature(
- _In_ PXSAVE_AREA_HEADER XStateHeader,
- _In_range_(XSTATE_AVX, MAXIMUM_XSTATE_FEATURES - 1) ULONG FeatureId,
- _Out_opt_ PULONG Length
- );
-
-#endif
-
-// private
-typedef union _RTL_ELEVATION_FLAGS
-{
- ULONG Flags;
- struct
- {
- ULONG ElevationEnabled : 1;
- ULONG VirtualizationEnabled : 1;
- ULONG InstallerDetectEnabled : 1;
- ULONG ReservedBits : 29;
- };
-} RTL_ELEVATION_FLAGS, *PRTL_ELEVATION_FLAGS;
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueryElevationFlags(
- _Out_ PRTL_ELEVATION_FLAGS Flags
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlRegisterThreadWithCsrss(
- VOID
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlLockCurrentThread(
- VOID
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUnlockCurrentThread(
- VOID
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlLockModuleSection(
- _In_ PVOID Address
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUnlockModuleSection(
- _In_ PVOID Address
- );
-
-#endif
-
-// begin_msdn:"Winternl"
-
-#define RTL_UNLOAD_EVENT_TRACE_NUMBER 64
-
-// private
-typedef struct _RTL_UNLOAD_EVENT_TRACE
-{
- PVOID BaseAddress;
- SIZE_T SizeOfImage;
- ULONG Sequence;
- ULONG TimeDateStamp;
- ULONG CheckSum;
- WCHAR ImageName[32];
- ULONG Version[2];
-} RTL_UNLOAD_EVENT_TRACE, *PRTL_UNLOAD_EVENT_TRACE;
-
-typedef struct _RTL_UNLOAD_EVENT_TRACE32
-{
- ULONG BaseAddress;
- ULONG SizeOfImage;
- ULONG Sequence;
- ULONG TimeDateStamp;
- ULONG CheckSum;
- WCHAR ImageName[32];
- ULONG Version[2];
-} RTL_UNLOAD_EVENT_TRACE32, *PRTL_UNLOAD_EVENT_TRACE32;
-
-NTSYSAPI
-PRTL_UNLOAD_EVENT_TRACE
-NTAPI
-RtlGetUnloadEventTrace(
- VOID
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSAPI
-VOID
-NTAPI
-RtlGetUnloadEventTraceEx(
- _Out_ PULONG *ElementSize,
- _Out_ PULONG *ElementCount,
- _Out_ PVOID *EventTrace // works across all processes
- );
-#endif
-
-// end_msdn
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-// rev
-NTSYSAPI
-LOGICAL
-NTAPI
-RtlQueryPerformanceCounter(
- _Out_ PLARGE_INTEGER PerformanceCounter
- );
-
-// rev
-NTSYSAPI
-LOGICAL
-NTAPI
-RtlQueryPerformanceFrequency(
- _Out_ PLARGE_INTEGER PerformanceFrequency
- );
-#endif
-
-// Image Mitigation
-
-// rev
-typedef enum _IMAGE_MITIGATION_POLICY
-{
- ImageDepPolicy, // RTL_IMAGE_MITIGATION_DEP_POLICY
- ImageAslrPolicy, // RTL_IMAGE_MITIGATION_ASLR_POLICY
- ImageDynamicCodePolicy, // RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY
- ImageStrictHandleCheckPolicy, // RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY
- ImageSystemCallDisablePolicy, // RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY
- ImageMitigationOptionsMask,
- ImageExtensionPointDisablePolicy, // RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY
- ImageControlFlowGuardPolicy, // RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY
- ImageSignaturePolicy, // RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY
- ImageFontDisablePolicy, // RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY
- ImageImageLoadPolicy, // RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY
- ImagePayloadRestrictionPolicy, // RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY
- ImageChildProcessPolicy, // RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY
- ImageSehopPolicy, // RTL_IMAGE_MITIGATION_SEHOP_POLICY
- ImageHeapPolicy, // RTL_IMAGE_MITIGATION_HEAP_POLICY
- ImageUserShadowStackPolicy, // RTL_IMAGE_MITIGATION_USER_SHADOW_STACK_POLICY
- ImageRedirectionTrustPolicy, // RTL_IMAGE_MITIGATION_REDIRECTION_TRUST_POLICY
- ImageUserPointerAuthPolicy, // RTL_IMAGE_MITIGATION_USER_POINTER_AUTH_POLICY
- MaxImageMitigationPolicy
-} IMAGE_MITIGATION_POLICY;
-
-// rev
-typedef union _RTL_IMAGE_MITIGATION_POLICY
-{
- struct
- {
- ULONG64 AuditState : 2;
- ULONG64 AuditFlag : 1;
- ULONG64 EnableAdditionalAuditingOption : 1;
- ULONG64 Reserved : 60;
- };
- struct
- {
- ULONG64 PolicyState : 2;
- ULONG64 AlwaysInherit : 1;
- ULONG64 EnableAdditionalPolicyOption : 1;
- ULONG64 AuditReserved : 60;
- };
-} RTL_IMAGE_MITIGATION_POLICY, *PRTL_IMAGE_MITIGATION_POLICY;
-
-// rev
-typedef struct _RTL_IMAGE_MITIGATION_DEP_POLICY
-{
- RTL_IMAGE_MITIGATION_POLICY Dep;
-} RTL_IMAGE_MITIGATION_DEP_POLICY, *PRTL_IMAGE_MITIGATION_DEP_POLICY;
-
-// rev
-typedef struct _RTL_IMAGE_MITIGATION_ASLR_POLICY
-{
- RTL_IMAGE_MITIGATION_POLICY ForceRelocateImages;
- RTL_IMAGE_MITIGATION_POLICY BottomUpRandomization;
- RTL_IMAGE_MITIGATION_POLICY HighEntropyRandomization;
-} RTL_IMAGE_MITIGATION_ASLR_POLICY, *PRTL_IMAGE_MITIGATION_ASLR_POLICY;
-
-// rev
-typedef struct _RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY
-{
- RTL_IMAGE_MITIGATION_POLICY BlockDynamicCode;
-} RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY, *PRTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY;
-
-// rev
-typedef struct _RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY
-{
- RTL_IMAGE_MITIGATION_POLICY StrictHandleChecks;
-} RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY, *PRTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY;
-
-// rev
-typedef struct _RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY
-{
- RTL_IMAGE_MITIGATION_POLICY BlockWin32kSystemCalls;
-} RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY, *PRTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY;
-
-// rev
-typedef struct _RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY
-{
- RTL_IMAGE_MITIGATION_POLICY DisableExtensionPoints;
-} RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY, *PRTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY;
-
-// rev
-typedef struct _RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY
-{
- RTL_IMAGE_MITIGATION_POLICY ControlFlowGuard;
- RTL_IMAGE_MITIGATION_POLICY StrictControlFlowGuard;
-} RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY, *PRTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY;
-
-// rev
-typedef struct _RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY
-{
- RTL_IMAGE_MITIGATION_POLICY BlockNonMicrosoftSignedBinaries;
- RTL_IMAGE_MITIGATION_POLICY EnforceSigningOnModuleDependencies;
-} RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY, *PRTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY;
-
-// rev
-typedef struct _RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY
-{
- RTL_IMAGE_MITIGATION_POLICY DisableNonSystemFonts;
-} RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY, *PRTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY;
-
-// rev
-typedef struct _RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY
-{
- RTL_IMAGE_MITIGATION_POLICY BlockRemoteImageLoads;
- RTL_IMAGE_MITIGATION_POLICY BlockLowLabelImageLoads;
- RTL_IMAGE_MITIGATION_POLICY PreferSystem32;
-} RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY, *PRTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY;
-
-// rev
-typedef struct _RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY
-{
- RTL_IMAGE_MITIGATION_POLICY EnableExportAddressFilter;
- RTL_IMAGE_MITIGATION_POLICY EnableExportAddressFilterPlus;
- RTL_IMAGE_MITIGATION_POLICY EnableImportAddressFilter;
- RTL_IMAGE_MITIGATION_POLICY EnableRopStackPivot;
- RTL_IMAGE_MITIGATION_POLICY EnableRopCallerCheck;
- RTL_IMAGE_MITIGATION_POLICY EnableRopSimExec;
- WCHAR EafPlusModuleList[512]; // 19H1
-} RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY, *PRTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY;
-
-// rev
-typedef struct _RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY
-{
- RTL_IMAGE_MITIGATION_POLICY DisallowChildProcessCreation;
-} RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY, *PRTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY;
-
-// rev
-typedef struct _RTL_IMAGE_MITIGATION_SEHOP_POLICY
-{
- RTL_IMAGE_MITIGATION_POLICY Sehop;
-} RTL_IMAGE_MITIGATION_SEHOP_POLICY, *PRTL_IMAGE_MITIGATION_SEHOP_POLICY;
-
-// rev
-typedef struct _RTL_IMAGE_MITIGATION_HEAP_POLICY
-{
- RTL_IMAGE_MITIGATION_POLICY TerminateOnHeapErrors;
-} RTL_IMAGE_MITIGATION_HEAP_POLICY, *PRTL_IMAGE_MITIGATION_HEAP_POLICY;
-
-// rev
-typedef struct _RTL_IMAGE_MITIGATION_USER_SHADOW_STACK_POLICY
-{
- RTL_IMAGE_MITIGATION_POLICY UserShadowStack;
- RTL_IMAGE_MITIGATION_POLICY SetContextIpValidation;
- RTL_IMAGE_MITIGATION_POLICY BlockNonCetBinaries;
-} RTL_IMAGE_MITIGATION_USER_SHADOW_STACK_POLICY, *PRTL_IMAGE_MITIGATION_USER_SHADOW_STACK_POLICY;
-
-// rev
-typedef struct _RTL_IMAGE_MITIGATION_REDIRECTION_TRUST_POLICY
-{
- RTL_IMAGE_MITIGATION_POLICY BlockUntrustedRedirections;
-} RTL_IMAGE_MITIGATION_REDIRECTION_TRUST_POLICY, *PRTL_IMAGE_MITIGATION_REDIRECTION_TRUST_POLICY;
-
-// rev
-typedef struct _RTL_IMAGE_MITIGATION_USER_POINTER_AUTH_POLICY
-{
- RTL_IMAGE_MITIGATION_POLICY PointerAuthUserIp;
-} RTL_IMAGE_MITIGATION_USER_POINTER_AUTH_POLICY, *PRTL_IMAGE_MITIGATION_USER_POINTER_AUTH_POLICY;
-
-// rev
-typedef enum _RTL_IMAGE_MITIGATION_OPTION_STATE
-{
- RtlMitigationOptionStateNotConfigured,
- RtlMitigationOptionStateOn,
- RtlMitigationOptionStateOff,
- RtlMitigationOptionStateForce,
- RtlMitigationOptionStateOption
-} RTL_IMAGE_MITIGATION_OPTION_STATE;
-
-#define RTL_IMAGE_MITIGATION_OPTION_STATEMASK 3UL
-#define RTL_IMAGE_MITIGATION_OPTION_FORCEMASK 4UL
-#define RTL_IMAGE_MITIGATION_OPTION_OPTIONMASK 8UL
-
-// rev from PROCESS_MITIGATION_FLAGS
-#define RTL_IMAGE_MITIGATION_FLAG_RESET 0x1
-#define RTL_IMAGE_MITIGATION_FLAG_REMOVE 0x2
-#define RTL_IMAGE_MITIGATION_FLAG_OSDEFAULT 0x4
-#define RTL_IMAGE_MITIGATION_FLAG_AUDIT 0x8
-
-#if (PHNT_VERSION >= PHNT_REDSTONE3)
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueryImageMitigationPolicy(
- _In_opt_ PWSTR ImagePath, // NULL for system-wide defaults
- _In_ IMAGE_MITIGATION_POLICY Policy,
- _In_ ULONG Flags,
- _Inout_ PVOID Buffer,
- _In_ ULONG BufferSize
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetImageMitigationPolicy(
- _In_opt_ PWSTR ImagePath, // NULL for system-wide defaults
- _In_ IMAGE_MITIGATION_POLICY Policy,
- _In_ ULONG Flags,
- _Inout_ PVOID Buffer,
- _In_ ULONG BufferSize
- );
-
-#endif
-
-// session
-
-// rev
-NTSYSAPI
-ULONG
-NTAPI
-RtlGetCurrentServiceSessionId(
- VOID
- );
-
-// private
-NTSYSAPI
-ULONG
-NTAPI
-RtlGetActiveConsoleId(
- VOID
- );
-
-#if (PHNT_VERSION >= PHNT_REDSTONE)
-// private
-NTSYSAPI
-ULONGLONG
-NTAPI
-RtlGetConsoleSessionForegroundProcessId(
- VOID
- );
-#endif
-
-// Appcontainer
-
-#if (PHNT_VERSION >= PHNT_REDSTONE2)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetTokenNamedObjectPath(
- _In_ HANDLE TokenHandle,
- _In_opt_ PSID Sid,
- _Out_ PUNICODE_STRING ObjectPath // RtlFreeUnicodeString
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetAppContainerNamedObjectPath(
- _In_opt_ HANDLE TokenHandle,
- _In_opt_ PSID AppContainerSid,
- _In_ BOOLEAN RelativePath,
- _Out_ PUNICODE_STRING ObjectPath // RtlFreeUnicodeString
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WINBLUE)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetAppContainerParent(
- _In_ PSID AppContainerSid,
- _Out_ PSID* AppContainerSidParent // RtlFreeSid
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCheckSandboxedToken(
- _In_opt_ HANDLE TokenHandle,
- _Out_ PBOOLEAN IsSandboxed
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCheckTokenCapability(
- _In_opt_ HANDLE TokenHandle,
- _In_ PSID CapabilitySidToCheck,
- _Out_ PBOOLEAN HasCapability
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCapabilityCheck(
- _In_opt_ HANDLE TokenHandle,
- _In_ PUNICODE_STRING CapabilityName,
- _Out_ PBOOLEAN HasCapability
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCheckTokenMembership(
- _In_opt_ HANDLE TokenHandle,
- _In_ PSID SidToCheck,
- _Out_ PBOOLEAN IsMember
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCheckTokenMembershipEx(
- _In_opt_ HANDLE TokenHandle,
- _In_ PSID SidToCheck,
- _In_ ULONG Flags, // CTMF_VALID_FLAGS
- _Out_ PBOOLEAN IsMember
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_REDSTONE4)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueryTokenHostIdAsUlong64(
- _In_ HANDLE TokenHandle,
- _Out_ PULONG64 HostId // (WIN://PKGHOSTID)
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WINBLUE)
-// rev
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsParentOfChildAppContainer(
- _In_ PSID ParentAppContainerSid,
- _In_ PSID ChildAppContainerSid
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN11)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlIsApiSetImplemented(
- _In_ PCSTR ApiSetName
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-// rev
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsCapabilitySid(
- _In_ PSID Sid
- );
-
-// rev
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsPackageSid(
- _In_ PSID Sid
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WINBLUE)
-// rev
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsValidProcessTrustLabelSid(
- _In_ PSID Sid
- );
-#endif
-
-typedef enum _APPCONTAINER_SID_TYPE
-{
- NotAppContainerSidType,
- ChildAppContainerSidType,
- ParentAppContainerSidType,
- InvalidAppContainerSidType,
- MaxAppContainerSidType
-} APPCONTAINER_SID_TYPE, *PAPPCONTAINER_SID_TYPE;
-
-#if (PHNT_VERSION >= PHNT_WINBLUE)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetAppContainerSidType(
- _In_ PSID AppContainerSid,
- _Out_ PAPPCONTAINER_SID_TYPE AppContainerSidType
- );
-#endif
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlFlsAlloc(
- _In_ PFLS_CALLBACK_FUNCTION Callback,
- _Out_ PULONG FlsIndex
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlFlsFree(
- _In_ ULONG FlsIndex
- );
-
-#if (PHNT_VERSION >= PHNT_20H1)
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlFlsGetValue(
- _In_ ULONG FlsIndex,
- _Out_ PVOID* FlsData
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlFlsSetValue(
- _In_ ULONG FlsIndex,
- _In_ PVOID FlsData
- );
-#endif
-
-// State isolation
-
-typedef enum _STATE_LOCATION_TYPE
-{
- LocationTypeRegistry,
- LocationTypeFileSystem,
- LocationTypeMaximum
-} STATE_LOCATION_TYPE;
-
-#if (PHNT_VERSION >= PHNT_REDSTONE3)
-// private
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsStateSeparationEnabled(
- VOID
- );
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetPersistedStateLocation(
- _In_ PCWSTR SourceID,
- _In_opt_ PCWSTR CustomValue,
- _In_opt_ PCWSTR DefaultPath,
- _In_ STATE_LOCATION_TYPE StateLocationType,
- _Out_writes_bytes_to_opt_(BufferLengthIn, *BufferLengthOut) PWCHAR TargetPath,
- _In_ ULONG BufferLengthIn,
- _Out_opt_ PULONG BufferLengthOut
- );
-#endif
-
-// Cloud Filters
-
-#if (PHNT_VERSION >= PHNT_REDSTONE3)
-// msdn
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsCloudFilesPlaceholder(
- _In_ ULONG FileAttributes,
- _In_ ULONG ReparseTag
- );
-
-// msdn
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsPartialPlaceholder(
- _In_ ULONG FileAttributes,
- _In_ ULONG ReparseTag
- );
-
-// msdn
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlIsPartialPlaceholderFileHandle(
- _In_ HANDLE FileHandle,
- _Out_ PBOOLEAN IsPartialPlaceholder
- );
-
-// msdn
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlIsPartialPlaceholderFileInfo(
- _In_ PVOID InfoBuffer,
- _In_ FILE_INFORMATION_CLASS InfoClass,
- _Out_ PBOOLEAN IsPartialPlaceholder
- );
-
-#undef PHCM_MAX
-#define PHCM_APPLICATION_DEFAULT ((CHAR)0)
-#define PHCM_DISGUISE_PLACEHOLDERS ((CHAR)1)
-#define PHCM_EXPOSE_PLACEHOLDERS ((CHAR)2)
-#define PHCM_MAX ((CHAR)2)
-
-#define PHCM_ERROR_INVALID_PARAMETER ((CHAR)-1)
-#define PHCM_ERROR_NO_TEB ((CHAR)-2)
-
-NTSYSAPI
-CHAR
-NTAPI
-RtlQueryThreadPlaceholderCompatibilityMode(
- VOID
- );
-
-NTSYSAPI
-CHAR
-NTAPI
-RtlSetThreadPlaceholderCompatibilityMode(
- _In_ CHAR Mode
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_REDSTONE4)
-
-#undef PHCM_MAX
-#define PHCM_DISGUISE_FULL_PLACEHOLDERS ((CHAR)3)
-#define PHCM_MAX ((CHAR)3)
-#define PHCM_ERROR_NO_PEB ((CHAR)-3)
-
-NTSYSAPI
-CHAR
-NTAPI
-RtlQueryProcessPlaceholderCompatibilityMode(
- VOID
- );
-
-NTSYSAPI
-CHAR
-NTAPI
-RtlSetProcessPlaceholderCompatibilityMode(
- _In_ CHAR Mode
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_REDSTONE2)
-// rev
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsNonEmptyDirectoryReparsePointAllowed(
- _In_ ULONG ReparseTag
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAppxIsFileOwnedByTrustedInstaller(
- _In_ HANDLE FileHandle,
- _Out_ PBOOLEAN IsFileOwnedByTrustedInstaller
- );
-#endif
-
-// Windows Internals book
-#define PSM_ACTIVATION_TOKEN_PACKAGED_APPLICATION 0x1
-#define PSM_ACTIVATION_TOKEN_SHARED_ENTITY 0x2
-#define PSM_ACTIVATION_TOKEN_FULL_TRUST 0x4
-#define PSM_ACTIVATION_TOKEN_NATIVE_SERVICE 0x8
-#define PSM_ACTIVATION_TOKEN_DEVELOPMENT_APP 0x10
-#define PSM_ACTIVATION_TOKEN_BREAKAWAY_INHIBITED 0x20
-#define PSM_ACTIVATION_TOKEN_RUNTIME_BROKER 0x40 // rev
-#define PSM_ACTIVATION_TOKEN_UNIVERSAL_CONSOLE 0x200 // rev
-#define PSM_ACTIVATION_TOKEN_WIN32ALACARTE_PROCESS 0x10000 // rev
-
-// PackageOrigin appmodel.h
-//#define PackageOrigin_Unknown 0
-//#define PackageOrigin_Unsigned 1
-//#define PackageOrigin_Inbox 2
-//#define PackageOrigin_Store 3
-//#define PackageOrigin_DeveloperUnsigned 4
-//#define PackageOrigin_DeveloperSigned 5
-//#define PackageOrigin_LineOfBusiness 6
-
-#define PSMP_MINIMUM_SYSAPP_CLAIM_VALUES 2
-#define PSMP_MAXIMUM_SYSAPP_CLAIM_VALUES 4
-
-// private
-typedef struct _PS_PKG_CLAIM
-{
- ULONG Flags; // PSM_ACTIVATION_TOKEN_*
- ULONG Origin; // PackageOrigin
-} PS_PKG_CLAIM, *PPS_PKG_CLAIM;
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueryPackageClaims(
- _In_ HANDLE TokenHandle,
- _Out_writes_bytes_to_opt_(*PackageSize, *PackageSize) PWSTR PackageFullName,
- _Inout_opt_ PSIZE_T PackageSize,
- _Out_writes_bytes_to_opt_(*AppIdSize, *AppIdSize) PWSTR AppId,
- _Inout_opt_ PSIZE_T AppIdSize,
- _Out_opt_ PGUID DynamicId,
- _Out_opt_ PPS_PKG_CLAIM PkgClaim,
- _Out_opt_ PULONG64 AttributesPresent
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueryPackageIdentity(
- _In_ HANDLE TokenHandle,
- _Out_writes_bytes_to_(*PackageSize, *PackageSize) PWSTR PackageFullName,
- _Inout_ PSIZE_T PackageSize,
- _Out_writes_bytes_to_opt_(*AppIdSize, *AppIdSize) PWSTR AppId,
- _Inout_opt_ PSIZE_T AppIdSize,
- _Out_opt_ PBOOLEAN Packaged
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WINBLUE)
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueryPackageIdentityEx(
- _In_ HANDLE TokenHandle,
- _Out_writes_bytes_to_(*PackageSize, *PackageSize) PWSTR PackageFullName,
- _Inout_ PSIZE_T PackageSize,
- _Out_writes_bytes_to_opt_(*AppIdSize, *AppIdSize) PWSTR AppId,
- _Inout_opt_ PSIZE_T AppIdSize,
- _Out_opt_ PGUID DynamicId,
- _Out_opt_ PULONG64 Flags
- );
-#endif
-
-// Protected policies
-
-#if (PHNT_VERSION >= PHNT_WINBLUE)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueryProtectedPolicy(
- _In_ PGUID PolicyGuid,
- _Out_ PULONG_PTR PolicyValue
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetProtectedPolicy(
- _In_ PGUID PolicyGuid,
- _In_ ULONG_PTR PolicyValue,
- _Out_ PULONG_PTR OldPolicyValue
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_REDSTONE)
-// rev
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsEnclaveFeaturePresent(
- _In_ ULONG FeatureMask
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-// private
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsMultiSessionSku(
- VOID
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_REDSTONE)
-// private
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsMultiUsersInSessionSku(
- VOID
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN11)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetSessionProperties(
- _In_ ULONG SessionId,
- _Out_ PULONG SharedUserSessionId
- );
-#endif
-
-// private
-typedef enum _RTL_BSD_ITEM_TYPE
-{
- RtlBsdItemVersionNumber, // q; s: ULONG
- RtlBsdItemProductType, // q; s: NT_PRODUCT_TYPE (ULONG)
- RtlBsdItemAabEnabled, // q: s: BOOLEAN // AutoAdvancedBoot
- RtlBsdItemAabTimeout, // q: s: UCHAR // AdvancedBootMenuTimeout
- RtlBsdItemBootGood, // q: s: BOOLEAN // LastBootSucceeded
- RtlBsdItemBootShutdown, // q: s: BOOLEAN // LastBootShutdown
- RtlBsdSleepInProgress, // q: s: BOOLEAN // SleepInProgress
- RtlBsdPowerTransition, // q: s: RTL_BSD_DATA_POWER_TRANSITION
- RtlBsdItemBootAttemptCount, // q: s: UCHAR // BootAttemptCount
- RtlBsdItemBootCheckpoint, // q: s: UCHAR // LastBootCheckpoint
- RtlBsdItemBootId, // q; s: ULONG (USER_SHARED_DATA->BootId)
- RtlBsdItemShutdownBootId, // q; s: ULONG
- RtlBsdItemReportedAbnormalShutdownBootId, // q; s: ULONG
- RtlBsdItemErrorInfo, // RTL_BSD_DATA_ERROR_INFO
- RtlBsdItemPowerButtonPressInfo, // RTL_BSD_POWER_BUTTON_PRESS_INFO
- RtlBsdItemChecksum, // q: s: UCHAR
- RtlBsdPowerTransitionExtension,
- RtlBsdItemFeatureConfigurationState, // q; s: ULONG
- RtlBsdItemMax
-} RTL_BSD_ITEM_TYPE;
-
-// ros
-typedef struct _RTL_BSD_DATA_POWER_TRANSITION
-{
- LARGE_INTEGER PowerButtonTimestamp;
- struct
- {
- BOOLEAN SystemRunning : 1;
- BOOLEAN ConnectedStandbyInProgress : 1;
- BOOLEAN UserShutdownInProgress : 1;
- BOOLEAN SystemShutdownInProgress : 1;
- BOOLEAN SleepInProgress : 4;
- } Flags;
- UCHAR ConnectedStandbyScenarioInstanceId;
- UCHAR ConnectedStandbyEntryReason;
- UCHAR ConnectedStandbyExitReason;
- USHORT SystemSleepTransitionCount;
- LARGE_INTEGER LastReferenceTime;
- ULONG LastReferenceTimeChecksum;
- ULONG LastUpdateBootId;
-} RTL_BSD_DATA_POWER_TRANSITION, *PRTL_BSD_DATA_POWER_TRANSITION;
-
-// ros
-typedef struct _RTL_BSD_DATA_ERROR_INFO
-{
- ULONG BootId;
- ULONG RepeatCount;
- ULONG OtherErrorCount;
- ULONG Code;
- ULONG OtherErrorCount2;
-} RTL_BSD_DATA_ERROR_INFO, *PRTL_BSD_DATA_ERROR_INFO;
-
-// ros
-typedef struct _RTL_BSD_POWER_BUTTON_PRESS_INFO
-{
- LARGE_INTEGER LastPressTime;
- ULONG CumulativePressCount;
- USHORT LastPressBootId;
- UCHAR LastPowerWatchdogStage;
- struct
- {
- UCHAR WatchdogArmed : 1;
- UCHAR ShutdownInProgress : 1;
- } Flags;
- LARGE_INTEGER LastReleaseTime;
- ULONG CumulativeReleaseCount;
- USHORT LastReleaseBootId;
- USHORT ErrorCount;
- UCHAR CurrentConnectedStandbyPhase;
- ULONG TransitionLatestCheckpointId;
- ULONG TransitionLatestCheckpointType;
- ULONG TransitionLatestCheckpointSequenceNumber;
-} RTL_BSD_POWER_BUTTON_PRESS_INFO, *PRTL_BSD_POWER_BUTTON_PRESS_INFO;
-
-// private
-typedef struct _RTL_BSD_ITEM
-{
- RTL_BSD_ITEM_TYPE Type;
- PVOID DataBuffer;
- ULONG DataLength;
-} RTL_BSD_ITEM, *PRTL_BSD_ITEM;
-
-// ros
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCreateBootStatusDataFile(
- VOID
- );
-
-// ros
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlLockBootStatusData(
- _Out_ PHANDLE FileHandle
- );
-
-// ros
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUnlockBootStatusData(
- _In_ HANDLE FileHandle
- );
-
-// ros
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetSetBootStatusData(
- _In_ HANDLE FileHandle,
- _In_ BOOLEAN Read,
- _In_ RTL_BSD_ITEM_TYPE DataClass,
- _In_ PVOID Buffer,
- _In_ ULONG BufferSize,
- _Out_opt_ PULONG ReturnLength
- );
-
-#if (PHNT_VERSION >= PHNT_REDSTONE)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCheckBootStatusIntegrity(
- _In_ HANDLE FileHandle,
- _Out_ PBOOLEAN Verified
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlRestoreBootStatusDefaults(
- _In_ HANDLE FileHandle
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_REDSTONE3)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlRestoreSystemBootStatusDefaults(
- VOID
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetSystemBootStatus(
- _In_ RTL_BSD_ITEM_TYPE BootStatusInformationClass,
- _Out_ PVOID DataBuffer,
- _In_ ULONG DataLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetSystemBootStatus(
- _In_ RTL_BSD_ITEM_TYPE BootStatusInformationClass,
- _In_ PVOID DataBuffer,
- _In_ ULONG DataLength,
- _Out_opt_ PULONG ReturnLength
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCheckPortableOperatingSystem(
- _Out_ PBOOLEAN IsPortable // VOID
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetPortableOperatingSystem(
- _In_ BOOLEAN IsPortable
- );
-
-// rev
-NTSYSAPI
-ULONG
-NTAPI
-RtlSetProxiedProcessId(
- _In_ ULONG ProxiedProcessId
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlFindClosestEncodableLength(
- _In_ ULONGLONG SourceLength,
- _Out_ PULONGLONG TargetLength
- );
-
-#endif
-
-// Memory cache
-
-_Function_class_(RTL_SECURE_MEMORY_CACHE_CALLBACK)
-typedef NTSTATUS (NTAPI RTL_SECURE_MEMORY_CACHE_CALLBACK)(
- _In_ PVOID Address,
- _In_ SIZE_T Length
- );
-typedef RTL_SECURE_MEMORY_CACHE_CALLBACK *PRTL_SECURE_MEMORY_CACHE_CALLBACK;
-
-// ros
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlRegisterSecureMemoryCacheCallback(
- _In_ PRTL_SECURE_MEMORY_CACHE_CALLBACK Callback
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDeregisterSecureMemoryCacheCallback(
- _In_ PRTL_SECURE_MEMORY_CACHE_CALLBACK Callback
- );
-
-// ros
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlFlushSecureMemoryCache(
- _In_ PVOID MemoryCache,
- _In_opt_ SIZE_T MemoryLength
- );
-
-#if (PHNT_VERSION >= PHNT_20H1)
-
-// Feature configuration
-
-typedef struct __RTL_FEATURE_USAGE_REPORT
-{
- ULONG FeatureId;
- USHORT ReportingKind;
- USHORT ReportingOptions;
-} RTL_FEATURE_USAGE_REPORT, *PRTL_FEATURE_USAGE_REPORT;
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlNotifyFeatureUsage(
- _In_ PRTL_FEATURE_USAGE_REPORT FeatureUsageReport
- );
-
-typedef enum _RTL_FEATURE_CONFIGURATION_TYPE
-{
- RtlFeatureConfigurationBoot,
- RtlFeatureConfigurationRuntime,
- RtlFeatureConfigurationCount
-} RTL_FEATURE_CONFIGURATION_TYPE;
-
-// rev
-typedef struct _RTL_FEATURE_CONFIGURATION
-{
- ULONG FeatureId;
- union
- {
- ULONG Flags;
- struct
- {
- ULONG Priority : 4;
- ULONG EnabledState : 2;
- ULONG IsWexpConfiguration : 1;
- ULONG HasSubscriptions : 1;
- ULONG Variant : 6;
- ULONG VariantPayloadKind : 2;
- ULONG Reserved : 16;
- };
- };
- ULONG VariantPayload;
-} RTL_FEATURE_CONFIGURATION, *PRTL_FEATURE_CONFIGURATION;
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueryFeatureConfiguration(
- _In_ ULONG FeatureId,
- _In_ RTL_FEATURE_CONFIGURATION_TYPE FeatureType,
- _Inout_ PULONGLONG ChangeStamp,
- _In_ PRTL_FEATURE_CONFIGURATION FeatureConfiguration
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetFeatureConfigurations(
- _Inout_ PULONGLONG ChangeStamp,
- _In_ RTL_FEATURE_CONFIGURATION_TYPE FeatureType,
- _In_ PRTL_FEATURE_CONFIGURATION FeatureConfiguration,
- _In_ ULONG FeatureConfigurationCount
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueryAllFeatureConfigurations(
- _In_ RTL_FEATURE_CONFIGURATION_TYPE FeatureType,
- _Inout_ PULONGLONG ChangeStamp,
- _Out_ PRTL_FEATURE_CONFIGURATION FeatureConfigurations,
- _Inout_ PULONG FeatureConfigurationCount
- );
-
-// rev
-NTSYSAPI
-ULONGLONG
-NTAPI
-RtlQueryFeatureConfigurationChangeStamp(
- VOID
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueryFeatureUsageNotificationSubscriptions(
- _Out_ PRTL_FEATURE_CONFIGURATION FeatureConfiguration,
- _Inout_ PULONG FeatureConfigurationCount
- );
-
-_Function_class_(RTL_FEATURE_CONFIGURATION_CHANGE_NOTIFICATION)
-typedef VOID (NTAPI RTL_FEATURE_CONFIGURATION_CHANGE_NOTIFICATION)(
- _In_opt_ PVOID Context
- );
-typedef RTL_FEATURE_CONFIGURATION_CHANGE_NOTIFICATION *PRTL_FEATURE_CONFIGURATION_CHANGE_NOTIFICATION;
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlRegisterFeatureConfigurationChangeNotification(
- _In_ PRTL_FEATURE_CONFIGURATION_CHANGE_NOTIFICATION Callback,
- _In_opt_ PVOID Context,
- _Inout_opt_ PULONGLONG ChangeStamp,
- _Out_ PHANDLE NotificationHandle
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUnregisterFeatureConfigurationChangeNotification(
- _In_ HANDLE NotificationHandle
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSubscribeForFeatureUsageNotification(
- _In_ PRTL_FEATURE_CONFIGURATION FeatureConfiguration,
- _In_ ULONG FeatureConfigurationCount
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUnsubscribeFromFeatureUsageNotifications(
- _In_ PRTL_FEATURE_CONFIGURATION FeatureConfiguration,
- _In_ ULONG FeatureConfigurationCount
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-#ifndef _RTL_RUN_ONCE_DEF
-#define _RTL_RUN_ONCE_DEF
-//
-// Run once initializer
-//
-#define RTL_RUN_ONCE_INIT {0}
-//
-// Run once flags
-//
-#define RTL_RUN_ONCE_CHECK_ONLY 0x00000001UL
-#define RTL_RUN_ONCE_ASYNC 0x00000002UL
-#define RTL_RUN_ONCE_INIT_FAILED 0x00000004UL
-//
-// The context stored in the run once structure must
-// leave the following number of low order bits unused.
-//
-#define RTL_RUN_ONCE_CTX_RESERVED_BITS 2
-
-typedef union _RTL_RUN_ONCE
-{
- PVOID Ptr;
-} RTL_RUN_ONCE, *PRTL_RUN_ONCE;
-#endif
-
-NTSYSAPI
-VOID
-NTAPI
-RtlRunOnceInitialize(
- _Out_ PRTL_RUN_ONCE RunOnce
- );
-
-typedef _Function_class_(RTL_RUN_ONCE_INIT_FN)
-LOGICAL NTAPI RTL_RUN_ONCE_INIT_FN(
- _Inout_ PRTL_RUN_ONCE RunOnce,
- _Inout_opt_ PVOID Parameter,
- _Inout_opt_ PVOID *Context
- );
-typedef RTL_RUN_ONCE_INIT_FN *PRTL_RUN_ONCE_INIT_FN;
-
-_Maybe_raises_SEH_exception_
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlRunOnceExecuteOnce(
- _Inout_ PRTL_RUN_ONCE RunOnce,
- _In_ __callback PRTL_RUN_ONCE_INIT_FN InitFn,
- _Inout_opt_ PVOID Parameter,
- _Outptr_opt_result_maybenull_ PVOID *Context
- );
-
-_Must_inspect_result_
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlRunOnceBeginInitialize(
- _Inout_ PRTL_RUN_ONCE RunOnce,
- _In_ ULONG Flags,
- _Outptr_opt_result_maybenull_ PVOID *Context
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlRunOnceComplete(
- _Inout_ PRTL_RUN_ONCE RunOnce,
- _In_ ULONG Flags,
- _In_opt_ PVOID Context
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-
-#define WNF_STATE_KEY 0x41C64E6DA3BC0074
-
-_Must_inspect_result_
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlEqualWnfChangeStamps(
- _In_ WNF_CHANGE_STAMP ChangeStamp1,
- _In_ WNF_CHANGE_STAMP ChangeStamp2
- );
-
-_Always_(_Post_satisfies_(return == STATUS_NO_MEMORY || return == STATUS_RETRY || return == STATUS_SUCCESS))
-typedef _Function_class_(WNF_USER_CALLBACK)
-NTSTATUS NTAPI WNF_USER_CALLBACK(
- _In_ WNF_STATE_NAME StateName,
- _In_ WNF_CHANGE_STAMP ChangeStamp,
- _In_opt_ PWNF_TYPE_ID TypeId,
- _In_opt_ PVOID CallbackContext,
- _In_reads_bytes_opt_(Length) const VOID* Buffer,
- _In_ ULONG Length
- );
-typedef WNF_USER_CALLBACK *PWNF_USER_CALLBACK;
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueryWnfStateData(
- _Out_ PWNF_CHANGE_STAMP ChangeStamp,
- _In_ WNF_STATE_NAME StateName,
- _In_ PWNF_USER_CALLBACK Callback,
- _In_opt_ PVOID CallbackContext,
- _In_opt_ PWNF_TYPE_ID TypeId
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlPublishWnfStateData(
- _In_ WNF_STATE_NAME StateName,
- _In_opt_ PCWNF_TYPE_ID TypeId,
- _In_reads_bytes_opt_(Length) const VOID* Buffer,
- _In_opt_ ULONG Length,
- _In_opt_ const VOID* ExplicitScope
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSubscribeWnfStateChangeNotification(
- _Outptr_ PVOID* SubscriptionHandle, // PWNF_USER_SUBSCRIPTION
- _In_ WNF_STATE_NAME StateName,
- _In_ WNF_CHANGE_STAMP ChangeStamp,
- _In_ PWNF_USER_CALLBACK Callback,
- _In_opt_ PVOID CallbackContext,
- _In_opt_ PCWNF_TYPE_ID TypeId,
- _In_opt_ ULONG SerializationGroup,
- _Reserved_ ULONG Flags
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUnsubscribeWnfStateChangeNotification(
- _In_ PWNF_USER_CALLBACK Callback
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN11)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCopyFileChunk(
- _In_ HANDLE SourceHandle,
- _In_ HANDLE DestinationHandle,
- _In_opt_ HANDLE EventHandle,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_ ULONG Length,
- _In_ PLARGE_INTEGER SourceOffset,
- _In_ PLARGE_INTEGER DestOffset,
- _In_opt_ PULONG SourceKey,
- _In_opt_ PULONG DestKey,
- _In_ ULONG Flags
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN11)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlQueryPropertyStore(
- _In_ ULONG_PTR Key,
- _Out_ PULONG_PTR Context
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlRemovePropertyStore(
- _In_ ULONG_PTR Key,
- _Out_ PULONG_PTR Context
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCompareExchangePropertyStore(
- _In_ ULONG_PTR Key,
- _In_ PULONG_PTR Comperand,
- _In_opt_ PULONG_PTR Exchange,
- _Out_ PULONG_PTR Context
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN11)
-typedef enum _THREAD_STATE_CHANGE_TYPE THREAD_STATE_CHANGE_TYPE, *PTHREAD_STATE_CHANGE_TYPE;
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlWow64ChangeThreadState(
- _In_ HANDLE ThreadStateChangeHandle,
- _In_ HANDLE ThreadHandle,
- _In_ THREAD_STATE_CHANGE_TYPE StateChangeType,
- _In_opt_ PVOID ExtendedInformation,
- _In_opt_ SIZE_T ExtendedInformationLength,
- _In_opt_ ULONG64 Reserved
- );
-#endif
-
-#endif // _NTRTL_H
-
-/*
- * RTL forward symbol typedefs
- *
- * This file is part of System Informer.
- */
-#ifndef _NTRTL_FWD_H
-#define _NTRTL_FWD_H
-
-// begin_forwarders
-#ifndef PHNT_INLINE_NAME_FORWARDERS
-#define RtlGetNativeSystemInformation NtQuerySystemInformation
-#define RtlGetTickCount NtGetTickCount
-#define RtlGuardRestoreContext RtlRestoreContext
-#define RtlRandom RtlRandomEx
-#define RtlOpenImageFileOptionsKey LdrOpenImageFileOptionsKey
-#define RtlQueryImageFileExecutionOptions LdrQueryImageFileExecutionOptionsEx
-#define RtlQueryImageFileKeyOption LdrQueryImageFileKeyOption
-#define RtlSetTimer RtlCreateTimer
-#define RtlRestoreLastWin32Error RtlSetLastWin32Error
-#endif
-
-#ifndef PHNT_INLINE_PEB_FORWARDERS
-FORCEINLINE
-PPEB
-NTAPI
-RtlGetCurrentPeb(
- VOID
- )
-{
- return NtCurrentPeb();
-}
-
-FORCEINLINE
-NTSTATUS
-NTAPI
-RtlAcquirePebLock(
- VOID
- )
-{
- return RtlEnterCriticalSection(NtCurrentPeb()->FastPebLock);
-}
-
-FORCEINLINE
-NTSTATUS
-NTAPI
-RtlReleasePebLock(
- VOID
- )
-{
- return RtlLeaveCriticalSection(NtCurrentPeb()->FastPebLock);
-}
-#endif
-
-#ifndef PHNT_INLINE_FREE_FORWARDERS
-//#define RtlFreeUnicodeString(UnicodeString) {if ((UnicodeString)->Buffer) RtlFreeHeap(RtlProcessHeap(), 0, (UnicodeString)->Buffer); memset(UnicodeString, 0, sizeof(UNICODE_STRING));}
-FORCEINLINE
-VOID
-NTAPI
-RtlFreeUnicodeString(
- _Inout_ _At_(UnicodeString->Buffer, _Frees_ptr_opt_) PUNICODE_STRING UnicodeString
- )
-{
- if (UnicodeString->Buffer)
- {
- RtlFreeHeap(RtlProcessHeap(), 0, UnicodeString->Buffer);
- memset(UnicodeString, 0, sizeof(UNICODE_STRING));
- }
-}
-
-//#define RtlFreeAnsiString(UnicodeString) {if ((AnsiString)->Buffer) RtlFreeHeap(RtlProcessHeap(), 0, (AnsiString)->Buffer); memset(AnsiString, 0, sizeof(ANSI_STRING));}
-FORCEINLINE
-VOID
-NTAPI
-RtlFreeAnsiString(
- _Inout_ _At_(AnsiString->Buffer, _Frees_ptr_opt_) PANSI_STRING AnsiString
- )
-{
- if (AnsiString->Buffer)
- {
- RtlFreeHeap(RtlProcessHeap(), 0, AnsiString->Buffer);
- memset(AnsiString, 0, sizeof(ANSI_STRING));
- }
-}
-
-//#define RtlFreeUTF8String(Utf8String) {if ((Utf8String)->Buffer) RtlFreeHeap(RtlProcessHeap(), 0, (Utf8String)->Buffer); memset(Utf8String, 0, sizeof(UTF8_STRING));}
-FORCEINLINE
-VOID
-NTAPI
-RtlFreeUTF8String(
- _Inout_ _At_(Utf8String->Buffer, _Frees_ptr_opt_) PUTF8_STRING Utf8String
- )
-{
- if (Utf8String->Buffer)
- {
- RtlFreeHeap(RtlProcessHeap(), 0, Utf8String->Buffer);
- memset(Utf8String, 0, sizeof(UTF8_STRING));
- }
-}
-
-//#define RtlFreeSid(Sid) RtlFreeHeap(RtlProcessHeap(), 0, (Sid))
-FORCEINLINE
-PVOID
-NTAPI
-RtlFreeSid(
- _In_ _Post_invalid_ PSID Sid
- )
-{
- RtlFreeHeap(RtlProcessHeap(), 0, Sid);
- return NULL;
-}
-
-//#define RtlDeleteBoundaryDescriptor(BoundaryDescriptor) RtlFreeHeap(RtlProcessHeap(), 0, (BoundaryDescriptor))
-FORCEINLINE
-VOID
-NTAPI
-RtlDeleteBoundaryDescriptor(
- _In_ _Post_invalid_ POBJECT_BOUNDARY_DESCRIPTOR BoundaryDescriptor
- )
-{
- RtlFreeHeap(RtlProcessHeap(), 0, BoundaryDescriptor);
-}
-
-//#define RtlDeleteSecurityObject(ObjectDescriptor) RtlFreeHeap(RtlProcessHeap(), 0, *(ObjectDescriptor))
-//FORCEINLINE
-//NTSTATUS
-//RtlDeleteSecurityObject(
-// _Inout_ PSECURITY_DESCRIPTOR *ObjectDescriptor
-// )
-//{
-// RtlFreeHeap(RtlProcessHeap(), 0, *ObjectDescriptor);
-// return STATUS_SUCCESS;
-//}
-
-//#define RtlDestroyEnvironment(Environment) RtlFreeHeap(RtlProcessHeap(), 0, (Environment))
-FORCEINLINE
-NTSTATUS
-NTAPI
-RtlDestroyEnvironment(
- _In_ _Post_invalid_ PVOID Environment
- )
-{
- RtlFreeHeap(RtlProcessHeap(), 0, Environment);
- return STATUS_SUCCESS;
-}
-
-//#define RtlDestroyProcessParameters(ProcessParameters) RtlFreeHeap(RtlProcessHeap(), 0, (ProcessParameters))
-FORCEINLINE
-NTSTATUS
-NTAPI
-RtlDestroyProcessParameters(
- _In_ _Post_invalid_ PRTL_USER_PROCESS_PARAMETERS ProcessParameters
- )
-{
- RtlFreeHeap(RtlProcessHeap(), 0, ProcessParameters);
- return STATUS_SUCCESS;
-}
-#endif
-// end_forwarders
-
-#endif // _NTRTL_FWD_H
diff --git a/deps/phnt-nightly/ntsam.h b/deps/phnt-nightly/ntsam.h
deleted file mode 100644
index d741aa3..0000000
--- a/deps/phnt-nightly/ntsam.h
+++ /dev/null
@@ -1,1894 +0,0 @@
-/*
- * Security Account Manager support functions
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTSAM_H
-#define _NTSAM_H
-
-#define SAM_MAXIMUM_LOOKUP_COUNT (1000)
-#define SAM_MAXIMUM_LOOKUP_LENGTH (32000)
-#define SAM_MAX_PASSWORD_LENGTH (256)
-#define SAM_PASSWORD_ENCRYPTION_SALT_LEN (16)
-
-typedef PVOID SAM_HANDLE, *PSAM_HANDLE;
-typedef ULONG SAM_ENUMERATE_HANDLE, *PSAM_ENUMERATE_HANDLE;
-
-typedef struct _SAM_RID_ENUMERATION
-{
- ULONG RelativeId;
- UNICODE_STRING Name;
-} SAM_RID_ENUMERATION, *PSAM_RID_ENUMERATION;
-
-typedef struct _SAM_SID_ENUMERATION
-{
- PSID Sid;
- UNICODE_STRING Name;
-} SAM_SID_ENUMERATION, *PSAM_SID_ENUMERATION;
-
-typedef struct _SAM_BYTE_ARRAY
-{
- ULONG Size;
- _Field_size_bytes_(Size) PUCHAR Data;
-} SAM_BYTE_ARRAY, *PSAM_BYTE_ARRAY;
-
-typedef struct _SAM_BYTE_ARRAY_32K
-{
- ULONG Size;
- _Field_size_bytes_(Size) PUCHAR Data;
-} SAM_BYTE_ARRAY_32K, *PSAM_BYTE_ARRAY_32K;
-
-typedef SAM_BYTE_ARRAY_32K SAM_SHELL_OBJECT_PROPERTIES, *PSAM_SHELL_OBJECT_PROPERTIES;
-
-// Basic
-
-NTSTATUS
-NTAPI
-SamFreeMemory(
- _In_ PVOID Buffer
- );
-
-NTSTATUS
-NTAPI
-SamCloseHandle(
- _In_ SAM_HANDLE SamHandle
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamSetSecurityObject(
- _In_ SAM_HANDLE ObjectHandle,
- _In_ SECURITY_INFORMATION SecurityInformation,
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamQuerySecurityObject(
- _In_ SAM_HANDLE ObjectHandle,
- _In_ SECURITY_INFORMATION SecurityInformation,
- _Outptr_ PSECURITY_DESCRIPTOR *SecurityDescriptor
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamRidToSid(
- _In_ SAM_HANDLE ObjectHandle,
- _In_ ULONG Rid,
- _Outptr_ PSID *Sid
- );
-
-// Server
-
-#define SAM_SERVER_CONNECT 0x0001
-#define SAM_SERVER_SHUTDOWN 0x0002
-#define SAM_SERVER_INITIALIZE 0x0004
-#define SAM_SERVER_CREATE_DOMAIN 0x0008
-#define SAM_SERVER_ENUMERATE_DOMAINS 0x0010
-#define SAM_SERVER_LOOKUP_DOMAIN 0x0020
-
-#define SAM_SERVER_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
- SAM_SERVER_CONNECT | \
- SAM_SERVER_INITIALIZE | \
- SAM_SERVER_CREATE_DOMAIN | \
- SAM_SERVER_SHUTDOWN | \
- SAM_SERVER_ENUMERATE_DOMAINS | \
- SAM_SERVER_LOOKUP_DOMAIN)
-
-#define SAM_SERVER_READ (STANDARD_RIGHTS_READ | \
- SAM_SERVER_ENUMERATE_DOMAINS)
-
-#define SAM_SERVER_WRITE (STANDARD_RIGHTS_WRITE | \
- SAM_SERVER_INITIALIZE | \
- SAM_SERVER_CREATE_DOMAIN | \
- SAM_SERVER_SHUTDOWN)
-
-#define SAM_SERVER_EXECUTE (STANDARD_RIGHTS_EXECUTE | \
- SAM_SERVER_CONNECT | \
- SAM_SERVER_LOOKUP_DOMAIN)
-
-typedef struct _RPC_AUTH_IDENTITY_HANDLE *PRPC_AUTH_IDENTITY_HANDLE;
-
-// Functions
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamConnect(
- _In_opt_ PUNICODE_STRING ServerName,
- _Out_ PSAM_HANDLE ServerHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamConnectWithCreds(
- _In_ PUNICODE_STRING ServerName,
- _Out_ PSAM_HANDLE ServerHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ PRPC_AUTH_IDENTITY_HANDLE Creds,
- _In_ PWCHAR Spn,
- _Out_ BOOL* pfDstIsW2K
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamShutdownSamServer(
- _In_ SAM_HANDLE ServerHandle
- );
-
-// Domain
-
-#define DOMAIN_READ_PASSWORD_PARAMETERS 0x0001
-#define DOMAIN_WRITE_PASSWORD_PARAMS 0x0002
-#define DOMAIN_READ_OTHER_PARAMETERS 0x0004
-#define DOMAIN_WRITE_OTHER_PARAMETERS 0x0008
-#define DOMAIN_CREATE_USER 0x0010
-#define DOMAIN_CREATE_GROUP 0x0020
-#define DOMAIN_CREATE_ALIAS 0x0040
-#define DOMAIN_GET_ALIAS_MEMBERSHIP 0x0080
-#define DOMAIN_LIST_ACCOUNTS 0x0100
-#define DOMAIN_LOOKUP 0x0200
-#define DOMAIN_ADMINISTER_SERVER 0x0400
-
-#define DOMAIN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
- DOMAIN_READ_OTHER_PARAMETERS | \
- DOMAIN_WRITE_OTHER_PARAMETERS | \
- DOMAIN_WRITE_PASSWORD_PARAMS | \
- DOMAIN_CREATE_USER | \
- DOMAIN_CREATE_GROUP | \
- DOMAIN_CREATE_ALIAS | \
- DOMAIN_GET_ALIAS_MEMBERSHIP | \
- DOMAIN_LIST_ACCOUNTS | \
- DOMAIN_READ_PASSWORD_PARAMETERS | \
- DOMAIN_LOOKUP | \
- DOMAIN_ADMINISTER_SERVER)
-
-#define DOMAIN_READ (STANDARD_RIGHTS_READ | \
- DOMAIN_GET_ALIAS_MEMBERSHIP | \
- DOMAIN_READ_OTHER_PARAMETERS)
-
-#define DOMAIN_WRITE (STANDARD_RIGHTS_WRITE | \
- DOMAIN_WRITE_OTHER_PARAMETERS | \
- DOMAIN_WRITE_PASSWORD_PARAMS | \
- DOMAIN_CREATE_USER | \
- DOMAIN_CREATE_GROUP | \
- DOMAIN_CREATE_ALIAS | \
- DOMAIN_ADMINISTER_SERVER)
-
-#define DOMAIN_EXECUTE (STANDARD_RIGHTS_EXECUTE | \
- DOMAIN_READ_PASSWORD_PARAMETERS | \
- DOMAIN_LIST_ACCOUNTS | \
- DOMAIN_LOOKUP)
-
-#define DOMAIN_PROMOTION_INCREMENT { 0x0, 0x10 }
-#define DOMAIN_PROMOTION_MASK { 0x0, 0xfffffff0 }
-
-// SamQueryInformationDomain/SamSetInformationDomain types
-
-typedef enum _DOMAIN_INFORMATION_CLASS
-{
- DomainPasswordInformation = 1, // q; s: DOMAIN_PASSWORD_INFORMATION
- DomainGeneralInformation, // q: DOMAIN_GENERAL_INFORMATION
- DomainLogoffInformation, // q; s: DOMAIN_LOGOFF_INFORMATION
- DomainOemInformation, // q; s: DOMAIN_OEM_INFORMATION
- DomainNameInformation, // q: DOMAIN_NAME_INFORMATION
- DomainReplicationInformation, // q; s: DOMAIN_REPLICATION_INFORMATION
- DomainServerRoleInformation, // q; s: DOMAIN_SERVER_ROLE_INFORMATION
- DomainModifiedInformation, // q: DOMAIN_MODIFIED_INFORMATION
- DomainStateInformation, // q; s: DOMAIN_STATE_INFORMATION
- DomainUasInformation, // q; s: DOMAIN_UAS_INFORMATION
- DomainGeneralInformation2, // q: DOMAIN_GENERAL_INFORMATION2
- DomainLockoutInformation, // q; s: DOMAIN_LOCKOUT_INFORMATION
- DomainModifiedInformation2 // q: DOMAIN_MODIFIED_INFORMATION2
-} DOMAIN_INFORMATION_CLASS;
-
-typedef enum _DOMAIN_SERVER_ENABLE_STATE
-{
- DomainServerEnabled = 1,
- DomainServerDisabled
-} DOMAIN_SERVER_ENABLE_STATE, *PDOMAIN_SERVER_ENABLE_STATE;
-
-typedef enum _DOMAIN_SERVER_ROLE
-{
- DomainServerRoleBackup = 2,
- DomainServerRolePrimary
-} DOMAIN_SERVER_ROLE, *PDOMAIN_SERVER_ROLE;
-
-#include
-typedef struct _DOMAIN_GENERAL_INFORMATION
-{
- LARGE_INTEGER ForceLogoff;
- UNICODE_STRING OemInformation;
- UNICODE_STRING DomainName;
- UNICODE_STRING ReplicaSourceNodeName;
- LARGE_INTEGER DomainModifiedCount;
- DOMAIN_SERVER_ENABLE_STATE DomainServerState;
- DOMAIN_SERVER_ROLE DomainServerRole;
- BOOLEAN UasCompatibilityRequired;
- ULONG UserCount;
- ULONG GroupCount;
- ULONG AliasCount;
-} DOMAIN_GENERAL_INFORMATION, *PDOMAIN_GENERAL_INFORMATION;
-#include
-
-#include
-typedef struct _DOMAIN_GENERAL_INFORMATION2
-{
- DOMAIN_GENERAL_INFORMATION I1;
- LARGE_INTEGER LockoutDuration; // delta time
- LARGE_INTEGER LockoutObservationWindow; // delta time
- USHORT LockoutThreshold;
-} DOMAIN_GENERAL_INFORMATION2, *PDOMAIN_GENERAL_INFORMATION2;
-#include
-
-typedef struct _DOMAIN_UAS_INFORMATION
-{
- BOOLEAN UasCompatibilityRequired;
-} DOMAIN_UAS_INFORMATION;
-
-#ifndef _DOMAIN_PASSWORD_INFORMATION_DEFINED // defined in ntsecapi.h
-#define _DOMAIN_PASSWORD_INFORMATION_DEFINED
-
-typedef struct _DOMAIN_PASSWORD_INFORMATION
-{
- USHORT MinPasswordLength;
- USHORT PasswordHistoryLength;
- ULONG PasswordProperties;
- LARGE_INTEGER MaxPasswordAge;
- LARGE_INTEGER MinPasswordAge;
-} DOMAIN_PASSWORD_INFORMATION, *PDOMAIN_PASSWORD_INFORMATION;
-
-// PasswordProperties flags
-
-#define DOMAIN_PASSWORD_COMPLEX 0x00000001L
-#define DOMAIN_PASSWORD_NO_ANON_CHANGE 0x00000002L
-#define DOMAIN_PASSWORD_NO_CLEAR_CHANGE 0x00000004L
-#define DOMAIN_LOCKOUT_ADMINS 0x00000008L
-#define DOMAIN_PASSWORD_STORE_CLEARTEXT 0x00000010L
-#define DOMAIN_REFUSE_PASSWORD_CHANGE 0x00000020L
-#define DOMAIN_NO_LM_OWF_CHANGE 0x00000040L
-
-#endif
-
-typedef enum _DOMAIN_PASSWORD_CONSTRUCTION
-{
- DomainPasswordSimple = 1,
- DomainPasswordComplex
-} DOMAIN_PASSWORD_CONSTRUCTION;
-
-typedef struct _DOMAIN_LOGOFF_INFORMATION
-{
- LARGE_INTEGER ForceLogoff;
-} DOMAIN_LOGOFF_INFORMATION, *PDOMAIN_LOGOFF_INFORMATION;
-
-typedef struct _DOMAIN_OEM_INFORMATION
-{
- UNICODE_STRING OemInformation;
-} DOMAIN_OEM_INFORMATION, *PDOMAIN_OEM_INFORMATION;
-
-typedef struct _DOMAIN_NAME_INFORMATION
-{
- UNICODE_STRING DomainName;
-} DOMAIN_NAME_INFORMATION, *PDOMAIN_NAME_INFORMATION;
-
-typedef struct _DOMAIN_SERVER_ROLE_INFORMATION
-{
- DOMAIN_SERVER_ROLE DomainServerRole;
-} DOMAIN_SERVER_ROLE_INFORMATION, *PDOMAIN_SERVER_ROLE_INFORMATION;
-
-typedef struct _DOMAIN_REPLICATION_INFORMATION
-{
- UNICODE_STRING ReplicaSourceNodeName;
-} DOMAIN_REPLICATION_INFORMATION, *PDOMAIN_REPLICATION_INFORMATION;
-
-typedef struct _DOMAIN_MODIFIED_INFORMATION
-{
- LARGE_INTEGER DomainModifiedCount;
- LARGE_INTEGER CreationTime;
-} DOMAIN_MODIFIED_INFORMATION, *PDOMAIN_MODIFIED_INFORMATION;
-
-typedef struct _DOMAIN_MODIFIED_INFORMATION2
-{
- LARGE_INTEGER DomainModifiedCount;
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER ModifiedCountAtLastPromotion;
-} DOMAIN_MODIFIED_INFORMATION2, *PDOMAIN_MODIFIED_INFORMATION2;
-
-typedef struct _DOMAIN_STATE_INFORMATION
-{
- DOMAIN_SERVER_ENABLE_STATE DomainServerState;
-} DOMAIN_STATE_INFORMATION, *PDOMAIN_STATE_INFORMATION;
-
-typedef struct _DOMAIN_LOCKOUT_INFORMATION
-{
- LARGE_INTEGER LockoutDuration; // delta time
- LARGE_INTEGER LockoutObservationWindow; // delta time
- USHORT LockoutThreshold; // zero means no lockout
-} DOMAIN_LOCKOUT_INFORMATION, *PDOMAIN_LOCKOUT_INFORMATION;
-
-// SamQueryDisplayInformation types
-
-typedef enum _DOMAIN_DISPLAY_INFORMATION
-{
- DomainDisplayUser = 1, // DOMAIN_DISPLAY_USER
- DomainDisplayMachine, // DOMAIN_DISPLAY_MACHINE
- DomainDisplayGroup, // DOMAIN_DISPLAY_GROUP
- DomainDisplayOemUser, // DOMAIN_DISPLAY_OEM_USER
- DomainDisplayOemGroup, // DOMAIN_DISPLAY_OEM_GROUP
- DomainDisplayServer
-} DOMAIN_DISPLAY_INFORMATION, *PDOMAIN_DISPLAY_INFORMATION;
-
-typedef struct _DOMAIN_DISPLAY_USER
-{
- ULONG Index;
- ULONG Rid;
- ULONG AccountControl;
- UNICODE_STRING LogonName;
- UNICODE_STRING AdminComment;
- UNICODE_STRING FullName;
-} DOMAIN_DISPLAY_USER, *PDOMAIN_DISPLAY_USER;
-
-typedef struct _DOMAIN_DISPLAY_MACHINE
-{
- ULONG Index;
- ULONG Rid;
- ULONG AccountControl;
- UNICODE_STRING Machine;
- UNICODE_STRING Comment;
-} DOMAIN_DISPLAY_MACHINE, *PDOMAIN_DISPLAY_MACHINE;
-
-typedef struct _DOMAIN_DISPLAY_GROUP
-{
- ULONG Index;
- ULONG Rid;
- ULONG Attributes;
- UNICODE_STRING Group;
- UNICODE_STRING Comment;
-} DOMAIN_DISPLAY_GROUP, *PDOMAIN_DISPLAY_GROUP;
-
-typedef struct _DOMAIN_DISPLAY_OEM_USER
-{
- ULONG Index;
- OEM_STRING User;
-} DOMAIN_DISPLAY_OEM_USER, *PDOMAIN_DISPLAY_OEM_USER;
-
-typedef struct _DOMAIN_DISPLAY_OEM_GROUP
-{
- ULONG Index;
- OEM_STRING Group;
-} DOMAIN_DISPLAY_OEM_GROUP, *PDOMAIN_DISPLAY_OEM_GROUP;
-
-// SamQueryLocalizableAccountsInDomain types
-
-typedef enum _DOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION
-{
- DomainLocalizableAccountsBasic = 1,
-} DOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION, *PDOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION;
-
-typedef struct _DOMAIN_LOCALIZABLE_ACCOUNTS_ENTRY
-{
- ULONG Rid;
- SID_NAME_USE Use;
- UNICODE_STRING Name;
- UNICODE_STRING AdminComment;
-} DOMAIN_LOCALIZABLE_ACCOUNT_ENTRY, *PDOMAIN_LOCALIZABLE_ACCOUNT_ENTRY;
-
-typedef struct _DOMAIN_LOCALIZABLE_ACCOUNTS
-{
- ULONG Count;
- _Field_size_(Count) DOMAIN_LOCALIZABLE_ACCOUNT_ENTRY *Entries;
-} DOMAIN_LOCALIZABLE_ACCOUNTS_BASIC, *PDOMAIN_LOCALIZABLE_ACCOUNTS_BASIC;
-
-typedef union _DOMAIN_LOCALIZABLE_INFO_BUFFER
-{
- DOMAIN_LOCALIZABLE_ACCOUNTS_BASIC Basic;
-} DOMAIN_LOCALIZABLE_ACCOUNTS_INFO_BUFFER, *PDOMAIN_LOCALIZABLE_ACCOUNTS_INFO_BUFFER;
-
-// Functions
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamLookupDomainInSamServer(
- _In_ SAM_HANDLE ServerHandle,
- _In_ PUNICODE_STRING Name,
- _Outptr_ PSID *DomainId
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamEnumerateDomainsInSamServer(
- _In_ SAM_HANDLE ServerHandle,
- _Inout_ PSAM_ENUMERATE_HANDLE EnumerationContext,
- _Outptr_ PVOID *Buffer, // PSAM_SID_ENUMERATION *Buffer
- _In_ ULONG PreferedMaximumLength,
- _Out_ PULONG CountReturned
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamOpenDomain(
- _In_ SAM_HANDLE ServerHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ PSID DomainId,
- _Out_ PSAM_HANDLE DomainHandle
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamQueryInformationDomain(
- _In_ SAM_HANDLE DomainHandle,
- _In_ DOMAIN_INFORMATION_CLASS DomainInformationClass,
- _Outptr_ PVOID *Buffer
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamSetInformationDomain(
- _In_ SAM_HANDLE DomainHandle,
- _In_ DOMAIN_INFORMATION_CLASS DomainInformationClass,
- _In_ PVOID DomainInformation
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamLookupNamesInDomain(
- _In_ SAM_HANDLE DomainHandle,
- _In_ ULONG Count,
- _In_reads_(Count) PUNICODE_STRING Names,
- _Out_ _Deref_post_count_(Count) PULONG *RelativeIds,
- _Out_ _Deref_post_count_(Count) PSID_NAME_USE *Use
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamLookupNamesInDomain2(
- _In_ SAM_HANDLE DomainHandle,
- _In_ ULONG Count,
- _In_reads_(Count) PUNICODE_STRING Names,
- _Out_ _Deref_post_count_(Count) PSID* Sids,
- _Out_ _Deref_post_count_(Count) PSID_NAME_USE* Use
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamLookupIdsInDomain(
- _In_ SAM_HANDLE DomainHandle,
- _In_ ULONG Count,
- _In_reads_(Count) PULONG RelativeIds,
- _Out_ _Deref_post_count_(Count) PUNICODE_STRING *Names,
- _Out_ _Deref_post_opt_count_(Count) PSID_NAME_USE *Use
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamRemoveMemberFromForeignDomain(
- _In_ SAM_HANDLE DomainHandle,
- _In_ PSID MemberId
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamQueryLocalizableAccountsInDomain(
- _In_ SAM_HANDLE Domain,
- _In_ ULONG Flags,
- _In_ ULONG LanguageId,
- _In_ DOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION Class,
- _Outptr_ PVOID *Buffer
- );
-
-// Group
-
-#define GROUP_READ_INFORMATION 0x0001
-#define GROUP_WRITE_ACCOUNT 0x0002
-#define GROUP_ADD_MEMBER 0x0004
-#define GROUP_REMOVE_MEMBER 0x0008
-#define GROUP_LIST_MEMBERS 0x0010
-
-#define GROUP_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
- GROUP_LIST_MEMBERS | \
- GROUP_WRITE_ACCOUNT | \
- GROUP_ADD_MEMBER | \
- GROUP_REMOVE_MEMBER | \
- GROUP_READ_INFORMATION)
-
-#define GROUP_READ (STANDARD_RIGHTS_READ | \
- GROUP_LIST_MEMBERS)
-
-#define GROUP_WRITE (STANDARD_RIGHTS_WRITE | \
- GROUP_WRITE_ACCOUNT | \
- GROUP_ADD_MEMBER | \
- GROUP_REMOVE_MEMBER)
-
-#define GROUP_EXECUTE (STANDARD_RIGHTS_EXECUTE | \
- GROUP_READ_INFORMATION)
-
-typedef struct _GROUP_MEMBERSHIP
-{
- ULONG RelativeId;
- ULONG Attributes;
-} GROUP_MEMBERSHIP, *PGROUP_MEMBERSHIP;
-
-// SamQueryInformationGroup/SamSetInformationGroup types
-
-typedef enum _GROUP_INFORMATION_CLASS
-{
- GroupGeneralInformation = 1, // q: GROUP_GENERAL_INFORMATION
- GroupNameInformation, // q; s: GROUP_NAME_INFORMATION
- GroupAttributeInformation, // q; s: GROUP_ATTRIBUTE_INFORMATION
- GroupAdminCommentInformation, // q; s: GROUP_ADM_COMMENT_INFORMATION
- GroupReplicationInformation
-} GROUP_INFORMATION_CLASS;
-
-typedef struct _GROUP_GENERAL_INFORMATION
-{
- UNICODE_STRING Name;
- ULONG Attributes;
- ULONG MemberCount;
- UNICODE_STRING AdminComment;
-} GROUP_GENERAL_INFORMATION, *PGROUP_GENERAL_INFORMATION;
-
-typedef struct _GROUP_NAME_INFORMATION
-{
- UNICODE_STRING Name;
-} GROUP_NAME_INFORMATION, *PGROUP_NAME_INFORMATION;
-
-typedef struct _GROUP_ATTRIBUTE_INFORMATION
-{
- ULONG Attributes;
-} GROUP_ATTRIBUTE_INFORMATION, *PGROUP_ATTRIBUTE_INFORMATION;
-
-typedef struct _GROUP_ADM_COMMENT_INFORMATION
-{
- UNICODE_STRING AdminComment;
-} GROUP_ADM_COMMENT_INFORMATION, *PGROUP_ADM_COMMENT_INFORMATION;
-
-// Functions
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamEnumerateGroupsInDomain(
- _In_ SAM_HANDLE DomainHandle,
- _Inout_ PSAM_ENUMERATE_HANDLE EnumerationContext,
- _Outptr_ PVOID *Buffer, // PSAM_RID_ENUMERATION *
- _In_ ULONG PreferedMaximumLength,
- _Out_ PULONG CountReturned
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamCreateGroupInDomain(
- _In_ SAM_HANDLE DomainHandle,
- _In_ PUNICODE_STRING AccountName,
- _In_ ACCESS_MASK DesiredAccess,
- _Out_ PSAM_HANDLE GroupHandle,
- _Out_ PULONG RelativeId
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamOpenGroup(
- _In_ SAM_HANDLE DomainHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ ULONG GroupId,
- _Out_ PSAM_HANDLE GroupHandle
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamDeleteGroup(
- _In_ SAM_HANDLE GroupHandle
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamQueryInformationGroup(
- _In_ SAM_HANDLE GroupHandle,
- _In_ GROUP_INFORMATION_CLASS GroupInformationClass,
- _Outptr_ PVOID *Buffer
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamSetInformationGroup(
- _In_ SAM_HANDLE GroupHandle,
- _In_ GROUP_INFORMATION_CLASS GroupInformationClass,
- _In_ PVOID Buffer
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamAddMemberToGroup(
- _In_ SAM_HANDLE GroupHandle,
- _In_ ULONG MemberId,
- _In_ ULONG Attributes
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamRemoveMemberFromGroup(
- _In_ SAM_HANDLE GroupHandle,
- _In_ ULONG MemberId
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamGetMembersInGroup(
- _In_ SAM_HANDLE GroupHandle,
- _Out_ _Deref_post_count_(*MemberCount) PULONG *MemberIds,
- _Out_ _Deref_post_count_(*MemberCount) PULONG *Attributes,
- _Out_ PULONG MemberCount
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamSetMemberAttributesOfGroup(
- _In_ SAM_HANDLE GroupHandle,
- _In_ ULONG MemberId,
- _In_ ULONG Attributes
- );
-
-// Alias
-
-#define ALIAS_ADD_MEMBER 0x0001
-#define ALIAS_REMOVE_MEMBER 0x0002
-#define ALIAS_LIST_MEMBERS 0x0004
-#define ALIAS_READ_INFORMATION 0x0008
-#define ALIAS_WRITE_ACCOUNT 0x0010
-
-#define ALIAS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
- ALIAS_READ_INFORMATION | \
- ALIAS_WRITE_ACCOUNT | \
- ALIAS_LIST_MEMBERS | \
- ALIAS_ADD_MEMBER | \
- ALIAS_REMOVE_MEMBER)
-
-#define ALIAS_READ (STANDARD_RIGHTS_READ | \
- ALIAS_LIST_MEMBERS)
-
-#define ALIAS_WRITE (STANDARD_RIGHTS_WRITE | \
- ALIAS_WRITE_ACCOUNT | \
- ALIAS_ADD_MEMBER | \
- ALIAS_REMOVE_MEMBER)
-
-#define ALIAS_EXECUTE (STANDARD_RIGHTS_EXECUTE | \
- ALIAS_READ_INFORMATION)
-
-// SamQueryInformationAlias/SamSetInformationAlias types
-
-typedef enum _ALIAS_INFORMATION_CLASS
-{
- AliasGeneralInformation = 1, // q: ALIAS_GENERAL_INFORMATION
- AliasNameInformation, // q; s: ALIAS_NAME_INFORMATION
- AliasAdminCommentInformation, // q; s: ALIAS_ADM_COMMENT_INFORMATION
- AliasReplicationInformation,
- AliasExtendedInformation,
-} ALIAS_INFORMATION_CLASS;
-
-typedef struct _ALIAS_GENERAL_INFORMATION
-{
- UNICODE_STRING Name;
- ULONG MemberCount;
- UNICODE_STRING AdminComment;
-} ALIAS_GENERAL_INFORMATION, *PALIAS_GENERAL_INFORMATION;
-
-typedef struct _ALIAS_NAME_INFORMATION
-{
- UNICODE_STRING Name;
-} ALIAS_NAME_INFORMATION, *PALIAS_NAME_INFORMATION;
-
-typedef struct _ALIAS_ADM_COMMENT_INFORMATION
-{
- UNICODE_STRING AdminComment;
-} ALIAS_ADM_COMMENT_INFORMATION, *PALIAS_ADM_COMMENT_INFORMATION;
-
-#define ALIAS_ALL_NAME (0x00000001L)
-#define ALIAS_ALL_MEMBER_COUNT (0x00000002L)
-#define ALIAS_ALL_ADMIN_COMMENT (0x00000004L)
-#define ALIAS_ALL_SHELL_ADMIN_OBJECT_PROPERTIES (0x00000008L)
-
-typedef struct _ALIAS_EXTENDED_INFORMATION
-{
- ULONG WhichFields;
- SAM_SHELL_OBJECT_PROPERTIES ShellAdminObjectProperties;
-} ALIAS_EXTENDED_INFORMATION, *PALIAS_EXTENDED_INFORMATION;
-
-// Functions
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamEnumerateAliasesInDomain(
- _In_ SAM_HANDLE DomainHandle,
- _Inout_ PSAM_ENUMERATE_HANDLE EnumerationContext,
- _Outptr_ PVOID *Buffer, // PSAM_RID_ENUMERATION *Buffer
- _In_ ULONG PreferedMaximumLength,
- _Out_ PULONG CountReturned
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamCreateAliasInDomain(
- _In_ SAM_HANDLE DomainHandle,
- _In_ PUNICODE_STRING AccountName,
- _In_ ACCESS_MASK DesiredAccess,
- _Out_ PSAM_HANDLE AliasHandle,
- _Out_ PULONG RelativeId
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamOpenAlias(
- _In_ SAM_HANDLE DomainHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ ULONG AliasId,
- _Out_ PSAM_HANDLE AliasHandle
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamDeleteAlias(
- _In_ SAM_HANDLE AliasHandle
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamQueryInformationAlias(
- _In_ SAM_HANDLE AliasHandle,
- _In_ ALIAS_INFORMATION_CLASS AliasInformationClass,
- _Outptr_ PVOID *Buffer
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamSetInformationAlias(
- _In_ SAM_HANDLE AliasHandle,
- _In_ ALIAS_INFORMATION_CLASS AliasInformationClass,
- _In_ PVOID Buffer
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamAddMemberToAlias(
- _In_ SAM_HANDLE AliasHandle,
- _In_ PSID MemberId
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamAddMultipleMembersToAlias(
- _In_ SAM_HANDLE AliasHandle,
- _In_reads_(MemberCount) PSID *MemberIds,
- _In_ ULONG MemberCount
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamRemoveMemberFromAlias(
- _In_ SAM_HANDLE AliasHandle,
- _In_ PSID MemberId
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamRemoveMultipleMembersFromAlias(
- _In_ SAM_HANDLE AliasHandle,
- _In_reads_(MemberCount) PSID *MemberIds,
- _In_ ULONG MemberCount
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamGetMembersInAlias(
- _In_ SAM_HANDLE AliasHandle,
- _Out_ _Deref_post_count_(*MemberCount) PSID **MemberIds,
- _Out_ PULONG MemberCount
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamGetAliasMembership(
- _In_ SAM_HANDLE DomainHandle,
- _In_ ULONG PassedCount,
- _In_reads_(PassedCount) PSID *Sids,
- _Out_ PULONG MembershipCount,
- _Out_ _Deref_post_count_(*MembershipCount) PULONG *Aliases
- );
-
-// Group types
-
-#define GROUP_TYPE_BUILTIN_LOCAL_GROUP 0x00000001
-#define GROUP_TYPE_ACCOUNT_GROUP 0x00000002
-#define GROUP_TYPE_RESOURCE_GROUP 0x00000004
-#define GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
-#define GROUP_TYPE_APP_BASIC_GROUP 0x00000010
-#define GROUP_TYPE_APP_QUERY_GROUP 0x00000020
-#define GROUP_TYPE_SECURITY_ENABLED 0x80000000
-
-#define GROUP_TYPE_RESOURCE_BEHAVOIR (GROUP_TYPE_RESOURCE_GROUP | \
- GROUP_TYPE_APP_BASIC_GROUP | \
- GROUP_TYPE_APP_QUERY_GROUP)
-
-// User
-
-#define USER_READ_GENERAL 0x0001
-#define USER_READ_PREFERENCES 0x0002
-#define USER_WRITE_PREFERENCES 0x0004
-#define USER_READ_LOGON 0x0008
-#define USER_READ_ACCOUNT 0x0010
-#define USER_WRITE_ACCOUNT 0x0020
-#define USER_CHANGE_PASSWORD 0x0040
-#define USER_FORCE_PASSWORD_CHANGE 0x0080
-#define USER_LIST_GROUPS 0x0100
-#define USER_READ_GROUP_INFORMATION 0x0200
-#define USER_WRITE_GROUP_INFORMATION 0x0400
-
-#define USER_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
- USER_READ_PREFERENCES | \
- USER_READ_LOGON | \
- USER_LIST_GROUPS | \
- USER_READ_GROUP_INFORMATION | \
- USER_WRITE_PREFERENCES | \
- USER_CHANGE_PASSWORD | \
- USER_FORCE_PASSWORD_CHANGE | \
- USER_READ_GENERAL | \
- USER_READ_ACCOUNT | \
- USER_WRITE_ACCOUNT | \
- USER_WRITE_GROUP_INFORMATION)
-
-#define USER_READ (STANDARD_RIGHTS_READ | \
- USER_READ_PREFERENCES | \
- USER_READ_LOGON | \
- USER_READ_ACCOUNT | \
- USER_LIST_GROUPS | \
- USER_READ_GROUP_INFORMATION)
-
-#define USER_WRITE (STANDARD_RIGHTS_WRITE | \
- USER_WRITE_PREFERENCES | \
- USER_CHANGE_PASSWORD)
-
-#define USER_EXECUTE (STANDARD_RIGHTS_EXECUTE | \
- USER_READ_GENERAL | \
- USER_CHANGE_PASSWORD)
-
-// User account control flags
-
-#define USER_ACCOUNT_DISABLED (0x00000001)
-#define USER_HOME_DIRECTORY_REQUIRED (0x00000002)
-#define USER_PASSWORD_NOT_REQUIRED (0x00000004)
-#define USER_TEMP_DUPLICATE_ACCOUNT (0x00000008)
-#define USER_NORMAL_ACCOUNT (0x00000010)
-#define USER_MNS_LOGON_ACCOUNT (0x00000020)
-#define USER_INTERDOMAIN_TRUST_ACCOUNT (0x00000040)
-#define USER_WORKSTATION_TRUST_ACCOUNT (0x00000080)
-#define USER_SERVER_TRUST_ACCOUNT (0x00000100)
-#define USER_DONT_EXPIRE_PASSWORD (0x00000200)
-#define USER_ACCOUNT_AUTO_LOCKED (0x00000400)
-#define USER_ENCRYPTED_TEXT_PASSWORD_ALLOWED (0x00000800)
-#define USER_SMARTCARD_REQUIRED (0x00001000)
-#define USER_TRUSTED_FOR_DELEGATION (0x00002000)
-#define USER_NOT_DELEGATED (0x00004000)
-#define USER_USE_DES_KEY_ONLY (0x00008000)
-#define USER_DONT_REQUIRE_PREAUTH (0x00010000)
-#define USER_PASSWORD_EXPIRED (0x00020000)
-#define USER_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION (0x00040000)
-#define USER_NO_AUTH_DATA_REQUIRED (0x00080000)
-#define USER_PARTIAL_SECRETS_ACCOUNT (0x00100000)
-#define USER_USE_AES_KEYS (0x00200000)
-
-#define NEXT_FREE_ACCOUNT_CONTROL_BIT (USER_USE_AES_KEYS << 1)
-
-#define USER_MACHINE_ACCOUNT_MASK ( \
- USER_INTERDOMAIN_TRUST_ACCOUNT | \
- USER_WORKSTATION_TRUST_ACCOUNT | \
- USER_SERVER_TRUST_ACCOUNT \
- )
-
-#define USER_ACCOUNT_TYPE_MASK ( \
- USER_TEMP_DUPLICATE_ACCOUNT | \
- USER_NORMAL_ACCOUNT | \
- USER_MACHINE_ACCOUNT_MASK \
- )
-
-#define USER_COMPUTED_ACCOUNT_CONTROL_BITS ( \
- USER_ACCOUNT_AUTO_LOCKED | \
- USER_PASSWORD_EXPIRED \
- )
-
-// Logon times may be expressed in day, hour, or minute granularity.
-
-#define SAM_DAYS_PER_WEEK (7)
-#define SAM_HOURS_PER_WEEK (24 * SAM_DAYS_PER_WEEK)
-#define SAM_MINUTES_PER_WEEK (60 * SAM_HOURS_PER_WEEK)
-
-typedef struct _LOGON_HOURS
-{
- USHORT UnitsPerWeek;
-
- // UnitsPerWeek is the number of equal length time units the week is
- // divided into. This value is used to compute the length of the bit
- // string in logon_hours. Must be less than or equal to
- // SAM_UNITS_PER_WEEK (10080) for this release.
- //
- // LogonHours is a bit map of valid logon times. Each bit represents
- // a unique division in a week. The largest bit map supported is 1260
- // bytes (10080 bits), which represents minutes per week. In this case
- // the first bit (bit 0, byte 0) is Sunday, 00:00:00 - 00-00:59; bit 1,
- // byte 0 is Sunday, 00:01:00 - 00:01:59, etc. A NULL pointer means
- // DONT_CHANGE for SamSetInformationUser() calls.
-
- PUCHAR LogonHours;
-} LOGON_HOURS, *PLOGON_HOURS;
-
-typedef struct _SR_SECURITY_DESCRIPTOR
-{
- ULONG Length;
- PUCHAR SecurityDescriptor;
-} SR_SECURITY_DESCRIPTOR, *PSR_SECURITY_DESCRIPTOR;
-
-// SamQueryInformationUser/SamSetInformationUser types
-
-typedef enum _USER_INFORMATION_CLASS
-{
- UserGeneralInformation = 1, // q: USER_GENERAL_INFORMATION
- UserPreferencesInformation, // q; s: USER_PREFERENCES_INFORMATION
- UserLogonInformation, // q: USER_LOGON_INFORMATION
- UserLogonHoursInformation, // q; s: USER_LOGON_HOURS_INFORMATION
- UserAccountInformation, // q: USER_ACCOUNT_INFORMATION
- UserNameInformation, // q; s: USER_NAME_INFORMATION
- UserAccountNameInformation, // q; s: USER_ACCOUNT_NAME_INFORMATION
- UserFullNameInformation, // q; s: USER_FULL_NAME_INFORMATION
- UserPrimaryGroupInformation, // q; s: USER_PRIMARY_GROUP_INFORMATION
- UserHomeInformation, // q; s: USER_HOME_INFORMATION // 10
- UserScriptInformation, // q; s: USER_SCRIPT_INFORMATION
- UserProfileInformation, // q; s: USER_PROFILE_INFORMATION
- UserAdminCommentInformation, // q; s: USER_ADMIN_COMMENT_INFORMATION
- UserWorkStationsInformation, // q; s: USER_WORKSTATIONS_INFORMATION
- UserSetPasswordInformation, // s: USER_SET_PASSWORD_INFORMATION
- UserControlInformation, // q; s: USER_CONTROL_INFORMATION
- UserExpiresInformation, // q; s: USER_EXPIRES_INFORMATION
- UserInternal1Information, // USER_INTERNAL1_INFORMATION
- UserInternal2Information, // USER_INTERNAL2_INFORMATION
- UserParametersInformation, // q; s: USER_PARAMETERS_INFORMATION // 20
- UserAllInformation, // USER_ALL_INFORMATION
- UserInternal3Information, // USER_INTERNAL3_INFORMATION
- UserInternal4Information, // USER_INTERNAL4_INFORMATION
- UserInternal5Information, // USER_INTERNAL5_INFORMATION
- UserInternal4InformationNew, // USER_INTERNAL4_INFORMATION_NEW
- UserInternal5InformationNew, // USER_INTERNAL5_INFORMATION_NEW
- UserInternal6Information, // USER_INTERNAL6_INFORMATION
- UserExtendedInformation, // USER_EXTENDED_INFORMATION
- UserLogonUIInformation, // USER_LOGON_UI_INFORMATION
- UserUnknownTodoInformation,
- UserInternal7Information, // USER_INTERNAL7_INFORMATION
- UserInternal8Information, // USER_INTERNAL8_INFORMATION
-} USER_INFORMATION_CLASS, *PUSER_INFORMATION_CLASS;
-
-typedef struct _USER_GENERAL_INFORMATION
-{
- UNICODE_STRING UserName;
- UNICODE_STRING FullName;
- ULONG PrimaryGroupId;
- UNICODE_STRING AdminComment;
- UNICODE_STRING UserComment;
-} USER_GENERAL_INFORMATION, *PUSER_GENERAL_INFORMATION;
-
-typedef struct _USER_PREFERENCES_INFORMATION
-{
- UNICODE_STRING UserComment;
- UNICODE_STRING Reserved1;
- USHORT CountryCode;
- USHORT CodePage;
-} USER_PREFERENCES_INFORMATION, *PUSER_PREFERENCES_INFORMATION;
-
-#include
-typedef struct _USER_LOGON_INFORMATION
-{
- UNICODE_STRING UserName;
- UNICODE_STRING FullName;
- ULONG UserId;
- ULONG PrimaryGroupId;
- UNICODE_STRING HomeDirectory;
- UNICODE_STRING HomeDirectoryDrive;
- UNICODE_STRING ScriptPath;
- UNICODE_STRING ProfilePath;
- UNICODE_STRING WorkStations;
- LARGE_INTEGER LastLogon;
- LARGE_INTEGER LastLogoff;
- LARGE_INTEGER PasswordLastSet;
- LARGE_INTEGER PasswordCanChange;
- LARGE_INTEGER PasswordMustChange;
- LOGON_HOURS LogonHours;
- USHORT BadPasswordCount;
- USHORT LogonCount;
- ULONG UserAccountControl;
-} USER_LOGON_INFORMATION, * PUSER_LOGON_INFORMATION;
-#include
-
-typedef struct _USER_LOGON_HOURS_INFORMATION
-{
- LOGON_HOURS LogonHours;
-} USER_LOGON_HOURS_INFORMATION, * PUSER_LOGON_HOURS_INFORMATION;
-
-#include
-typedef struct _USER_ACCOUNT_INFORMATION
-{
- UNICODE_STRING UserName;
- UNICODE_STRING FullName;
- ULONG UserId;
- ULONG PrimaryGroupId;
- UNICODE_STRING HomeDirectory;
- UNICODE_STRING HomeDirectoryDrive;
- UNICODE_STRING ScriptPath;
- UNICODE_STRING ProfilePath;
- UNICODE_STRING AdminComment;
- UNICODE_STRING WorkStations;
- LARGE_INTEGER LastLogon;
- LARGE_INTEGER LastLogoff;
- LOGON_HOURS LogonHours;
- USHORT BadPasswordCount;
- USHORT LogonCount;
- LARGE_INTEGER PasswordLastSet;
- LARGE_INTEGER AccountExpires;
- ULONG UserAccountControl;
-} USER_ACCOUNT_INFORMATION, * PUSER_ACCOUNT_INFORMATION;
-#include
-
-typedef struct _USER_NAME_INFORMATION
-{
- UNICODE_STRING UserName;
- UNICODE_STRING FullName;
-} USER_NAME_INFORMATION, *PUSER_NAME_INFORMATION;
-
-typedef struct _USER_ACCOUNT_NAME_INFORMATION
-{
- UNICODE_STRING UserName;
-} USER_ACCOUNT_NAME_INFORMATION, *PUSER_ACCOUNT_NAME_INFORMATION;
-
-typedef struct _USER_FULL_NAME_INFORMATION
-{
- UNICODE_STRING FullName;
-} USER_FULL_NAME_INFORMATION, *PUSER_FULL_NAME_INFORMATION;
-
-typedef struct _USER_PRIMARY_GROUP_INFORMATION
-{
- ULONG PrimaryGroupId;
-} USER_PRIMARY_GROUP_INFORMATION, *PUSER_PRIMARY_GROUP_INFORMATION;
-
-typedef struct _USER_HOME_INFORMATION
-{
- UNICODE_STRING HomeDirectory;
- UNICODE_STRING HomeDirectoryDrive;
-} USER_HOME_INFORMATION, *PUSER_HOME_INFORMATION;
-
-typedef struct _USER_SCRIPT_INFORMATION
-{
- UNICODE_STRING ScriptPath;
-} USER_SCRIPT_INFORMATION, *PUSER_SCRIPT_INFORMATION;
-
-typedef struct _USER_PROFILE_INFORMATION
-{
- UNICODE_STRING ProfilePath;
-} USER_PROFILE_INFORMATION, *PUSER_PROFILE_INFORMATION;
-
-typedef struct _USER_ADMIN_COMMENT_INFORMATION
-{
- UNICODE_STRING AdminComment;
-} USER_ADMIN_COMMENT_INFORMATION, *PUSER_ADMIN_COMMENT_INFORMATION;
-
-typedef struct _USER_WORKSTATIONS_INFORMATION
-{
- UNICODE_STRING WorkStations;
-} USER_WORKSTATIONS_INFORMATION, *PUSER_WORKSTATIONS_INFORMATION;
-
-typedef struct _USER_SET_PASSWORD_INFORMATION
-{
- UNICODE_STRING Password;
- BOOLEAN PasswordExpired;
-} USER_SET_PASSWORD_INFORMATION, *PUSER_SET_PASSWORD_INFORMATION;
-
-typedef struct _USER_CONTROL_INFORMATION
-{
- ULONG UserAccountControl;
-} USER_CONTROL_INFORMATION, *PUSER_CONTROL_INFORMATION;
-
-typedef struct _USER_EXPIRES_INFORMATION
-{
- LARGE_INTEGER AccountExpires;
-} USER_EXPIRES_INFORMATION, *PUSER_EXPIRES_INFORMATION;
-
-#define CYPHER_BLOCK_LENGTH 8
-
-typedef struct _CYPHER_BLOCK
-{
- CHAR data[CYPHER_BLOCK_LENGTH];
-} CYPHER_BLOCK, *PCYPHER_BLOCK;
-
-typedef struct _ENCRYPTED_NT_OWF_PASSWORD
-{
- CYPHER_BLOCK data[2];
-} ENCRYPTED_NT_OWF_PASSWORD, *PENCRYPTED_NT_OWF_PASSWORD;
-
-typedef struct _ENCRYPTED_LM_OWF_PASSWORD
-{
- CYPHER_BLOCK data[2];
-} ENCRYPTED_LM_OWF_PASSWORD, *PENCRYPTED_LM_OWF_PASSWORD;
-
-typedef struct _USER_INTERNAL1_INFORMATION
-{
- ENCRYPTED_NT_OWF_PASSWORD EncryptedNtOwfPassword;
- ENCRYPTED_LM_OWF_PASSWORD EncryptedLmOwfPassword;
- BOOLEAN NtPasswordPresent;
- BOOLEAN LmPasswordPresent;
- BOOLEAN PasswordExpired;
-} USER_INTERNAL1_INFORMATION, *PUSER_INTERNAL1_INFORMATION;
-
-typedef struct _USER_INTERNAL2_INFORMATION
-{
- ULONG StatisticsToApply;
- LARGE_INTEGER LastLogon;
- LARGE_INTEGER LastLogoff;
- USHORT BadPasswordCount;
- USHORT LogonCount;
-} USER_INTERNAL2_INFORMATION, *PUSER_INTERNAL2_INFORMATION;
-
-typedef struct _USER_PARAMETERS_INFORMATION
-{
- UNICODE_STRING Parameters;
-} USER_PARAMETERS_INFORMATION, *PUSER_PARAMETERS_INFORMATION;
-
-// Flags for WhichFields in USER_ALL_INFORMATION
-
-#define USER_ALL_USERNAME 0x00000001
-#define USER_ALL_FULLNAME 0x00000002
-#define USER_ALL_USERID 0x00000004
-#define USER_ALL_PRIMARYGROUPID 0x00000008
-#define USER_ALL_ADMINCOMMENT 0x00000010
-#define USER_ALL_USERCOMMENT 0x00000020
-#define USER_ALL_HOMEDIRECTORY 0x00000040
-#define USER_ALL_HOMEDIRECTORYDRIVE 0x00000080
-#define USER_ALL_SCRIPTPATH 0x00000100
-#define USER_ALL_PROFILEPATH 0x00000200
-#define USER_ALL_WORKSTATIONS 0x00000400
-#define USER_ALL_LASTLOGON 0x00000800
-#define USER_ALL_LASTLOGOFF 0x00001000
-#define USER_ALL_LOGONHOURS 0x00002000
-#define USER_ALL_BADPASSWORDCOUNT 0x00004000
-#define USER_ALL_LOGONCOUNT 0x00008000
-#define USER_ALL_PASSWORDCANCHANGE 0x00010000
-#define USER_ALL_PASSWORDMUSTCHANGE 0x00020000
-#define USER_ALL_PASSWORDLASTSET 0x00040000
-#define USER_ALL_ACCOUNTEXPIRES 0x00080000
-#define USER_ALL_USERACCOUNTCONTROL 0x00100000
-#define USER_ALL_PARAMETERS 0x00200000
-#define USER_ALL_COUNTRYCODE 0x00400000
-#define USER_ALL_CODEPAGE 0x00800000
-#define USER_ALL_NTPASSWORDPRESENT 0x01000000 // field AND boolean
-#define USER_ALL_LMPASSWORDPRESENT 0x02000000 // field AND boolean
-#define USER_ALL_PRIVATEDATA 0x04000000 // field AND boolean
-#define USER_ALL_PASSWORDEXPIRED 0x08000000
-#define USER_ALL_SECURITYDESCRIPTOR 0x10000000
-#define USER_ALL_OWFPASSWORD 0x20000000 // boolean
-
-#define USER_ALL_UNDEFINED_MASK 0xc0000000
-
-// Fields that require USER_READ_GENERAL access to read.
-
-#define USER_ALL_READ_GENERAL_MASK \
- (USER_ALL_USERNAME | \
- USER_ALL_FULLNAME | \
- USER_ALL_USERID | \
- USER_ALL_PRIMARYGROUPID | \
- USER_ALL_ADMINCOMMENT | \
- USER_ALL_USERCOMMENT)
-
-// Fields that require USER_READ_LOGON access to read.
-
-#define USER_ALL_READ_LOGON_MASK \
- (USER_ALL_HOMEDIRECTORY | \
- USER_ALL_HOMEDIRECTORYDRIVE | \
- USER_ALL_SCRIPTPATH | \
- USER_ALL_PROFILEPATH | \
- USER_ALL_WORKSTATIONS | \
- USER_ALL_LASTLOGON | \
- USER_ALL_LASTLOGOFF | \
- USER_ALL_LOGONHOURS | \
- USER_ALL_BADPASSWORDCOUNT | \
- USER_ALL_LOGONCOUNT | \
- USER_ALL_PASSWORDCANCHANGE | \
- USER_ALL_PASSWORDMUSTCHANGE)
-
-// Fields that require USER_READ_ACCOUNT access to read.
-
-#define USER_ALL_READ_ACCOUNT_MASK \
- (USER_ALL_PASSWORDLASTSET | \
- USER_ALL_ACCOUNTEXPIRES | \
- USER_ALL_USERACCOUNTCONTROL | \
- USER_ALL_PARAMETERS)
-
-// Fields that require USER_READ_PREFERENCES access to read.
-
-#define USER_ALL_READ_PREFERENCES_MASK \
- (USER_ALL_COUNTRYCODE | USER_ALL_CODEPAGE)
-
-// Fields that can only be read by trusted clients.
-
-#define USER_ALL_READ_TRUSTED_MASK \
- (USER_ALL_NTPASSWORDPRESENT | \
- USER_ALL_LMPASSWORDPRESENT | \
- USER_ALL_PASSWORDEXPIRED | \
- USER_ALL_SECURITYDESCRIPTOR | \
- USER_ALL_PRIVATEDATA)
-
-// Fields that can't be read.
-
-#define USER_ALL_READ_CANT_MASK USER_ALL_UNDEFINED_MASK
-
-// Fields that require USER_WRITE_ACCOUNT access to write.
-
-#define USER_ALL_WRITE_ACCOUNT_MASK \
- (USER_ALL_USERNAME | \
- USER_ALL_FULLNAME | \
- USER_ALL_PRIMARYGROUPID | \
- USER_ALL_HOMEDIRECTORY | \
- USER_ALL_HOMEDIRECTORYDRIVE | \
- USER_ALL_SCRIPTPATH | \
- USER_ALL_PROFILEPATH | \
- USER_ALL_ADMINCOMMENT | \
- USER_ALL_WORKSTATIONS | \
- USER_ALL_LOGONHOURS | \
- USER_ALL_ACCOUNTEXPIRES | \
- USER_ALL_USERACCOUNTCONTROL | \
- USER_ALL_PARAMETERS)
-
-// Fields that require USER_WRITE_PREFERENCES access to write.
-
-#define USER_ALL_WRITE_PREFERENCES_MASK \
- (USER_ALL_USERCOMMENT | USER_ALL_COUNTRYCODE | USER_ALL_CODEPAGE)
-
-// Fields that require USER_FORCE_PASSWORD_CHANGE access to write.
-//
-// Note that non-trusted clients only set the NT password as a
-// UNICODE string. The wrapper will convert it to an LM password,
-// OWF and encrypt both versions. Trusted clients can pass in OWF
-// versions of either or both.
-
-#define USER_ALL_WRITE_FORCE_PASSWORD_CHANGE_MASK \
- (USER_ALL_NTPASSWORDPRESENT | \
- USER_ALL_LMPASSWORDPRESENT | \
- USER_ALL_PASSWORDEXPIRED)
-
-// Fields that can only be written by trusted clients.
-
-#define USER_ALL_WRITE_TRUSTED_MASK \
- (USER_ALL_LASTLOGON | \
- USER_ALL_LASTLOGOFF | \
- USER_ALL_BADPASSWORDCOUNT | \
- USER_ALL_LOGONCOUNT | \
- USER_ALL_PASSWORDLASTSET | \
- USER_ALL_SECURITYDESCRIPTOR | \
- USER_ALL_PRIVATEDATA)
-
-// Fields that can't be written.
-
-#define USER_ALL_WRITE_CANT_MASK \
- (USER_ALL_USERID | \
- USER_ALL_PASSWORDCANCHANGE | \
- USER_ALL_PASSWORDMUSTCHANGE | \
- USER_ALL_UNDEFINED_MASK)
-
-#include
-typedef struct _USER_ALL_INFORMATION
-{
- LARGE_INTEGER LastLogon;
- LARGE_INTEGER LastLogoff;
- LARGE_INTEGER PasswordLastSet;
- LARGE_INTEGER AccountExpires;
- LARGE_INTEGER PasswordCanChange;
- LARGE_INTEGER PasswordMustChange;
- UNICODE_STRING UserName;
- UNICODE_STRING FullName;
- UNICODE_STRING HomeDirectory;
- UNICODE_STRING HomeDirectoryDrive;
- UNICODE_STRING ScriptPath;
- UNICODE_STRING ProfilePath;
- UNICODE_STRING AdminComment;
- UNICODE_STRING WorkStations;
- UNICODE_STRING UserComment;
- UNICODE_STRING Parameters;
- UNICODE_STRING LmPassword;
- UNICODE_STRING NtPassword;
- UNICODE_STRING PrivateData;
- SR_SECURITY_DESCRIPTOR SecurityDescriptor;
- ULONG UserId;
- ULONG PrimaryGroupId;
- ULONG UserAccountControl;
- ULONG WhichFields;
- LOGON_HOURS LogonHours;
- USHORT BadPasswordCount;
- USHORT LogonCount;
- USHORT CountryCode;
- USHORT CodePage;
- BOOLEAN LmPasswordPresent;
- BOOLEAN NtPasswordPresent;
- BOOLEAN PasswordExpired;
- BOOLEAN PrivateDataSensitive;
-} USER_ALL_INFORMATION, *PUSER_ALL_INFORMATION;
-#include
-
-#include
-typedef struct _USER_INTERNAL3_INFORMATION
-{
- USER_ALL_INFORMATION I1;
- LARGE_INTEGER LastBadPasswordTime;
-} USER_INTERNAL3_INFORMATION, *PUSER_INTERNAL3_INFORMATION;
-#include
-
-typedef struct _ENCRYPTED_USER_PASSWORD
-{
- UCHAR Buffer[(SAM_MAX_PASSWORD_LENGTH * 2) + 4];
-} ENCRYPTED_USER_PASSWORD, *PENCRYPTED_USER_PASSWORD;
-
-typedef struct _USER_INTERNAL4_INFORMATION
-{
- USER_ALL_INFORMATION I1;
- ENCRYPTED_USER_PASSWORD UserPassword;
-} USER_INTERNAL4_INFORMATION, *PUSER_INTERNAL4_INFORMATION;
-
-typedef struct _USER_INTERNAL5_INFORMATION
-{
- ENCRYPTED_USER_PASSWORD UserPassword;
- BOOLEAN PasswordExpired;
-} USER_INTERNAL5_INFORMATION, *PUSER_INTERNAL5_INFORMATION;
-
-typedef struct _ENCRYPTED_USER_PASSWORD_NEW
-{
- UCHAR Buffer[(SAM_MAX_PASSWORD_LENGTH * 2) + 4 + SAM_PASSWORD_ENCRYPTION_SALT_LEN];
-} ENCRYPTED_USER_PASSWORD_NEW, *PENCRYPTED_USER_PASSWORD_NEW;
-
-typedef struct _USER_INTERNAL4_INFORMATION_NEW
-{
- USER_ALL_INFORMATION I1;
- ENCRYPTED_USER_PASSWORD_NEW UserPassword;
-} USER_INTERNAL4_INFORMATION_NEW, *PUSER_INTERNAL4_INFORMATION_NEW;
-
-typedef struct _USER_INTERNAL5_INFORMATION_NEW
-{
- ENCRYPTED_USER_PASSWORD_NEW UserPassword;
- BOOLEAN PasswordExpired;
-} USER_INTERNAL5_INFORMATION_NEW, *PUSER_INTERNAL5_INFORMATION_NEW;
-
-typedef struct _USER_ALLOWED_TO_DELEGATE_TO_LIST
-{
- ULONG Size;
- ULONG NumSPNs;
- UNICODE_STRING SPNList[ANYSIZE_ARRAY];
-} USER_ALLOWED_TO_DELEGATE_TO_LIST, *PUSER_ALLOWED_TO_DELEGATE_TO_LIST;
-
-#define USER_EXTENDED_FIELD_UPN 0x00000001L
-#define USER_EXTENDED_FIELD_A2D2 0x00000002L
-
-typedef struct _USER_INTERNAL6_INFORMATION
-{
- USER_ALL_INFORMATION I1;
- LARGE_INTEGER LastBadPasswordTime;
- ULONG ExtendedFields;
- BOOLEAN UPNDefaulted;
- UNICODE_STRING UPN;
- PUSER_ALLOWED_TO_DELEGATE_TO_LIST A2D2List;
-} USER_INTERNAL6_INFORMATION, *PUSER_INTERNAL6_INFORMATION;
-
-typedef SAM_BYTE_ARRAY_32K SAM_USER_TILE, *PSAM_USER_TILE;
-
-// 0xff000fff is reserved for internal callers and implementation.
-
-#define USER_EXTENDED_FIELD_USER_TILE (0x00001000L)
-#define USER_EXTENDED_FIELD_PASSWORD_HINT (0x00002000L)
-#define USER_EXTENDED_FIELD_DONT_SHOW_IN_LOGON_UI (0x00004000L)
-#define USER_EXTENDED_FIELD_SHELL_ADMIN_OBJECT_PROPERTIES (0x00008000L)
-
-typedef struct _USER_EXTENDED_INFORMATION
-{
- ULONG ExtendedWhichFields;
- SAM_USER_TILE UserTile;
- UNICODE_STRING PasswordHint;
- BOOLEAN DontShowInLogonUI;
- SAM_SHELL_OBJECT_PROPERTIES ShellAdminObjectProperties;
-} USER_EXTENDED_INFORMATION, *PUSER_EXTENDED_INFORMATION;
-
-// For local callers only.
-typedef struct _USER_LOGON_UI_INFORMATION
-{
- BOOLEAN PasswordIsBlank;
- BOOLEAN AccountIsDisabled;
-} USER_LOGON_UI_INFORMATION, *PUSER_LOGON_UI_INFORMATION;
-
-typedef struct _ENCRYPTED_PASSWORD_AES
-{
- UCHAR AuthData[64];
- UCHAR Salt[SAM_PASSWORD_ENCRYPTION_SALT_LEN];
- ULONG cbCipher;
- PUCHAR Cipher;
- ULONGLONG PBKDF2Iterations;
-} ENCRYPTED_PASSWORD_AES, *PENCRYPTED_PASSWORD_AES;
-
-typedef struct _USER_INTERNAL7_INFORMATION
-{
- ENCRYPTED_PASSWORD_AES UserPassword;
- BOOLEAN PasswordExpired;
-} USER_INTERNAL7_INFORMATION, *PUSER_INTERNAL7_INFORMATION;
-
-typedef struct _USER_INTERNAL8_INFORMATION
-{
- USER_ALL_INFORMATION I1;
- ENCRYPTED_PASSWORD_AES UserPassword;
-} USER_INTERNAL8_INFORMATION, *PUSER_INTERNAL8_INFORMATION;
-
-// SamChangePasswordUser3 types
-
-// Error values:
-// * SAM_PWD_CHANGE_NO_ERROR
-// * SAM_PWD_CHANGE_PASSWORD_TOO_SHORT
-// * SAM_PWD_CHANGE_PWD_IN_HISTORY
-// * SAM_PWD_CHANGE_USERNAME_IN_PASSWORD
-// * SAM_PWD_CHANGE_FULLNAME_IN_PASSWORD
-// * SAM_PWD_CHANGE_MACHINE_PASSWORD_NOT_DEFAULT
-// * SAM_PWD_CHANGE_FAILED_BY_FILTER
-
-typedef struct _USER_PWD_CHANGE_FAILURE_INFORMATION
-{
- ULONG ExtendedFailureReason;
- UNICODE_STRING FilterModuleName;
-} USER_PWD_CHANGE_FAILURE_INFORMATION,*PUSER_PWD_CHANGE_FAILURE_INFORMATION;
-
-// ExtendedFailureReason values
-
-#define SAM_PWD_CHANGE_NO_ERROR 0
-#define SAM_PWD_CHANGE_PASSWORD_TOO_SHORT 1
-#define SAM_PWD_CHANGE_PWD_IN_HISTORY 2
-#define SAM_PWD_CHANGE_USERNAME_IN_PASSWORD 3
-#define SAM_PWD_CHANGE_FULLNAME_IN_PASSWORD 4
-#define SAM_PWD_CHANGE_NOT_COMPLEX 5
-#define SAM_PWD_CHANGE_MACHINE_PASSWORD_NOT_DEFAULT 6
-#define SAM_PWD_CHANGE_FAILED_BY_FILTER 7
-#define SAM_PWD_CHANGE_PASSWORD_TOO_LONG 8
-#define SAM_PWD_CHANGE_FAILURE_REASON_MAX 8
-
-// Functions
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamEnumerateUsersInDomain(
- _In_ SAM_HANDLE DomainHandle,
- _Inout_ PSAM_ENUMERATE_HANDLE EnumerationContext,
- _In_ ULONG UserAccountControl,
- _Outptr_ PVOID *Buffer, // PSAM_RID_ENUMERATION *
- _In_ ULONG PreferedMaximumLength,
- _Out_ PULONG CountReturned
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamCreateUserInDomain(
- _In_ SAM_HANDLE DomainHandle,
- _In_ PUNICODE_STRING AccountName,
- _In_ ACCESS_MASK DesiredAccess,
- _Out_ PSAM_HANDLE UserHandle,
- _Out_ PULONG RelativeId
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamCreateUser2InDomain(
- _In_ SAM_HANDLE DomainHandle,
- _In_ PUNICODE_STRING AccountName,
- _In_ ULONG AccountType,
- _In_ ACCESS_MASK DesiredAccess,
- _Out_ PSAM_HANDLE UserHandle,
- _Out_ PULONG GrantedAccess,
- _Out_ PULONG RelativeId
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamOpenUser(
- _In_ SAM_HANDLE DomainHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ ULONG UserId,
- _Out_ PSAM_HANDLE UserHandle
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamDeleteUser(
- _In_ SAM_HANDLE UserHandle
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamQueryInformationUser(
- _In_ SAM_HANDLE UserHandle,
- _In_ USER_INFORMATION_CLASS UserInformationClass,
- _Outptr_ PVOID *Buffer
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamSetInformationUser(
- _In_ SAM_HANDLE UserHandle,
- _In_ USER_INFORMATION_CLASS UserInformationClass,
- _In_ PVOID Buffer
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamGetGroupsForUser(
- _In_ SAM_HANDLE UserHandle,
- _Out_ _Deref_post_count_(*MembershipCount) PGROUP_MEMBERSHIP *Groups,
- _Out_ PULONG MembershipCount
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamChangePasswordUser(
- _In_ SAM_HANDLE UserHandle,
- _In_ PUNICODE_STRING OldPassword,
- _In_ PUNICODE_STRING NewPassword
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamChangePasswordUser2(
- _In_ PUNICODE_STRING ServerName,
- _In_ PUNICODE_STRING UserName,
- _In_ PUNICODE_STRING OldPassword,
- _In_ PUNICODE_STRING NewPassword
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamChangePasswordUser3(
- _In_ PUNICODE_STRING ServerName,
- _In_ PUNICODE_STRING UserName,
- _In_ PUNICODE_STRING OldPassword,
- _In_ PUNICODE_STRING NewPassword,
- _Outptr_ PDOMAIN_PASSWORD_INFORMATION *EffectivePasswordPolicy,
- _Outptr_ PUSER_PWD_CHANGE_FAILURE_INFORMATION *PasswordChangeFailureInfo
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamQueryDisplayInformation(
- _In_ SAM_HANDLE DomainHandle,
- _In_ DOMAIN_DISPLAY_INFORMATION DisplayInformation,
- _In_ ULONG Index,
- _In_ ULONG EntryCount,
- _In_ ULONG PreferredMaximumLength,
- _Out_ PULONG TotalAvailable,
- _Out_ PULONG TotalReturned,
- _Out_ PULONG ReturnedEntryCount,
- _Outptr_ PVOID *SortedBuffer
- );
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamGetDisplayEnumerationIndex(
- _In_ SAM_HANDLE DomainHandle,
- _In_ DOMAIN_DISPLAY_INFORMATION DisplayInformation,
- _In_ PUNICODE_STRING Prefix,
- _Out_ PULONG Index
- );
-
-// Database replication
-
-typedef enum _SECURITY_DB_DELTA_TYPE
-{
- SecurityDbNew = 1,
- SecurityDbRename,
- SecurityDbDelete,
- SecurityDbChangeMemberAdd,
- SecurityDbChangeMemberSet,
- SecurityDbChangeMemberDel,
- SecurityDbChange,
- SecurityDbChangePassword
-} SECURITY_DB_DELTA_TYPE, *PSECURITY_DB_DELTA_TYPE;
-
-typedef enum _SECURITY_DB_OBJECT_TYPE
-{
- SecurityDbObjectSamDomain = 1,
- SecurityDbObjectSamUser,
- SecurityDbObjectSamGroup,
- SecurityDbObjectSamAlias,
- SecurityDbObjectLsaPolicy,
- SecurityDbObjectLsaTDomain,
- SecurityDbObjectLsaAccount,
- SecurityDbObjectLsaSecret
-} SECURITY_DB_OBJECT_TYPE, *PSECURITY_DB_OBJECT_TYPE;
-
-typedef enum _SAM_ACCOUNT_TYPE
-{
- SamObjectUser = 1,
- SamObjectGroup,
- SamObjectAlias
-} SAM_ACCOUNT_TYPE, *PSAM_ACCOUNT_TYPE;
-
-#define SAM_USER_ACCOUNT (0x00000001)
-#define SAM_GLOBAL_GROUP_ACCOUNT (0x00000002)
-#define SAM_LOCAL_GROUP_ACCOUNT (0x00000004)
-
-typedef struct _SAM_GROUP_MEMBER_ID
-{
- ULONG MemberRid;
-} SAM_GROUP_MEMBER_ID, *PSAM_GROUP_MEMBER_ID;
-
-typedef struct _SAM_ALIAS_MEMBER_ID
-{
- PSID MemberSid;
-} SAM_ALIAS_MEMBER_ID, *PSAM_ALIAS_MEMBER_ID;
-
-typedef union _SAM_DELTA_DATA
-{
- SAM_GROUP_MEMBER_ID GroupMemberId;
- SAM_ALIAS_MEMBER_ID AliasMemberId;
- ULONG AccountControl;
-} SAM_DELTA_DATA, *PSAM_DELTA_DATA;
-
-typedef NTSTATUS (NTAPI *PSAM_DELTA_NOTIFICATION_ROUTINE)(
- _In_ PSID DomainSid,
- _In_ SECURITY_DB_DELTA_TYPE DeltaType,
- _In_ SECURITY_DB_OBJECT_TYPE ObjectType,
- _In_ ULONG ObjectRid,
- _In_opt_ PUNICODE_STRING ObjectName,
- _In_ PLARGE_INTEGER ModifiedCount,
- _In_opt_ PSAM_DELTA_DATA DeltaData
- );
-
-#define SAM_DELTA_NOTIFY_ROUTINE "DeltaNotify"
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamRegisterObjectChangeNotification(
- _In_ SECURITY_DB_OBJECT_TYPE ObjectType,
- _In_ HANDLE NotificationEventHandle
- );
-
-NTSTATUS
-NTAPI
-SamUnregisterObjectChangeNotification(
- _In_ SECURITY_DB_OBJECT_TYPE ObjectType,
- _In_ HANDLE NotificationEventHandle
- );
-
-// Compatibility mode
-
-#define SAM_SID_COMPATIBILITY_ALL 0
-#define SAM_SID_COMPATIBILITY_LAX 1
-#define SAM_SID_COMPATIBILITY_STRICT 2
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamGetCompatibilityMode(
- _In_ SAM_HANDLE ObjectHandle,
- _Out_ ULONG *Mode
- );
-
-// Password validation
-
-typedef enum _PASSWORD_POLICY_VALIDATION_TYPE
-{
- SamValidateAuthentication = 1,
- SamValidatePasswordChange,
- SamValidatePasswordReset
-} PASSWORD_POLICY_VALIDATION_TYPE;
-
-typedef struct _SAM_VALIDATE_PASSWORD_HASH
-{
- ULONG Length;
- _Field_size_bytes_(Length) PUCHAR Hash;
-} SAM_VALIDATE_PASSWORD_HASH, *PSAM_VALIDATE_PASSWORD_HASH;
-
-// Flags for PresentFields in SAM_VALIDATE_PERSISTED_FIELDS
-
-#define SAM_VALIDATE_PASSWORD_LAST_SET 0x00000001
-#define SAM_VALIDATE_BAD_PASSWORD_TIME 0x00000002
-#define SAM_VALIDATE_LOCKOUT_TIME 0x00000004
-#define SAM_VALIDATE_BAD_PASSWORD_COUNT 0x00000008
-#define SAM_VALIDATE_PASSWORD_HISTORY_LENGTH 0x00000010
-#define SAM_VALIDATE_PASSWORD_HISTORY 0x00000020
-
-typedef struct _SAM_VALIDATE_PERSISTED_FIELDS
-{
- ULONG PresentFields;
- LARGE_INTEGER PasswordLastSet;
- LARGE_INTEGER BadPasswordTime;
- LARGE_INTEGER LockoutTime;
- ULONG BadPasswordCount;
- ULONG PasswordHistoryLength;
- _Field_size_bytes_(PasswordHistoryLength) PSAM_VALIDATE_PASSWORD_HASH PasswordHistory;
-} SAM_VALIDATE_PERSISTED_FIELDS, *PSAM_VALIDATE_PERSISTED_FIELDS;
-
-typedef enum _SAM_VALIDATE_VALIDATION_STATUS
-{
- SamValidateSuccess = 0,
- SamValidatePasswordMustChange,
- SamValidateAccountLockedOut,
- SamValidatePasswordExpired,
- SamValidatePasswordIncorrect,
- SamValidatePasswordIsInHistory,
- SamValidatePasswordTooShort,
- SamValidatePasswordTooLong,
- SamValidatePasswordNotComplexEnough,
- SamValidatePasswordTooRecent,
- SamValidatePasswordFilterError
-} SAM_VALIDATE_VALIDATION_STATUS, *PSAM_VALIDATE_VALIDATION_STATUS;
-
-typedef struct _SAM_VALIDATE_STANDARD_OUTPUT_ARG
-{
- SAM_VALIDATE_PERSISTED_FIELDS ChangedPersistedFields;
- SAM_VALIDATE_VALIDATION_STATUS ValidationStatus;
-} SAM_VALIDATE_STANDARD_OUTPUT_ARG, *PSAM_VALIDATE_STANDARD_OUTPUT_ARG;
-
-typedef struct _SAM_VALIDATE_AUTHENTICATION_INPUT_ARG
-{
- SAM_VALIDATE_PERSISTED_FIELDS InputPersistedFields;
- BOOLEAN PasswordMatched;
-} SAM_VALIDATE_AUTHENTICATION_INPUT_ARG, *PSAM_VALIDATE_AUTHENTICATION_INPUT_ARG;
-
-typedef struct _SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG
-{
- SAM_VALIDATE_PERSISTED_FIELDS InputPersistedFields;
- UNICODE_STRING ClearPassword;
- UNICODE_STRING UserAccountName;
- SAM_VALIDATE_PASSWORD_HASH HashedPassword;
- BOOLEAN PasswordMatch; // denotes if the old password supplied by user matched or not
-} SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG, *PSAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG;
-
-typedef struct _SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG
-{
- SAM_VALIDATE_PERSISTED_FIELDS InputPersistedFields;
- UNICODE_STRING ClearPassword;
- UNICODE_STRING UserAccountName;
- SAM_VALIDATE_PASSWORD_HASH HashedPassword;
- BOOLEAN PasswordMustChangeAtNextLogon; // looked at only for password reset
- BOOLEAN ClearLockout; // can be used clear user account lockout
-}SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG, *PSAM_VALIDATE_PASSWORD_RESET_INPUT_ARG;
-
-typedef union _SAM_VALIDATE_INPUT_ARG
-{
- SAM_VALIDATE_AUTHENTICATION_INPUT_ARG ValidateAuthenticationInput;
- SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG ValidatePasswordChangeInput;
- SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG ValidatePasswordResetInput;
-} SAM_VALIDATE_INPUT_ARG, *PSAM_VALIDATE_INPUT_ARG;
-
-typedef union _SAM_VALIDATE_OUTPUT_ARG
-{
- SAM_VALIDATE_STANDARD_OUTPUT_ARG ValidateAuthenticationOutput;
- SAM_VALIDATE_STANDARD_OUTPUT_ARG ValidatePasswordChangeOutput;
- SAM_VALIDATE_STANDARD_OUTPUT_ARG ValidatePasswordResetOutput;
-} SAM_VALIDATE_OUTPUT_ARG, *PSAM_VALIDATE_OUTPUT_ARG;
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamValidatePassword(
- _In_opt_ PUNICODE_STRING ServerName,
- _In_ PASSWORD_POLICY_VALIDATION_TYPE ValidationType,
- _In_ PSAM_VALIDATE_INPUT_ARG InputArg,
- _Out_ PSAM_VALIDATE_OUTPUT_ARG *OutputArg
- );
-
-// Generic operation
-
-typedef enum _SAM_GENERIC_OPERATION_TYPE
-{
- SamObjectChangeNotificationOperation
-} SAM_GENERIC_OPERATION_TYPE, *PSAM_GENERIC_OPERATION_TYPE;
-
-typedef struct _SAM_OPERATION_OBJCHG_INPUT
-{
- BOOLEAN Register;
- ULONG64 EventHandle;
- SECURITY_DB_OBJECT_TYPE ObjectType;
- ULONG ProcessID;
-} SAM_OPERATION_OBJCHG_INPUT, *PSAM_OPERATION_OBJCHG_INPUT;
-
-typedef struct _SAM_OPERATION_OBJCHG_OUTPUT
-{
- ULONG Reserved;
-} SAM_OPERATION_OBJCHG_OUTPUT, *PSAM_OPERATION_OBJCHG_OUTPUT;
-
-typedef union _SAM_GENERIC_OPERATION_INPUT
-{
- SAM_OPERATION_OBJCHG_INPUT ObjChangeIn;
-} SAM_GENERIC_OPERATION_INPUT, *PSAM_GENERIC_OPERATION_INPUT;
-
-typedef union _SAM_GENERIC_OPERATION_OUTPUT
-{
- SAM_OPERATION_OBJCHG_OUTPUT ObjChangeOut;
-} SAM_GENERIC_OPERATION_OUTPUT, *PSAM_GENERIC_OPERATION_OUTPUT;
-
-_Check_return_
-NTSTATUS
-NTAPI
-SamPerformGenericOperation(
- _In_opt_ PWSTR ServerName,
- _In_ SAM_GENERIC_OPERATION_TYPE OperationType,
- _In_ PSAM_GENERIC_OPERATION_INPUT OperationIn,
- _Out_ PSAM_GENERIC_OPERATION_OUTPUT *OperationOut
- );
-
-#endif
diff --git a/deps/phnt-nightly/ntseapi.h b/deps/phnt-nightly/ntseapi.h
deleted file mode 100644
index 19030c8..0000000
--- a/deps/phnt-nightly/ntseapi.h
+++ /dev/null
@@ -1,710 +0,0 @@
-/*
- * Authorization functions
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTSEAPI_H
-#define _NTSEAPI_H
-
-// Privileges
-
-#define SE_MIN_WELL_KNOWN_PRIVILEGE (2L)
-#define SE_CREATE_TOKEN_PRIVILEGE (2L)
-#define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE (3L)
-#define SE_LOCK_MEMORY_PRIVILEGE (4L)
-#define SE_INCREASE_QUOTA_PRIVILEGE (5L)
-
-#define SE_MACHINE_ACCOUNT_PRIVILEGE (6L)
-#define SE_TCB_PRIVILEGE (7L)
-#define SE_SECURITY_PRIVILEGE (8L)
-#define SE_TAKE_OWNERSHIP_PRIVILEGE (9L)
-#define SE_LOAD_DRIVER_PRIVILEGE (10L)
-#define SE_SYSTEM_PROFILE_PRIVILEGE (11L)
-#define SE_SYSTEMTIME_PRIVILEGE (12L)
-#define SE_PROF_SINGLE_PROCESS_PRIVILEGE (13L)
-#define SE_INC_BASE_PRIORITY_PRIVILEGE (14L)
-#define SE_CREATE_PAGEFILE_PRIVILEGE (15L)
-#define SE_CREATE_PERMANENT_PRIVILEGE (16L)
-#define SE_BACKUP_PRIVILEGE (17L)
-#define SE_RESTORE_PRIVILEGE (18L)
-#define SE_SHUTDOWN_PRIVILEGE (19L)
-#define SE_DEBUG_PRIVILEGE (20L)
-#define SE_AUDIT_PRIVILEGE (21L)
-#define SE_SYSTEM_ENVIRONMENT_PRIVILEGE (22L)
-#define SE_CHANGE_NOTIFY_PRIVILEGE (23L)
-#define SE_REMOTE_SHUTDOWN_PRIVILEGE (24L)
-#define SE_UNDOCK_PRIVILEGE (25L)
-#define SE_SYNC_AGENT_PRIVILEGE (26L)
-#define SE_ENABLE_DELEGATION_PRIVILEGE (27L)
-#define SE_MANAGE_VOLUME_PRIVILEGE (28L)
-#define SE_IMPERSONATE_PRIVILEGE (29L)
-#define SE_CREATE_GLOBAL_PRIVILEGE (30L)
-#define SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE (31L)
-#define SE_RELABEL_PRIVILEGE (32L)
-#define SE_INC_WORKING_SET_PRIVILEGE (33L)
-#define SE_TIME_ZONE_PRIVILEGE (34L)
-#define SE_CREATE_SYMBOLIC_LINK_PRIVILEGE (35L)
-#define SE_DELEGATE_SESSION_USER_IMPERSONATE_PRIVILEGE (36L)
-#define SE_MAX_WELL_KNOWN_PRIVILEGE SE_DELEGATE_SESSION_USER_IMPERSONATE_PRIVILEGE
-
-// Authz
-
-// begin_rev
-
-#if (PHNT_MODE == PHNT_MODE_KERNEL)
-typedef enum _TOKEN_INFORMATION_CLASS
-{
- TokenUser = 1, // q: TOKEN_USER, SE_TOKEN_USER
- TokenGroups, // q: TOKEN_GROUPS
- TokenPrivileges, // q: TOKEN_PRIVILEGES
- TokenOwner, // q; s: TOKEN_OWNER
- TokenPrimaryGroup, // q; s: TOKEN_PRIMARY_GROUP
- TokenDefaultDacl, // q; s: TOKEN_DEFAULT_DACL
- TokenSource, // q: TOKEN_SOURCE
- TokenType, // q: TOKEN_TYPE
- TokenImpersonationLevel, // q: SECURITY_IMPERSONATION_LEVEL
- TokenStatistics, // q: TOKEN_STATISTICS // 10
- TokenRestrictedSids, // q: TOKEN_GROUPS
- TokenSessionId, // q; s: ULONG (requires SeTcbPrivilege)
- TokenGroupsAndPrivileges, // q: TOKEN_GROUPS_AND_PRIVILEGES
- TokenSessionReference, // s: ULONG (requires SeTcbPrivilege)
- TokenSandBoxInert, // q: ULONG
- TokenAuditPolicy, // q; s: TOKEN_AUDIT_POLICY (requires SeSecurityPrivilege/SeTcbPrivilege)
- TokenOrigin, // q; s: TOKEN_ORIGIN (requires SeTcbPrivilege)
- TokenElevationType, // q: TOKEN_ELEVATION_TYPE
- TokenLinkedToken, // q; s: TOKEN_LINKED_TOKEN (requires SeCreateTokenPrivilege)
- TokenElevation, // q: TOKEN_ELEVATION // 20
- TokenHasRestrictions, // q: ULONG
- TokenAccessInformation, // q: TOKEN_ACCESS_INFORMATION
- TokenVirtualizationAllowed, // q; s: ULONG (requires SeCreateTokenPrivilege)
- TokenVirtualizationEnabled, // q; s: ULONG
- TokenIntegrityLevel, // q; s: TOKEN_MANDATORY_LABEL
- TokenUIAccess, // q; s: ULONG (requires SeTcbPrivilege)
- TokenMandatoryPolicy, // q; s: TOKEN_MANDATORY_POLICY (requires SeTcbPrivilege)
- TokenLogonSid, // q: TOKEN_GROUPS
- TokenIsAppContainer, // q: ULONG // since WIN8
- TokenCapabilities, // q: TOKEN_GROUPS // 30
- TokenAppContainerSid, // q: TOKEN_APPCONTAINER_INFORMATION
- TokenAppContainerNumber, // q: ULONG
- TokenUserClaimAttributes, // q: CLAIM_SECURITY_ATTRIBUTES_INFORMATION
- TokenDeviceClaimAttributes, // q: CLAIM_SECURITY_ATTRIBUTES_INFORMATION
- TokenRestrictedUserClaimAttributes, // q: CLAIM_SECURITY_ATTRIBUTES_INFORMATION
- TokenRestrictedDeviceClaimAttributes, // q: CLAIM_SECURITY_ATTRIBUTES_INFORMATION
- TokenDeviceGroups, // q: TOKEN_GROUPS
- TokenRestrictedDeviceGroups, // q: TOKEN_GROUPS
- TokenSecurityAttributes, // q; s: TOKEN_SECURITY_ATTRIBUTES_[AND_OPERATION_]INFORMATION (requires SeTcbPrivilege)
- TokenIsRestricted, // q: ULONG // 40
- TokenProcessTrustLevel, // q: TOKEN_PROCESS_TRUST_LEVEL // since WINBLUE
- TokenPrivateNameSpace, // q; s: ULONG (requires SeTcbPrivilege) // since THRESHOLD
- TokenSingletonAttributes, // q: TOKEN_SECURITY_ATTRIBUTES_INFORMATION // since REDSTONE
- TokenBnoIsolation, // q: TOKEN_BNO_ISOLATION_INFORMATION // since REDSTONE2
- TokenChildProcessFlags, // s: ULONG (requires SeTcbPrivilege) // since REDSTONE3
- TokenIsLessPrivilegedAppContainer, // q: ULONG // since REDSTONE5
- TokenIsSandboxed, // q: ULONG // since 19H1
- TokenIsAppSilo, // q: ULONG // since WIN11 22H2 // previously TokenOriginatingProcessTrustLevel // q: TOKEN_PROCESS_TRUST_LEVEL
- MaxTokenInfoClass
-} TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS;
-#endif
-
-// Types
-
-#define TOKEN_SECURITY_ATTRIBUTE_TYPE_INVALID 0x00
-#define TOKEN_SECURITY_ATTRIBUTE_TYPE_INT64 0x01
-#define TOKEN_SECURITY_ATTRIBUTE_TYPE_UINT64 0x02
-#define TOKEN_SECURITY_ATTRIBUTE_TYPE_STRING 0x03
-#define TOKEN_SECURITY_ATTRIBUTE_TYPE_FQBN 0x04
-#define TOKEN_SECURITY_ATTRIBUTE_TYPE_SID 0x05
-#define TOKEN_SECURITY_ATTRIBUTE_TYPE_BOOLEAN 0x06
-#define TOKEN_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING 0x10
-
-// Flags
-
-#define TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE 0x0001
-#define TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE 0x0002
-#define TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY 0x0004
-#define TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT 0x0008
-#define TOKEN_SECURITY_ATTRIBUTE_DISABLED 0x0010
-#define TOKEN_SECURITY_ATTRIBUTE_MANDATORY 0x0020
-#define TOKEN_SECURITY_ATTRIBUTE_COMPARE_IGNORE 0x0040
-
-#define TOKEN_SECURITY_ATTRIBUTE_VALID_FLAGS ( \
- TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE | \
- TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE | \
- TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY | \
- TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT | \
- TOKEN_SECURITY_ATTRIBUTE_DISABLED | \
- TOKEN_SECURITY_ATTRIBUTE_MANDATORY)
-
-#define TOKEN_SECURITY_ATTRIBUTE_CUSTOM_FLAGS 0xffff0000
-
-// end_rev
-
-// private
-typedef struct _TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE
-{
- ULONG64 Version;
- UNICODE_STRING Name;
-} TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE, *PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE;
-
-// private
-typedef struct _TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE
-{
- PVOID pValue;
- ULONG ValueLength;
-} TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE, *PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE;
-
-// private
-typedef struct _TOKEN_SECURITY_ATTRIBUTE_V1
-{
- UNICODE_STRING Name;
- USHORT ValueType;
- USHORT Reserved;
- ULONG Flags;
- ULONG ValueCount;
- union
- {
- PLONG64 pInt64;
- PULONG64 pUint64;
- PUNICODE_STRING pString;
- PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE pFqbn;
- PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE pOctetString;
- } Values;
-} TOKEN_SECURITY_ATTRIBUTE_V1, *PTOKEN_SECURITY_ATTRIBUTE_V1;
-
-// rev
-#define TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1 1
-// rev
-#define TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1
-
-// private
-typedef struct _TOKEN_SECURITY_ATTRIBUTES_INFORMATION
-{
- USHORT Version;
- USHORT Reserved;
- ULONG AttributeCount;
- union
- {
- PTOKEN_SECURITY_ATTRIBUTE_V1 pAttributeV1;
- } Attribute;
-} TOKEN_SECURITY_ATTRIBUTES_INFORMATION, *PTOKEN_SECURITY_ATTRIBUTES_INFORMATION;
-
-// private
-typedef enum _TOKEN_SECURITY_ATTRIBUTE_OPERATION
-{
- TOKEN_SECURITY_ATTRIBUTE_OPERATION_NONE,
- TOKEN_SECURITY_ATTRIBUTE_OPERATION_REPLACE_ALL,
- TOKEN_SECURITY_ATTRIBUTE_OPERATION_ADD,
- TOKEN_SECURITY_ATTRIBUTE_OPERATION_DELETE,
- TOKEN_SECURITY_ATTRIBUTE_OPERATION_REPLACE
-} TOKEN_SECURITY_ATTRIBUTE_OPERATION, *PTOKEN_SECURITY_ATTRIBUTE_OPERATION;
-
-// private
-typedef struct _TOKEN_SECURITY_ATTRIBUTES_AND_OPERATION_INFORMATION
-{
- PTOKEN_SECURITY_ATTRIBUTES_INFORMATION Attributes;
- PTOKEN_SECURITY_ATTRIBUTE_OPERATION Operations;
-} TOKEN_SECURITY_ATTRIBUTES_AND_OPERATION_INFORMATION, *PTOKEN_SECURITY_ATTRIBUTES_AND_OPERATION_INFORMATION;
-
-// rev
-typedef struct _TOKEN_PROCESS_TRUST_LEVEL
-{
- PSID TrustLevelSid;
-} TOKEN_PROCESS_TRUST_LEVEL, *PTOKEN_PROCESS_TRUST_LEVEL;
-
-// Tokens
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateToken(
- _Out_ PHANDLE TokenHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ TOKEN_TYPE Type,
- _In_ PLUID AuthenticationId,
- _In_ PLARGE_INTEGER ExpirationTime,
- _In_ PTOKEN_USER User,
- _In_ PTOKEN_GROUPS Groups,
- _In_ PTOKEN_PRIVILEGES Privileges,
- _In_opt_ PTOKEN_OWNER Owner,
- _In_ PTOKEN_PRIMARY_GROUP PrimaryGroup,
- _In_opt_ PTOKEN_DEFAULT_DACL DefaultDacl,
- _In_ PTOKEN_SOURCE Source
- );
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateLowBoxToken(
- _Out_ PHANDLE TokenHandle,
- _In_ HANDLE ExistingTokenHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ PSID PackageSid,
- _In_ ULONG CapabilityCount,
- _In_reads_opt_(CapabilityCount) PSID_AND_ATTRIBUTES Capabilities,
- _In_ ULONG HandleCount,
- _In_reads_opt_(HandleCount) HANDLE *Handles
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateTokenEx(
- _Out_ PHANDLE TokenHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ TOKEN_TYPE Type,
- _In_ PLUID AuthenticationId,
- _In_ PLARGE_INTEGER ExpirationTime,
- _In_ PTOKEN_USER User,
- _In_ PTOKEN_GROUPS Groups,
- _In_ PTOKEN_PRIVILEGES Privileges,
- _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION UserAttributes,
- _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION DeviceAttributes,
- _In_opt_ PTOKEN_GROUPS DeviceGroups,
- _In_opt_ PTOKEN_MANDATORY_POLICY MandatoryPolicy,
- _In_opt_ PTOKEN_OWNER Owner,
- _In_ PTOKEN_PRIMARY_GROUP PrimaryGroup,
- _In_opt_ PTOKEN_DEFAULT_DACL DefaultDacl,
- _In_ PTOKEN_SOURCE Source
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenProcessToken(
- _In_ HANDLE ProcessHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _Out_ PHANDLE TokenHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenProcessTokenEx(
- _In_ HANDLE ProcessHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ ULONG HandleAttributes,
- _Out_ PHANDLE TokenHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenThreadToken(
- _In_ HANDLE ThreadHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ BOOLEAN OpenAsSelf,
- _Out_ PHANDLE TokenHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenThreadTokenEx(
- _In_ HANDLE ThreadHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ BOOLEAN OpenAsSelf,
- _In_ ULONG HandleAttributes,
- _Out_ PHANDLE TokenHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtDuplicateToken(
- _In_ HANDLE ExistingTokenHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ BOOLEAN EffectiveOnly,
- _In_ TOKEN_TYPE Type,
- _Out_ PHANDLE NewTokenHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryInformationToken(
- _In_ HANDLE TokenHandle,
- _In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
- _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation,
- _In_ ULONG TokenInformationLength,
- _Out_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetInformationToken(
- _In_ HANDLE TokenHandle,
- _In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
- _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation,
- _In_ ULONG TokenInformationLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAdjustPrivilegesToken(
- _In_ HANDLE TokenHandle,
- _In_ BOOLEAN DisableAllPrivileges,
- _In_opt_ PTOKEN_PRIVILEGES NewState,
- _In_ ULONG BufferLength,
- _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAdjustGroupsToken(
- _In_ HANDLE TokenHandle,
- _In_ BOOLEAN ResetToDefault,
- _In_opt_ PTOKEN_GROUPS NewState,
- _In_opt_ ULONG BufferLength,
- _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState,
- _Out_opt_ PULONG ReturnLength
- );
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAdjustTokenClaimsAndDeviceGroups(
- _In_ HANDLE TokenHandle,
- _In_ BOOLEAN UserResetToDefault,
- _In_ BOOLEAN DeviceResetToDefault,
- _In_ BOOLEAN DeviceGroupsResetToDefault,
- _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION NewUserState,
- _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION NewDeviceState,
- _In_opt_ PTOKEN_GROUPS NewDeviceGroupsState,
- _In_ ULONG UserBufferLength,
- _Out_writes_bytes_to_opt_(UserBufferLength, *UserReturnLength) PTOKEN_SECURITY_ATTRIBUTES_INFORMATION PreviousUserState,
- _In_ ULONG DeviceBufferLength,
- _Out_writes_bytes_to_opt_(DeviceBufferLength, *DeviceReturnLength) PTOKEN_SECURITY_ATTRIBUTES_INFORMATION PreviousDeviceState,
- _In_ ULONG DeviceGroupsBufferLength,
- _Out_writes_bytes_to_opt_(DeviceGroupsBufferLength, *DeviceGroupsReturnBufferLength) PTOKEN_GROUPS PreviousDeviceGroups,
- _Out_opt_ PULONG UserReturnLength,
- _Out_opt_ PULONG DeviceReturnLength,
- _Out_opt_ PULONG DeviceGroupsReturnBufferLength
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtFilterToken(
- _In_ HANDLE ExistingTokenHandle,
- _In_ ULONG Flags,
- _In_opt_ PTOKEN_GROUPS SidsToDisable,
- _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete,
- _In_opt_ PTOKEN_GROUPS RestrictedSids,
- _Out_ PHANDLE NewTokenHandle
- );
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtFilterTokenEx(
- _In_ HANDLE ExistingTokenHandle,
- _In_ ULONG Flags,
- _In_opt_ PTOKEN_GROUPS SidsToDisable,
- _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete,
- _In_opt_ PTOKEN_GROUPS RestrictedSids,
- _In_ ULONG DisableUserClaimsCount,
- _In_opt_ PUNICODE_STRING UserClaimsToDisable,
- _In_ ULONG DisableDeviceClaimsCount,
- _In_opt_ PUNICODE_STRING DeviceClaimsToDisable,
- _In_opt_ PTOKEN_GROUPS DeviceGroupsToDisable,
- _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION RestrictedUserAttributes,
- _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION RestrictedDeviceAttributes,
- _In_opt_ PTOKEN_GROUPS RestrictedDeviceGroups,
- _Out_ PHANDLE NewTokenHandle
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCompareTokens(
- _In_ HANDLE FirstTokenHandle,
- _In_ HANDLE SecondTokenHandle,
- _Out_ PBOOLEAN Equal
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtPrivilegeCheck(
- _In_ HANDLE ClientToken,
- _Inout_ PPRIVILEGE_SET RequiredPrivileges,
- _Out_ PBOOLEAN Result
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtImpersonateAnonymousToken(
- _In_ HANDLE ThreadHandle
- );
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-// rev
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQuerySecurityAttributesToken(
- _In_ HANDLE TokenHandle,
- _In_reads_opt_(NumberOfAttributes) PUNICODE_STRING Attributes,
- _In_ ULONG NumberOfAttributes,
- _Out_writes_bytes_(Length) PVOID Buffer, // PTOKEN_SECURITY_ATTRIBUTES_INFORMATION
- _In_ ULONG Length,
- _Out_ PULONG ReturnLength
- );
-#endif
-
-// Access checking
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAccessCheck(
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_ HANDLE ClientToken,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ PGENERIC_MAPPING GenericMapping,
- _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet,
- _Inout_ PULONG PrivilegeSetLength,
- _Out_ PACCESS_MASK GrantedAccess,
- _Out_ PNTSTATUS AccessStatus
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAccessCheckByType(
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_opt_ PSID PrincipalSelfSid,
- _In_ HANDLE ClientToken,
- _In_ ACCESS_MASK DesiredAccess,
- _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
- _In_ ULONG ObjectTypeListLength,
- _In_ PGENERIC_MAPPING GenericMapping,
- _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet,
- _Inout_ PULONG PrivilegeSetLength,
- _Out_ PACCESS_MASK GrantedAccess,
- _Out_ PNTSTATUS AccessStatus
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAccessCheckByTypeResultList(
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_opt_ PSID PrincipalSelfSid,
- _In_ HANDLE ClientToken,
- _In_ ACCESS_MASK DesiredAccess,
- _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
- _In_ ULONG ObjectTypeListLength,
- _In_ PGENERIC_MAPPING GenericMapping,
- _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet,
- _Inout_ PULONG PrivilegeSetLength,
- _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess,
- _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus
- );
-
-// Signing
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetCachedSigningLevel(
- _In_ ULONG Flags,
- _In_ SE_SIGNING_LEVEL InputSigningLevel,
- _In_reads_(SourceFileCount) PHANDLE SourceFiles,
- _In_ ULONG SourceFileCount,
- _In_opt_ HANDLE TargetFile
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtGetCachedSigningLevel(
- _In_ HANDLE File,
- _Out_ PULONG Flags,
- _Out_ PSE_SIGNING_LEVEL SigningLevel,
- _Out_writes_bytes_to_opt_(*ThumbprintSize, *ThumbprintSize) PUCHAR Thumbprint,
- _Inout_opt_ PULONG ThumbprintSize,
- _Out_opt_ PULONG ThumbprintAlgorithm
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_REDSTONE2)
-
-// rev
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCompareSigningLevels(
- _In_ SE_SIGNING_LEVEL FirstSigningLevel,
- _In_ SE_SIGNING_LEVEL SecondSigningLevel
- );
-
-#endif
-
-// Audit alarm
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAccessCheckAndAuditAlarm(
- _In_ PUNICODE_STRING SubsystemName,
- _In_opt_ PVOID HandleId,
- _In_ PUNICODE_STRING ObjectTypeName,
- _In_ PUNICODE_STRING ObjectName,
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ PGENERIC_MAPPING GenericMapping,
- _In_ BOOLEAN ObjectCreation,
- _Out_ PACCESS_MASK GrantedAccess,
- _Out_ PNTSTATUS AccessStatus,
- _Out_ PBOOLEAN GenerateOnClose
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAccessCheckByTypeAndAuditAlarm(
- _In_ PUNICODE_STRING SubsystemName,
- _In_opt_ PVOID HandleId,
- _In_ PUNICODE_STRING ObjectTypeName,
- _In_ PUNICODE_STRING ObjectName,
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_opt_ PSID PrincipalSelfSid,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ AUDIT_EVENT_TYPE AuditType,
- _In_ ULONG Flags,
- _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
- _In_ ULONG ObjectTypeListLength,
- _In_ PGENERIC_MAPPING GenericMapping,
- _In_ BOOLEAN ObjectCreation,
- _Out_ PACCESS_MASK GrantedAccess,
- _Out_ PNTSTATUS AccessStatus,
- _Out_ PBOOLEAN GenerateOnClose
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAccessCheckByTypeResultListAndAuditAlarm(
- _In_ PUNICODE_STRING SubsystemName,
- _In_opt_ PVOID HandleId,
- _In_ PUNICODE_STRING ObjectTypeName,
- _In_ PUNICODE_STRING ObjectName,
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_opt_ PSID PrincipalSelfSid,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ AUDIT_EVENT_TYPE AuditType,
- _In_ ULONG Flags,
- _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
- _In_ ULONG ObjectTypeListLength,
- _In_ PGENERIC_MAPPING GenericMapping,
- _In_ BOOLEAN ObjectCreation,
- _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess,
- _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus,
- _Out_ PBOOLEAN GenerateOnClose
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
- _In_ PUNICODE_STRING SubsystemName,
- _In_opt_ PVOID HandleId,
- _In_ HANDLE ClientToken,
- _In_ PUNICODE_STRING ObjectTypeName,
- _In_ PUNICODE_STRING ObjectName,
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_opt_ PSID PrincipalSelfSid,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ AUDIT_EVENT_TYPE AuditType,
- _In_ ULONG Flags,
- _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
- _In_ ULONG ObjectTypeListLength,
- _In_ PGENERIC_MAPPING GenericMapping,
- _In_ BOOLEAN ObjectCreation,
- _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess,
- _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus,
- _Out_ PBOOLEAN GenerateOnClose
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenObjectAuditAlarm(
- _In_ PUNICODE_STRING SubsystemName,
- _In_opt_ PVOID HandleId,
- _In_ PUNICODE_STRING ObjectTypeName,
- _In_ PUNICODE_STRING ObjectName,
- _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_ HANDLE ClientToken,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ ACCESS_MASK GrantedAccess,
- _In_opt_ PPRIVILEGE_SET Privileges,
- _In_ BOOLEAN ObjectCreation,
- _In_ BOOLEAN AccessGranted,
- _Out_ PBOOLEAN GenerateOnClose
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtPrivilegeObjectAuditAlarm(
- _In_ PUNICODE_STRING SubsystemName,
- _In_opt_ PVOID HandleId,
- _In_ HANDLE ClientToken,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ PPRIVILEGE_SET Privileges,
- _In_ BOOLEAN AccessGranted
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCloseObjectAuditAlarm(
- _In_ PUNICODE_STRING SubsystemName,
- _In_opt_ PVOID HandleId,
- _In_ BOOLEAN GenerateOnClose
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtDeleteObjectAuditAlarm(
- _In_ PUNICODE_STRING SubsystemName,
- _In_opt_ PVOID HandleId,
- _In_ BOOLEAN GenerateOnClose
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtPrivilegedServiceAuditAlarm(
- _In_ PUNICODE_STRING SubsystemName,
- _In_ PUNICODE_STRING ServiceName,
- _In_ HANDLE ClientToken,
- _In_ PPRIVILEGE_SET Privileges,
- _In_ BOOLEAN AccessGranted
- );
-
-#endif
diff --git a/deps/phnt-nightly/ntsmss.h b/deps/phnt-nightly/ntsmss.h
deleted file mode 100644
index 7fc1752..0000000
--- a/deps/phnt-nightly/ntsmss.h
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Windows Session Manager support functions
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTSMSS_H
-#define _NTSMSS_H
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlConnectToSm(
- _In_ PUNICODE_STRING ApiPortName,
- _In_ HANDLE ApiPortHandle,
- _In_ DWORD ProcessImageType,
- _Out_ PHANDLE SmssConnection
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSendMsgToSm(
- _In_ HANDLE ApiPortHandle,
- _In_ PPORT_MESSAGE MessageData
- );
-
-#endif
diff --git a/deps/phnt-nightly/ntsxs.h b/deps/phnt-nightly/ntsxs.h
deleted file mode 100644
index 4d12150..0000000
--- a/deps/phnt-nightly/ntsxs.h
+++ /dev/null
@@ -1,515 +0,0 @@
-/*
- * Side-by-side assembly support definitions.
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTSXS_H
-#define _NTSXS_H
-
-#define ACTIVATION_CONTEXT_DATA_MAGIC ('xtcA')
-#define ACTIVATION_CONTEXT_DATA_FORMAT_WHISTLER 1
-
-#define ACTIVATION_CONTEXT_FLAG_NO_INHERIT 0x00000001
-
-#if (PHNT_MODE == PHNT_MODE_KERNEL)
-typedef enum _ACTCTX_REQUESTED_RUN_LEVEL
-{
- ACTCTX_RUN_LEVEL_UNSPECIFIED = 0,
- ACTCTX_RUN_LEVEL_AS_INVOKER,
- ACTCTX_RUN_LEVEL_HIGHEST_AVAILABLE,
- ACTCTX_RUN_LEVEL_REQUIRE_ADMIN,
- ACTCTX_RUN_LEVEL_NUMBERS
-} ACTCTX_REQUESTED_RUN_LEVEL;
-
-typedef enum _ACTCTX_COMPATIBILITY_ELEMENT_TYPE
-{
- ACTCTX_COMPATIBILITY_ELEMENT_TYPE_UNKNOWN = 0,
- ACTCTX_COMPATIBILITY_ELEMENT_TYPE_OS,
- ACTCTX_COMPATIBILITY_ELEMENT_TYPE_MITIGATION,
- ACTCTX_COMPATIBILITY_ELEMENT_TYPE_MAXVERSIONTESTED
-} ACTCTX_COMPATIBILITY_ELEMENT_TYPE;
-#endif
-
-#include
-
-typedef struct _ACTIVATION_CONTEXT_DATA
-{
- ULONG Magic;
- ULONG HeaderSize;
- ULONG FormatVersion;
- ULONG TotalSize;
- ULONG DefaultTocOffset; // to ACTIVATION_CONTEXT_DATA_TOC_HEADER
- ULONG ExtendedTocOffset; // to ACTIVATION_CONTEXT_DATA_EXTENDED_TOC_HEADER
- ULONG AssemblyRosterOffset; // to ACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_HEADER
- ULONG Flags; // ACTIVATION_CONTEXT_FLAG_*
-} ACTIVATION_CONTEXT_DATA, *PACTIVATION_CONTEXT_DATA;
-
-#define ACTIVATION_CONTEXT_DATA_TOC_HEADER_DENSE 0x00000001
-#define ACTIVATION_CONTEXT_DATA_TOC_HEADER_INORDER 0x00000002
-
-typedef struct _ACTIVATION_CONTEXT_DATA_TOC_HEADER
-{
- ULONG HeaderSize;
- ULONG EntryCount;
- ULONG FirstEntryOffset; // to ACTIVATION_CONTEXT_DATA_TOC_ENTRY[], from ACTIVATION_CONTEXT_DATA base
- ULONG Flags; // ACTIVATION_CONTEXT_DATA_TOC_HEADER_*
-} ACTIVATION_CONTEXT_DATA_TOC_HEADER, *PACTIVATION_CONTEXT_DATA_TOC_HEADER;
-
-typedef struct _ACTIVATION_CONTEXT_DATA_TOC_ENTRY
-{
- ULONG Id; // ACTIVATION_CONTEXT_SECTION_*
- ULONG Offset; // to ACTIVATION_CONTEXT_*_SECTION_HEADER, from ACTIVATION_CONTEXT_DATA base
- ULONG Length;
- ULONG Format; // ACTIVATION_CONTEXT_SECTION_FORMAT_*
-} ACTIVATION_CONTEXT_DATA_TOC_ENTRY, *PACTIVATION_CONTEXT_DATA_TOC_ENTRY;
-
-typedef struct _ACTIVATION_CONTEXT_DATA_EXTENDED_TOC_HEADER
-{
- ULONG HeaderSize;
- ULONG EntryCount;
- ULONG FirstEntryOffset; // to ACTIVATION_CONTEXT_DATA_EXTENDED_TOC_ENTRY[], from ACTIVATION_CONTEXT_DATA base
- ULONG Flags;
-} ACTIVATION_CONTEXT_DATA_EXTENDED_TOC_HEADER, *PACTIVATION_CONTEXT_DATA_EXTENDED_TOC_HEADER;
-
-typedef struct _ACTIVATION_CONTEXT_DATA_EXTENDED_TOC_ENTRY
-{
- GUID ExtensionGuid;
- ULONG TocOffset; // to ACTIVATION_CONTEXT_DATA_TOC_HEADER, from ACTIVATION_CONTEXT_DATA base
- ULONG Length;
-} ACTIVATION_CONTEXT_DATA_EXTENDED_TOC_ENTRY, *PACTIVATION_CONTEXT_DATA_EXTENDED_TOC_ENTRY;
-
-#define ACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_ENTRY_INVALID 0x00000001
-#define ACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_ENTRY_ROOT 0x00000002
-
-typedef struct _ACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_HEADER
-{
- ULONG HeaderSize;
- ULONG HashAlgorithm; // HASH_STRING_ALGORITHM_*
- ULONG EntryCount;
- ULONG FirstEntryOffset; // to ACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_ENTRY[], from ACTIVATION_CONTEXT_DATA base
- ULONG AssemblyInformationSectionOffset; // to resolve section-relative offsets
-} ACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_HEADER, *PACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_HEADER;
-
-typedef struct _ACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_ENTRY
-{
- ULONG Flags;
- ULONG PseudoKey;
- ULONG AssemblyNameOffset; // to WCHAR[], from ACTIVATION_CONTEXT_DATA base
- ULONG AssemblyNameLength;
- ULONG AssemblyInformationOffset; // to ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION, from ACTIVATION_CONTEXT_DATA base
- ULONG AssemblyInformationLength;
-} ACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_ENTRY, *PACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_ENTRY;
-
-#define ACTIVATION_CONTEXT_SECTION_FORMAT_UNKNOWN 0
-#define ACTIVATION_CONTEXT_SECTION_FORMAT_STRING_TABLE 1 // ACTIVATION_CONTEXT_STRING_SECTION_HEADER
-#define ACTIVATION_CONTEXT_SECTION_FORMAT_GUID_TABLE 2 // ACTIVATION_CONTEXT_GUID_SECTION_HEADER
-
-#define ACTIVATION_CONTEXT_STRING_SECTION_MAGIC ('dHsS')
-#define ACTIVATION_CONTEXT_STRING_SECTION_FORMAT_WHISTLER 1
-
-#define ACTIVATION_CONTEXT_STRING_SECTION_CASE_INSENSITIVE 0x00000001
-#define ACTIVATION_CONTEXT_STRING_SECTION_ENTRIES_IN_PSEUDOKEY_ORDER 0x00000002
-
-typedef struct _ACTIVATION_CONTEXT_STRING_SECTION_HEADER
-{
- ULONG Magic;
- ULONG HeaderSize;
- ULONG FormatVersion;
- ULONG DataFormatVersion;
- ULONG Flags; // ACTIVATION_CONTEXT_STRING_SECTION_*
- ULONG ElementCount;
- ULONG ElementListOffset; // to ACTIVATION_CONTEXT_STRING_SECTION_ENTRY[], from this struct base
- ULONG HashAlgorithm; // HASH_STRING_ALGORITHM_*
- ULONG SearchStructureOffset; // to ACTIVATION_CONTEXT_STRING_SECTION_HASH_TABLE, from this struct base
- ULONG UserDataOffset; // to data depending on section Id, from this struct base
- ULONG UserDataSize;
-} ACTIVATION_CONTEXT_STRING_SECTION_HEADER, *PACTIVATION_CONTEXT_STRING_SECTION_HEADER;
-
-typedef struct _ACTIVATION_CONTEXT_STRING_SECTION_ENTRY
-{
- ULONG PseudoKey;
- ULONG KeyOffset; // to WCHAR[], from section header
- ULONG KeyLength;
- ULONG Offset; // to data depending on section Id, from section header
- ULONG Length;
- ULONG AssemblyRosterIndex;
-} ACTIVATION_CONTEXT_STRING_SECTION_ENTRY, *PACTIVATION_CONTEXT_STRING_SECTION_ENTRY;
-
-typedef struct _ACTIVATION_CONTEXT_STRING_SECTION_HASH_TABLE
-{
- ULONG BucketTableEntryCount;
- ULONG BucketTableOffset; // to ACTIVATION_CONTEXT_STRING_SECTION_HASH_BUCKET[], from section header
-} ACTIVATION_CONTEXT_STRING_SECTION_HASH_TABLE, *PACTIVATION_CONTEXT_STRING_SECTION_HASH_TABLE;
-
-typedef struct _ACTIVATION_CONTEXT_STRING_SECTION_HASH_BUCKET
-{
- ULONG ChainCount;
- ULONG ChainOffset; // to LONG[], from section header
-} ACTIVATION_CONTEXT_STRING_SECTION_HASH_BUCKET, *PACTIVATION_CONTEXT_STRING_SECTION_HASH_BUCKET;
-
-#define ACTIVATION_CONTEXT_GUID_SECTION_MAGIC ('dHsG')
-#define ACTIVATION_CONTEXT_GUID_SECTION_FORMAT_WHISTLER 1
-
-#define ACTIVATION_CONTEXT_GUID_SECTION_ENTRIES_IN_ORDER 0x00000001
-
-typedef struct _ACTIVATION_CONTEXT_GUID_SECTION_HEADER
-{
- ULONG Magic;
- ULONG HeaderSize;
- ULONG FormatVersion;
- ULONG DataFormatVersion;
- ULONG Flags; // ACTIVATION_CONTEXT_GUID_SECTION_*
- ULONG ElementCount;
- ULONG ElementListOffset; // to ACTIVATION_CONTEXT_GUID_SECTION_ENTRY[], from this struct base
- ULONG SearchStructureOffset; // to ACTIVATION_CONTEXT_GUID_SECTION_HASH_TABLE, from this struct base
- ULONG UserDataOffset; // to data depending on section Id, from this struct base
- ULONG UserDataSize;
-} ACTIVATION_CONTEXT_GUID_SECTION_HEADER, *PACTIVATION_CONTEXT_GUID_SECTION_HEADER;
-
-typedef struct _ACTIVATION_CONTEXT_GUID_SECTION_ENTRY
-{
- GUID Guid;
- ULONG Offset; // to data depending on section Id, from section header
- ULONG Length;
- ULONG AssemblyRosterIndex;
-} ACTIVATION_CONTEXT_GUID_SECTION_ENTRY, *PACTIVATION_CONTEXT_GUID_SECTION_ENTRY;
-
-typedef struct _ACTIVATION_CONTEXT_GUID_SECTION_HASH_TABLE
-{
- ULONG BucketTableEntryCount;
- ULONG BucketTableOffset; // to ACTIVATION_CONTEXT_GUID_SECTION_HASH_BUCKET, from section header
-} ACTIVATION_CONTEXT_GUID_SECTION_HASH_TABLE, *PACTIVATION_CONTEXT_GUID_SECTION_HASH_TABLE;
-
-typedef struct _ACTIVATION_CONTEXT_GUID_SECTION_HASH_BUCKET
-{
- ULONG ChainCount;
- ULONG ChainOffset; // to LONG[], from section header
-} ACTIVATION_CONTEXT_GUID_SECTION_HASH_BUCKET, *PACTIVATION_CONTEXT_GUID_SECTION_HASH_BUCKET;
-
-// winnt.h - known section IDs
-// #define ACTIVATION_CONTEXT_SECTION_ASSEMBLY_INFORMATION (1) // ACTIVATION_CONTEXT_SECTION_ASSEMBLY_INFORMATION + ACTIVATION_CONTEXT_DATA_ASSEMBLY_GLOBAL_INFORMATION
-// #define ACTIVATION_CONTEXT_SECTION_DLL_REDIRECTION (2) // ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION
-// #define ACTIVATION_CONTEXT_SECTION_WINDOW_CLASS_REDIRECTION (3) // ACTIVATION_CONTEXT_DATA_WINDOW_CLASS_REDIRECTION
-// #define ACTIVATION_CONTEXT_SECTION_COM_SERVER_REDIRECTION (4) // ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION
-// #define ACTIVATION_CONTEXT_SECTION_COM_INTERFACE_REDIRECTION (5) // ACTIVATION_CONTEXT_DATA_COM_INTERFACE_REDIRECTION
-// #define ACTIVATION_CONTEXT_SECTION_COM_TYPE_LIBRARY_REDIRECTION (6) // ACTIVATION_CONTEXT_DATA_COM_TYPE_LIBRARY_REDIRECTION
-// #define ACTIVATION_CONTEXT_SECTION_COM_PROGID_REDIRECTION (7) // ACTIVATION_CONTEXT_DATA_COM_PROGID_REDIRECTION
-// #define ACTIVATION_CONTEXT_SECTION_GLOBAL_OBJECT_RENAME_TABLE (8)
-// #define ACTIVATION_CONTEXT_SECTION_CLR_SURROGATES (9) // ACTIVATION_CONTEXT_DATA_CLR_SURROGATE
-// #define ACTIVATION_CONTEXT_SECTION_APPLICATION_SETTINGS (10) // ACTIVATION_CONTEXT_DATA_APPLICATION_SETTINGS
-// #define ACTIVATION_CONTEXT_SECTION_COMPATIBILITY_INFO (11) // ACTIVATION_CONTEXT_COMPATIBILITY_INFORMATION[_LEGACY]
-// #define ACTIVATION_CONTEXT_SECTION_WINRT_ACTIVATABLE_CLASSES (12) // since 19H1
-
-#define ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION_FORMAT_WHISTLER 1
-
-#define ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION_ROOT_ASSEMBLY 0x00000001
-#define ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION_POLICY_APPLIED 0x00000002
-#define ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION_ASSEMBLY_POLICY_APPLIED 0x00000004
-#define ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION_ROOT_POLICY_APPLIED 0x00000008
-#define ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION_PRIVATE_ASSEMBLY 0x00000010
-
-typedef struct _ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION
-{
- ULONG Size;
- ULONG Flags; // ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION_*
- ULONG EncodedAssemblyIdentityLength;
- ULONG EncodedAssemblyIdentityOffset; // to WCHAR[], from section header
- ULONG ManifestPathType; // ACTIVATION_CONTEXT_PATH_TYPE_*
- ULONG ManifestPathLength;
- ULONG ManifestPathOffset; // to WCHAR[], from section header
- LARGE_INTEGER ManifestLastWriteTime;
- ULONG PolicyPathType; // ACTIVATION_CONTEXT_PATH_TYPE_*
- ULONG PolicyPathLength;
- ULONG PolicyPathOffset; // to WCHAR[], from section header
- LARGE_INTEGER PolicyLastWriteTime;
- ULONG MetadataSatelliteRosterIndex;
- ULONG Unused2;
- ULONG ManifestVersionMajor;
- ULONG ManifestVersionMinor;
- ULONG PolicyVersionMajor;
- ULONG PolicyVersionMinor;
- ULONG AssemblyDirectoryNameLength;
- ULONG AssemblyDirectoryNameOffset; // to WCHAR[], from section header
- ULONG NumOfFilesInAssembly;
- ULONG LanguageLength;
- ULONG LanguageOffset; // to WCHAR[], from section header
- ACTCTX_REQUESTED_RUN_LEVEL RunLevel;
- ULONG UiAccess;
-} ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION, *PACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION;
-
-// via UserData
-typedef struct _ACTIVATION_CONTEXT_DATA_ASSEMBLY_GLOBAL_INFORMATION
-{
- ULONG Size;
- ULONG Flags;
- GUID PolicyCoherencyGuid;
- GUID PolicyOverrideGuid;
- ULONG ApplicationDirectoryPathType; // ACTIVATION_CONTEXT_PATH_TYPE_*
- ULONG ApplicationDirectoryLength;
- ULONG ApplicationDirectoryOffset; // to WCHAR[], from this struct base
- ULONG ResourceName;
-} ACTIVATION_CONTEXT_DATA_ASSEMBLY_GLOBAL_INFORMATION, *PACTIVATION_CONTEXT_DATA_ASSEMBLY_GLOBAL_INFORMATION;
-
-#define ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_FORMAT_WHISTLER 1
-
-#define ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_PATH_INCLUDES_BASE_NAME 0x00000001
-#define ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_PATH_OMITS_ASSEMBLY_ROOT 0x00000002
-#define ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_PATH_EXPAND 0x00000004
-#define ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_PATH_SYSTEM_DEFAULT_REDIRECTED_SYSTEM32_DLL 0x00000008
-
-typedef struct _ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION
-{
- ULONG Size;
- ULONG Flags; // ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_*
- ULONG TotalPathLength;
- ULONG PathSegmentCount;
- ULONG PathSegmentOffset; // to ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_PATH_SEGMENT[], from section header
-} ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION, *PACTIVATION_CONTEXT_DATA_DLL_REDIRECTION;
-
-typedef struct _ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_PATH_SEGMENT
-{
- ULONG Length;
- ULONG Offset; // to WCHAR[], from section header
-} ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_PATH_SEGMENT, *PACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_PATH_SEGMENT;
-
-#define ACTIVATION_CONTEXT_DATA_WINDOW_CLASS_REDIRECTION_FORMAT_WHISTLER 1
-
-typedef struct _ACTIVATION_CONTEXT_DATA_WINDOW_CLASS_REDIRECTION
-{
- ULONG Size;
- ULONG Flags;
- ULONG VersionSpecificClassNameLength;
- ULONG VersionSpecificClassNameOffset; // to WHCAR[], from this struct base
- ULONG DllNameLength;
- ULONG DllNameOffset; // to WCHAR[], from section header
-} ACTIVATION_CONTEXT_DATA_WINDOW_CLASS_REDIRECTION, *PACTIVATION_CONTEXT_DATA_WINDOW_CLASS_REDIRECTION;
-
-#define ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_FORMAT_WHISTLER 1
-
-#define ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_THREADING_MODEL_INVALID 0
-#define ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_THREADING_MODEL_APARTMENT 1
-#define ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_THREADING_MODEL_FREE 2
-#define ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_THREADING_MODEL_SINGLE 3
-#define ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_THREADING_MODEL_BOTH 4
-#define ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_THREADING_MODEL_NEUTRAL 5
-
-#define ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_FLAG_OFFSET 8
-#define ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_HAS_DEFAULT (0x01 << ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_FLAG_OFFSET)
-#define ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_HAS_ICON (0x02 << ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_FLAG_OFFSET)
-#define ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_HAS_CONTENT (0x04 << ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_FLAG_OFFSET)
-#define ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_HAS_THUMBNAIL (0x08 << ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_FLAG_OFFSET)
-#define ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_HAS_DOCPRINT (0x10 << ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_FLAG_OFFSET)
-
-typedef struct _ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION
-{
- ULONG Size;
- ULONG Flags;
- ULONG ThreadingModel; // ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_THREADING_MODEL_*
- GUID ReferenceClsid;
- GUID ConfiguredClsid;
- GUID ImplementedClsid;
- GUID TypeLibraryId;
- ULONG ModuleLength;
- ULONG ModuleOffset; // to WCHAR[], from section header
- ULONG ProgIdLength;
- ULONG ProgIdOffset; // to WCHAR[], from this struct base
- ULONG ShimDataLength;
- ULONG ShimDataOffset; // to ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_SHIM, from this struct base
- ULONG MiscStatusDefault;
- ULONG MiscStatusContent;
- ULONG MiscStatusThumbnail;
- ULONG MiscStatusIcon;
- ULONG MiscStatusDocPrint;
-} ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION, *PACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION;
-
-#define ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_SHIM_TYPE_OTHER 1
-#define ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_SHIM_TYPE_CLR_CLASS 2
-
-typedef struct _ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_SHIM
-{
- ULONG Size;
- ULONG Flags;
- ULONG Type; // ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_SHIM_TYPE_*
- ULONG ModuleLength;
- ULONG ModuleOffset; // to WCHAR[], from section header
- ULONG TypeLength;
- ULONG TypeOffset; // to WCHAR[], from this struct base
- ULONG ShimVersionLength;
- ULONG ShimVersionOffset; // to WCHAR[], from this struct base
- ULONG DataLength;
- ULONG DataOffset; // from this struct base
-} ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_SHIM, *PACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_SHIM;
-
-#define ACTIVATION_CONTEXT_DATA_COM_INTERFACE_REDIRECTION_FORMAT_WHISTLER 1
-
-#define ACTIVATION_CONTEXT_DATA_COM_INTERFACE_REDIRECTION_FLAG_NUM_METHODS_VALID 0x00000001
-#define ACTIVATION_CONTEXT_DATA_COM_INTERFACE_REDIRECTION_FLAG_BASE_INTERFACE_VALID 0x00000002
-
-typedef struct _ACTIVATION_CONTEXT_DATA_COM_INTERFACE_REDIRECTION
-{
- ULONG Size;
- ULONG Flags; // ACTIVATION_CONTEXT_DATA_COM_INTERFACE_REDIRECTION_FLAG_*
- GUID ProxyStubClsid32;
- ULONG NumMethods;
- GUID TypeLibraryId;
- GUID BaseInterface;
- ULONG NameLength;
- ULONG NameOffset; // to WCHAR[], from this struct base
-} ACTIVATION_CONTEXT_DATA_COM_INTERFACE_REDIRECTION, *PACTIVATION_CONTEXT_DATA_COM_INTERFACE_REDIRECTION;
-
-#define ACTIVATION_CONTEXT_DATA_COM_TYPE_LIBRARY_REDIRECTION_FORMAT_WHISTLER 1
-
-typedef struct _ACTIVATION_CONTEXT_DATA_TYPE_LIBRARY_VERSION
-{
- USHORT Major;
- USHORT Minor;
-} ACTIVATION_CONTEXT_DATA_TYPE_LIBRARY_VERSION, *PACTIVATION_CONTEXT_DATA_TYPE_LIBRARY_VERSION;
-
-typedef struct _ACTIVATION_CONTEXT_DATA_COM_TYPE_LIBRARY_REDIRECTION
-{
- ULONG Size;
- ULONG Flags;
- ULONG NameLength;
- ULONG NameOffset; // to WCHAR[], from section header
- USHORT ResourceId;
- USHORT LibraryFlags; // LIBFLAG_* oaidl.h
- ULONG HelpDirLength;
- ULONG HelpDirOffset; // to WCHAR[], from this struct base
- ACTIVATION_CONTEXT_DATA_TYPE_LIBRARY_VERSION Version;
-} ACTIVATION_CONTEXT_DATA_COM_TYPE_LIBRARY_REDIRECTION, *PACTIVATION_CONTEXT_DATA_COM_TYPE_LIBRARY_REDIRECTION;
-
-#define ACTIVATION_CONTEXT_DATA_COM_PROGID_REDIRECTION_FORMAT_WHISTLER 1
-
-typedef struct _ACTIVATION_CONTEXT_DATA_COM_PROGID_REDIRECTION
-{
- ULONG Size;
- ULONG Flags;
- ULONG ConfiguredClsidOffset; // to CLSID, from section header
-} ACTIVATION_CONTEXT_DATA_COM_PROGID_REDIRECTION, *PACTIVATION_CONTEXT_DATA_COM_PROGID_REDIRECTION;
-
-#define ACTIVATION_CONTEXT_DATA_CLR_SURROGATE_FORMAT_WHISTLER 1
-
-typedef struct _ACTIVATION_CONTEXT_DATA_CLR_SURROGATE
-{
- ULONG Size;
- ULONG Flags;
- GUID SurrogateIdent;
- ULONG VersionOffset;
- ULONG VersionLength;
- ULONG TypeNameOffset;
- ULONG TypeNameLength; // to WCHAR[], from this struct base
-} ACTIVATION_CONTEXT_DATA_CLR_SURROGATE, *PACTIVATION_CONTEXT_DATA_CLR_SURROGATE;
-
-#define ACTIVATION_CONTEXT_DATA_APPLICATION_SETTINGS_FORMAT_LONGHORN 1
-
-#define SXS_WINDOWS_SETTINGS_NAMESPACE L"http://schemas.microsoft.com/SMI/2005/WindowsSettings"
-#define SXS_WINDOWS_SETTINGS_2011_NAMESPACE L"http://schemas.microsoft.com/SMI/2011/WindowsSettings"
-#define SXS_WINDOWS_SETTINGS_2013_NAMESPACE L"http://schemas.microsoft.com/SMI/2013/WindowsSettings"
-#define SXS_WINDOWS_SETTINGS_2014_NAMESPACE L"http://schemas.microsoft.com/SMI/2014/WindowsSettings"
-#define SXS_WINDOWS_SETTINGS_2016_NAMESPACE L"http://schemas.microsoft.com/SMI/2016/WindowsSettings"
-#define SXS_WINDOWS_SETTINGS_2017_NAMESPACE L"http://schemas.microsoft.com/SMI/2017/WindowsSettings"
-#define SXS_WINDOWS_SETTINGS_2019_NAMESPACE L"http://schemas.microsoft.com/SMI/2019/WindowsSettings"
-#define SXS_WINDOWS_SETTINGS_2020_NAMESPACE L"http://schemas.microsoft.com/SMI/2020/WindowsSettings"
-
-typedef struct _ACTIVATION_CONTEXT_DATA_APPLICATION_SETTINGS
-{
- ULONG Size;
- ULONG Flags;
- ULONG SettingNamespaceLength;
- ULONG SettingNamespaceOffset; // to WCHAR[], from this struct base
- ULONG SettingNameLength;
- ULONG SettingNameOffset; // to WCHAR[], from this struct base
- ULONG SettingValueLength;
- ULONG SettingValueOffset; // to WCHAR[], from this struct base
-} ACTIVATION_CONTEXT_DATA_APPLICATION_SETTINGS, *PACTIVATION_CONTEXT_DATA_APPLICATION_SETTINGS;
-
-// COMPATIBILITY_CONTEXT_ELEMENT from winnt.h before 19H1
-typedef struct _COMPATIBILITY_CONTEXT_ELEMENT_LEGACY
-{
- GUID Id;
- ACTCTX_COMPATIBILITY_ELEMENT_TYPE Type;
-} COMPATIBILITY_CONTEXT_ELEMENT_LEGACY, *PCOMPATIBILITY_CONTEXT_ELEMENT_LEGACY;
-
-// ACTIVATION_CONTEXT_COMPATIBILITY_INFORMATION from winnt.h before 19H1
-typedef struct _ACTIVATION_CONTEXT_COMPATIBILITY_INFORMATION_LEGACY
-{
- DWORD ElementCount;
- COMPATIBILITY_CONTEXT_ELEMENT_LEGACY Elements[ANYSIZE_ARRAY];
-} ACTIVATION_CONTEXT_COMPATIBILITY_INFORMATION_LEGACY, *PACTIVATION_CONTEXT_COMPATIBILITY_INFORMATION_LEGACY;
-
-#include
-
-// begin_private
-
-typedef struct _ASSEMBLY_STORAGE_MAP_ENTRY
-{
- ULONG Flags;
- UNICODE_STRING DosPath;
- HANDLE Handle;
-} ASSEMBLY_STORAGE_MAP_ENTRY, *PASSEMBLY_STORAGE_MAP_ENTRY;
-
-#define ASSEMBLY_STORAGE_MAP_ASSEMBLY_ARRAY_IS_HEAP_ALLOCATED 0x00000001
-
-typedef struct _ASSEMBLY_STORAGE_MAP
-{
- ULONG Flags;
- ULONG AssemblyCount;
- PASSEMBLY_STORAGE_MAP_ENTRY *AssemblyArray;
-} ASSEMBLY_STORAGE_MAP, *PASSEMBLY_STORAGE_MAP;
-
-typedef struct _ACTIVATION_CONTEXT *PACTIVATION_CONTEXT;
-
-#define ACTIVATION_CONTEXT_NOTIFICATION_DESTROY 1
-#define ACTIVATION_CONTEXT_NOTIFICATION_ZOMBIFY 2
-#define ACTIVATION_CONTEXT_NOTIFICATION_USED 3
-
-typedef VOID (NTAPI *PACTIVATION_CONTEXT_NOTIFY_ROUTINE)(
- _In_ ULONG NotificationType, // ACTIVATION_CONTEXT_NOTIFICATION_*
- _In_ PACTIVATION_CONTEXT ActivationContext,
- _In_ PACTIVATION_CONTEXT_DATA ActivationContextData,
- _In_opt_ PVOID NotificationContext,
- _In_opt_ PVOID NotificationData,
- _Inout_ PBOOLEAN DisableThisNotification
- );
-
-typedef struct _ACTIVATION_CONTEXT
-{
- LONG RefCount;
- ULONG Flags;
- PACTIVATION_CONTEXT_DATA ActivationContextData;
- PACTIVATION_CONTEXT_NOTIFY_ROUTINE NotificationRoutine;
- PVOID NotificationContext;
- ULONG SentNotifications[8];
- ULONG DisabledNotifications[8];
- ASSEMBLY_STORAGE_MAP StorageMap;
- PASSEMBLY_STORAGE_MAP_ENTRY InlineStorageMapEntries[32];
-} ACTIVATION_CONTEXT, *PACTIVATION_CONTEXT;
-
-#define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_RELEASE_ON_DEACTIVATION 0x00000001
-#define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_NO_DEACTIVATE 0x00000002
-#define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_ON_FREE_LIST 0x00000004
-#define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_HEAP_ALLOCATED 0x00000008
-#define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_NOT_REALLY_ACTIVATED 0x00000010
-
-typedef struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME
-{
- struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME *Previous;
- PACTIVATION_CONTEXT ActivationContext;
- ULONG Flags; // RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_*
-} RTL_ACTIVATION_CONTEXT_STACK_FRAME, *PRTL_ACTIVATION_CONTEXT_STACK_FRAME;
-
-#define ACTIVATION_CONTEXT_STACK_FLAG_QUERIES_DISABLED 0x00000001
-
-typedef struct _ACTIVATION_CONTEXT_STACK
-{
- PRTL_ACTIVATION_CONTEXT_STACK_FRAME ActiveFrame;
- LIST_ENTRY FrameListCache;
- ULONG Flags; // ACTIVATION_CONTEXT_STACK_FLAG_*
- ULONG NextCookieSequenceNumber;
- ULONG StackId;
-} ACTIVATION_CONTEXT_STACK, *PACTIVATION_CONTEXT_STACK;
-
-// end_private
-
-#endif
diff --git a/deps/phnt-nightly/nttmapi.h b/deps/phnt-nightly/nttmapi.h
deleted file mode 100644
index 4e9e8ad..0000000
--- a/deps/phnt-nightly/nttmapi.h
+++ /dev/null
@@ -1,479 +0,0 @@
-/*
- * Transaction Manager support functions
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTTMAPI_H
-#define _NTTMAPI_H
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateTransactionManager(
- _Out_ PHANDLE TmHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_opt_ PUNICODE_STRING LogFileName,
- _In_opt_ ULONG CreateOptions,
- _In_opt_ ULONG CommitStrength
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenTransactionManager(
- _Out_ PHANDLE TmHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_opt_ PUNICODE_STRING LogFileName,
- _In_opt_ LPGUID TmIdentity,
- _In_opt_ ULONG OpenOptions
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtRenameTransactionManager(
- _In_ PUNICODE_STRING LogFileName,
- _In_ LPGUID ExistingTransactionManagerGuid
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtRollforwardTransactionManager(
- _In_ HANDLE TransactionManagerHandle,
- _In_opt_ PLARGE_INTEGER TmVirtualClock
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtRecoverTransactionManager(
- _In_ HANDLE TransactionManagerHandle
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryInformationTransactionManager(
- _In_ HANDLE TransactionManagerHandle,
- _In_ TRANSACTIONMANAGER_INFORMATION_CLASS TransactionManagerInformationClass,
- _Out_writes_bytes_(TransactionManagerInformationLength) PVOID TransactionManagerInformation,
- _In_ ULONG TransactionManagerInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetInformationTransactionManager(
- _In_opt_ HANDLE TmHandle,
- _In_ TRANSACTIONMANAGER_INFORMATION_CLASS TransactionManagerInformationClass,
- _In_reads_bytes_(TransactionManagerInformationLength) PVOID TransactionManagerInformation,
- _In_ ULONG TransactionManagerInformationLength
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtEnumerateTransactionObject(
- _In_opt_ HANDLE RootObjectHandle,
- _In_ KTMOBJECT_TYPE QueryType,
- _Inout_updates_bytes_(ObjectCursorLength) PKTMOBJECT_CURSOR ObjectCursor,
- _In_ ULONG ObjectCursorLength,
- _Out_ PULONG ReturnLength
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateTransaction(
- _Out_ PHANDLE TransactionHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_opt_ LPGUID Uow,
- _In_opt_ HANDLE TmHandle,
- _In_opt_ ULONG CreateOptions,
- _In_opt_ ULONG IsolationLevel,
- _In_opt_ ULONG IsolationFlags,
- _In_opt_ PLARGE_INTEGER Timeout,
- _In_opt_ PUNICODE_STRING Description
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenTransaction(
- _Out_ PHANDLE TransactionHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ LPGUID Uow,
- _In_opt_ HANDLE TmHandle
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryInformationTransaction(
- _In_ HANDLE TransactionHandle,
- _In_ TRANSACTION_INFORMATION_CLASS TransactionInformationClass,
- _Out_writes_bytes_(TransactionInformationLength) PVOID TransactionInformation,
- _In_ ULONG TransactionInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetInformationTransaction(
- _In_ HANDLE TransactionHandle,
- _In_ TRANSACTION_INFORMATION_CLASS TransactionInformationClass,
- _In_reads_bytes_(TransactionInformationLength) PVOID TransactionInformation,
- _In_ ULONG TransactionInformationLength
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCommitTransaction(
- _In_ HANDLE TransactionHandle,
- _In_ BOOLEAN Wait
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtRollbackTransaction(
- _In_ HANDLE TransactionHandle,
- _In_ BOOLEAN Wait
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateEnlistment(
- _Out_ PHANDLE EnlistmentHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ HANDLE ResourceManagerHandle,
- _In_ HANDLE TransactionHandle,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_opt_ ULONG CreateOptions,
- _In_ NOTIFICATION_MASK NotificationMask,
- _In_opt_ PVOID EnlistmentKey
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenEnlistment(
- _Out_ PHANDLE EnlistmentHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ HANDLE ResourceManagerHandle,
- _In_ LPGUID EnlistmentGuid,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryInformationEnlistment(
- _In_ HANDLE EnlistmentHandle,
- _In_ ENLISTMENT_INFORMATION_CLASS EnlistmentInformationClass,
- _Out_writes_bytes_(EnlistmentInformationLength) PVOID EnlistmentInformation,
- _In_ ULONG EnlistmentInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetInformationEnlistment(
- _In_opt_ HANDLE EnlistmentHandle,
- _In_ ENLISTMENT_INFORMATION_CLASS EnlistmentInformationClass,
- _In_reads_bytes_(EnlistmentInformationLength) PVOID EnlistmentInformation,
- _In_ ULONG EnlistmentInformationLength
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtRecoverEnlistment(
- _In_ HANDLE EnlistmentHandle,
- _In_opt_ PVOID EnlistmentKey
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtPrePrepareEnlistment(
- _In_ HANDLE EnlistmentHandle,
- _In_opt_ PLARGE_INTEGER TmVirtualClock
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtPrepareEnlistment(
- _In_ HANDLE EnlistmentHandle,
- _In_opt_ PLARGE_INTEGER TmVirtualClock
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCommitEnlistment(
- _In_ HANDLE EnlistmentHandle,
- _In_opt_ PLARGE_INTEGER TmVirtualClock
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtRollbackEnlistment(
- _In_ HANDLE EnlistmentHandle,
- _In_opt_ PLARGE_INTEGER TmVirtualClock
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtPrePrepareComplete(
- _In_ HANDLE EnlistmentHandle,
- _In_opt_ PLARGE_INTEGER TmVirtualClock
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtPrepareComplete(
- _In_ HANDLE EnlistmentHandle,
- _In_opt_ PLARGE_INTEGER TmVirtualClock
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCommitComplete(
- _In_ HANDLE EnlistmentHandle,
- _In_opt_ PLARGE_INTEGER TmVirtualClock
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtReadOnlyEnlistment(
- _In_ HANDLE EnlistmentHandle,
- _In_opt_ PLARGE_INTEGER TmVirtualClock
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtRollbackComplete(
- _In_ HANDLE EnlistmentHandle,
- _In_opt_ PLARGE_INTEGER TmVirtualClock
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSinglePhaseReject(
- _In_ HANDLE EnlistmentHandle,
- _In_opt_ PLARGE_INTEGER TmVirtualClock
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtCreateResourceManager(
- _Out_ PHANDLE ResourceManagerHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ HANDLE TmHandle,
- _In_ LPGUID RmGuid,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_opt_ ULONG CreateOptions,
- _In_opt_ PUNICODE_STRING Description
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtOpenResourceManager(
- _Out_ PHANDLE ResourceManagerHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ HANDLE TmHandle,
- _In_opt_ LPGUID ResourceManagerGuid,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtRecoverResourceManager(
- _In_ HANDLE ResourceManagerHandle
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtGetNotificationResourceManager(
- _In_ HANDLE ResourceManagerHandle,
- _Out_ PTRANSACTION_NOTIFICATION TransactionNotification,
- _In_ ULONG NotificationLength,
- _In_opt_ PLARGE_INTEGER Timeout,
- _Out_opt_ PULONG ReturnLength,
- _In_ ULONG Asynchronous,
- _In_opt_ ULONG_PTR AsynchronousContext
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtQueryInformationResourceManager(
- _In_ HANDLE ResourceManagerHandle,
- _In_ RESOURCEMANAGER_INFORMATION_CLASS ResourceManagerInformationClass,
- _Out_writes_bytes_(ResourceManagerInformationLength) PVOID ResourceManagerInformation,
- _In_ ULONG ResourceManagerInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtSetInformationResourceManager(
- _In_ HANDLE ResourceManagerHandle,
- _In_ RESOURCEMANAGER_INFORMATION_CLASS ResourceManagerInformationClass,
- _In_reads_bytes_(ResourceManagerInformationLength) PVOID ResourceManagerInformation,
- _In_ ULONG ResourceManagerInformationLength
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtRegisterProtocolAddressInformation(
- _In_ HANDLE ResourceManager,
- _In_ PCRM_PROTOCOL_ID ProtocolId,
- _In_ ULONG ProtocolInformationSize,
- _In_ PVOID ProtocolInformation,
- _In_opt_ ULONG CreateOptions
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtPropagationComplete(
- _In_ HANDLE ResourceManagerHandle,
- _In_ ULONG RequestCookie,
- _In_ ULONG BufferLength,
- _In_ PVOID Buffer
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtPropagationFailed(
- _In_ HANDLE ResourceManagerHandle,
- _In_ ULONG RequestCookie,
- _In_ NTSTATUS PropStatus
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtFreezeTransactions(
- _In_ PLARGE_INTEGER FreezeTimeout,
- _In_ PLARGE_INTEGER ThawTimeout
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-// private
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtThawTransactions(
- VOID
- );
-#endif
-
-#endif
diff --git a/deps/phnt-nightly/nttp.h b/deps/phnt-nightly/nttp.h
deleted file mode 100644
index e4bd6ea..0000000
--- a/deps/phnt-nightly/nttp.h
+++ /dev/null
@@ -1,462 +0,0 @@
-/*
- * Thread Pool support functions
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTTP_H
-#define _NTTP_H
-
-// Some types are already defined in winnt.h.
-
-typedef struct _TP_ALPC TP_ALPC, *PTP_ALPC;
-
-// private
-typedef VOID (NTAPI *PTP_ALPC_CALLBACK)(
- _Inout_ PTP_CALLBACK_INSTANCE Instance,
- _Inout_opt_ PVOID Context,
- _In_ PTP_ALPC Alpc
- );
-
-// rev
-typedef VOID (NTAPI *PTP_ALPC_CALLBACK_EX)(
- _Inout_ PTP_CALLBACK_INSTANCE Instance,
- _Inout_opt_ PVOID Context,
- _In_ PTP_ALPC Alpc,
- _In_ PVOID ApcContext
- );
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-// winbase:CreateThreadpool
-NTSYSAPI
-NTSTATUS
-NTAPI
-TpAllocPool(
- _Out_ PTP_POOL *PoolReturn,
- _Reserved_ PVOID Reserved
- );
-
-// winbase:CloseThreadpool
-NTSYSAPI
-VOID
-NTAPI
-TpReleasePool(
- _Inout_ PTP_POOL Pool
- );
-
-// winbase:SetThreadpoolThreadMaximum
-NTSYSAPI
-VOID
-NTAPI
-TpSetPoolMaxThreads(
- _Inout_ PTP_POOL Pool,
- _In_ ULONG MaxThreads
- );
-
-// winbase:SetThreadpoolThreadMinimum
-NTSYSAPI
-NTSTATUS
-NTAPI
-TpSetPoolMinThreads(
- _Inout_ PTP_POOL Pool,
- _In_ ULONG MinThreads
- );
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-// winbase:QueryThreadpoolStackInformation
-NTSYSAPI
-NTSTATUS
-NTAPI
-TpQueryPoolStackInformation(
- _In_ PTP_POOL Pool,
- _Out_ PTP_POOL_STACK_INFORMATION PoolStackInformation
- );
-
-// winbase:SetThreadpoolStackInformation
-NTSYSAPI
-NTSTATUS
-NTAPI
-TpSetPoolStackInformation(
- _Inout_ PTP_POOL Pool,
- _In_ PTP_POOL_STACK_INFORMATION PoolStackInformation
- );
-
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-TpSetPoolThreadBasePriority(
- _Inout_ PTP_POOL Pool,
- _In_ ULONG BasePriority
- );
-#endif
-
-// winbase:CreateThreadpoolCleanupGroup
-NTSYSAPI
-NTSTATUS
-NTAPI
-TpAllocCleanupGroup(
- _Out_ PTP_CLEANUP_GROUP *CleanupGroupReturn
- );
-
-// winbase:CloseThreadpoolCleanupGroup
-NTSYSAPI
-VOID
-NTAPI
-TpReleaseCleanupGroup(
- _Inout_ PTP_CLEANUP_GROUP CleanupGroup
- );
-
-// winbase:CloseThreadpoolCleanupGroupMembers
-NTSYSAPI
-VOID
-NTAPI
-TpReleaseCleanupGroupMembers(
- _Inout_ PTP_CLEANUP_GROUP CleanupGroup,
- _In_ LOGICAL CancelPendingCallbacks,
- _Inout_opt_ PVOID CleanupParameter
- );
-
-// winbase:SetEventWhenCallbackReturns
-NTSYSAPI
-VOID
-NTAPI
-TpCallbackSetEventOnCompletion(
- _Inout_ PTP_CALLBACK_INSTANCE Instance,
- _In_ HANDLE Event
- );
-
-// winbase:ReleaseSemaphoreWhenCallbackReturns
-NTSYSAPI
-VOID
-NTAPI
-TpCallbackReleaseSemaphoreOnCompletion(
- _Inout_ PTP_CALLBACK_INSTANCE Instance,
- _In_ HANDLE Semaphore,
- _In_ ULONG ReleaseCount
- );
-
-// winbase:ReleaseMutexWhenCallbackReturns
-NTSYSAPI
-VOID
-NTAPI
-TpCallbackReleaseMutexOnCompletion(
- _Inout_ PTP_CALLBACK_INSTANCE Instance,
- _In_ HANDLE Mutex
- );
-
-// winbase:LeaveCriticalSectionWhenCallbackReturns
-NTSYSAPI
-VOID
-NTAPI
-TpCallbackLeaveCriticalSectionOnCompletion(
- _Inout_ PTP_CALLBACK_INSTANCE Instance,
- _Inout_ PRTL_CRITICAL_SECTION CriticalSection
- );
-
-// winbase:FreeLibraryWhenCallbackReturns
-NTSYSAPI
-VOID
-NTAPI
-TpCallbackUnloadDllOnCompletion(
- _Inout_ PTP_CALLBACK_INSTANCE Instance,
- _In_ PVOID DllHandle
- );
-
-// winbase:CallbackMayRunLong
-NTSYSAPI
-NTSTATUS
-NTAPI
-TpCallbackMayRunLong(
- _Inout_ PTP_CALLBACK_INSTANCE Instance
- );
-
-// winbase:DisassociateCurrentThreadFromCallback
-NTSYSAPI
-VOID
-NTAPI
-TpDisassociateCallback(
- _Inout_ PTP_CALLBACK_INSTANCE Instance
- );
-
-// winbase:TrySubmitThreadpoolCallback
-NTSYSAPI
-NTSTATUS
-NTAPI
-TpSimpleTryPost(
- _In_ PTP_SIMPLE_CALLBACK Callback,
- _Inout_opt_ PVOID Context,
- _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron
- );
-
-// winbase:CreateThreadpoolWork
-NTSYSAPI
-NTSTATUS
-NTAPI
-TpAllocWork(
- _Out_ PTP_WORK *WorkReturn,
- _In_ PTP_WORK_CALLBACK Callback,
- _Inout_opt_ PVOID Context,
- _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron
- );
-
-// winbase:CloseThreadpoolWork
-NTSYSAPI
-VOID
-NTAPI
-TpReleaseWork(
- _Inout_ PTP_WORK Work
- );
-
-// winbase:SubmitThreadpoolWork
-NTSYSAPI
-VOID
-NTAPI
-TpPostWork(
- _Inout_ PTP_WORK Work
- );
-
-// winbase:WaitForThreadpoolWorkCallbacks
-NTSYSAPI
-VOID
-NTAPI
-TpWaitForWork(
- _Inout_ PTP_WORK Work,
- _In_ LOGICAL CancelPendingCallbacks
- );
-
-// winbase:CreateThreadpoolTimer
-NTSYSAPI
-NTSTATUS
-NTAPI
-TpAllocTimer(
- _Out_ PTP_TIMER *Timer,
- _In_ PTP_TIMER_CALLBACK Callback,
- _Inout_opt_ PVOID Context,
- _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron
- );
-
-// winbase:CloseThreadpoolTimer
-NTSYSAPI
-VOID
-NTAPI
-TpReleaseTimer(
- _Inout_ PTP_TIMER Timer
- );
-
-// winbase:SetThreadpoolTimer
-NTSYSAPI
-VOID
-NTAPI
-TpSetTimer(
- _Inout_ PTP_TIMER Timer,
- _In_opt_ PLARGE_INTEGER DueTime,
- _In_ ULONG Period,
- _In_opt_ ULONG WindowLength
- );
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-// winbase:SetThreadpoolTimerEx
-NTSYSAPI
-NTSTATUS
-NTAPI
-TpSetTimerEx(
- _Inout_ PTP_TIMER Timer,
- _In_opt_ PLARGE_INTEGER DueTime,
- _In_ ULONG Period,
- _In_opt_ ULONG WindowLength
- );
-#endif
-
-// winbase:IsThreadpoolTimerSet
-NTSYSAPI
-LOGICAL
-NTAPI
-TpIsTimerSet(
- _In_ PTP_TIMER Timer
- );
-
-// winbase:WaitForThreadpoolTimerCallbacks
-NTSYSAPI
-VOID
-NTAPI
-TpWaitForTimer(
- _Inout_ PTP_TIMER Timer,
- _In_ LOGICAL CancelPendingCallbacks
- );
-
-// winbase:CreateThreadpoolWait
-NTSYSAPI
-NTSTATUS
-NTAPI
-TpAllocWait(
- _Out_ PTP_WAIT *WaitReturn,
- _In_ PTP_WAIT_CALLBACK Callback,
- _Inout_opt_ PVOID Context,
- _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron
- );
-
-// winbase:CloseThreadpoolWait
-NTSYSAPI
-VOID
-NTAPI
-TpReleaseWait(
- _Inout_ PTP_WAIT Wait
- );
-
-// winbase:SetThreadpoolWait
-NTSYSAPI
-VOID
-NTAPI
-TpSetWait(
- _Inout_ PTP_WAIT Wait,
- _In_opt_ HANDLE Handle,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-#if (PHNT_VERSION >= PHNT_WIN8)
-// winbase:SetThreadpoolWaitEx
-NTSYSAPI
-NTSTATUS
-NTAPI
-TpSetWaitEx(
- _Inout_ PTP_WAIT Wait,
- _In_opt_ HANDLE Handle,
- _In_opt_ PLARGE_INTEGER Timeout,
- _In_opt_ PVOID Reserved
- );
-#endif
-
-// winbase:WaitForThreadpoolWaitCallbacks
-NTSYSAPI
-VOID
-NTAPI
-TpWaitForWait(
- _Inout_ PTP_WAIT Wait,
- _In_ LOGICAL CancelPendingCallbacks
- );
-
-// private
-typedef VOID (NTAPI *PTP_IO_CALLBACK)(
- _Inout_ PTP_CALLBACK_INSTANCE Instance,
- _Inout_opt_ PVOID Context,
- _In_ PVOID ApcContext,
- _In_ PIO_STATUS_BLOCK IoSB,
- _In_ PTP_IO Io
- );
-
-// winbase:CreateThreadpoolIo
-NTSYSAPI
-NTSTATUS
-NTAPI
-TpAllocIoCompletion(
- _Out_ PTP_IO *IoReturn,
- _In_ HANDLE File,
- _In_ PTP_IO_CALLBACK Callback,
- _Inout_opt_ PVOID Context,
- _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron
- );
-
-// winbase:CloseThreadpoolIo
-NTSYSAPI
-VOID
-NTAPI
-TpReleaseIoCompletion(
- _Inout_ PTP_IO Io
- );
-
-// winbase:StartThreadpoolIo
-NTSYSAPI
-VOID
-NTAPI
-TpStartAsyncIoOperation(
- _Inout_ PTP_IO Io
- );
-
-// winbase:CancelThreadpoolIo
-NTSYSAPI
-VOID
-NTAPI
-TpCancelAsyncIoOperation(
- _Inout_ PTP_IO Io
- );
-
-// winbase:WaitForThreadpoolIoCallbacks
-NTSYSAPI
-VOID
-NTAPI
-TpWaitForIoCompletion(
- _Inout_ PTP_IO Io,
- _In_ LOGICAL CancelPendingCallbacks
- );
-
-// private
-NTSYSAPI
-NTSTATUS
-NTAPI
-TpAllocAlpcCompletion(
- _Out_ PTP_ALPC *AlpcReturn,
- _In_ HANDLE AlpcPort,
- _In_ PTP_ALPC_CALLBACK Callback,
- _Inout_opt_ PVOID Context,
- _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron
- );
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-// rev
-NTSYSAPI
-NTSTATUS
-NTAPI
-TpAllocAlpcCompletionEx(
- _Out_ PTP_ALPC *AlpcReturn,
- _In_ HANDLE AlpcPort,
- _In_ PTP_ALPC_CALLBACK_EX Callback,
- _Inout_opt_ PVOID Context,
- _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron
- );
-#endif
-
-// private
-NTSYSAPI
-VOID
-NTAPI
-TpReleaseAlpcCompletion(
- _Inout_ PTP_ALPC Alpc
- );
-
-// private
-NTSYSAPI
-VOID
-NTAPI
-TpWaitForAlpcCompletion(
- _Inout_ PTP_ALPC Alpc
- );
-
-// private
-typedef enum _TP_TRACE_TYPE
-{
- TpTraceThreadPriority = 1,
- TpTraceThreadAffinity,
- MaxTpTraceType
-} TP_TRACE_TYPE;
-
-// private
-NTSYSAPI
-VOID
-NTAPI
-TpCaptureCaller(
- _In_ TP_TRACE_TYPE Type
- );
-
-// private
-NTSYSAPI
-VOID
-NTAPI
-TpCheckTerminateWorker(
- _In_ HANDLE Thread
- );
-
-#endif
-
-#endif
diff --git a/deps/phnt-nightly/ntwmi.h b/deps/phnt-nightly/ntwmi.h
deleted file mode 100644
index f748548..0000000
--- a/deps/phnt-nightly/ntwmi.h
+++ /dev/null
@@ -1,5928 +0,0 @@
-/*
- * Trace Control support functions
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTWMI_H
-#define _NTWMI_H
-
-EXTERN_C_START
-
-#ifndef _TRACEHANDLE_DEFINED
-#define _TRACEHANDLE_DEFINED
-typedef ULONG64 TRACEHANDLE, *PTRACEHANDLE;
-#endif
-
-//
-// Maximum supported buffer size in KB - Win8 (16MB)
-//
-// N.B. Prior to Win8 the value was 1MB (1024KB).
-#define MIN_ETW_BUFFER_SIZE 1 // in KBytes
-#define MAX_ETW_BUFFER_SIZE (16 * 1024) // in KBytes
-#define MAX_ETW_BUFFER_SIZE_WIN7 (1 * 1024) // in KBytes
-#define MAX_ETW_EVENT_SIZE 0xFFFF // MAX_USHORT
-
-// SystemTraceControlGuid
-#define ETW_KERNEL_RUNDOWN_START 0x00000001
-#define ETW_KERNEL_RUNDOWN_STOP 0x00000002
-#define ETW_CKCL_RUNDOWN_START 0x00000004
-#define ETW_CKCL_RUNDOWN_STOP 0x00000008
-#define ETW_FILENAME_RUNDOWN 0x00000010
-
-//
-// Alignment macros
-//
-#define DEFAULT_TRACE_ALIGNMENT 8 // 8 byte alignment
-#define ALIGN_TO_POWER2( x, n ) (((ULONG)(x) + ((n)-1)) & ~((ULONG)(n)-1))
-
-//
-// The predefined event groups or families for NT subsystems
-//
-#define EVENT_TRACE_GROUP_HEADER 0x0000
-#define EVENT_TRACE_GROUP_IO 0x0100
-#define EVENT_TRACE_GROUP_MEMORY 0x0200
-#define EVENT_TRACE_GROUP_PROCESS 0x0300
-#define EVENT_TRACE_GROUP_FILE 0x0400
-#define EVENT_TRACE_GROUP_THREAD 0x0500
-#define EVENT_TRACE_GROUP_TCPIP 0x0600
-#define EVENT_TRACE_GROUP_JOB 0x0700
-#define EVENT_TRACE_GROUP_UDPIP 0x0800
-#define EVENT_TRACE_GROUP_REGISTRY 0x0900
-#define EVENT_TRACE_GROUP_DBGPRINT 0x0A00
-#define EVENT_TRACE_GROUP_CONFIG 0x0B00
-#define EVENT_TRACE_GROUP_SPARE1 0x0C00 // Spare1
-#define EVENT_TRACE_GROUP_WNF 0x0D00
-#define EVENT_TRACE_GROUP_POOL 0x0E00
-#define EVENT_TRACE_GROUP_PERFINFO 0x0F00
-#define EVENT_TRACE_GROUP_HEAP 0x1000
-#define EVENT_TRACE_GROUP_OBJECT 0x1100
-#define EVENT_TRACE_GROUP_POWER 0x1200
-#define EVENT_TRACE_GROUP_MODBOUND 0x1300
-#define EVENT_TRACE_GROUP_IMAGE 0x1400
-#define EVENT_TRACE_GROUP_DPC 0x1500
-#define EVENT_TRACE_GROUP_CC 0x1600
-#define EVENT_TRACE_GROUP_CRITSEC 0x1700
-#define EVENT_TRACE_GROUP_STACKWALK 0x1800
-#define EVENT_TRACE_GROUP_UMS 0x1900
-#define EVENT_TRACE_GROUP_ALPC 0x1A00
-#define EVENT_TRACE_GROUP_SPLITIO 0x1B00
-#define EVENT_TRACE_GROUP_THREAD_POOL 0x1C00
-#define EVENT_TRACE_GROUP_HYPERVISOR 0x1D00
-#define EVENT_TRACE_GROUP_HYPERVISORX 0x1E00
-
-//
-// If you add any new groups, you must bump up MAX_KERNEL_TRACE_EVENTS
-// and make sure post processing is fixed up.
-//
-#define MAX_KERNEL_TRACE_EVENTS 0x1F
-
-//
-// The highest order bit of a data block is set if trace, WNODE otherwise
-//
-#define TRACE_HEADER_FLAG 0x80000000
-
-// Header type for tracing messages
-// | Marker(8) | Reserved(8) | Size(16) | MessageNumber(16) | Flags(16)
-#define TRACE_MESSAGE 0x10000000
-
-// | MARKER(16) | SIZE (16) | ULONG 32 | TIME_STAMP ...
-#define TRACE_HEADER_ULONG32_TIME 0xB0000000
-
-//
-// The second bit is set if the trace is used by PM & CP (fixed headers)
-// If not, the data block is used by for finer data for performance analysis
-//
-#define TRACE_HEADER_EVENT_TRACE 0x40000000
-//
-// If set, the data block is SYSTEM_TRACE_HEADER
-//
-#define TRACE_HEADER_ENUM_MASK 0x00FF0000
-
-//
-// The following are various header type
-//
-#define TRACE_HEADER_TYPE_SYSTEM32 1
-#define TRACE_HEADER_TYPE_SYSTEM64 2
-#define TRACE_HEADER_TYPE_COMPACT32 3
-#define TRACE_HEADER_TYPE_COMPACT64 4
-#define TRACE_HEADER_TYPE_FULL_HEADER32 10
-#define TRACE_HEADER_TYPE_INSTANCE32 11
-#define TRACE_HEADER_TYPE_TIMED 12 // Not used
-#define TRACE_HEADER_TYPE_ERROR 13 // Error while logging event
-#define TRACE_HEADER_TYPE_WNODE_HEADER 14 // Not used
-#define TRACE_HEADER_TYPE_MESSAGE 15
-#define TRACE_HEADER_TYPE_PERFINFO32 16
-#define TRACE_HEADER_TYPE_PERFINFO64 17
-#define TRACE_HEADER_TYPE_EVENT_HEADER32 18
-#define TRACE_HEADER_TYPE_EVENT_HEADER64 19
-#define TRACE_HEADER_TYPE_FULL_HEADER64 20
-#define TRACE_HEADER_TYPE_INSTANCE64 21
-
-#define EVENT_HEADER_SIZE_MASK 0x0000FFFF
-
-#define SYSTEM_TRACE_VERSION 2
-
-//
-// The following two are used for defining LogFile layout version.
-//
-// 1.2 -- Add per-processor event streams.
-// 1.3 -- Remove rundown and context/switch streams.
-// 1.4 -- Add header stream.
-// 1.5 -- Include QPC and Platform clock source in the header.
-//
-// 2.0 -- Larger Buffers (over 1MB) / 256+ Processors / Compression (Win8).
-//
-
-#define TRACE_VERSION_MAJOR_WIN7 1
-#define TRACE_VERSION_MINOR_WIN7 5
-
-#define TRACE_VERSION_MAJOR 2
-#define TRACE_VERSION_MINOR 0
-
-#define SYSTEM_TRACE_MARKER32 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_SYSTEM32 << 16))
-#define SYSTEM_TRACE_MARKER64 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_SYSTEM64 << 16))
-
-#define COMPACT_TRACE_MARKER32 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_COMPACT32 << 16))
-#define COMPACT_TRACE_MARKER64 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_COMPACT64 << 16))
-
-#define PERFINFO_TRACE_MARKER32 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_PERFINFO32 << 16))
-#define PERFINFO_TRACE_MARKER64 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_PERFINFO64 << 16))
-
-#define TRACE_HEADER_PEBS_INDEX_FLAG 0x00008000
-#define TRACE_HEADER_SPARE_FLAG1 0x00004000
-#define TRACE_HEADER_SPARE_FLAG2 0x00002000
-#define TRACE_HEADER_SPARE_FLAG3 0x00001000
-#define TRACE_HEADER_SPARE_FLAG4 0x00000800
-#define TRACE_HEADER_PMC_COUNTERS_MASK 0x00000700
-#define TRACE_HEADER_PMC_COUNTERS_SHIFT 8
-
-#define TRACE_HEADER_EXT_ITEMS_MASK (TRACE_HEADER_PEBS_INDEX_FLAG | TRACE_HEADER_PMC_COUNTERS_MASK)
-
-#ifdef _WIN64
-#define SYSTEM_TRACE_MARKER SYSTEM_TRACE_MARKER64
-#define COMPACT_TRACE_MARKER COMPACT_TRACE_MARKER64
-#define PERFINFO_TRACE_MARKER PERFINFO_TRACE_MARKER64
-#else
-#define SYSTEM_TRACE_MARKER SYSTEM_TRACE_MARKER32
-#define COMPACT_TRACE_MARKER COMPACT_TRACE_MARKER32
-#define PERFINFO_TRACE_MARKER PERFINFO_TRACE_MARKER32
-#endif
-
-//
-// Support a maximum of 64 logger instances.
-//
-#define MAXLOGGERS 64
-
-//
-// Set of Internal Flags passed to the Logger via ClientContext during StartTrace
-//
-#define EVENT_TRACE_CLOCK_RAW 0 // Use Raw timestamp
-#define EVENT_TRACE_CLOCK_PERFCOUNTER 1 // Use HighPerfClock (Default)
-#define EVENT_TRACE_CLOCK_SYSTEMTIME 2 // Use SystemTime
-#define EVENT_TRACE_CLOCK_CPUCYCLE 3 // Use CPU cycle counter
-#define EVENT_TRACE_CLOCK_MAX 4 // Max number of clock types
-
-//
-// NOTE: The following should not overlap with other bits in the LogFileMode
-// or LoggerMode defined in evntrace.h. Placed here since it is for internal
-// use only.
-//
-#define EVENT_TRACE_KD_FILTER_MODE 0x00080000 // KD_FILTER
-#define EVENT_TRACE_BUFFER_INTERFACE_MODE 0x00040000
-
-//
-// LoggerMode flags on Win7 and above.
-//
-#define EVENT_TRACE_USE_MS_FLUSH_TIMER 0x00000010 // FlushTimer value in milliseconds
-#define EVENT_TRACE_BLOCKING_MODE 0x20000000 // Private loggers wait for buffers
-
-//
-// LoggerMode flags on Win8 and above.
-//
-#define EVENT_TRACE_REALTIME_RELOG_MODE 0x00100000 // Private logger, relogging real-time events
- // This is same as EVENT_TRACE_MODE_RESERVED
-
-#define EVENT_TRACE_LOST_EVENTS_DEBUG_MODE 0x00200000 // Break on lost events
-#define EVENT_TRACE_COMPRESSED_MODE 0x04000000 // Compress relogged file
-
-//
-// see evntrace.h for pre-defined generic event types (0-10)
-//
-typedef struct _WMI_TRACE_PACKET
-{
- USHORT Size;
- union
- {
- USHORT HookId;
- struct
- {
- UCHAR Type;
- UCHAR Group;
- } DUMMYSTRUCTNAME;
- } DUMMYUNIONNAME;
-} WMI_TRACE_PACKET, *PWMI_TRACE_PACKET;
-
-static_assert(sizeof(WMI_TRACE_PACKET) == sizeof(ULONG), "WMI_TRACE_PACKET must equal sizeof(ULONG)");
-
-// New struct that replaces EVENT_INSTANCE_GUID_HEADER. It is basically
-// EVENT_TRACE_HEADER + 2 Guids.
-// For XP, we will not publish this struct and hide it from users.
-// TRACE_VERSION in LOG_FILE_HEADER will tell the consumer APIs to use
-// this struct instead of EVENT_TRACE_HEADER.
-
-typedef struct _EVENT_INSTANCE_GUID_HEADER
-{
- USHORT Size; // Size of entire record
- union
- {
- USHORT FieldTypeFlags; // Indicates valid fields
- struct
- {
- UCHAR HeaderType; // Header type - internal use only
- UCHAR MarkerFlags; // Marker - internal use only
- } DUMMYSTRUCTNAME;
- } DUMMYUNIONNAME;
- union
- {
- ULONG Version;
- struct
- {
- UCHAR Type; // event type
- UCHAR Level; // trace instrumentation level
- USHORT Version; // version of trace record
- } Class;
- } DUMMYUNIONNAME2;
- ULONG ThreadId; // Thread Id
- ULONG ProcessId; // Process Id
- LARGE_INTEGER TimeStamp; // time when event happens
- union
- {
- GUID Guid; // Guid that identifies event
- ULONGLONG GuidPtr; // use with WNODE_FLAG_USE_GUID_PTR
- } DUMMYUNIONNAME3;
- union
- {
- struct
- {
- ULONG ClientContext; // Reserved
- ULONG Flags; // Flags for header
- } DUMMYSTRUCTNAME;
- struct
- {
- ULONG KernelTime; // Kernel Mode CPU ticks
- ULONG UserTime; // User mode CPU ticks
- } DUMMYSTRUCTNAME2;
- ULONG64 ProcessorTime; // Processor Clock
- } DUMMYUNIONNAME4;
- ULONG InstanceId;
- ULONG ParentInstanceId;
- GUID ParentGuid; // Guid that identifies event
-} EVENT_INSTANCE_GUID_HEADER, *PEVENT_INSTANCE_GUID_HEADER;
-
-typedef ULONGLONG PERFINFO_TIMESTAMP;
-typedef struct _PERFINFO_TRACE_HEADER PERFINFO_TRACE_ENTRY, *PPERFINFO_TRACE_ENTRY;
-
-//
-// 64-bit Trace header for NTPERF events
-//
-// Note. The field "Version" will temporary be used to log CPU Id when log to PerfMem.
-// This will be removed after we change the buffer management to be the same as WMI.
-// i.e., Each CPU will allocate a block of memory for logging and CPU id is in the header
-// of each block.
-//
-typedef struct _PERFINFO_TRACE_HEADER
-{
- union
- {
- ULONG Marker;
- struct
- {
- USHORT Version;
- UCHAR HeaderType;
- UCHAR Flags; //WMI uses this flag to identify event types
- } DUMMYSTRUCTNAME;
- } DUMMYUNIONNAME;
- union
- {
- ULONG Header; // both sizes must be the same!
- WMI_TRACE_PACKET Packet;
- } DUMMYUNIONNAME2;
- union
- {
- PERFINFO_TIMESTAMP TS;
- LARGE_INTEGER SystemTime;
- } DUMMYUNIONNAME3;
- UCHAR Data[1];
-} PERFINFO_TRACE_HEADER, *PPERFINFO_TRACE_HEADER;
-
-//
-// 64-bit Trace header for kernel events
-//
-typedef struct _SYSTEM_TRACE_HEADER
-{
- union
- {
- ULONG Marker;
- struct
- {
- USHORT Version;
- UCHAR HeaderType;
- UCHAR Flags;
- } DUMMYSTRUCTNAME;
- } DUMMYUNIONNAME;
- union
- {
- ULONG Header; // both sizes must be the same!
- WMI_TRACE_PACKET Packet;
- } DUMMYUNIONNAME2;
- ULONG ThreadId;
- ULONG ProcessId;
- LARGE_INTEGER SystemTime;
- ULONG KernelTime;
- ULONG UserTime;
-} SYSTEM_TRACE_HEADER, *PSYSTEM_TRACE_HEADER;
-
-//
-// System header with no User/Kernel time.
-//
-#define COMPACT_HEADER_SIZE (RTL_SIZEOF_THROUGH_FIELD(SYSTEM_TRACE_HEADER, SystemTime))
-
-//
-// 64-bit Trace Header for Tracing Messages
-//
-typedef struct _WMI_TRACE_MESSAGE_PACKET
-{
- USHORT MessageNumber; // The message Number, index of messages by GUID
- // Or ComponentID
- USHORT OptionFlags ; // Flags associated with the message
-} WMI_TRACE_MESSAGE_PACKET, *PWMI_TRACE_MESSAGE_PACKET;
-
-static_assert(sizeof(WMI_TRACE_MESSAGE_PACKET) == sizeof(ULONG), "WMI_TRACE_MESSAGE_PACKET must equal sizeof(ULONG)");
-
-typedef struct _MESSAGE_TRACE_HEADER
-{
- union
- {
- ULONG Marker;
- struct
- {
- USHORT Size; // Total Size of the message including header
- UCHAR Reserved; // Unused and reserved
- UCHAR Version; // The message structure type (TRACE_MESSAGE_FLAG)
- } DUMMYSTRUCTNAME;
- } DUMMYUNIONNAME;
- union
- {
- ULONG Header; // both sizes must be the same!
- WMI_TRACE_MESSAGE_PACKET Packet;
- } DUMMYUNIONNAME2;
-} MESSAGE_TRACE_HEADER, *PMESSAGE_TRACE_HEADER;
-
-typedef struct _MESSAGE_TRACE
-{
- MESSAGE_TRACE_HEADER MessageHeader;
- UCHAR Data;
-} MESSAGE_TRACE, *PMESSAGE_TRACE;
-
-#define TRACE_MESSAGE_USERMODE 0x40 // flag indicating message came from user mode
-#define TRACE_MESSAGE_WOW 0x80
-//
-// Structure used to pass user log messages to the kernel
-//
-typedef struct DECLSPEC_ALIGN(8) _MESSAGE_TRACE_USER
-{
- MESSAGE_TRACE_HEADER MessageHeader;
- GUID MessageGuid;
- ULONG MessageFlags;
- ULONG DataSize;
- ULONG64 Data;
-} MESSAGE_TRACE_USER, *PMESSAGE_TRACE_USER;
-
-//
-// N.B. ETW_REF_CLOCK needs to be available for WOW64, thus the trick with defines for ETW_WOW64.
-//
-typedef struct _ETW_REF_CLOCK
-{
- LARGE_INTEGER StartTime;
- LARGE_INTEGER StartPerfClock;
-} ETW_REF_CLOCK, *PETW_REF_CLOCK;
-
-#ifndef ETW_WOW6432
-
-typedef enum _ETW_BUFFER_STATE
-{
- EtwBufferStateFree,
- EtwBufferStateGeneralLogging,
- EtwBufferStateCSwitch,
- EtwBufferStateFlush,
- EtwBufferStateMaximum //MaxState should always be the last enum
-} ETW_BUFFER_STATE, *PETW_BUFFER_STATE;
-
-#define ETW_BUFFER_TYPE_GENERIC 0
-#define ETW_BUFFER_TYPE_RUNDOWN 1
-#define ETW_BUFFER_TYPE_CTX_SWAP 2
-#define ETW_BUFFER_TYPE_REFTIME 3
-#define ETW_BUFFER_TYPE_HEADER 4
-#define ETW_BUFFER_TYPE_BATCHED 5
-#define ETW_BUFFER_TYPE_EMPTY_MARKER 6
-#define ETW_BUFFER_TYPE_DBG_INFO 7
-#define ETW_BUFFER_TYPE_MAXIMUM 8
-
-#define ETW_BUFFER_FLAG_NORMAL 0x0000
-#define ETW_BUFFER_FLAG_FLUSH_MARKER 0x0001
-#define ETW_BUFFER_FLAG_EVENTS_LOST 0x0002
-#define ETW_BUFFER_FLAG_BUFFER_LOST 0x0004
-#define ETW_BUFFER_FLAG_RTBACKUP_CORRUPT 0x0008
-#define ETW_BUFFER_FLAG_RTBACKUP 0x0010
-#define ETW_BUFFER_FLAG_PROC_INDEX 0x0020
-#define ETW_BUFFER_FLAG_COMPRESSED 0x0040
-
-#define ETW_PROCESSOR_INDEX_MASK 0x07FF
-
-//
-// The following constants for real time event loss reasons should be
-// in sync with the messages in admin\wmi\events\service\eventlog.man.
-//
-#define ETW_RT_LOSS_EVENT 0x20
-#define ETW_RT_LOSS_BUFFER 0x21
-#define ETW_RT_LOSS_BACKUP 0x22
-
-typedef enum _ETW_RT_EVENT_LOSS
-{
- EtwRtEventNoLoss,
- EtwRtEventLost,
- EtwRtBufferLost,
- EtwRtBackupLost,
- EtwRtEventLossMax
-} ETW_RT_EVENT_LOSS, *PETW_RT_EVENT_LOSS;
-
-typedef struct _WMI_BUFFER_HEADER *PWMI_BUFFER_HEADER;
-
-typedef struct _WMI_BUFFER_HEADER
-{
- ULONG BufferSize; // BufferSize
- ULONG SavedOffset; // Temp saved offset
- volatile ULONG CurrentOffset; // Current offset
- volatile LONG ReferenceCount; // Reference count
- LARGE_INTEGER TimeStamp; // Flush time stamp
- LONGLONG SequenceNumber; // Buffer sequence number
-
- union
- {
- struct
- { // DBG_INFO buffers send to debugger
- ULONGLONG ClockType : 3;
- ULONGLONG Frequency : 61;
- } DUMMYSTRUCTNAME;
- SINGLE_LIST_ENTRY SlistEntry; // Local list when flushing
- PWMI_BUFFER_HEADER NextBuffer; // FlushList
- } DUMMYUNIONNAME;
-
- ETW_BUFFER_CONTEXT ClientContext; // LoggerId/ProcessorIndex
- ETW_BUFFER_STATE State; // (Free/GeneralLogging/Flush)
-
- ULONG Offset; // Offset when flushing (can overlap SavedOffset)
- USHORT BufferFlag; // (flush marker, events lost)
- USHORT BufferType; // (generic/rundown/cswitch/reftime)
- union
- {
- ULONG Padding1[4];
- ETW_REF_CLOCK ReferenceTime; // persistent real-time
- LIST_ENTRY GlobalEntry; // Global list entry
- struct
- {
- PVOID Pointer0;
- PVOID Pointer1;
- } DUMMYSTRUCTNAME2;
- } DUMMYUNIONNAME2;
-} WMI_BUFFER_HEADER, *PWMI_BUFFER_HEADER;
-
-static_assert(sizeof(WMI_BUFFER_HEADER) == 0x48, "WMI_BUFFER_HEADER must equal 0x48");
-C_ASSERT(FIELD_OFFSET(WMI_BUFFER_HEADER, BufferSize) == 0x0);
-C_ASSERT(FIELD_OFFSET(WMI_BUFFER_HEADER, SavedOffset) == 0x4);
-C_ASSERT(FIELD_OFFSET(WMI_BUFFER_HEADER, CurrentOffset) == 0x8);
-C_ASSERT(FIELD_OFFSET(WMI_BUFFER_HEADER, TimeStamp) == 0x10);
-C_ASSERT(FIELD_OFFSET(WMI_BUFFER_HEADER, SlistEntry) == 0x20);
-C_ASSERT(FIELD_OFFSET(WMI_BUFFER_HEADER, ClientContext) == 0x28);
-C_ASSERT(FIELD_OFFSET(WMI_BUFFER_HEADER, State) == 0x2c); // Compression
-C_ASSERT(FIELD_OFFSET(WMI_BUFFER_HEADER, Offset) == 0x30);
-C_ASSERT(FIELD_OFFSET(WMI_BUFFER_HEADER, BufferFlag) == 0x34);
-C_ASSERT(FIELD_OFFSET(WMI_BUFFER_HEADER, BufferType) == 0x36);
-
-typedef struct _TRACE_ENABLE_FLAG_EXTENSION
-{
- USHORT Offset; // Offset to the flag array in structure
- UCHAR Length; // Length of flag array in ULONGs
- UCHAR Flag; // Must be set to EVENT_TRACE_FLAG_EXTENSION
-} TRACE_ENABLE_FLAG_EXTENSION, *PTRACE_ENABLE_FLAG_EXTENSION;
-
-typedef struct _TRACE_ENABLE_FLAG_EXT_HEADER
-{
- USHORT Length; // Length in ULONGs
- USHORT Items; // # of items
-} TRACE_ENABLE_FLAG_EXT_HEADER, *PTRACE_ENABLE_FLAG_EXT_HEADER;
-
-typedef struct _TRACE_ENABLE_FLAG_EXT_ITEM
-{
- USHORT Offset; // Offset to the next block
- USHORT Type; // Extension type
-} TRACE_ENABLE_FLAG_EXT_ITEM, *PTRACE_ENABLE_FLAG_EXT_ITEM;
-
-#define EVENT_TRACE_FLAG_EXT_ITEMS 0x80FF0000 // New extension structure
-#define EVENT_TRACE_FLAG_EXT_LEN_NEW_STRUCT 0xFF // Pseudo length to denote new struct format
-
-#define ETW_MINIMUM_CACHED_STACK_LENGTH 4
-#define ETW_SW_ARRAY_SIZE 256 // Frame Count allocated in lookaside list
-#define ETW_STACK_SW_ARRAY_SIZE 192 // Frame Count allocated in stack
-#define ETW_MAX_STACKWALK_FILTER 256 // Max number of HookId's
-#define ETW_MAX_TAG_FILTER 4
-#define ETW_MAX_POOLTAG_FILTER ETW_MAX_TAG_FILTER
-
-#define ETW_EXT_ENABLE_FLAGS 0x0001
-#define ETW_EXT_PIDS 0x0002
-#define ETW_EXT_STACKWALK_FILTER 0x0003
-#define ETW_EXT_POOLTAG_FILTER 0x0004
-#define ETW_EXT_STACK_CACHING 0x0005
-
-//
-// Extended item for configuring stack caching.
-//
-typedef struct _ETW_STACK_CACHING_CONFIG
-{
- ULONG CacheSize;
- ULONG BucketCount;
-} ETW_STACK_CACHING_CONFIG, *PETW_STACK_CACHING_CONFIG;
-
-#endif // ifndef ETW_WOW6432
-
-#define PERFINFO_APPLY_OFFSET_GIVING_TYPE(_Base, _Offset, _Type) ((_Type) (((PPERF_BYTE) (_Base)) + (_Offset)))
-#define PERFINFO_ROUND_UP(Size, Amount) (((ULONG)(Size) + ((Amount) - 1)) & ~((Amount) - 1))
-
-//
-// Enable flags, hook id's, etc...
-//
-#define PERF_MASK_INDEX (0xe0000000)
-#define PERF_MASK_GROUP (~PERF_MASK_INDEX)
-#define PERF_NUM_MASKS 8
-
-typedef ULONG PERFINFO_MASK;
-
-//
-// This structure holds a group mask for all the PERF_NUM_MASKS sets (see PERF_MASK_INDEX above).
-//
-typedef struct _PERFINFO_GROUPMASK
-{
- ULONG Masks[PERF_NUM_MASKS];
-} PERFINFO_GROUPMASK, *PPERFINFO_GROUPMASK;
-
-#define PERF_GET_MASK_INDEX(GM) (((GM) & PERF_MASK_INDEX) >> 29)
-#define PERF_GET_MASK_GROUP(GM) ((GM) & PERF_MASK_GROUP)
-
-#define PERFINFO_CLEAR_GROUPMASK(GroupMask) RtlZeroMemory((GroupMask), sizeof(PERFINFO_GROUPMASK))
-#define PERFINFO_OR_GROUP_WITH_GROUPMASK(Group, GroupMask) (GroupMask)->Masks[PERF_GET_MASK_INDEX(Group)] |= PERF_GET_MASK_GROUP(Group)
-#define PERFINFO_CLEAR_GROUP_IN_GROUPMASK(Group, GroupMask) (GroupMask)->Masks[PERF_GET_MASK_INDEX(Group)] &= (~PERF_GET_MASK_GROUP(Group))
-
-/*++
-
-Routine Description:
-
- Determines whether any group is on in a group mask
-
-Arguments:
-
- Group - Group index to check.
-
- GroupMask - pointer to group mask to check.
-
-Return Value:
-
- Boolean indicating whether it is set or not.
-
-Environment:
-
- User mode.
-
---*/
-FORCEINLINE
-BOOLEAN
-PerfIsGroupOnInGroupMask(
- _In_ ULONG Group,
- _In_ PPERFINFO_GROUPMASK GroupMask
- )
-{
- PPERFINFO_GROUPMASK TestMask = GroupMask;
-
- return (BOOLEAN)(((TestMask) != NULL) && (((TestMask)->Masks[PERF_GET_MASK_INDEX((Group))] & PERF_GET_MASK_GROUP((Group))) != 0));
-}
-
-// Group Masks (enabling flags) are used to determine the type of
-// events to be logged. Each hook type is controlled by one bit in the
-// Group masks.
-//
-// Currently we have 8 sets of global masks available. Each set is a ULONG with
-// the highest 3 bits reserved for PERF_MASK_INDEX, which is used to index to
-// the particular set of masks. For example,
-//
-// #define PERF_GROUP1 0x0XXXXXXX in the 0th set (0x10000000 is the last bit in this set)
-// #define PERF_GROUP2 0x2XXXXXXX in the 1st set (0x30000000 is the last bit in this set)
-// #define PERF_GROUP3 0x4XXXXXXX in the 2nd set (0x50000000 is the last bit in this set)
-// ...
-// #define PERF_GROUP7 0xeXXXXXXX in the 7th set (0xf0000000 is the last bit in this set)
-//
-// See ntperf.h for the manipulations of flags.
-//
-// Externally published group masks (only in the 0th set) are defined in envtrace.h.
-// This section contains extended group masks which are private.
-//
-// The highest set of GROUP_MASK (0xeXXXXXXX) is currently reserved for
-// modifying system behaviors (e.g., turn off page fault clustering, limit
-// process working set when BigFoot is turned on, etc.) when trace is
-// turned on.
-//
-//
-//
-// NOTE: In LongHorn we desided to expose some of the flags outside of group 0.
-// We did that by adding the following flags which are treated as aliases:
-//
-// EVENT_TRACE_FLAG_CSWITCH
-// EVENT_TRACE_FLAG_DPC
-// EVENT_TRACE_FLAG_INTERRUPT
-// EVENT_TRACE_FLAG_SYSTEMCALL
-// EVENT_TRACE_FLAG_DRIVER
-// EVENT_TRACE_FLAG_PROFILE
-//
-//
-// GlobalMask 0 (Masks[0])
-//
-#define PERF_REGISTRY EVENT_TRACE_FLAG_REGISTRY
-#define PERF_HARD_FAULTS EVENT_TRACE_FLAG_MEMORY_HARD_FAULTS
-#define PERF_JOB EVENT_TRACE_FLAG_JOB
-#define PERF_PROC_THREAD EVENT_TRACE_FLAG_PROCESS | EVENT_TRACE_FLAG_THREAD
-#define PERF_PROCESS EVENT_TRACE_FLAG_PROCESS
-#define PERF_THREAD EVENT_TRACE_FLAG_THREAD
-#define PERF_DISK_IO EVENT_TRACE_FLAG_DISK_FILE_IO | EVENT_TRACE_FLAG_DISK_IO
-#define PERF_DISK_IO_INIT EVENT_TRACE_FLAG_DISK_IO_INIT
-#define PERF_LOADER EVENT_TRACE_FLAG_IMAGE_LOAD
-#define PERF_ALL_FAULTS EVENT_TRACE_FLAG_MEMORY_PAGE_FAULTS
-#define PERF_FILENAME EVENT_TRACE_FLAG_DISK_FILE_IO
-#define PERF_NETWORK EVENT_TRACE_FLAG_NETWORK_TCPIP
-#define PERF_ALPC EVENT_TRACE_FLAG_ALPC
-#define PERF_SPLIT_IO EVENT_TRACE_FLAG_SPLIT_IO
-#define PERF_PERF_COUNTER EVENT_TRACE_FLAG_PROCESS_COUNTERS
-#define PERF_FILE_IO EVENT_TRACE_FLAG_FILE_IO
-#define PERF_FILE_IO_INIT EVENT_TRACE_FLAG_FILE_IO_INIT
-#define PERF_DBGPRINT EVENT_TRACE_FLAG_DBGPRINT
-#define PERF_NO_SYSCONFIG EVENT_TRACE_FLAG_NO_SYSCONFIG
-#define PERF_VAMAP EVENT_TRACE_FLAG_VAMAP
-#define PERF_DEBUG_EVENTS EVENT_TRACE_FLAG_DEBUG_EVENTS
-
-//
-// GlobalMask 1 (Masks[1])
-//
-#define PERF_MEMORY 0x20000001 // High level WS manager activities, PFN changes
-#define PERF_PROFILE 0x20000002 // Sysprof // equivalent to EVENT_TRACE_FLAG_PROFILE
-#define PERF_CONTEXT_SWITCH 0x20000004 // Context Switch // equivalent to EVENT_TRACE_FLAG_CSWITCH
-#define PERF_FOOTPRINT 0x20000008 // Flush WS on every mark_with_flush
-#define PERF_DRIVERS 0x20000010 // equivalent to EVENT_TRACE_FLAG_DRIVER
-#define PERF_REFSET 0x20000020 // PERF_FOOTPRINT + log AutoMark on trace start/stop.
-#define PERF_POOL 0x20000040
-#define PERF_POOLTRACE 0x20000041
-#define PERF_DPC 0x20000080 // equivalent to EVENT_TRACE_FLAG_DPC
-#define PERF_COMPACT_CSWITCH 0x20000100
-#define PERF_DISPATCHER 0x20000200 // equivalent to EVENT_TRACE_FLAG_DISPATCHER
-#define PERF_PMC_PROFILE 0x20000400
-#define PERF_PROFILING 0x20000402
-#define PERF_PROCESS_INSWAP 0x20000800
-#define PERF_AFFINITY 0x20001000
-#define PERF_PRIORITY 0x20002000
-#define PERF_INTERRUPT 0x20004000 // equivalent to EVENT_TRACE_FLAG_INTERRUPT
-#define PERF_VIRTUAL_ALLOC 0x20008000 // equivalent to EVENT_TRACE_FLAG_VIRTUAL_ALLOC
-#define PERF_SPINLOCK 0x20010000
-#define PERF_SYNC_OBJECTS 0x20020000
-#define PERF_DPC_QUEUE 0x20040000
-#define PERF_MEMINFO 0x20080000
-#define PERF_CONTMEM_GEN 0x20100000
-#define PERF_SPINLOCK_CNTRS 0x20200000
-#define PERF_SPININSTR 0x20210000
-#define PERF_SESSION 0x20400000
-#define PERF_PFSECTION PERF_SESSION // Bits in this group are scarce and so use SESSION for PFSECTION events.
-#define PERF_MEMINFO_WS 0x20800000 // Logs Workingset/Commit information on MemInfo DPC
-#define PERF_KERNEL_QUEUE 0x21000000
-#define PERF_INTERRUPT_STEER 0x22000000
-#define PERF_SHOULD_YIELD 0x24000000
-#define PERF_WS 0x28000000
-//#define PERF_POOLTRACE (PERF_MEMORY | PERF_POOL)
-//#define PERF_PROFILING (PERF_PROFILE | PERF_PMC_PROFILE)
-//#define PERF_SPININSTR (PERF_SPINLOCK | PERF_SPINLOCK_CNTRS)
-
-//
-// GlobalMask 2 (Masks[2])
-//
-#define PERF_ANTI_STARVATION 0x40000001
-#define PERF_PROCESS_FREEZE 0x40000002
-#define PERF_PFN_LIST 0x40000004
-#define PERF_WS_DETAIL 0x40000008
-#define PERF_WS_ENTRY 0x40000010
-#define PERF_HEAP 0x40000020
-#define PERF_SYSCALL 0x40000040
-#define PERF_UMS 0x40000080
-#define PERF_BACKTRACE 0x40000100
-#define PERF_VULCAN 0x40000200
-#define PERF_OBJECTS 0x40000400
-#define PERF_EVENTS 0x40000800
-#define PERF_FULLTRACE 0x40001000
-#define PERF_DFSS 0x40002000 // spare
-#define PERF_PREFETCH 0x40004000
-#define PERF_PROCESSOR_IDLE 0x40008000
-#define PERF_CPU_CONFIG 0x40010000
-#define PERF_TIMER 0x40020000
-#define PERF_CLOCK_INTERRUPT 0x40040000
-#define PERF_LOAD_BALANCER 0x40080000 // spare
-#define PERF_CLOCK_TIMER 0x40100000
-#define PERF_IDLE_SELECTION 0x40200000
-#define PERF_IPI 0x40400000
-#define PERF_IO_TIMER 0x40800000
-#define PERF_REG_HIVE 0x41000000
-#define PERF_REG_NOTIF 0x42000000
-#define PERF_PPM_EXIT_LATENCY 0x44000000
-#define PERF_WORKER_THREAD 0x48000000
-
-//
-// GlobalMask 3 (Masks[3])
-//
-
-// Reserved 0x60000001
-// Reserved 0x60000002
-// Reserved 0x60000004
-// Reserved 0x60000008
-// ...
-
-//
-// GlobalMask 4 (Masks[4])
-//
-
-#define PERF_OPTICAL_IO 0x80000001
-#define PERF_OPTICAL_IO_INIT 0x80000002
-// Reserved 0x80000004
-#define PERF_DLL_INFO 0x80000008
-#define PERF_DLL_FLUSH_WS 0x80000010
-// Reserved 0x80000020
-#define PERF_OB_HANDLE 0x80000040
-#define PERF_OB_OBJECT 0x80000080
-// Reserved 0x80000100
-#define PERF_WAKE_DROP 0x80000200
-#define PERF_WAKE_EVENT 0x80000400
-#define PERF_DEBUGGER 0x80000800
-#define PERF_PROC_ATTACH 0x80001000
-#define PERF_WAKE_COUNTER 0x80002000
-// Reserved 0x80004000
-#define PERF_POWER 0x80008000
-#define PERF_SOFT_TRIM 0x80010000
-#define PERF_CC 0x80020000
-// Reserved 0x80040000
-#define PERF_FLT_IO_INIT 0x80080000
-#define PERF_FLT_IO 0x80100000
-#define PERF_FLT_FASTIO 0x80200000
-#define PERF_FLT_IO_FAILURE 0x80400000
-#define PERF_HV_PROFILE 0x80800000
-#define PERF_WDF_DPC 0x81000000
-#define PERF_WDF_INTERRUPT 0x82000000
-#define PERF_CACHE_FLUSH 0x84000000
-
-//
-// GlobalMask 5:
-//
-
-#define PERF_HIBER_RUNDOWN 0xA0000001
-
-// Reserved 0xA0000002
-// Reserved 0xA0000004
-// Reserved 0xA0000008
-// ...
-
-//
-// GlobalMask 6:
-//
-
-#define PERF_SYSCFG_SYSTEM 0xC0000001
-#define PERF_SYSCFG_GRAPHICS 0xC0000002
-#define PERF_SYSCFG_STORAGE 0xC0000004
-#define PERF_SYSCFG_NETWORK 0xC0000008
-#define PERF_SYSCFG_SERVICES 0xC0000010
-#define PERF_SYSCFG_PNP 0xC0000020
-#define PERF_SYSCFG_OPTICAL 0xC0000040
-// Reserved 0xC0000080
-// Reserved 0xC0000100
-#define PERF_SYSCFG_ALL 0xDFFFFFFF
-
-//
-// GlobalMask 7: The mark is a control mask. All flags that changes system
-// behaviors go here.
-//
-
-#define PERF_CLUSTER_OFF 0xe0000001
-#define PERF_MEMORY_CONTROL 0xe0000002
-
-//
-// Converting old PERF hooks into WMI format. More clean up to be done.
-//
-// WHEN YOU ADD NEW TYPES UPDATE THE NAME TABLE in perfgroups.c:
-// PerfLogTypeNames ALSO UPDATE VERIFICATION TABLE IN PERFPOSTTBLS.C
-//
-
-//
-// Event for header
-//
-#define WMI_LOG_TYPE_HEADER (EVENT_TRACE_GROUP_HEADER | EVENT_TRACE_TYPE_INFO)
-#define WMI_LOG_TYPE_HEADER_EXTENSION (EVENT_TRACE_GROUP_HEADER | EVENT_TRACE_TYPE_EXTENSION)
-#define WMI_LOG_TYPE_RUNDOWN_COMPLETE (EVENT_TRACE_GROUP_HEADER | EVENT_TRACE_TYPE_CHECKPOINT)
-#define WMI_LOG_TYPE_GROUP_MASKS_END (EVENT_TRACE_GROUP_HEADER | 0x20)
-#define WMI_LOG_TYPE_RUNDOWN_BEGIN (EVENT_TRACE_GROUP_HEADER | 0x30)
-#define WMI_LOG_TYPE_RUNDOWN_END (EVENT_TRACE_GROUP_HEADER | 0x31)
-#define WMI_LOG_TYPE_DBGID_RSDS (EVENT_TRACE_GROUP_HEADER | EVENT_TRACE_TYPE_DBGID_RSDS)
-#define WMI_LOG_TYPE_DBGID_NB10 (EVENT_TRACE_GROUP_HEADER | 0x41)
-#define WMI_LOG_TYPE_BUILD_LAB (EVENT_TRACE_GROUP_HEADER | 0x42)
-#define WMI_LOG_TYPE_BINARY_PATH (EVENT_TRACE_GROUP_HEADER | 0x43)
-
-//
-// Event for system config
-//
-
-#define WMI_LOG_TYPE_CONFIG_CPU (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_CPU)
-#define WMI_LOG_TYPE_CONFIG_PHYSICALDISK (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_PHYSICALDISK)
-#define WMI_LOG_TYPE_CONFIG_LOGICALDISK (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_LOGICALDISK)
-#define WMI_LOG_TYPE_CONFIG_OPTICALMEDIA (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_OPTICALMEDIA)
-#define WMI_LOG_TYPE_CONFIG_NIC (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_NIC)
-#define WMI_LOG_TYPE_CONFIG_VIDEO (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_VIDEO)
-#define WMI_LOG_TYPE_CONFIG_SERVICES (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_SERVICES)
-#define WMI_LOG_TYPE_CONFIG_POWER (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_POWER)
-//#define WMI_LOG_TYPE_CONFIG_OSVERSION (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_OSVERSION)
-//#define WMI_LOG_TYPE_CONFIG_VISUALTHEME (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_VISUALTHEME)
-//#define WMI_LOG_TYPE_CONFIG_SYSTEMRANGE (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_SYSTEMRANGE)
-//#define WMI_LOG_TYPE_CONFIG_SYSDLLINFO (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_SYSDLLINFO)
-#define WMI_LOG_TYPE_CONFIG_IRQ (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_IRQ)
-#define WMI_LOG_TYPE_CONFIG_PNP (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_PNP)
-#define WMI_LOG_TYPE_CONFIG_IDECHANNEL (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_IDECHANNEL)
-#define WMI_LOG_TYPE_CONFIG_NUMANODE (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_NUMANODE)
-#define WMI_LOG_TYPE_CONFIG_PLATFORM (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_PLATFORM)
-#define WMI_LOG_TYPE_CONFIG_PROCESSORGROUP (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_PROCESSORGROUP)
-#define WMI_LOG_TYPE_CONFIG_PROCESSORNUMBER (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_PROCESSORNUMBER)
-#define WMI_LOG_TYPE_CONFIG_DPI (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_DPI)
-#define WMI_LOG_TYPE_CONFIG_CODEINTEGRITY (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_CI_INFO)
-#define WMI_LOG_TYPE_CONFIG_MACHINEID (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_MACHINEID)
-
-//
-// Event for Image and File Name
-//
-#define PERFINFO_LOG_TYPE_FILENAME (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_INFO)
-#define PERFINFO_LOG_TYPE_FILENAME_CREATE (EVENT_TRACE_GROUP_FILE | 0x20)
-#define PERFINFO_LOG_TYPE_FILENAME_SAME (EVENT_TRACE_GROUP_FILE | 0x21)
-#define PERFINFO_LOG_TYPE_FILENAME_NULL (EVENT_TRACE_GROUP_FILE | 0x22)
-#define PERFINFO_LOG_TYPE_FILENAME_DELETE (EVENT_TRACE_GROUP_FILE | 0x23)
-#define PERFINFO_LOG_TYPE_FILENAME_RUNDOWN (EVENT_TRACE_GROUP_FILE | 0x24)
-
-#define PERFINFO_LOG_TYPE_MAPFILE (EVENT_TRACE_GROUP_FILE | 0x25)
-#define PERFINFO_LOG_TYPE_UNMAPFILE (EVENT_TRACE_GROUP_FILE | 0x26)
-#define PERFINFO_LOG_TYPE_MAPFILE_DC_START (EVENT_TRACE_GROUP_FILE | 0x27)
-#define PERFINFO_LOG_TYPE_MAPFILE_DC_END (EVENT_TRACE_GROUP_FILE | 0x28)
-
-#define PERFINFO_LOG_TYPE_FILE_IO_CREATE (EVENT_TRACE_GROUP_FILE | 0x40)
-#define PERFINFO_LOG_TYPE_FILE_IO_CLEANUP (EVENT_TRACE_GROUP_FILE | 0x41)
-#define PERFINFO_LOG_TYPE_FILE_IO_CLOSE (EVENT_TRACE_GROUP_FILE | 0x42)
-#define PERFINFO_LOG_TYPE_FILE_IO_READ (EVENT_TRACE_GROUP_FILE | 0x43)
-#define PERFINFO_LOG_TYPE_FILE_IO_WRITE (EVENT_TRACE_GROUP_FILE | 0x44)
-#define PERFINFO_LOG_TYPE_FILE_IO_SET_INFORMATION (EVENT_TRACE_GROUP_FILE | 0x45)
-#define PERFINFO_LOG_TYPE_FILE_IO_DELETE (EVENT_TRACE_GROUP_FILE | 0x46)
-#define PERFINFO_LOG_TYPE_FILE_IO_RENAME (EVENT_TRACE_GROUP_FILE | 0x47)
-#define PERFINFO_LOG_TYPE_FILE_IO_DIRENUM (EVENT_TRACE_GROUP_FILE | 0x48)
-#define PERFINFO_LOG_TYPE_FILE_IO_FLUSH (EVENT_TRACE_GROUP_FILE | 0x49)
-#define PERFINFO_LOG_TYPE_FILE_IO_QUERY_INFORMATION (EVENT_TRACE_GROUP_FILE | 0x4A)
-#define PERFINFO_LOG_TYPE_FILE_IO_FS_CONTROL (EVENT_TRACE_GROUP_FILE | 0x4B)
-#define PERFINFO_LOG_TYPE_FILE_IO_OPERATION_END (EVENT_TRACE_GROUP_FILE | 0x4C)
-#define PERFINFO_LOG_TYPE_FILE_IO_DIRNOTIFY (EVENT_TRACE_GROUP_FILE | 0x4D)
-#define PERFINFO_LOG_TYPE_FILE_IO_CREATE_NEW (EVENT_TRACE_GROUP_FILE | 0x4E)
-#define PERFINFO_LOG_TYPE_FILE_IO_DELETE_PATH (EVENT_TRACE_GROUP_FILE | 0x4F)
-#define PERFINFO_LOG_TYPE_FILE_IO_RENAME_PATH (EVENT_TRACE_GROUP_FILE | 0x50)
-#define PERFINFO_LOG_TYPE_FILE_IO_SETLINK_PATH (EVENT_TRACE_GROUP_FILE | 0x51)
-#define PERFINFO_LOG_TYPE_FILE_IO_SETLINK (EVENT_TRACE_GROUP_FILE | 0x52)
-
-//
-// Event types for minifilter callbacks
-//
-
-#define PERFINFO_LOG_TYPE_FLT_PREOP_INIT (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_FLT_PREOP_INIT)
-#define PERFINFO_LOG_TYPE_FLT_POSTOP_INIT (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_FLT_POSTOP_INIT)
-#define PERFINFO_LOG_TYPE_FLT_PREOP_COMPLETION (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_FLT_PREOP_COMPLETION)
-#define PERFINFO_LOG_TYPE_FLT_POSTOP_COMPLETION (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_FLT_POSTOP_COMPLETION)
-#define PERFINFO_LOG_TYPE_FLT_PREOP_FAILURE (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_FLT_PREOP_FAILURE)
-#define PERFINFO_LOG_TYPE_FLT_POSTOP_FAILURE (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_FLT_POSTOP_FAILURE)
-
-//
-// Event types for Job
-//
-
-#define WMI_LOG_TYPE_JOB_CREATE (EVENT_TRACE_GROUP_JOB | 0x20)
-#define WMI_LOG_TYPE_JOB_TERMINATE (EVENT_TRACE_GROUP_JOB | 0x21)
-#define WMI_LOG_TYPE_JOB_OPEN (EVENT_TRACE_GROUP_JOB | 0x22)
-#define WMI_LOG_TYPE_JOB_ASSIGN_PROCESS (EVENT_TRACE_GROUP_JOB | 0x23)
-#define WMI_LOG_TYPE_JOB_REMOVE_PROCESS (EVENT_TRACE_GROUP_JOB | 0x24)
-#define WMI_LOG_TYPE_JOB_SET (EVENT_TRACE_GROUP_JOB | 0x25)
-#define WMI_LOG_TYPE_JOB_QUERY (EVENT_TRACE_GROUP_JOB | 0x26)
-#define WMI_LOG_TYPE_JOB_SET_FAILED (EVENT_TRACE_GROUP_JOB | 0x27)
-#define WMI_LOG_TYPE_JOB_QUERY_FAILED (EVENT_TRACE_GROUP_JOB | 0x28)
-#define WMI_LOG_TYPE_JOB_SET_NOTIFICATION (EVENT_TRACE_GROUP_JOB | 0x29)
-#define WMI_LOG_TYPE_JOB_SEND_NOTIFICATION (EVENT_TRACE_GROUP_JOB | 0x2A)
-#define WMI_LOG_TYPE_JOB_QUERY_VIOLATION (EVENT_TRACE_GROUP_JOB | 0x2B)
-#define WMI_LOG_TYPE_JOB_SET_CPU_RATE (EVENT_TRACE_GROUP_JOB | 0x2C)
-#define WMI_LOG_TYPE_JOB_SET_NET_RATE (EVENT_TRACE_GROUP_JOB | 0x2D)
-
-//
-// Event types for Process
-//
-
-#define WMI_LOG_TYPE_PROCESS_CREATE (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_START)
-#define WMI_LOG_TYPE_PROCESS_DELETE (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_END)
-#define WMI_LOG_TYPE_PROCESS_DC_START (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_DC_START)
-#define WMI_LOG_TYPE_PROCESS_DC_END (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_DC_END)
-#define WMI_LOG_TYPE_PROCESS_LOAD_IMAGE (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_LOAD)
-#define WMI_LOG_TYPE_PROCESS_TERMINATE (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_TERMINATE)
-
-#define PERFINFO_LOG_TYPE_PROCESS_PERFCTR_END (EVENT_TRACE_GROUP_PROCESS | 0x20)
-#define PERFINFO_LOG_TYPE_PROCESS_PERFCTR_RD (EVENT_TRACE_GROUP_PROCESS | 0x21)
-// Reserved (EVENT_TRACE_GROUP_PROCESS | 0x22)
-#define PERFINFO_LOG_TYPE_INSWAPPROCESS (EVENT_TRACE_GROUP_PROCESS | 0x23)
-#define PERFINFO_LOG_TYPE_PROCESS_FREEZE (EVENT_TRACE_GROUP_PROCESS | 0x24)
-#define PERFINFO_LOG_TYPE_PROCESS_THAW (EVENT_TRACE_GROUP_PROCESS | 0x25)
-#define PERFINFO_LOG_TYPE_BOOT_PHASE_START (EVENT_TRACE_GROUP_PROCESS | 0x26)
-#define PERFINFO_LOG_TYPE_ZOMBIE_PROCESS (EVENT_TRACE_GROUP_PROCESS | 0x27)
-#define PERFINFO_LOG_TYPE_PROCESS_SET_AFFINITY (EVENT_TRACE_GROUP_PROCESS | 0x28)
-
-#define PERFINFO_LOG_TYPE_CHARGE_WAKE_COUNTER_USER (EVENT_TRACE_GROUP_PROCESS | 0x30)
-#define PERFINFO_LOG_TYPE_CHARGE_WAKE_COUNTER_EXECUTION (EVENT_TRACE_GROUP_PROCESS | 0x31)
-#define PERFINFO_LOG_TYPE_CHARGE_WAKE_COUNTER_KERNEL (EVENT_TRACE_GROUP_PROCESS | 0x32)
-#define PERFINFO_LOG_TYPE_CHARGE_WAKE_COUNTER_INSTRUMENTATION (EVENT_TRACE_GROUP_PROCESS | 0x33)
-#define PERFINFO_LOG_TYPE_CHARGE_WAKE_COUNTER_PRESERVE_PROCESS (EVENT_TRACE_GROUP_PROCESS | 0x34)
-
-#define PERFINFO_LOG_TYPE_RELEASE_WAKE_COUNTER_USER (EVENT_TRACE_GROUP_PROCESS | 0x40)
-#define PERFINFO_LOG_TYPE_RELEASE_WAKE_COUNTER_EXECUTION (EVENT_TRACE_GROUP_PROCESS | 0x41)
-#define PERFINFO_LOG_TYPE_RELEASE_WAKE_COUNTER_KERNEL (EVENT_TRACE_GROUP_PROCESS | 0x42)
-#define PERFINFO_LOG_TYPE_RELEASE_WAKE_COUNTER_INSTRUMENTATION (EVENT_TRACE_GROUP_PROCESS | 0x43)
-#define PERFINFO_LOG_TYPE_RELEASE_WAKE_COUNTER_PRESERVE_PROCESS (EVENT_TRACE_GROUP_PROCESS | 0x44)
-
-#define PERFINFO_LOG_TYPE_WAKE_DROP_USER (EVENT_TRACE_GROUP_PROCESS | 0x50)
-#define PERFINFO_LOG_TYPE_WAKE_DROP_EXECUTION (EVENT_TRACE_GROUP_PROCESS | 0x51)
-#define PERFINFO_LOG_TYPE_WAKE_DROP_KERNEL (EVENT_TRACE_GROUP_PROCESS | 0x52)
-#define PERFINFO_LOG_TYPE_WAKE_DROP_INSTRUMENTATION (EVENT_TRACE_GROUP_PROCESS | 0x53)
-#define PERFINFO_LOG_TYPE_WAKE_DROP_PRESERVE_PROCESS (EVENT_TRACE_GROUP_PROCESS | 0x54)
-
-#define PERFINFO_LOG_TYPE_WAKE_EVENT_USER (EVENT_TRACE_GROUP_PROCESS | 0x60)
-#define PERFINFO_LOG_TYPE_WAKE_EVENT_EXECUTION (EVENT_TRACE_GROUP_PROCESS | 0x61)
-#define PERFINFO_LOG_TYPE_WAKE_EVENT_KERNEL (EVENT_TRACE_GROUP_PROCESS | 0x62)
-#define PERFINFO_LOG_TYPE_WAKE_EVENT_INSTRUMENTATION (EVENT_TRACE_GROUP_PROCESS | 0x63)
-#define PERFINFO_LOG_TYPE_WAKE_EVENT_PRESERVE_PROCESS (EVENT_TRACE_GROUP_PROCESS | 0x64)
-
-#define PERFINFO_LOG_TYPE_DEBUG_EVENT (EVENT_TRACE_GROUP_PROCESS | 0x70)
-
-//
-// Event types for Image and Library Loader
-//
-
-#define WMI_LOG_TYPE_IMAGE_LOAD (EVENT_TRACE_GROUP_IMAGE | EVENT_TRACE_TYPE_START) // reserved for future
-#define WMI_LOG_TYPE_IMAGE_UNLOAD (EVENT_TRACE_GROUP_IMAGE | EVENT_TRACE_TYPE_END)
-#define WMI_LOG_TYPE_IMAGE_DC_START (EVENT_TRACE_GROUP_IMAGE | EVENT_TRACE_TYPE_DC_START)
-#define WMI_LOG_TYPE_IMAGE_DC_END (EVENT_TRACE_GROUP_IMAGE | EVENT_TRACE_TYPE_DC_END)
-#define WMI_LOG_TYPE_IMAGE_RELOCATION (EVENT_TRACE_GROUP_IMAGE | 0x20)
-#define WMI_LOG_TYPE_IMAGE_KERNEL_BASE (EVENT_TRACE_GROUP_IMAGE | 0x21)
-#define WMI_LOG_TYPE_IMAGE_HYPERCALL_PAGE (EVENT_TRACE_GROUP_IMAGE | 0x22)
-
-#define PERFINFO_LOG_TYPE_LDR_LOCK_ACQUIRE_ATTEMPT (EVENT_TRACE_GROUP_IMAGE | 0x80) // 128
-#define PERFINFO_LOG_TYPE_LDR_LOCK_ACQUIRE_SUCCESS (EVENT_TRACE_GROUP_IMAGE | 0x81)
-#define PERFINFO_LOG_TYPE_LDR_LOCK_ACQUIRE_FAIL (EVENT_TRACE_GROUP_IMAGE | 0x82)
-#define PERFINFO_LOG_TYPE_LDR_LOCK_ACQUIRE_WAIT (EVENT_TRACE_GROUP_IMAGE | 0x83)
-#define PERFINFO_LOG_TYPE_LDR_PROC_INIT_DONE (EVENT_TRACE_GROUP_IMAGE | 0x84) // 132
-#define PERFINFO_LOG_TYPE_LDR_CREATE_SECTION (EVENT_TRACE_GROUP_IMAGE | 0x85)
-#define PERFINFO_LOG_TYPE_LDR_SECTION_CREATED (EVENT_TRACE_GROUP_IMAGE | 0x86)
-#define PERFINFO_LOG_TYPE_LDR_MAP_VIEW (EVENT_TRACE_GROUP_IMAGE | 0x87)
-
-#define PERFINFO_LOG_TYPE_LDR_RELOCATE_IMAGE (EVENT_TRACE_GROUP_IMAGE | 0x90) // 144
-#define PERFINFO_LOG_TYPE_LDR_IMAGE_RELOCATED (EVENT_TRACE_GROUP_IMAGE | 0x91)
-#define PERFINFO_LOG_TYPE_LDR_HANDLE_OLD_DESCRIPTORS (EVENT_TRACE_GROUP_IMAGE | 0x92)
-#define PERFINFO_LOG_TYPE_LDR_OLD_DESCRIPTORS_HANDLED (EVENT_TRACE_GROUP_IMAGE | 0x93)
-#define PERFINFO_LOG_TYPE_LDR_HANDLE_NEW_DESCRIPTORS (EVENT_TRACE_GROUP_IMAGE | 0x94) // 148
-#define PERFINFO_LOG_TYPE_LDR_NEW_DESCRIPTORS_HANDLED (EVENT_TRACE_GROUP_IMAGE | 0x95)
-#define PERFINFO_LOG_TYPE_LDR_DLLMAIN_EXIT (EVENT_TRACE_GROUP_IMAGE | 0x96)
-
-#define PERFINFO_LOG_TYPE_LDR_FIND_DLL (EVENT_TRACE_GROUP_IMAGE | 0xA0) // 160
-#define PERFINFO_LOG_TYPE_LDR_VIEW_MAPPED (EVENT_TRACE_GROUP_IMAGE | 0xA1)
-#define PERFINFO_LOG_TYPE_LDR_LOCK_RELEASE (EVENT_TRACE_GROUP_IMAGE | 0xA2)
-#define PERFINFO_LOG_TYPE_LDR_DLLMAIN_ENTER (EVENT_TRACE_GROUP_IMAGE | 0xA3)
-#define PERFINFO_LOG_TYPE_LDR_ERROR (EVENT_TRACE_GROUP_IMAGE | 0xA4) // 164
-
-#define PERFINFO_LOG_TYPE_LDR_VIEW_MAPPING (EVENT_TRACE_GROUP_IMAGE | 0xA5) // 165
-#define PERFINFO_LOG_TYPE_LDR_SNAPPING (EVENT_TRACE_GROUP_IMAGE | 0xA6)
-#define PERFINFO_LOG_TYPE_LDR_SNAPPED (EVENT_TRACE_GROUP_IMAGE | 0xA7)
-#define PERFINFO_LOG_TYPE_LDR_LOADING (EVENT_TRACE_GROUP_IMAGE | 0xA8)
-#define PERFINFO_LOG_TYPE_LDR_LOADED (EVENT_TRACE_GROUP_IMAGE | 0xA9)
-#define PERFINFO_LOG_TYPE_LDR_FOUND_KNOWN_DLL (EVENT_TRACE_GROUP_IMAGE | 0xAA) // 170
-#define PERFINFO_LOG_TYPE_LDR_ABNORMAL (EVENT_TRACE_GROUP_IMAGE | 0xAB)
-#define PERFINFO_LOG_TYPE_LDR_PLACEHOLDER (EVENT_TRACE_GROUP_IMAGE | 0xAC)
-#define PERFINFO_LOG_TYPE_LDR_RDY_TO_INIT (EVENT_TRACE_GROUP_IMAGE | 0xAD)
-#define PERFINFO_LOG_TYPE_LDR_RDY_TO_RUN (EVENT_TRACE_GROUP_IMAGE | 0xAE) // 174
-
-
-#define PERFINFO_LOG_TYPE_LDR_NEW_DLL_LOAD (EVENT_TRACE_GROUP_IMAGE | 0xB0) // 176
-#define PERFINFO_LOG_TYPE_LDR_NEW_DLL_AS_DATA (EVENT_TRACE_GROUP_IMAGE | 0xB1) // 177
-
-#define PERFINFO_LOG_TYPE_LDR_EXTERNAL_PATH (EVENT_TRACE_GROUP_IMAGE | 0xC0) // 192
-#define PERFINFO_LOG_TYPE_LDR_GENERATED_PATH (EVENT_TRACE_GROUP_IMAGE | 0xC1)
-
-#define PERFINFO_LOG_TYPE_LDR_APISET_RESOLVING (EVENT_TRACE_GROUP_IMAGE | 0xD0) // 208
-#define PERFINFO_LOG_TYPE_LDR_APISET_HOSTED (EVENT_TRACE_GROUP_IMAGE | 0xD1) // 209
-#define PERFINFO_LOG_TYPE_LDR_APISET_UNHOSTED (EVENT_TRACE_GROUP_IMAGE | 0xD2) // 210
-#define PERFINFO_LOG_TYPE_LDR_APISET_UNRESOLVED (EVENT_TRACE_GROUP_IMAGE | 0xD3) // 211
-
-#define PERFINFO_LOG_TYPE_LDR_SEARCH_SECURITY (EVENT_TRACE_GROUP_IMAGE | 0xD4) // 212
-#define PERFINFO_LOG_TYPE_LDR_SEARCH_PATH_SECURITY (EVENT_TRACE_GROUP_IMAGE | 0xD5) // 213
-
-//
-// Event types for Thread
-//
-
-#define WMI_LOG_TYPE_THREAD_CREATE (EVENT_TRACE_GROUP_THREAD | EVENT_TRACE_TYPE_START)
-#define WMI_LOG_TYPE_THREAD_DELETE (EVENT_TRACE_GROUP_THREAD | EVENT_TRACE_TYPE_END)
-#define WMI_LOG_TYPE_THREAD_DC_START (EVENT_TRACE_GROUP_THREAD | EVENT_TRACE_TYPE_DC_START)
-#define WMI_LOG_TYPE_THREAD_DC_END (EVENT_TRACE_GROUP_THREAD | EVENT_TRACE_TYPE_DC_END)
-
-// Reserved (EVENT_TRACE_GROUP_THREAD | 0x20)
-// Reserved (EVENT_TRACE_GROUP_THREAD | 0x21)
-// Reserved (EVENT_TRACE_GROUP_THREAD | 0x22)
-// Reserved (EVENT_TRACE_GROUP_THREAD | 0x23)
-#define PERFINFO_LOG_TYPE_CONTEXTSWAP (EVENT_TRACE_GROUP_THREAD | 0x24)
-#define PERFINFO_LOG_TYPE_CONTEXTSWAP_BATCH (EVENT_TRACE_GROUP_THREAD | 0x25)
-// Reserved (EVENT_TRACE_GROUP_THREAD | 0x26)
-// Reserved (EVENT_TRACE_GROUP_THREAD | 0x27)
-// Reserved (EVENT_TRACE_GROUP_THREAD | 0x28)
-#define PERFINFO_LOG_TYPE_SPINLOCK (EVENT_TRACE_GROUP_THREAD | 0x29)
-#define PERFINFO_LOG_TYPE_QUEUE (EVENT_TRACE_GROUP_THREAD | 0x2A)
-#define PERFINFO_LOG_TYPE_RESOURCE (EVENT_TRACE_GROUP_THREAD | 0x2B)
-#define PERFINFO_LOG_TYPE_PUSHLOCK (EVENT_TRACE_GROUP_THREAD | 0x2C)
-#define PERFINFO_LOG_TYPE_WAIT_SINGLE (EVENT_TRACE_GROUP_THREAD | 0x2D)
-#define PERFINFO_LOG_TYPE_WAIT_MULTIPLE (EVENT_TRACE_GROUP_THREAD | 0x2E)
-#define PERFINFO_LOG_TYPE_DELAY_EXECUTION (EVENT_TRACE_GROUP_THREAD | 0x2F)
-#define PERFINFO_LOG_TYPE_THREAD_SET_PRIORITY (EVENT_TRACE_GROUP_THREAD | 0x30)
-#define PERFINFO_LOT_TYPE_THREAD_SET_BASE_PRIORITY (EVENT_TRACE_GROUP_THREAD | 0x31)
-#define PERFINFO_LOG_TYPE_THREAD_SET_BASE_PRIORITY (EVENT_TRACE_GROUP_THREAD | 0x31)
-#define PERFINFO_LOG_TYPE_READY_THREAD (EVENT_TRACE_GROUP_THREAD | 0x32)
-#define PERFINFO_LOG_TYPE_THREAD_SET_PAGE_PRIORITY (EVENT_TRACE_GROUP_THREAD | 0x33)
-#define PERFINFO_LOG_TYPE_THREAD_SET_IO_PRIORITY (EVENT_TRACE_GROUP_THREAD | 0x34)
-#define PERFINFO_LOG_TYPE_THREAD_SET_AFFINITY (EVENT_TRACE_GROUP_THREAD | 0x35)
-#define PERFINFO_LOG_TYPE_WORKER_THREAD_ITEM (EVENT_TRACE_GROUP_THREAD | 0x39)
-#define PERFINFO_LOG_TYPE_DFSS_START_NEW_INTERVAL (EVENT_TRACE_GROUP_THREAD | 0x3A)
-#define PERFINFO_LOG_TYPE_DFSS_PROCESS_IDLE_ONLY_QUEUE (EVENT_TRACE_GROUP_THREAD | 0x3B)
-#define PERFINFO_LOG_TYPE_ANTI_STARVATION_BOOST (EVENT_TRACE_GROUP_THREAD | 0x3C)
-#define PERFINFO_LOG_TYPE_THREAD_MIGRATION (EVENT_TRACE_GROUP_THREAD | 0x3D)
-#define PERFINFO_LOG_TYPE_KQUEUE_ENQUEUE (EVENT_TRACE_GROUP_THREAD | 0x3E)
-#define PERFINFO_LOG_TYPE_KQUEUE_DEQUEUE (EVENT_TRACE_GROUP_THREAD | 0x3F)
-#define PERFINFO_LOG_TYPE_WORKER_THREAD_ITEM_START (EVENT_TRACE_GROUP_THREAD | 0x40)
-#define PERFINFO_LOG_TYPE_WORKER_THREAD_ITEM_END (EVENT_TRACE_GROUP_THREAD | 0x41)
-#define PERFINFO_LOG_TYPE_AUTO_BOOST_SET_FLOOR (EVENT_TRACE_GROUP_THREAD | 0x42)
-#define PERFINFO_LOG_TYPE_AUTO_BOOST_CLEAR_FLOOR (EVENT_TRACE_GROUP_THREAD | 0x43)
-#define PERFINFO_LOG_TYPE_AUTO_BOOST_NO_ENTRIES (EVENT_TRACE_GROUP_THREAD | 0x44)
-#define PERFINFO_LOG_TYPE_THREAD_SUBPROCESSTAG_CHANGED (EVENT_TRACE_GROUP_THREAD | 0x45)
-
-//
-// Event types for Network subsystem (TCPIP/UDPIP)
-//
-
-#define WMI_LOG_TYPE_TCPIP_SEND (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_SEND)
-#define WMI_LOG_TYPE_TCPIP_RECEIVE (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_RECEIVE)
-#define WMI_LOG_TYPE_TCPIP_CONNECT (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_CONNECT)
-#define WMI_LOG_TYPE_TCPIP_DISCONNECT (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_DISCONNECT)
-#define WMI_LOG_TYPE_TCPIP_RETRANSMIT (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_RETRANSMIT)
-#define WMI_LOG_TYPE_TCPIP_ACCEPT (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_ACCEPT)
-#define WMI_LOG_TYPE_TCPIP_RECONNECT (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_RECONNECT)
-#define WMI_LOG_TYPE_TCPIP_FAIL (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_CONNFAIL)
-#define WMI_LOG_TYPE_TCPIP_TCPCOPY (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_COPY_TCP)
-#define WMI_LOG_TYPE_TCPIP_ARPCOPY (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_COPY_ARP)
-#define WMI_LOG_TYPE_TCPIP_FULLACK (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_ACKFULL)
-#define WMI_LOG_TYPE_TCPIP_PARTACK (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_ACKPART)
-#define WMI_LOG_TYPE_TCPIP_DUPACK (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_ACKDUP)
-
-#define WMI_LOG_TYPE_UDP_SEND (EVENT_TRACE_GROUP_UDPIP | EVENT_TRACE_TYPE_SEND)
-#define WMI_LOG_TYPE_UDP_RECEIVE (EVENT_TRACE_GROUP_UDPIP | EVENT_TRACE_TYPE_RECEIVE)
-#define WMI_LOG_TYPE_UDP_FAIL (EVENT_TRACE_GROUP_UDPIP | EVENT_TRACE_TYPE_CONNFAIL)
-
-//
-// Netowrk events with IPV6
-//
-#define WMI_LOG_TYPE_TCPIP_SEND_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x1A)
-#define WMI_LOG_TYPE_TCPIP_RECEIVE_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x1B)
-#define WMI_LOG_TYPE_TCPIP_CONNECT_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x1C)
-#define WMI_LOG_TYPE_TCPIP_DISCONNECT_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x1D)
-#define WMI_LOG_TYPE_TCPIP_RETRANSMIT_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x1E)
-#define WMI_LOG_TYPE_TCPIP_ACCEPT_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x1F)
-#define WMI_LOG_TYPE_TCPIP_RECONNECT_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x20)
-#define WMI_LOG_TYPE_TCPIP_FAIL_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x21)
-#define WMI_LOG_TYPE_TCPIP_TCPCOPY_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x22)
-#define WMI_LOG_TYPE_TCPIP_ARPCOPY_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x23)
-#define WMI_LOG_TYPE_TCPIP_FULLACK_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x24)
-#define WMI_LOG_TYPE_TCPIP_PARTACK_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x25)
-#define WMI_LOG_TYPE_TCPIP_DUPACK_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x26)
-
-#define WMI_LOG_TYPE_UDP_SEND_IPV6 (EVENT_TRACE_GROUP_UDPIP | 0x1A)
-#define WMI_LOG_TYPE_UDP_RECEIVE_IPV6 (EVENT_TRACE_GROUP_UDPIP | 0x1B)
-
-//
-// Event types for IO subsystem
-//
-
-#define WMI_LOG_TYPE_IO_READ (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_READ)
-#define WMI_LOG_TYPE_IO_WRITE (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_WRITE)
-#define WMI_LOG_TYPE_IO_READ_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_READ_INIT)
-#define WMI_LOG_TYPE_IO_WRITE_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_WRITE_INIT)
-#define WMI_LOG_TYPE_IO_FLUSH (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_FLUSH)
-#define WMI_LOG_TYPE_IO_FLUSH_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_FLUSH_INIT)
-#define WMI_LOG_TYPE_IO_REDIRECTED_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_REDIRECTED_INIT)
-
-#define PERFINFO_LOG_TYPE_DRIVER_INIT (EVENT_TRACE_GROUP_IO | 0x20)
-#define PERFINFO_LOG_TYPE_DRIVER_INIT_COMPLETE (EVENT_TRACE_GROUP_IO | 0x21)
-#define PERFINFO_LOG_TYPE_DRIVER_MAJORFUNCTION_CALL (EVENT_TRACE_GROUP_IO | 0x22)
-#define PERFINFO_LOG_TYPE_DRIVER_MAJORFUNCTION_RETURN (EVENT_TRACE_GROUP_IO | 0x23)
-#define PERFINFO_LOG_TYPE_DRIVER_COMPLETIONROUTINE_CALL (EVENT_TRACE_GROUP_IO | 0x24)
-#define PERFINFO_LOG_TYPE_DRIVER_COMPLETIONROUTINE_RETURN (EVENT_TRACE_GROUP_IO | 0x25)
-#define PERFINFO_LOG_TYPE_DRIVER_ADD_DEVICE_CALL (EVENT_TRACE_GROUP_IO | 0x26)
-#define PERFINFO_LOG_TYPE_DRIVER_ADD_DEVICE_RETURN (EVENT_TRACE_GROUP_IO | 0x27)
-#define PERFINFO_LOG_TYPE_DRIVER_STARTIO_CALL (EVENT_TRACE_GROUP_IO | 0x28)
-#define PERFINFO_LOG_TYPE_DRIVER_STARTIO_RETURN (EVENT_TRACE_GROUP_IO | 0x29)
-// Reserved (EVENT_TRACE_GROUP_IO | 0x2a)
-// Reserved (EVENT_TRACE_GROUP_IO | 0x2b)
-// Reserved (EVENT_TRACE_GROUP_IO | 0x2c)
-// Reserved (EVENT_TRACE_GROUP_IO | 0x2d)
-// Reserved (EVENT_TRACE_GROUP_IO | 0x2e)
-// Reserved (EVENT_TRACE_GROUP_IO | 0x2f)
-#define PERFINFO_LOG_TYPE_PREFETCH_ACTION (EVENT_TRACE_GROUP_IO | 0x30)
-#define PERFINFO_LOG_TYPE_PREFETCH_REQUEST (EVENT_TRACE_GROUP_IO | 0x31)
-#define PERFINFO_LOG_TYPE_PREFETCH_READLIST (EVENT_TRACE_GROUP_IO | 0x32)
-#define PERFINFO_LOG_TYPE_PREFETCH_READ (EVENT_TRACE_GROUP_IO | 0x33)
-#define PERFINFO_LOG_TYPE_DRIVER_COMPLETE_REQUEST (EVENT_TRACE_GROUP_IO | 0x34)
-#define PERFINFO_LOG_TYPE_DRIVER_COMPLETE_REQUEST_RETURN (EVENT_TRACE_GROUP_IO | 0x35)
-#define PERFINFO_LOG_TYPE_BOOT_PREFETCH_INFORMATION (EVENT_TRACE_GROUP_IO | 0x36)
-#define PERFINFO_LOG_TYPE_OPTICAL_IO_READ (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_OPTICAL_IO_READ)
-#define PERFINFO_LOG_TYPE_OPTICAL_IO_WRITE (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_OPTICAL_IO_WRITE)
-#define PERFINFO_LOG_TYPE_OPTICAL_IO_FLUSH (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_OPTICAL_IO_FLUSH)
-#define PERFINFO_LOG_TYPE_OPTICAL_IO_READ_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_OPTICAL_IO_READ_INIT)
-#define PERFINFO_LOG_TYPE_OPTICAL_IO_WRITE_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_OPTICAL_IO_WRITE_INIT)
-#define PERFINFO_LOG_TYPE_OPTICAL_IO_FLUSH_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_OPTICAL_IO_FLUSH_INIT)
-
-//
-// Event types for Memory subsystem
-//
-#define WMI_LOG_TYPE_PAGE_FAULT_TRANSITION (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_TF)
-#define WMI_LOG_TYPE_PAGE_FAULT_DEMAND_ZERO (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_DZF)
-#define WMI_LOG_TYPE_PAGE_FAULT_COPY_ON_WRITE (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_COW)
-#define WMI_LOG_TYPE_PAGE_FAULT_GUARD_PAGE (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_GPF)
-#define WMI_LOG_TYPE_PAGE_FAULT_HARD_PAGE_FAULT (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_HPF)
-#define WMI_LOG_TYPE_PAGE_FAULT_ACCESS_VIOLATION (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_AV)
-
-#define PERFINFO_LOG_TYPE_HARDFAULT (EVENT_TRACE_GROUP_MEMORY | 0x20)
-#define PERFINFO_LOG_TYPE_REMOVEPAGEBYCOLOR (EVENT_TRACE_GROUP_MEMORY | 0x21)
-#define PERFINFO_LOG_TYPE_REMOVEPAGEFROMLIST (EVENT_TRACE_GROUP_MEMORY | 0x22)
-#define PERFINFO_LOG_TYPE_PAGEINMEMORY (EVENT_TRACE_GROUP_MEMORY | 0x23)
-#define PERFINFO_LOG_TYPE_INSERTINFREELIST (EVENT_TRACE_GROUP_MEMORY | 0x24)
-#define PERFINFO_LOG_TYPE_INSERTINMODIFIEDLIST (EVENT_TRACE_GROUP_MEMORY | 0x25)
-#define PERFINFO_LOG_TYPE_INSERTINLIST (EVENT_TRACE_GROUP_MEMORY | 0x26)
-#define PERFINFO_LOG_TYPE_INSERTATFRONT (EVENT_TRACE_GROUP_MEMORY | 0x28)
-#define PERFINFO_LOG_TYPE_UNLINKFROMSTANDBY (EVENT_TRACE_GROUP_MEMORY | 0x29)
-#define PERFINFO_LOG_TYPE_UNLINKFFREEORZERO (EVENT_TRACE_GROUP_MEMORY | 0x2a)
-#define PERFINFO_LOG_TYPE_WORKINGSETMANAGER (EVENT_TRACE_GROUP_MEMORY | 0x2b)
-#define PERFINFO_LOG_TYPE_TRIMPROCESS (EVENT_TRACE_GROUP_MEMORY | 0x2c)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x2d)
-#define PERFINFO_LOG_TYPE_ZEROSHARECOUNT (EVENT_TRACE_GROUP_MEMORY | 0x2e)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x2f)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x30)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x31)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x32)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x33)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x34)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x35)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x36)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x37)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x38)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x39)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x3a)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x3b)
-#define PERFINFO_LOG_TYPE_WSINFOPROCESS (EVENT_TRACE_GROUP_MEMORY | 0x3c)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x3d)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x3e)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x3f)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x40)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x41)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x42)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x43)
-// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x44)
-#define PERFINFO_LOG_TYPE_FAULTADDR_WITH_IP (EVENT_TRACE_GROUP_MEMORY | 0x45)
-#define PERFINFO_LOG_TYPE_TRIMSESSION (EVENT_TRACE_GROUP_MEMORY | 0x46)
-#define PERFINFO_LOG_TYPE_MEMORYSNAPLITE (EVENT_TRACE_GROUP_MEMORY | 0x47)
-#define PERFINFO_LOG_TYPE_PFMAPPED_SECTION_RUNDOWN (EVENT_TRACE_GROUP_MEMORY | 0x48)
-#define PERFINFO_LOG_TYPE_PFMAPPED_SECTION_CREATE (EVENT_TRACE_GROUP_MEMORY | 0x49)
-#define PERFINFO_LOG_TYPE_WSINFOSESSION (EVENT_TRACE_GROUP_MEMORY | 0x4a)
-#define PERFINFO_LOG_TYPE_CREATE_SESSION (EVENT_TRACE_GROUP_MEMORY | 0x4b)
-#define PERFINFO_LOG_TYPE_SESSION_RUNDOWN_DC_END (EVENT_TRACE_GROUP_MEMORY | 0x4c)
-#define PERFINFO_LOG_TYPE_SESSION_RUNDOWN_DC_START (EVENT_TRACE_GROUP_MEMORY | 0x4d)
-#define PERFINFO_LOG_TYPE_SESSION_DELETE (EVENT_TRACE_GROUP_MEMORY | 0x4e)
-#define PERFINFO_LOG_TYPE_PFMAPPED_SECTION_DELETE (EVENT_TRACE_GROUP_MEMORY | 0x4f)
-
-#define PERFINFO_LOG_TYPE_VIRTUAL_ALLOC (EVENT_TRACE_GROUP_MEMORY | 0x62)
-#define PERFINFO_LOG_TYPE_VIRTUAL_FREE (EVENT_TRACE_GROUP_MEMORY | 0x63)
-#define PERFINFO_LOG_TYPE_HEAP_RANGE_RUNDOWN (EVENT_TRACE_GROUP_MEMORY | 0x64)
-#define PERFINFO_LOG_TYPE_HEAP_RANGE_CREATE (EVENT_TRACE_GROUP_MEMORY | 0x65)
-#define PERFINFO_LOG_TYPE_HEAP_RANGE_RESERVE (EVENT_TRACE_GROUP_MEMORY | 0x66)
-#define PERFINFO_LOG_TYPE_HEAP_RANGE_RELEASE (EVENT_TRACE_GROUP_MEMORY | 0x67)
-#define PERFINFO_LOG_TYPE_HEAP_RANGE_DESTROY (EVENT_TRACE_GROUP_MEMORY | 0x68)
-
-#define PERFINFO_LOG_TYPE_PAGEFILE_BACK (EVENT_TRACE_GROUP_MEMORY | 0x69)
-#define PERFINFO_LOG_TYPE_MEMINFO (EVENT_TRACE_GROUP_MEMORY | 0x70)
-#define PERFINFO_LOG_TYPE_CONTMEM_GENERATE (EVENT_TRACE_GROUP_MEMORY | 0x71)
-#define PERFINFO_LOG_TYPE_FILE_STORE_FAULT (EVENT_TRACE_GROUP_MEMORY | 0x72)
-#define PERFINFO_LOG_TYPE_INMEMORY_STORE_FAULT (EVENT_TRACE_GROUP_MEMORY | 0x73)
-#define PERFINFO_LOG_TYPE_COMPRESSED_PAGE (EVENT_TRACE_GROUP_MEMORY | 0x74)
-#define PERFINFO_LOG_TYPE_PAGEINMEMORY_ACTIVE (EVENT_TRACE_GROUP_MEMORY | 0x75)
-#define PERFINFO_LOG_TYPE_PAGE_ACCESS (EVENT_TRACE_GROUP_MEMORY | 0x76)
-#define PERFINFO_LOG_TYPE_PAGE_RELEASE (EVENT_TRACE_GROUP_MEMORY | 0x77)
-#define PERFINFO_LOG_TYPE_PAGE_RANGE_ACCESS (EVENT_TRACE_GROUP_MEMORY | 0x78)
-#define PERFINFO_LOG_TYPE_PAGE_RANGE_RELEASE (EVENT_TRACE_GROUP_MEMORY | 0x79)
-#define PERFINFO_LOG_TYPE_PAGE_COMBINE (EVENT_TRACE_GROUP_MEMORY | 0x7a)
-#define PERFINFO_LOG_TYPE_KERNEL_MEMUSAGE (EVENT_TRACE_GROUP_MEMORY | 0x7b)
-#define PERFINFO_LOG_TYPE_MM_STATS (EVENT_TRACE_GROUP_MEMORY | 0x7c)
-#define PERFINFO_LOG_TYPE_MEMINFOEX_WS (EVENT_TRACE_GROUP_MEMORY | 0x7d)
-#define PERFINFO_LOG_TYPE_MEMINFOEX_SESSIONWS (EVENT_TRACE_GROUP_MEMORY | 0x7e)
-
-#define PERFINFO_LOG_TYPE_VIRTUAL_ROTATE (EVENT_TRACE_GROUP_MEMORY | 0x7f)
-#define PERFINFO_LOG_TYPE_VIRTUAL_ALLOC_DC_START (EVENT_TRACE_GROUP_MEMORY | 0x80)
-#define PERFINFO_LOG_TYPE_VIRTUAL_ALLOC_DC_END (EVENT_TRACE_GROUP_MEMORY | 0x81)
-
-#define PERFINFO_LOG_TYPE_PAGE_ACCESS_EX (EVENT_TRACE_GROUP_MEMORY | 0x82)
-#define PERFINFO_LOG_TYPE_REMOVEFROMWS (EVENT_TRACE_GROUP_MEMORY | 0x83)
-#define PERFINFO_LOG_TYPE_WSSHAREABLE_RUNDOWN (EVENT_TRACE_GROUP_MEMORY | 0x84)
-#define PERFINFO_LOG_TYPE_INMEMORYACTIVE_RUNDOWN (EVENT_TRACE_GROUP_MEMORY | 0x85)
-
-#define PERFINFO_LOG_TYPE_MEM_RESET_INFO (EVENT_TRACE_GROUP_MEMORY | 0x86)
-#define PERFINFO_LOG_TYPE_PFMAPPED_SECTION_OBJECT_CREATE (EVENT_TRACE_GROUP_MEMORY | 0x87)
-#define PERFINFO_LOG_TYPE_PFMAPPED_SECTION_OBJECT_DELETE (EVENT_TRACE_GROUP_MEMORY | 0x88)
-
-//
-//
-// Event types for Registry subsystem
-//
-#define WMI_LOG_TYPE_REG_RUNDOWNBEGIN (EVENT_TRACE_GROUP_REGISTRY | EVENT_TRACE_TYPE_REGKCBRUNDOWNBEGIN)
-#define WMI_LOG_TYPE_REG_RUNDOWNEND (EVENT_TRACE_GROUP_REGISTRY | EVENT_TRACE_TYPE_REGKCBRUNDOWNEND)
-
-#define PERFINFO_LOG_TYPE_CMCELLREFERRED (EVENT_TRACE_GROUP_REGISTRY | 0x20)
-#define PERFINFO_LOG_TYPE_REG_SET_VALUE (EVENT_TRACE_GROUP_REGISTRY | 0x21)
-#define PERFINFO_LOG_TYPE_REG_COUNTERS (EVENT_TRACE_GROUP_REGISTRY | 0x22)
-#define PERFINFO_LOG_TYPE_REG_CONFIG (EVENT_TRACE_GROUP_REGISTRY | 0x23)
-#define PERFINFO_LOG_TYPE_REG_HIVE_INITIALIZE (EVENT_TRACE_GROUP_REGISTRY | 0x24)
-#define PERFINFO_LOG_TYPE_REG_HIVE_DESTROY (EVENT_TRACE_GROUP_REGISTRY | 0x25)
-#define PERFINFO_LOG_TYPE_REG_HIVE_LINK (EVENT_TRACE_GROUP_REGISTRY | 0x26)
-#define PERFINFO_LOG_TYPE_REG_HIVE_RUNDOWN_DC_END (EVENT_TRACE_GROUP_REGISTRY | 0x27)
-#define PERFINFO_LOG_TYPE_REG_HIVE_DIRTY (EVENT_TRACE_GROUP_REGISTRY | 0x28)
-// Reserved
-#define PERFINFO_LOG_TYPE_REG_NOTIF_REGISTER (EVENT_TRACE_GROUP_REGISTRY | 0x30)
-#define PERFINFO_LOG_TYPE_REG_NOTIF_DELIVER (EVENT_TRACE_GROUP_REGISTRY | 0x31)
-
-//
-// Event types for PERF tracing specific subsystem
-//
-#define PERFINFO_LOG_TYPE_RUNDOWN_CHECKPOINT (EVENT_TRACE_GROUP_PERFINFO | 0x20)
-// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x21)
-#define PERFINFO_LOG_TYPE_MARK (EVENT_TRACE_GROUP_PERFINFO | 0x22)
-// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x23)
-#define PERFINFO_LOG_TYPE_ASYNCMARK (EVENT_TRACE_GROUP_PERFINFO | 0x24)
-// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x25)
-#define PERFINFO_LOG_TYPE_IMAGENAME (EVENT_TRACE_GROUP_PERFINFO | 0x26)
-#define PERFINFO_LOG_TYPE_DELAYS_CC_CAN_I_WRITE (EVENT_TRACE_GROUP_PERFINFO | 0x27)
-// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x28)
-// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x29)
-// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x2a)
-// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x2b)
-// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x2c)
-// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x2d)
-#define PERFINFO_LOG_TYPE_SAMPLED_PROFILE (EVENT_TRACE_GROUP_PERFINFO | 0x2e)
-#define PERFINFO_LOG_TYPE_PMC_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x2f)
-#define PERFINFO_LOG_TYPE_PMC_CONFIG (EVENT_TRACE_GROUP_PERFINFO | 0x30)
-// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x31)
-#define PERFINFO_LOG_TYPE_MSI_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x32)
-#define PERFINFO_LOG_TYPE_SYSCALL_ENTER (EVENT_TRACE_GROUP_PERFINFO | 0x33)
-#define PERFINFO_LOG_TYPE_SYSCALL_EXIT (EVENT_TRACE_GROUP_PERFINFO | 0x34)
-#define PERFINFO_LOG_TYPE_BACKTRACE (EVENT_TRACE_GROUP_PERFINFO | 0x35)
-#define PERFINFO_LOG_TYPE_BACKTRACE_USERSTACK (EVENT_TRACE_GROUP_PERFINFO | 0x36)
-#define PERFINFO_LOG_TYPE_SAMPLED_PROFILE_CACHE (EVENT_TRACE_GROUP_PERFINFO | 0x37)
-#define PERFINFO_LOG_TYPE_EXCEPTION_STACK (EVENT_TRACE_GROUP_PERFINFO | 0x38)
-#define PERFINFO_LOG_TYPE_BRANCH_TRACE (EVENT_TRACE_GROUP_PERFINFO | 0x39)
-#define PERFINFO_LOG_TYPE_DEBUGGER_ENABLED (EVENT_TRACE_GROUP_PERFINFO | 0x3a)
-#define PERFINFO_LOG_TYPE_DEBUGGER_EXIT (EVENT_TRACE_GROUP_PERFINFO | 0x3b)
-#define PERFINFO_LOG_TYPE_BRANCH_TRACE_DEBUG (EVENT_TRACE_GROUP_PERFINFO | 0x40)
-#define PERFINFO_LOG_TYPE_BRANCH_ADDRESS_DEBUG (EVENT_TRACE_GROUP_PERFINFO | 0x41)
-#define PERFINFO_LOG_TYPE_THREADED_DPC (EVENT_TRACE_GROUP_PERFINFO | 0x42)
-#define PERFINFO_LOG_TYPE_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x43)
-#define PERFINFO_LOG_TYPE_DPC (EVENT_TRACE_GROUP_PERFINFO | 0x44)
-#define PERFINFO_LOG_TYPE_TIMERDPC (EVENT_TRACE_GROUP_PERFINFO | 0x45)
-#define PERFINFO_LOG_TYPE_IOTIMER_EXPIRATION (EVENT_TRACE_GROUP_PERFINFO | 0x46)
-#define PERFINFO_LOG_TYPE_SAMPLED_PROFILE_NMI (EVENT_TRACE_GROUP_PERFINFO | 0x47)
-#define PERFINFO_LOG_TYPE_SAMPLED_PROFILE_SET_INTERVAL (EVENT_TRACE_GROUP_PERFINFO | 0x48)
-#define PERFINFO_LOG_TYPE_SAMPLED_PROFILE_DC_START (EVENT_TRACE_GROUP_PERFINFO | 0x49)
-#define PERFINFO_LOG_TYPE_SAMPLED_PROFILE_DC_END (EVENT_TRACE_GROUP_PERFINFO | 0x4a)
-#define PERFINFO_LOG_TYPE_SPINLOCK_DC_START (EVENT_TRACE_GROUP_PERFINFO | 0x4b)
-#define PERFINFO_LOG_TYPE_SPINLOCK_DC_END (EVENT_TRACE_GROUP_PERFINFO | 0x4c)
-#define PERFINFO_LOG_TYPE_ERESOURCE_DC_START (EVENT_TRACE_GROUP_PERFINFO | 0x4d)
-#define PERFINFO_LOG_TYPE_ERESOURCE_DC_END (EVENT_TRACE_GROUP_PERFINFO | 0x4e)
-#define PERFINFO_LOG_TYPE_CLOCK_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x4f)
-#define PERFINFO_LOG_TYPE_TIMER_EXPIRATION_START (EVENT_TRACE_GROUP_PERFINFO | 0x50)
-#define PERFINFO_LOG_TYPE_TIMER_EXPIRATION (EVENT_TRACE_GROUP_PERFINFO | 0x51)
-#define PERFINFO_LOG_TYPE_TIMER_SET_PERIODIC (EVENT_TRACE_GROUP_PERFINFO | 0x52)
-#define PERFINFO_LOG_TYPE_TIMER_SET_ONE_SHOT (EVENT_TRACE_GROUP_PERFINFO | 0x53)
-#define PERFINFO_LOG_TYPE_TIMER_SET_THREAD (EVENT_TRACE_GROUP_PERFINFO | 0x54)
-#define PERFINFO_LOG_TYPE_TIMER_CANCEL (EVENT_TRACE_GROUP_PERFINFO | 0x55)
-#define PERFINFO_LOG_TYPE_TIME_ADJUSTMENT (EVENT_TRACE_GROUP_PERFINFO | 0x56)
-#define PERFINFO_LOG_TYPE_CLOCK_MODE_SWITCH (EVENT_TRACE_GROUP_PERFINFO | 0x57)
-#define PERFINFO_LOG_TYPE_CLOCK_TIME_UPDATE (EVENT_TRACE_GROUP_PERFINFO | 0x58)
-#define PERFINFO_LOG_TYPE_CLOCK_DYNAMIC_TICK_VETO (EVENT_TRACE_GROUP_PERFINFO | 0x59)
-#define PERFINFO_LOG_TYPE_CLOCK_CONFIGURATION (EVENT_TRACE_GROUP_PERFINFO | 0x5a)
-#define PERFINFO_LOG_TYPE_IPI (EVENT_TRACE_GROUP_PERFINFO | 0x5b)
-#define PERFINFO_LOG_TYPE_UNEXPECTED_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x5c)
-#define PERFINFO_LOG_TYPE_IOTIMER_START (EVENT_TRACE_GROUP_PERFINFO | 0x5d)
-#define PERFINFO_LOG_TYPE_IOTIMER_STOP (EVENT_TRACE_GROUP_PERFINFO | 0x5e)
-#define PERFINFO_LOG_TYPE_PASSIVE_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x5f)
-#define PERFINFO_LOG_TYPE_WDF_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x60)
-#define PERFINFO_LOG_TYPE_WDF_PASSIVE_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x61)
-#define PERFINFO_LOG_TYPE_WDF_DPC (EVENT_TRACE_GROUP_PERFINFO | 0x62)
-#define PERFINFO_LOG_TYPE_CPU_CACHE_FLUSH (EVENT_TRACE_GROUP_PERFINFO | 0x63)
-#define PERFINFO_LOG_TYPE_DPC_ENQUEUE (EVENT_TRACE_GROUP_PERFINFO | 0x64)
-#define PERFINFO_LOG_TYPE_DPC_EXECUTION (EVENT_TRACE_GROUP_PERFINFO | 0x65)
-#define PERFINFO_LOG_TYPE_INTERRUPT_STEERING (EVENT_TRACE_GROUP_PERFINFO | 0x66)
-#define PERFINFO_LOG_TYPE_WDF_WORK_ITEM (EVENT_TRACE_GROUP_PERFINFO | 0x67)
-#define PERFINFO_LOG_TYPE_KTIMER2_SET (EVENT_TRACE_GROUP_PERFINFO | 0x68)
-#define PERFINFO_LOG_TYPE_KTIMER2_EXPIRATION (EVENT_TRACE_GROUP_PERFINFO | 0x69)
-#define PERFINFO_LOG_TYPE_KTIMER2_CANCEL (EVENT_TRACE_GROUP_PERFINFO | 0x6a)
-#define PERFINFO_LOG_TYPE_KTIMER2_DISABLE (EVENT_TRACE_GROUP_PERFINFO | 0x6b)
-#define PERFINFO_LOG_TYPE_KTIMER2_FINALIZATION (EVENT_TRACE_GROUP_PERFINFO | 0x6c)
-#define PERFINFO_LOG_TYPE_SHOULD_YIELD_PROCESSOR (EVENT_TRACE_GROUP_PERFINFO | 0x6d)
-
-//
-// Event types for ICE.
-//
-
-#define PERFINFO_LOG_TYPE_FUNCTION_CALL (EVENT_TRACE_GROUP_PERFINFO | 0x80)
-#define PERFINFO_LOG_TYPE_FUNCTION_RETURN (EVENT_TRACE_GROUP_PERFINFO | 0x81)
-#define PERFINFO_LOG_TYPE_FUNCTION_ENTER (EVENT_TRACE_GROUP_PERFINFO | 0x82)
-#define PERFINFO_LOG_TYPE_FUNCTION_EXIT (EVENT_TRACE_GROUP_PERFINFO | 0x83)
-#define PERFINFO_LOG_TYPE_TAILCALL (EVENT_TRACE_GROUP_PERFINFO | 0x84)
-#define PERFINFO_LOG_TYPE_TRAP (EVENT_TRACE_GROUP_PERFINFO | 0x85)
-#define PERFINFO_LOG_TYPE_SPINLOCK_ACQUIRE (EVENT_TRACE_GROUP_PERFINFO | 0x86)
-#define PERFINFO_LOG_TYPE_SPINLOCK_RELEASE (EVENT_TRACE_GROUP_PERFINFO | 0x87)
-#define PERFINFO_LOG_TYPE_CAP_COMMENT (EVENT_TRACE_GROUP_PERFINFO | 0x88)
-#define PERFINFO_LOG_TYPE_CAP_RUNDOWN (EVENT_TRACE_GROUP_PERFINFO | 0x89)
-
-//
-// Event types for Debugger subsystem.
-//
-
-#define PERFINFO_LOG_TYPE_DEBUG_PRINT (EVENT_TRACE_GROUP_DBGPRINT | 0x20)
-
-//
-// Event types for WNF facility
-//
-
-#define PERFINFO_LOG_TYPE_WNF_SUBSCRIBE (EVENT_TRACE_GROUP_WNF | 0x20)
-#define PERFINFO_LOG_TYPE_WNF_UNSUBSCRIBE (EVENT_TRACE_GROUP_WNF | 0x21)
-#define PERFINFO_LOG_TYPE_WNF_CALLBACK (EVENT_TRACE_GROUP_WNF | 0x22)
-#define PERFINFO_LOG_TYPE_WNF_PUBLISH (EVENT_TRACE_GROUP_WNF | 0x23)
-#define PERFINFO_LOG_TYPE_WNF_NAME_SUB_RUNDOWN (EVENT_TRACE_GROUP_WNF | 0x24)
-
-//
-// Event types for Pool subsystem.
-//
-
-#define PERFINFO_LOG_TYPE_ALLOCATEPOOL (EVENT_TRACE_GROUP_POOL | 0x20)
-#define PERFINFO_LOG_TYPE_ALLOCATEPOOL_SESSION (EVENT_TRACE_GROUP_POOL | 0x21)
-#define PERFINFO_LOG_TYPE_FREEPOOL (EVENT_TRACE_GROUP_POOL | 0x22)
-#define PERFINFO_LOG_TYPE_FREEPOOL_SESSION (EVENT_TRACE_GROUP_POOL | 0x23)
-#define PERFINFO_LOG_TYPE_ADDPOOLPAGE (EVENT_TRACE_GROUP_POOL | 0x24)
-#define PERFINFO_LOG_TYPE_ADDPOOLPAGE_SESSION (EVENT_TRACE_GROUP_POOL | 0x25)
-#define PERFINFO_LOG_TYPE_BIGPOOLPAGE (EVENT_TRACE_GROUP_POOL | 0x26)
-#define PERFINFO_LOG_TYPE_BIGPOOLPAGE_SESSION (EVENT_TRACE_GROUP_POOL | 0x27)
-#define PERFINFO_LOG_TYPE_POOLSNAP_DC_START (EVENT_TRACE_GROUP_POOL | 0x28)
-#define PERFINFO_LOG_TYPE_POOLSNAP_DC_END (EVENT_TRACE_GROUP_POOL | 0x29)
-#define PERFINFO_LOG_TYPE_BIGPOOLSNAP_DC_START (EVENT_TRACE_GROUP_POOL | 0x2a)
-#define PERFINFO_LOG_TYPE_BIGPOOLSNAP_DC_END (EVENT_TRACE_GROUP_POOL | 0x2b)
-#define PERFINFO_LOG_TYPE_POOLSNAP_SESSION_DC_START (EVENT_TRACE_GROUP_POOL | 0x2c)
-#define PERFINFO_LOG_TYPE_POOLSNAP_SESSION_DC_END (EVENT_TRACE_GROUP_POOL | 0x2d)
-#define PERFINFO_LOG_TYPE_SESSIONBIGPOOLSNAP_DC_START (EVENT_TRACE_GROUP_POOL | 0x2e)
-#define PERFINFO_LOG_TYPE_SESSIONBIGPOOLSNAP_DC_END (EVENT_TRACE_GROUP_POOL | 0x2f)
-
-//
-// Event types for Heap subsystem
-//
-#define PERFINFO_LOG_TYPE_HEAP_CREATE (EVENT_TRACE_GROUP_HEAP | 0x20)
-#define PERFINFO_LOG_TYPE_HEAP_ALLOC (EVENT_TRACE_GROUP_HEAP | 0x21)
-#define PERFINFO_LOG_TYPE_HEAP_REALLOC (EVENT_TRACE_GROUP_HEAP | 0x22)
-#define PERFINFO_LOG_TYPE_HEAP_DESTROY (EVENT_TRACE_GROUP_HEAP | 0x23)
-#define PERFINFO_LOG_TYPE_HEAP_FREE (EVENT_TRACE_GROUP_HEAP | 0x24)
-#define PERFINFO_LOG_TYPE_HEAP_EXTEND (EVENT_TRACE_GROUP_HEAP | 0x25)
-#define PERFINFO_LOG_TYPE_HEAP_SNAPSHOT (EVENT_TRACE_GROUP_HEAP | 0x26)
-#define PERFINFO_LOG_TYPE_HEAP_CREATE_SNAPSHOT (EVENT_TRACE_GROUP_HEAP | 0x27)
-#define PERFINFO_LOG_TYPE_HEAP_DESTROY_SNAPSHOT (EVENT_TRACE_GROUP_HEAP | 0x28)
-#define PERFINFO_LOG_TYPE_HEAP_EXTEND_SNAPSHOT (EVENT_TRACE_GROUP_HEAP | 0x29)
-#define PERFINFO_LOG_TYPE_HEAP_CONTRACT (EVENT_TRACE_GROUP_HEAP | 0x2a)
-#define PERFINFO_LOG_TYPE_HEAP_LOCK (EVENT_TRACE_GROUP_HEAP | 0x2b)
-#define PERFINFO_LOG_TYPE_HEAP_UNLOCK (EVENT_TRACE_GROUP_HEAP | 0x2c)
-#define PERFINFO_LOG_TYPE_HEAP_VALIDATE (EVENT_TRACE_GROUP_HEAP | 0x2d)
-#define PERFINFO_LOG_TYPE_HEAP_WALK (EVENT_TRACE_GROUP_HEAP | 0x2e)
-
-#define PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_ALLOC (EVENT_TRACE_GROUP_HEAP | 0x2f)
-#define PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_FREE (EVENT_TRACE_GROUP_HEAP | 0x30)
-#define PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_ALLOC_CACHE (EVENT_TRACE_GROUP_HEAP | 0x31)
-#define PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_FREE_CACHE (EVENT_TRACE_GROUP_HEAP | 0x32)
-#define PERFINFO_LOG_TYPE_HEAP_COMMIT (EVENT_TRACE_GROUP_HEAP | 0x33)
-#define PERFINFO_LOG_TYPE_HEAP_DECOMMIT (EVENT_TRACE_GROUP_HEAP | 0x34)
-#define PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_INIT (EVENT_TRACE_GROUP_HEAP | 0x35)
-#define PERFINFO_LOG_TYPE_HEAP_AFFINITY_ENABLE (EVENT_TRACE_GROUP_HEAP | 0x36)
-//Reserved (EVENT_TRACE_GROUP_HEAP | 0x37)
-#define PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_ACTIVATED (EVENT_TRACE_GROUP_HEAP | 0x38)
-#define PERFINFO_LOG_TYPE_HEAP_AFFINITY_ASSIGN (EVENT_TRACE_GROUP_HEAP | 0x39)
-#define PERFINFO_LOG_TYPE_HEAP_REUSE_THRESHOLD_ACTIVATED (EVENT_TRACE_GROUP_HEAP | 0x3a)
-
-//
-// Event Types for Critical Section Subsystem
-//
-
-#define PERFINFO_LOG_TYPE_CRITSEC_ENTER (EVENT_TRACE_GROUP_CRITSEC | 0x20)
-#define PERFINFO_LOG_TYPE_CRITSEC_LEAVE (EVENT_TRACE_GROUP_CRITSEC | 0x21)
-#define PERFINFO_LOG_TYPE_CRITSEC_COLLISION (EVENT_TRACE_GROUP_CRITSEC | 0x22)
-#define PERFINFO_LOG_TYPE_CRITSEC_INITIALIZE (EVENT_TRACE_GROUP_CRITSEC | 0x23)
-
-//
-// Event types for Stackwalk subsystem
-//
-
-#define PERFINFO_LOG_TYPE_STACKWALK (EVENT_TRACE_GROUP_STACKWALK | 0x20)
-//Reserved (EVENT_TRACE_GROUP_STACKWALK | 0x21)
-#define PERFINFO_LOG_TYPE_STACKTRACE_CREATE (EVENT_TRACE_GROUP_STACKWALK | 0x22)
-#define PERFINFO_LOG_TYPE_STACKTRACE_DELETE (EVENT_TRACE_GROUP_STACKWALK | 0x23)
-#define PERFINFO_LOG_TYPE_STACKTRACE_RUNDOWN (EVENT_TRACE_GROUP_STACKWALK | 0x24)
-#define PERFINFO_LOG_TYPE_STACKTRACE_KEY_KERNEL (EVENT_TRACE_GROUP_STACKWALK | 0x25)
-#define PERFINFO_LOG_TYPE_STACKTRACE_KEY_USER (EVENT_TRACE_GROUP_STACKWALK | 0x26)
-
-//
-// Event types for ALPC
-//
-
-#define WMI_LOG_TYPE_ALPC_SEND_MESSAGE (EVENT_TRACE_GROUP_ALPC | 0x21)
-#define WMI_LOG_TYPE_ALPC_RECEIVE_MESSAGE (EVENT_TRACE_GROUP_ALPC | 0x22)
-#define WMI_LOG_TYPE_ALPC_WAIT_FOR_REPLY (EVENT_TRACE_GROUP_ALPC | 0x23)
-#define WMI_LOG_TYPE_ALPC_WAIT_FOR_NEW_MESSAGE (EVENT_TRACE_GROUP_ALPC | 0x24)
-#define WMI_LOG_TYPE_ALPC_UNWAIT (EVENT_TRACE_GROUP_ALPC | 0x25)
-#define WMI_LOG_TYPE_ALPC_CONNECT_REQUEST (EVENT_TRACE_GROUP_ALPC | 0x26)
-#define WMI_LOG_TYPE_ALPC_CONNECT_SUCCESS (EVENT_TRACE_GROUP_ALPC | 0x27)
-#define WMI_LOG_TYPE_ALPC_CONNECT_FAIL (EVENT_TRACE_GROUP_ALPC | 0x28)
-#define WMI_LOG_TYPE_ALPC_CLOSE_PORT (EVENT_TRACE_GROUP_ALPC | 0x29)
-
-
-//
-// Event types for Object Manager subsystem
-//
-
-#define PERFINFO_LOG_TYPE_CREATE_HANDLE (EVENT_TRACE_GROUP_OBJECT | 0x20)
-#define PERFINFO_LOG_TYPE_CLOSE_HANDLE (EVENT_TRACE_GROUP_OBJECT | 0x21)
-#define PERFINFO_LOG_TYPE_DUPLICATE_HANDLE (EVENT_TRACE_GROUP_OBJECT | 0x22)
-//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x23)
-#define PERFINFO_LOG_TYPE_OBJECT_TYPE_DC_START (EVENT_TRACE_GROUP_OBJECT | 0x24)
-#define PERFINFO_LOG_TYPE_OBJECT_TYPE_DC_END (EVENT_TRACE_GROUP_OBJECT | 0x25)
-#define PERFINFO_LOG_TYPE_OBJECT_HANDLE_DC_START (EVENT_TRACE_GROUP_OBJECT | 0x26)
-#define PERFINFO_LOG_TYPE_OBJECT_HANDLE_DC_END (EVENT_TRACE_GROUP_OBJECT | 0x27)
-//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x28)
-//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x29)
-//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x2a)
-//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x2b)
-//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x2c)
-//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x2d)
-//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x2e)
-//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x2f)
-#define PERFINFO_LOG_TYPE_CREATE_OBJECT (EVENT_TRACE_GROUP_OBJECT | 0x30)
-#define PERFINFO_LOG_TYPE_DELETE_OBJECT (EVENT_TRACE_GROUP_OBJECT | 0x31)
-#define PERFINFO_LOG_TYPE_REFERENCE_OBJECT (EVENT_TRACE_GROUP_OBJECT | 0x32)
-#define PERFINFO_LOG_TYPE_DEREFERENCE_OBJECT (EVENT_TRACE_GROUP_OBJECT | 0x33)
-
-//
-// Event types for Power subsystem
-//
-
-#define PERFINFO_LOG_TYPE_BATTERY_LIFE_INFO (EVENT_TRACE_GROUP_POWER | 0x20)
-#define PERFINFO_LOG_TYPE_IDLE_STATE_CHANGE (EVENT_TRACE_GROUP_POWER | 0x21)
-#define PERFINFO_LOG_TYPE_SET_POWER_ACTION (EVENT_TRACE_GROUP_POWER | 0x22)
-#define PERFINFO_LOG_TYPE_SET_POWER_ACTION_RET (EVENT_TRACE_GROUP_POWER | 0x23)
-#define PERFINFO_LOG_TYPE_SET_DEVICES_STATE (EVENT_TRACE_GROUP_POWER | 0x24)
-#define PERFINFO_LOG_TYPE_SET_DEVICES_STATE_RET (EVENT_TRACE_GROUP_POWER | 0x25)
-#define PERFINFO_LOG_TYPE_PO_NOTIFY_DEVICE (EVENT_TRACE_GROUP_POWER | 0x26)
-#define PERFINFO_LOG_TYPE_PO_NOTIFY_DEVICE_COMPLETE (EVENT_TRACE_GROUP_POWER | 0x27)
-#define PERFINFO_LOG_TYPE_PO_SESSION_CALLOUT (EVENT_TRACE_GROUP_POWER | 0x28)
-#define PERFINFO_LOG_TYPE_PO_SESSION_CALLOUT_RET (EVENT_TRACE_GROUP_POWER | 0x29)
-#define PERFINFO_LOG_TYPE_PO_PRESLEEP (EVENT_TRACE_GROUP_POWER | 0x30)
-#define PERFINFO_LOG_TYPE_PO_POSTSLEEP (EVENT_TRACE_GROUP_POWER | 0x31)
-#define PERFINFO_LOG_TYPE_PO_CALIBRATED_PERFCOUNTER (EVENT_TRACE_GROUP_POWER | 0x32)
-#define PERFINFO_LOG_TYPE_PPM_PERF_STATE_CHANGE (EVENT_TRACE_GROUP_POWER | 0x33)
-#define PERFINFO_LOG_TYPE_PPM_THROTTLE_STATE_CHANGE (EVENT_TRACE_GROUP_POWER | 0x34)
-#define PERFINFO_LOG_TYPE_PPM_IDLE_STATE_CHANGE (EVENT_TRACE_GROUP_POWER | 0x35)
-#define PERFINFO_LOG_TYPE_PPM_THERMAL_CONSTRAINT (EVENT_TRACE_GROUP_POWER | 0x36)
-#define PERFINFO_LOG_TYPE_PO_SIGNAL_RESUME_UI (EVENT_TRACE_GROUP_POWER | 0x37)
-#define PERFINFO_LOG_TYPE_PO_SIGNAL_VIDEO_ON (EVENT_TRACE_GROUP_POWER | 0x38)
-#define PERFINFO_LOG_TYPE_PPM_IDLE_STATE_ENTER (EVENT_TRACE_GROUP_POWER | 0x39)
-#define PERFINFO_LOG_TYPE_PPM_IDLE_STATE_EXIT (EVENT_TRACE_GROUP_POWER | 0x3a)
-#define PERFINFO_LOG_TYPE_PPM_PLATFORM_IDLE_STATE_ENTER (EVENT_TRACE_GROUP_POWER | 0x3b)
-#define PERFINFO_LOG_TYPE_PPM_IDLE_EXIT_LATENCY (EVENT_TRACE_GROUP_POWER | 0x3c)
-#define PERFINFO_LOG_TYPE_PPM_IDLE_PROCESSOR_SELECTION (EVENT_TRACE_GROUP_POWER | 0x3d)
-#define PERFINFO_LOG_TYPE_PPM_IDLE_PLATFORM_SELECTION (EVENT_TRACE_GROUP_POWER | 0x3e)
-#define PERFINFO_LOG_TYPE_PPM_COORDINATED_IDLE_ENTER (EVENT_TRACE_GROUP_POWER | 0x3f)
-#define PERFINFO_LOG_TYPE_PPM_COORDINATED_IDLE_EXIT (EVENT_TRACE_GROUP_POWER | 0x40)
-
-//
-// Event types for MODBound subsystem
-//
-#define PERFINFO_LOG_TYPE_COWHEADER (EVENT_TRACE_GROUP_MODBOUND | 0x18)
-#define PERFINFO_LOG_TYPE_COWBLOB (EVENT_TRACE_GROUP_MODBOUND | 0x19)
-#define PERFINFO_LOG_TYPE_COWBLOB_CLOSED (EVENT_TRACE_GROUP_MODBOUND | 0x1a)
-#define PERFINFO_LOG_TYPE_MODULEBOUND_ENT (EVENT_TRACE_GROUP_MODBOUND | 0x20)
-#define PERFINFO_LOG_TYPE_MODULEBOUND_JUMP (EVENT_TRACE_GROUP_MODBOUND | 0x21)
-#define PERFINFO_LOG_TYPE_MODULEBOUND_RET (EVENT_TRACE_GROUP_MODBOUND | 0x22)
-#define PERFINFO_LOG_TYPE_MODULEBOUND_CALL (EVENT_TRACE_GROUP_MODBOUND | 0x23)
-#define PERFINFO_LOG_TYPE_MODULEBOUND_CALLRET (EVENT_TRACE_GROUP_MODBOUND | 0x24)
-#define PERFINFO_LOG_TYPE_MODULEBOUND_INT2E (EVENT_TRACE_GROUP_MODBOUND | 0x25)
-#define PERFINFO_LOG_TYPE_MODULEBOUND_INT2B (EVENT_TRACE_GROUP_MODBOUND | 0x26)
-#define PERFINFO_LOG_TYPE_MODULEBOUND_FULLTRACE (EVENT_TRACE_GROUP_MODBOUND | 0x27)
-
-//
-// Event types for the thread class scheduler
-//
-// TODO: Because MMCSS is a DLL it doesn't need to use UMGL.
-//
-#define PERFINFO_LOG_TYPE_MMCSS_START (0x20)
-#define PERFINFO_LOG_TYPE_MMCSS_STOP (0x21)
-#define PERFINFO_LOG_TYPE_MMCSS_SCHEDULER_EVENT (0x22)
-#define PERFINFO_LOG_TYPE_MMCSS_SCHEDULER_WAKEUP (0x23)
-#define PERFINFO_LOG_TYPE_MMCSS_SCHEDULER_SLEEP (0x24)
-#define PERFINFO_LOG_TYPE_MMCSS_SCHEDULER_SLEEP_RESP (0x25)
-
-//
-// Event types To be Decided if they are still needed?
-//
-
-#define PERFINFO_LOG_TYPE_DISPATCHMSG (EVENT_TRACE_GROUP_TBD | 0x00)
-#define PERFINFO_LOG_TYPE_GLYPHCACHE (EVENT_TRACE_GROUP_TBD | 0x01)
-#define PERFINFO_LOG_TYPE_GLYPHS (EVENT_TRACE_GROUP_TBD | 0x02)
-#define PERFINFO_LOG_TYPE_READWRITE (EVENT_TRACE_GROUP_TBD | 0x03)
-#define PERFINFO_LOG_TYPE_EXPLICIT_LOAD (EVENT_TRACE_GROUP_TBD | 0x04)
-#define PERFINFO_LOG_TYPE_IMPLICIT_LOAD (EVENT_TRACE_GROUP_TBD | 0x05)
-#define PERFINFO_LOG_TYPE_CHECKSUM (EVENT_TRACE_GROUP_TBD | 0x06)
-#define PERFINFO_LOG_TYPE_DLL_INIT (EVENT_TRACE_GROUP_TBD | 0x07)
-#define PERFINFO_LOG_TYPE_SERVICE_DD_START_INIT (EVENT_TRACE_GROUP_TBD | 0x08)
-#define PERFINFO_LOG_TYPE_SERVICE_DD_DONE_INIT (EVENT_TRACE_GROUP_TBD | 0x09)
-#define PERFINFO_LOG_TYPE_SERVICE_START_INIT (EVENT_TRACE_GROUP_TBD | 0x0a)
-#define PERFINFO_LOG_TYPE_SERVICE_DONE_INIT (EVENT_TRACE_GROUP_TBD | 0x0b)
-#define PERFINFO_LOG_TYPE_SERVICE_NAME (EVENT_TRACE_GROUP_TBD | 0x0c)
-// Reserved (EVENT_TRACE_GROUP_TBD | 0x0d)
-#define PERFINFO_LOG_TIMED_ENTER_ROUTINE (EVENT_TRACE_GROUP_TBD | 0x0e)
-#define PERFINFO_LOG_TIMED_EXIT_ROUTINE (EVENT_TRACE_GROUP_TBD | 0x0f)
-#define PERFINFO_LOG_TYPE_CTIME_STATS (EVENT_TRACE_GROUP_TBD | 0x10)
-#define PERFINFO_LOG_TYPE_MARKED_DIRTY (EVENT_TRACE_GROUP_TBD | 0x11)
-#define PERFINFO_LOG_TYPE_MARKED_CELL_DIRTY (EVENT_TRACE_GROUP_TBD | 0x12)
-#define PERFINFO_LOG_TYPE_HIVE_WRITE_DIRTY (EVENT_TRACE_GROUP_TBD | 0x13)
-#define PERFINFO_LOG_TYPE_DUMP_HIVECELL (EVENT_TRACE_GROUP_TBD | 0x14)
-#define PERFINFO_LOG_TYPE_HIVE_STAT (EVENT_TRACE_GROUP_TBD | 0x16)
-#define PERFINFO_LOG_TYPE_CLOCKREF (EVENT_TRACE_GROUP_TBD | 0x17)
-// Reserved (EVENT_TRACE_GROUP_TBD | 0x18)
-// Reserved (EVENT_TRACE_GROUP_TBD | 0x19)
-// Reserved (EVENT_TRACE_GROUP_TBD | 0x1a)
-#define PERFINFO_LOG_TYPE_WMIPERFFREQUENCY (EVENT_TRACE_GROUP_TBD | 0x1d)
-#define PERFINFO_LOG_TYPE_CDROM_READ (EVENT_TRACE_GROUP_TBD | 0x1e)
-#define PERFINFO_LOG_TYPE_CDROM_READ_COMPLETE (EVENT_TRACE_GROUP_TBD | 0x1f)
-#define PERFINFO_LOG_TYPE_KE_SET_EVENT (EVENT_TRACE_GROUP_TBD | 0x20)
-#define PERFINFO_LOG_TYPE_REG_PARSEKEY (EVENT_TRACE_GROUP_TBD | 0x21)
-#define PERFINFO_LOG_TYPE_REG_PARSEKEYEND (EVENT_TRACE_GROUP_TBD | 0x22)
-#define PERFINFO_LOG_TYPE_ATTACH_PROCESS (EVENT_TRACE_GROUP_TBD | 0x24)
-#define PERFINFO_LOG_TYPE_DETACH_PROCESS (EVENT_TRACE_GROUP_TBD | 0x25)
-// Reserved (EVENT_TRACE_GROUP_TBD | 0x26)
-#define PERFINFO_LOG_TYPE_KDHELP (EVENT_TRACE_GROUP_TBD | 0x27)
-// Reserved (EVENT_TRACE_GROUP_TBD | 0x28)
-// Reserved (EVENT_TRACE_GROUP_TBD | 0x29)
-// Reserved (EVENT_TRACE_GROUP_TBD | 0x2a)
-// Reserved (EVENT_TRACE_GROUP_TBD | 0x2b)
-#define PERFINFO_LOG_TYPE_FAILED_STKDUMP (EVENT_TRACE_GROUP_TBD | 0x2c)
-// Reserved (EVENT_TRACE_GROUP_TBD | 0x2d)
-// Reserved (EVENT_TRACE_GROUP_TBD | 0x2e)
-#define PERFINFO_LOG_TYPE_SYSTEM_TIME (EVENT_TRACE_GROUP_TBD | 0x2f)
-#define PERFINFO_LOG_TYPE_READYQUEUE (EVENT_TRACE_GROUP_TBD | 0x30)
-
-//
-// Event types for SplitIo
-//
-
-#define PERFINFO_LOG_TYPE_SPLITIO_VOLMGR (EVENT_TRACE_GROUP_SPLITIO | 0x20)
-
-//
-// Event types for ThreadPool
-//
-#define PERFINFO_LOG_TYPE_TP_CALLBACK_ENQUEUE (EVENT_TRACE_GROUP_THREAD_POOL | 0x20)
-#define PERFINFO_LOG_TYPE_TP_CALLBACK_DEQUEUE (EVENT_TRACE_GROUP_THREAD_POOL | 0x21)
-#define PERFINFO_LOG_TYPE_TP_CALLBACK_START (EVENT_TRACE_GROUP_THREAD_POOL | 0x22)
-#define PERFINFO_LOG_TYPE_TP_CALLBACK_STOP (EVENT_TRACE_GROUP_THREAD_POOL | 0x23)
-#define PERFINFO_LOG_TYPE_TP_CALLBACK_CANCEL (EVENT_TRACE_GROUP_THREAD_POOL | 0x24)
-#define PERFINFO_LOG_TYPE_TP_POOL_CREATE (EVENT_TRACE_GROUP_THREAD_POOL | 0x25)
-#define PERFINFO_LOG_TYPE_TP_POOL_CLOSE (EVENT_TRACE_GROUP_THREAD_POOL | 0x26)
-#define PERFINFO_LOG_TYPE_TP_POOL_TH_MIN_SET (EVENT_TRACE_GROUP_THREAD_POOL | 0x27)
-#define PERFINFO_LOG_TYPE_TP_POOL_TH_MAX_SET (EVENT_TRACE_GROUP_THREAD_POOL | 0x28)
-#define PERFINFO_LOG_TYPE_TP_WORKER_NUMANODE_SWITCH (EVENT_TRACE_GROUP_THREAD_POOL | 0x29)
-#define PERFINFO_LOG_TYPE_TP_TIMER_SET (EVENT_TRACE_GROUP_THREAD_POOL | 0x2a)
-#define PERFINFO_LOG_TYPE_TP_TIMER_CANCELLED (EVENT_TRACE_GROUP_THREAD_POOL | 0x2b)
-#define PERFINFO_LOG_TYPE_TP_TIMER_SET_NTTIMER (EVENT_TRACE_GROUP_THREAD_POOL | 0x2c)
-#define PERFINFO_LOG_TYPE_TP_TIMER_CANCEL_NTTIMER (EVENT_TRACE_GROUP_THREAD_POOL | 0x2d)
-#define PERFINFO_LOG_TYPE_TP_TIMER_EXPIRATION_BEGIN (EVENT_TRACE_GROUP_THREAD_POOL | 0x2e)
-#define PERFINFO_LOG_TYPE_TP_TIMER_EXPIRATION_END (EVENT_TRACE_GROUP_THREAD_POOL | 0x2f)
-#define PERFINFO_LOG_TYPE_TP_TIMER_EXPIRATION (EVENT_TRACE_GROUP_THREAD_POOL | 0x30)
-
-//
-// Event types for UMS
-//
-
-#define PERFINFO_LOG_TYPE_UMS_DIRECTED_SWITCH_START (EVENT_TRACE_GROUP_UMS | 0x20)
-#define PERFINFO_LOG_TYPE_UMS_DIRECTED_SWITCH_END (EVENT_TRACE_GROUP_UMS | 0x21)
-#define PERFINFO_LOG_TYPE_UMS_PARK (EVENT_TRACE_GROUP_UMS | 0x22)
-#define PERFINFO_LOG_TYPE_UMS_DISASSOCIATE (EVENT_TRACE_GROUP_UMS | 0x23)
-#define PERFINFO_LOG_TYPE_UMS_CONTEXT_SWITCH (EVENT_TRACE_GROUP_UMS | 0x24)
-
-//
-// Event types for Cache manager
-//
-
-#define PERFINFO_LOG_TYPE_CC_WORKITEM_ENQUEUE (EVENT_TRACE_GROUP_CC | 0x00)
-#define PERFINFO_LOG_TYPE_CC_WORKITEM_DEQUEUE (EVENT_TRACE_GROUP_CC | 0x01)
-#define PERFINFO_LOG_TYPE_CC_WORKITEM_COMPLETE (EVENT_TRACE_GROUP_CC | 0x02)
-#define PERFINFO_LOG_TYPE_CC_READ_AHEAD (EVENT_TRACE_GROUP_CC | 0x03)
-#define PERFINFO_LOG_TYPE_CC_WRITE_BEHIND (EVENT_TRACE_GROUP_CC | 0x04)
-#define PERFINFO_LOG_TYPE_CC_LAZY_WRITE_SCAN (EVENT_TRACE_GROUP_CC | 0x05)
-#define PERFINFO_LOG_TYPE_CC_CAN_I_WRITE_FAIL (EVENT_TRACE_GROUP_CC | 0x06)
-//#define PERFINFO_LOG_TYPE_CC_MAP_VIEW (EVENT_TRACE_GROUP_CC | 0x07)
-//#define PERFINFO_LOG_TYPE_CC_UNMAP_VIEW (EVENT_TRACE_GROUP_CC | 0x08)
-#define PERFINFO_LOG_TYPE_CC_FLUSH_CACHE (EVENT_TRACE_GROUP_CC | 0x09)
-#define PERFINFO_LOG_TYPE_CC_FLUSH_SECTION (EVENT_TRACE_GROUP_CC | 0x0a)
-#define PERFINFO_LOG_TYPE_CC_READ_AHEAD_PREFETCH (EVENT_TRACE_GROUP_CC | 0x0b)
-#define PERFINFO_LOG_TYPE_CC_SCHEDULE_READ_AHEAD (EVENT_TRACE_GROUP_CC | 0x0c)
-#define PERFINFO_LOG_TYPE_CC_LOGGED_STREAM_INFO (EVENT_TRACE_GROUP_CC | 0x0d)
-#define PERFINFO_LOG_TYPE_CC_EXTRA_WRITEBEHIND_THREAD (EVENT_TRACE_GROUP_CC | 0x0e)
-
-//
-// Data structure used for WMI Kernel Events
-//
-// **NB** the hardware events are described in software traceing, if they
-// change in layout please update sdktools\trace\tracefmt\default.tmf
-
-
-#define MAX_DEVICE_ID_LENGTH 256
-#define CONFIG_MAX_DOMAIN_NAME_LEN 134
-
-typedef struct _CPU_CONFIG_RECORD
-{
- ULONG ProcessorSpeed;
- ULONG NumberOfProcessors;
- ULONG MemorySize; // in MBytes
- ULONG PageSize; // in Bytes
- ULONG AllocationGranularity; // in Bytes
- WCHAR ComputerName[MAX_DEVICE_ID_LENGTH];
- WCHAR DomainName[CONFIG_MAX_DOMAIN_NAME_LEN];
- ULONG_PTR HyperThreadingFlag;
- ULONG_PTR HighestUserAddress;
- USHORT ProcessorArchitecture;
- USHORT ProcessorLevel;
- USHORT ProcessorRevision;
- BOOLEAN NxEnabled;
- BOOLEAN PaeEnabled;
- ULONG MemorySpeed;
-} CPU_CONFIG_RECORD, *PCPU_CONFIG_RECORD;
-
-#define CONFIG_WRITE_CACHE_ENABLED 0x00000001
-#define CONFIG_FS_NAME_LEN 16
-#define CONFIG_BOOT_DRIVE_LEN 3
-
-typedef struct _PHYSICAL_DISK_RECORD
-{
- ULONG DiskNumber;
- ULONG BytesPerSector;
- ULONG SectorsPerTrack;
- ULONG TracksPerCylinder;
- ULONGLONG Cylinders;
- ULONG SCSIPortNumber;
- ULONG SCSIPathId;
- ULONG SCSITargetId;
- ULONG SCSILun;
- WCHAR Manufacturer[MAX_DEVICE_ID_LENGTH];
-
- ULONG PartitionCount;
- BOOLEAN WriteCacheEnabled;
- WCHAR BootDriveLetter[CONFIG_BOOT_DRIVE_LEN];
-} PHYSICAL_DISK_RECORD, *PPHYSICAL_DISK_RECORD;
-
-//
-// Types of logical drive
-//
-#define CONFIG_DRIVE_PARTITION 0x00000001
-#define CONFIG_DRIVE_VOLUME 0x00000002
-#define CONFIG_DRIVE_EXTENT 0x00000004
-#define CONFIG_DRIVE_LETTER_LEN 4
-
-typedef struct _LOGICAL_DISK_EXTENTS
-{
- ULONGLONG StartingOffset;
- ULONGLONG PartitionSize;
- ULONG DiskNumber; // The physical disk number where the logical drive resides
- ULONG Size; // The size in bytes of the structure.
- ULONG DriveType; // Logical drive type partition/volume/extend-partition
- WCHAR DriveLetterString[CONFIG_DRIVE_LETTER_LEN];
- ULONG Pad;
- ULONG PartitionNumber; // The partition number where the logical drive resides
- ULONG SectorsPerCluster;
- ULONG BytesPerSector;
- LONGLONG NumberOfFreeClusters;
- LONGLONG TotalNumberOfClusters;
- WCHAR FileSystemType[CONFIG_FS_NAME_LEN];
- ULONG VolumeExt; // Offset to VOLUME_DISK_EXTENTS structure
-} LOGICAL_DISK_EXTENTS, *PLOGICAL_DISK_EXTENTS;
-
-typedef struct _OPTICAL_MEDIA_RECORD
-{
- USHORT DiskNumber;
- USHORT BusType;
- USHORT DeviceType;
- USHORT MediaType;
- ULONGLONG StartingOffset;
- ULONGLONG Size;
- ULONGLONG NumberOfFreeBlocks;
- ULONGLONG TotalNumberOfBlocks;
- ULONGLONG NextWritableAddress;
- ULONG NumberOfSessions;
- ULONG NumberOfTracks;
- ULONG BytesPerSector;
- USHORT DiscStatus;
- USHORT LastSessionStatus;
- WCHAR Data[1];
-} OPTICAL_MEDIA_RECORD, *POPTICAL_MEDIA_RECORD;
-
-#define CONFIG_MAX_DNS_SERVER 4
-#define CONFIG_MAX_ADAPTER_ADDRESS_LENGTH 8
-
-//
-// Note: Data is an array of structures of type IP_ADDRESS_STRING defined in iptypes.h
-//
-typedef struct _NIC_RECORD
-{
- WCHAR NICName[MAX_DEVICE_ID_LENGTH];
- ULONG Index;
- ULONG PhysicalAddrLen;
- WCHAR PhysicalAddr[CONFIG_MAX_ADAPTER_ADDRESS_LENGTH];
- ULONG Size; // Size of the Data
- LONG IpAddress; // IP Address offset. Copy bytes = sizeof(IP_ADDRESS_STRING)
- LONG SubnetMask; // subnet mask offset. Copy bytes = sizeof(IP_ADDRESS_STRING)
- LONG DhcpServer; // dhcp server offset. Copy bytes = sizeof(IP_ADDRESS_STRING)
- LONG Gateway; // gateway offset. Copy bytes = sizeof(IP_ADDRESS_STRING)
- LONG PrimaryWinsServer; // primary wins server offset. Copy bytes = sizeof(IP_ADDRESS_STRING)
- LONG SecondaryWinsServer;// secondary wins server offset. Copy bytes = sizeof(IP_ADDRESS_STRING)
- LONG DnsServer[CONFIG_MAX_DNS_SERVER]; // dns server offset. Copy bytes = sizeof(IP_ADDRESS_STRING)
- ULONG Data; // Offset to an array of IP_ADDRESS_STRING
-} NIC_RECORD, *PNIC_RECORD;
-
-typedef struct _VIDEO_RECORD
-{
- ULONG MemorySize;
- ULONG XResolution;
- ULONG YResolution;
- ULONG BitsPerPixel;
- ULONG VRefresh;
- WCHAR ChipType[MAX_DEVICE_ID_LENGTH];
- WCHAR DACType[MAX_DEVICE_ID_LENGTH];
- WCHAR AdapterString[MAX_DEVICE_ID_LENGTH];
- WCHAR BiosString[MAX_DEVICE_ID_LENGTH];
- WCHAR DeviceId[MAX_DEVICE_ID_LENGTH];
- ULONG StateFlags;
-} VIDEO_RECORD, *PVIDEO_RECORD;
-
-typedef struct _WMI_DPI_RECORD
-{
- ULONG MachineDPI;
- ULONG UserDPI;
-} WMI_DPI_RECORD, *PWMI_DPI_RECORD;
-
-//
-// Stores the ACPI Power Information
-//
-typedef struct _WMI_POWER_RECORD
-{
- BOOLEAN SystemS1;
- BOOLEAN SystemS2;
- BOOLEAN SystemS3;
- BOOLEAN SystemS4; // hibernate
- BOOLEAN SystemS5; // off
- BOOLEAN AoAc;
- CHAR Pad2;
- CHAR Pad3;
-} WMI_POWER_RECORD, *PWMI_POWER_RECORD;
-
-//
-// Store the IRQ assigned to devices
-//
-typedef struct _WMI_IRQ_RECORD
-{
- // Bit 0 indicates CPU0, Bit 1 indicates CPU1, and so on
- ULONG64 IRQAffinity;
- USHORT IRQGroup;
- USHORT Reserved;
- ULONG IRQNum;
- ULONG DeviceDescriptionLen;
- WCHAR DeviceDescription[1];
-} WMI_IRQ_RECORD, *PWMI_IRQ_RECORD;
-
-typedef struct _WMI_PNP_RECORD_V3
-{
- ULONG IDLength;
- ULONG DescriptionLength;
- ULONG FriendlyNameLength;
- WCHAR Strings[1]; // DeviceID, Description, Friendly, each NULL-terminated
-} WMI_PNP_RECORD_V3, *PWMI_PNP_RECORD_V3;
-
-typedef struct _WMI_PNP_RECORD_V4
-{
- GUID ClassGuid;
- ULONG UpperFilterCount;
- ULONG LowerFilterCount;
- WCHAR Strings[ANYSIZE_ARRAY];
- // DeviceID (unicode string)
- // Description (unicode string)
- // FriendlyName (unicode string)
- // PdoName (unicode string)
- // ServiceName (unicode string)
- // UpperFilters (unicode string)
- // LowerFilters (unicode string)
-} WMI_PNP_RECORD_V4, *PWMI_PNP_RECORD_V4;
-
-typedef struct _WMI_PNP_RECORD_V5
-{
- GUID ClassGuid;
- ULONG UpperFilterCount;
- ULONG LowerFilterCount;
- ULONG DevStatus;
- ULONG DevProblem;
- WCHAR Strings[ANYSIZE_ARRAY];
- // DeviceID (unicode string)
- // Description (unicode string)
- // FriendlyName (unicode string)
- // PdoName (unicode string)
- // ServiceName (unicode string)
- // UpperFilters (unicode string)
- // LowerFilters (unicode string)
-} WMI_PNP_RECORD_V5, *PWMI_PNP_RECORD_V5;
-
-typedef WMI_PNP_RECORD_V5 WMI_PNP_RECORD, *PWMI_PNP_RECORD;
-
-//
-// Store the IDE Channel (Primary/Secondary) info
-//
-typedef struct _WMI_IDE_CHANNEL_RECORD
-{
- ULONG TargetId;
- ULONG DeviceType;
- ULONG DeviceTimingMode;
- ULONG LocationInformationLen;
- WCHAR LocationInformation[1];
-} WMI_IDE_CHANNEL_RECORD, *PWMI_IDE_CHANNEL_RECORD;
-
-typedef struct _WMI_JOB_INFORMATION
-{
- GUID JobId;
- ULONG JobHandle;
- ULONG Flags;
- NTSTATUS Status;
-} WMI_JOB_INFORMATION, *PWMI_JOB_INFORMATION;
-
-typedef struct _WMI_JOB_ASSIGN_PROCESS
-{
- GUID JobId;
- ULONG JobHandle;
- ULONG UniqueProcessId;
- NTSTATUS Status;
-} WMI_JOB_ASSIGN_PROCESS, *PWMI_JOB_ASSIGN_PROCESS;
-
-typedef struct _WMI_JOB_REMOVE_PROCESS
-{
- GUID JobId;
- ULONG UniqueProcessId;
- ULONG RemovalFlags;
- NTSTATUS ExitStatus;
-} WMI_JOB_REMOVE_PROCESS, *PWMI_JOB_REMOVE_PROCESS;
-
-typedef struct _WMI_JOB_SET_QUERY_CPU_RATE
-{
- ULONG AllFlags;
- ULONG Value;
-} WMI_JOB_SET_QUERY_CPU_RATE, *PWMI_JOB_SET_QUERY_CPU_RATE;
-
-typedef struct _WMI_JOB_SET_QUERY_NET_RATE
-{
- ULONG Flags;
- ULONG64 MaxBandwidth;
- UCHAR DscpTag;
-} WMI_JOB_SET_QUERY_NET_RATE, *PWMI_JOB_SET_QUERY_NET_RATE;
-
-typedef struct _WMI_JOB_SET_QUERY_INFORMATION
-{
- GUID JobId;
- ULONG JobHandle;
- ULONG JobObjectInformationClass;
-} WMI_JOB_SET_QUERY_INFORMATION, *PWMI_JOB_SET_QUERY_INFORMATION;
-
-typedef struct _WMI_JOB_SEND_NOTIFICATION_INFORMATION
-{
- GUID JobId;
- ULONG NotificationId;
-} WMI_JOB_SEND_NOTIFICATION_INFORMATION, *PWMI_JOB_SEND_NOTIFICATION_INFORMATION;
-
-#define ETW_PROCESS_EVENT_FLAG_APPLICATION_ID 0x00000001
-#define ETW_PROCESS_EVENT_FLAG_WOW64 0x00000002
-#define ETW_PROCESS_EVENT_FLAG_PROTECTED 0x00000004
-#define ETW_PROCESS_EVENT_FLAG_PACKAGED 0x00000008
-
-typedef struct _WMI_PROCESS_INFORMATION
-{
- ULONG_PTR UniqueProcessKey;
- ULONG ProcessId;
- ULONG ParentId;
- ULONG SessionId;
- NTSTATUS ExitStatus;
- ULONG_PTR DirectoryTableBase;
- ULONG Flags;
- ULONG Sid;
- // Variable length sid
- // FileName (ansi string)
- // CommandLine (unicode string)
- // PackageFullName (unicode string)
- // PRAID (unicode string)
-} WMI_PROCESS_INFORMATION, *PWMI_PROCESS_INFORMATION;
-
-typedef struct _WMI_PROCESS_INFORMATION64
-{
- ULONG64 UniqueProcessKey64;
- ULONG ProcessId;
- ULONG ParentId;
- ULONG SessionId;
- NTSTATUS ExitStatus;
- ULONG64 DirectoryTableBase;
- ULONG Flags;
- ULONG Sid;
- // Variable length data
-} WMI_PROCESS_INFORMATION64, *PWMI_PROCESS_INFORMATION64;
-
-typedef struct _WMI_THREAD_INFORMATION
-{
- ULONG ProcessId;
- ULONG ThreadId;
-} WMI_THREAD_INFORMATION, *PWMI_THREAD_INFORMATION;
-
-typedef signed char SCHAR;
-
-#define ETW_THREAD_FLAG_REGISTRY_NOTIFICATION 0x00000001
-
-typedef struct _WMI_EXTENDED_THREAD_INFORMATION
-{
- ULONG ProcessId;
- ULONG ThreadId;
- PVOID StackBase;
- PVOID StackLimit;
- PVOID UserStackBase;
- PVOID UserStackLimit;
- union
- {
- PVOID StartAddress;
- KAFFINITY Affinity;
- } DUMMYUNIONNAME;
- PVOID Win32StartAddress;
- PVOID TebBase;
- ULONG SubProcessTag;
- SCHAR BasePriority;
- UCHAR PagePriority;
- UCHAR IoPriority;
- UCHAR Flags;
-} WMI_EXTENDED_THREAD_INFORMATION, *PWMI_EXTENDED_THREAD_INFORMATION;
-
-typedef struct _WMI_EXTENDED_THREAD_INFORMATION64
-{
- ULONG ProcessId;
- ULONG ThreadId;
- ULONG64 StackBase64;
- ULONG64 StackLimit64;
- ULONG64 UserStackBase64;
- ULONG64 UserStackLimit64;
- union
- {
- ULONG64 StartAddress64;
- ULONG64 Affinity;
- } DUMMYUNIONNAME;
- ULONG64 Win32StartAddress64;
- ULONG64 TebBase64;
- ULONG SubProcessTag;
- SCHAR BasePriority;
- UCHAR PagePriority;
- UCHAR IoPriority;
- UCHAR Flags;
-} WMI_EXTENDED_THREAD_INFORMATION64, *PWMI_EXTENDED_THREAD_INFORMATION64;
-
-//
-// SignatureLevel flags indicating if the image is embedded or catalog signed.
-//
-
-#define ETW_IMAGE_CATALOG_SIGNED 0x10
-#define ETW_IMAGE_EMBEDDED_SIGNED 0x20
-
-typedef struct _WMI_IMAGELOAD_INFORMATION
-{
- PVOID ImageBase;
- SIZE_T ImageSize;
- ULONG ProcessId;
- ULONG ImageChecksum;
- ULONG TimeDateStamp;
- UCHAR SignatureLevel;
- UCHAR SignatureType;
- USHORT Reserved0;
- PVOID DefaultBase;
- ULONG Reserved1;
- ULONG Reserved2;
- ULONG Reserved3;
- ULONG Reserved4;
- WCHAR FileName[1];
-} WMI_IMAGELOAD_INFORMATION, *PWMI_IMAGELOAD_INFORMATION;
-
-typedef struct _WMI_IMAGELOAD_INFORMATION32
-{
- ULONG32 ImageBase32;
- ULONG32 ImageSize32;
- ULONG ProcessId;
- ULONG ImageChecksum;
- ULONG TimeDateStamp;
- UCHAR SignatureLevel;
- UCHAR SignatureType;
- USHORT Reserved0;
- ULONG32 DefaultBase32;
- ULONG Reserved1;
- ULONG Reserved2;
- ULONG Reserved3;
- ULONG Reserved4;
- WCHAR FileName[1];
-} WMI_IMAGELOAD_INFORMATION32, *PWMI_IMAGELOAD_INFORMATION32;
-
-typedef struct _WMI_IMAGELOAD_INFORMATION64
-{
- ULONG64 ImageBase64;
- ULONG64 ImageSize64;
- ULONG ProcessId;
- ULONG ImageChecksum;
- ULONG TimeDateStamp;
- UCHAR SignatureLevel;
- UCHAR SignatureType;
- USHORT Reserved0;
- ULONG64 DefaultBase64;
- ULONG Reserved1;
- ULONG Reserved2;
- ULONG Reserved3;
- ULONG Reserved4;
- WCHAR FileName[1];
-} WMI_IMAGELOAD_INFORMATION64, *PWMI_IMAGELOAD_INFORMATION64;
-
-#include
-typedef struct _WMI_IMAGEID_INFORMATION
-{
- PVOID ImageBase;
- SIZE_T ImageSize;
- ULONG ProcessId;
- ULONG TimeDateStamp;
- WCHAR OriginalFileName[1];
-} WMI_IMAGEID_INFORMATION, *PWMI_IMAGEID_INFORMATION;
-
-typedef struct _WMI_IMAGEID_INFORMATION32
-{
- ULONG32 ImageBase32;
- ULONG32 ImageSize32;
- ULONG ProcessId;
- ULONG TimeDateStamp;
- WCHAR OriginalFileName[1];
-} WMI_IMAGEID_INFORMATION32, *PWMI_IMAGEID_INFORMATION32;
-
-typedef struct _WMI_IMAGEID_INFORMATION64
-{
- ULONG64 ImageBase64;
- ULONG64 ImageSize64;
- ULONG ProcessId;
- ULONG TimeDateStamp;
- WCHAR OriginalFileName[1];
-} WMI_IMAGEID_INFORMATION64, *PWMI_IMAGEID_INFORMATION64;
-#include
-
-#define ETW_IO_FLAG_BACKUP 0x00000001
-#define ETW_IO_FLAG_PREFETCH 0x00000002
-#define ETW_IO_FLAG_WRITE_AGGREGATION 0x00000004
-
-typedef struct _ETW_DISKIO_READWRITE_V2
-{
- ULONG DiskNumber;
- ULONG IrpFlags;
- ULONG Size;
- ULONG Reserved;
- ULONGLONG ByteOffset;
- PVOID FileObject;
- PVOID IrpAddress;
- ULONGLONG HighResResponseTime;
-} ETW_DISKIO_READWRITE_V2, *PETW_DISKIO_READWRITE_V2;
-
-typedef struct _ETW_DISKIO_READWRITE_V3
-{
- ULONG DiskNumber;
- ULONG IrpFlags;
- ULONG Size;
- ULONG Reserved;
- ULONGLONG ByteOffset;
- PVOID FileObject;
- PVOID IrpAddress;
- ULONGLONG HighResResponseTime;
- ULONG IssuingThreadId;
-} ETW_DISKIO_READWRITE_V3, PETW_DISKIO_READWRITE_V3;
-
-typedef struct _ETW_DISKIO_FLUSH_BUFFERS_V2
-{
- ULONG DiskNumber;
- ULONG IrpFlags;
- ULONGLONG HighResResponseTime;
- PVOID IrpAddress;
-} ETW_DISKIO_FLUSH_BUFFERS_V2, *PETW_DISKIO_FLUSH_BUFFERS_V2;
-
-typedef struct _ETW_DISKIO_FLUSH_BUFFERS_V3
-{
- ULONG DiskNumber;
- ULONG IrpFlags;
- ULONGLONG HighResResponseTime;
- PVOID IrpAddress;
- ULONG IssuingThreadId;
-} ETW_DISKIO_FLUSH_BUFFERS_V3, *PETW_DISKIO_FLUSH_BUFFERS_V3;
-
-typedef struct _ETW_DISKIO_READWRITE_V3 WMI_DISKIO_READWRITE, *PWMI_DISKIO_READWRITE;
-typedef struct _ETW_DISKIO_FLUSH_BUFFERS_V3 WMI_DISKIO_FLUSH_BUFFERS, *PWMI_DISKIO_FLUSH_BUFFERS;
-
-typedef struct _WMI_DISKIO_READWRITE_INIT
-{
- PVOID Irp;
- ULONG IssuingThreadId;
-} WMI_DISKIO_READWRITE_INIT, *PWMI_DISKIO_READWRITE_INIT;
-
-typedef struct _WMI_DISKIO_IO_REDIRECTED_INIT
-{
- PVOID Irp;
- PVOID FileKey;
-} WMI_DISKIO_IO_REDIRECTED_INIT, *PWMI_DISKIO_IO_REDIRECTED_INIT;
-
-typedef struct _ETW_OPTICALIO_READWRITE
-{
- ULONG DiskNumber;
- ULONG IrpFlags;
- ULONG Size;
- ULONG Reserved;
- ULONGLONG ByteOffset;
- PVOID FileObject;
- PVOID IrpAddress;
- ULONGLONG HighResResponseTime;
- ULONG IssuingThreadId;
-} ETW_OPTICALIO_READWRITE, *PETW_OPTICALIO_READWRITE;
-
-typedef struct _ETW_OPTICALIO_FLUSH_BUFFERS
-{
- ULONG DiskNumber;
- ULONG IrpFlags;
- ULONGLONG HighResResponseTime;
- PVOID IrpAddress;
- ULONG IssuingThreadId;
-} ETW_OPTICALIO_FLUSH_BUFFERS, *PETW_OPTICALIO_FLUSH_BUFFERS;
-
-typedef struct _ETW_OPTICALIO_INIT
-{
- PVOID Irp;
- ULONG IssuingThreadId;
-} ETW_OPTICALIO_INIT, *PETW_OPTICALIO_INIT;
-
-typedef struct _WMI_REGISTRY
-{
- LONGLONG InitialTime;
- ULONG Status;
- union
- {
- ULONG Index;
- ULONG InfoClass;
- } DUMMYUNIONNAME;
- PVOID Kcb;
- WCHAR Name[1];
-} WMI_REGISTRY, *PWMI_REGISTRY;
-
-typedef struct _WMI_TXR
-{
- LONGLONG InitialTime;
- GUID TxRGUID;
- ULONG Status;
- ULONG UowCount;
- WCHAR Hive[1];
-} WMI_TXR, *PWMI_TXR;
-
-typedef struct _ETW_REGNOTIF_REGISTER
-{
- PVOID Notification;
- PVOID Kcb;
- UCHAR Type;
- BOOLEAN WatchTree;
- BOOLEAN Primary;
-} ETW_REGNOTIF_REGISTER, *PETW_REGNOTIF_REGISTER;
-
-typedef struct _WMI_FILE_IO
-{
- PVOID FileObject;
- WCHAR FileName[1];
-} WMI_FILE_IO, *PWMI_FILE_IO;
-
-typedef struct _WMI_TCPIP_V4
-{
- ULONG ProcessId;
- ULONG TransferSize;
- UCHAR DestinationAddress[4];
- UCHAR SourceAddress[4];
- USHORT DestinationPort;
- USHORT SourcePort;
-} WMI_TCPIP_V4, *PWMI_TCPIP_V4;
-
-typedef struct _WMI_TCPIP_V6
-{
- ULONG ProcessId;
- ULONG TransferSize;
- UCHAR DestinationAddress[16];
- UCHAR SourceAddress[16];
- USHORT DestinationPort;
- USHORT SourcePort;
-} WMI_TCPIP_V6, *PWMI_TCPIP_V6;
-
-typedef struct _WMI_UDP_V4
-{
- ULONG ProcessId;
- USHORT TransferSize;
- UCHAR DestinationAddress[4];
- UCHAR SourceAddress[4];
- USHORT DestinationPort;
- USHORT SourcePort;
-} WMI_UDP_V4, *PWMI_UDP_V4;
-
-typedef struct _WMI_UDP_V6
-{
- ULONG ProcessId;
- USHORT TransferSize;
- UCHAR DestinationAddress[16];
- UCHAR SourceAddress[16];
- USHORT DestinationPort;
- USHORT SourcePort;
-} WMI_UDP_V6, *PWMI_UDP_V6;
-
-typedef struct _WMI_PAGE_FAULT
-{
- PVOID VirtualAddress;
- PVOID ProgramCounter;
-} WMI_PAGE_FAULT, *PWMI_PAGE_FAULT;
-
-typedef struct _WMI_CONTEXTSWAP
-{
- ULONG NewThreadId;
- ULONG OldThreadId;
-
- CHAR NewThreadPriority;
- CHAR OldThreadPriority;
- union
- {
- UCHAR PreviousCState;
- UCHAR OldThreadRank;
- } DUMMYUNIONNAME;
- union
- {
- CHAR NewThreadPriorityDecrement;
- CHAR SpareByte;
- } DUMMYUNIONNAME2;
- UCHAR OldThreadWaitReason;
- CHAR OldThreadWaitMode;
- UCHAR OldThreadState;
- UCHAR OldThreadIdealProcessor;
-
- ULONG NewThreadWaitTime;
- LONG OldThreadRemainingQuantum;
-} WMI_CONTEXTSWAP, *PWMI_CONTEXTSWAP;
-
-#define WMI_SPINLOCK_EVENT_EXECUTE_DPC_BIT 6
-#define WMI_SPINLOCK_EVENT_EXECUTE_ISR_BIT 7
-#define WMI_SPINLOCK_ACQUIRE_MODE_MASK 0x3F
-
-#include
-typedef struct _WMI_SPINLOCK
-{
- PVOID SpinLockAddress;
- PVOID CallerAddress;
- ULONG64 AcquireTime;
- ULONG64 ReleaseTime;
- ULONG WaitTimeInCycles;
- ULONG SpinCount;
- ULONG ThreadId;
- ULONG InterruptCount;
- UCHAR Irql;
- UCHAR AcquireDepth;
-
- union
- {
- struct
- {
- UCHAR AcquireMode : 6;
- UCHAR ExecuteDpc : 1;
- UCHAR ExecuteIsr : 1;
- };
-
- UCHAR Flags;
- };
-
- UCHAR Reserved[5];
-} WMI_SPINLOCK, *PWMI_SPINLOCK;
-#include
-
-//
-// Logging every action on every instance of ERESOURCE is almost impossible.
-// Especially for highly contented or highly frequently used instances.
-//
-// Thus logging an event is done on complete release operations
-// or on excessive waits with filtering as follows:
-//
-// 1) For contention cases where the releasing thread either:
-// 1.a) Has a wait time, e.g. it was blocked before the acquire.
-// 1.b) Caused one or more other acquire attempts to be blocked.
-// In such a case every N-th sample is logged.
-
-// 2) For a complete release (with or without contention).
-// In this case every N-th sample is logged.
-//
-// 3) Excessive waits.
-//
-// Exact mapping and publishing WMI_RESOURCE_ACTIONs as values used
-// internally in ..\minkernel\ntos\inc\etw.h.
-//
-
-#define WMI_RESOURCE_ACTION_COMPLETE_RELEASE_EXCLUSIVE 0x00010022
-#define WMI_RESOURCE_ACTION_COMPLETE_RELEASE_SHARED 0x00010042
-#define WMI_RESOURCE_ACTION_WAIT_EXCESSIVE_FOR_EXCLUSIVE 0x00010224
-#define WMI_RESOURCE_ACTION_WAIT_EXCESSIVE_FOR_SHARED 0x00010244
-
-typedef struct _WMI_RESOURCE
-{
- ULONG64 AcquireTime;
- ULONG64 HoldTime;
- ULONG64 WaitTime;
- ULONG MaxRecursionDepth;
- ULONG ThreadId;
- PVOID Resource;
- ULONG Action;
- ULONG ContentionDelta;
-} WMI_RESOURCE, *PWMI_RESOURCE;
-
-//
-// Only log wait-events for KQUEUE and PUSHLOCK objects. Full tracing generates
-// way too much data and also significantly affects performance.
-//
-// Also note that full tracing for PUSHLOCK objects is impossible as some routines
-// are defined inline in ex.h and are already compiled into drivers.
-//
-
-#define WMI_QUEUE_ACTION_WAIT_FOR_ITEM 1
-
-typedef struct _WMI_QUEUE {
- PVOID Queue;
- ULONG ThreadId;
- UCHAR Action;
-} WMI_QUEUE, *PWMI_QUEUE;
-
-#define WMI_PUSHLOCK_ACTION_WAIT_FOR_EXCLUSIVE 1
-#define WMI_PUSHLOCK_ACTION_WAIT_FOR_SHARED 2
-
-typedef struct _WMI_PUSHLOCK
-{
- PVOID PushLock;
- ULONG ThreadId;
- UCHAR Action;
-} WMI_PUSHLOCK, *PWMI_PUSHLOCK;
-
-typedef struct _WMI_WAIT_SINGLE
-{
- ULONG ThreadId;
- PVOID Object;
- UCHAR ObjectType;
-} WMI_WAIT_SINGLE, *PWMI_WAIT_SINGLE;
-
-typedef struct _WMI_WAIT_OBJECT_RECORD
-{
- PVOID Object;
- UCHAR ObjectType;
-} WMI_WAIT_OBJECT_RECORD, *PWMI_WAIT_OBJECT_RECORD;
-
-#define WMI_WAIT_MULTIPLE_MAX_OBJECTS 64
-
-#define WMI_WAIT_MULTIPLE_WAIT_ANY 1
-#define WMI_WAIT_MULTIPLE_WAIT_ALL 2
-
-typedef struct _WMI_WAIT_MULTIPLE
-{
- ULONG ThreadId;
- UCHAR WaitType;
- UCHAR ObjectCount;
- WMI_WAIT_OBJECT_RECORD ObjectRecord[WMI_WAIT_MULTIPLE_MAX_OBJECTS];
-} WMI_WAIT_MULTIPLE, *PWMI_WAIT_MULTIPLE;
-
-#define WMI_WAIT_MULTIPLE_HEADER_SIZE (sizeof(PVOID) + sizeof(UCHAR))
-
-typedef struct _WMI_DELAY_EXECUTION
-{
- ULONG ThreadId;
- ULONGLONG Delta;
-} WMI_DELAY_EXECUTION, *PWMI_DELAY_EXECUTION;
-
-//
-// Scheduler events.
-//
-typedef struct _ETW_READY_THREAD_EVENT
-{
- ULONG ThreadId;
- UCHAR AdjustReason;
- SCHAR AdjustIncrement;
- union
- {
- struct
- {
- UCHAR ExecutingDpc : 1;
- UCHAR KernelStackNotResident : 1;
- UCHAR ProcessOutOfMemory : 1;
- UCHAR DirectSwitchAttempt : 1;
- UCHAR Reserved : 4;
- } DUMMYSTRUCTNAME;
- UCHAR Flags;
- } DUMMYUNIONNAME;
- UCHAR SpareByte;
-} ETW_READY_THREAD_EVENT, *PETW_READY_THREAD_EVENT;
-
-//
-// Kernel Queue events.
-//
-typedef struct _ETW_KQUEUE_ENQUEUE_EVENT
-{
- PVOID Entry;
- ULONG ThreadId;
-} ETW_KQUEUE_ENQUEUE_EVENT, *PETW_KQUEUE_ENQUEUE_EVENT;
-
-typedef struct _ETW_KQUEUE_DEQUEUE_EVENT
-{
- ULONG ThreadId;
- ULONG EntryCount;
- PVOID Entries[ANYSIZE_ARRAY];
-} ETW_KQUEUE_DEQUEUE_EVENT, *PETW_KQUEUE_DEQUEUE_EVENT;
-
-//
-// Anti-starvation boost by BalanceSetmanager event.
-//
-
-typedef struct _ETW_ANTI_STARVATION_BOOST_EVENT
-{
- ULONG ThreadId;
- USHORT ProcessorIndex;
- SCHAR OldPriority;
- UCHAR SpareByte;
-} ETW_ANTI_STARVATION_BOOST_EVENT, *PETW_ANTI_STARVATION_BOOST_EVENT;
-
-//
-// AutoBoost priority-inversion avoidance events.
-//
-typedef struct _ETW_AUTOBOOST_SET_PRIORITY_FLOOR_EVENT
-{
- PVOID Lock;
- ULONG ThreadId;
- SCHAR NewCpuPriorityFloor;
- SCHAR OldCpuPriority;
- union
- {
- struct
- {
- SCHAR NewIoPriorityFloor : 4;
- SCHAR OldIoPriority : 4;
- };
- SCHAR IoPriorities;
- };
-
- union
- {
- struct
- {
- UCHAR ExecutingDpc : 1;
- UCHAR WakeupBoost : 1;
- UCHAR BoostedOutstandingIrps : 1;
- UCHAR Reserved : 5;
- };
- UCHAR Flags;
- };
-} ETW_AUTOBOOST_SET_PRIORITY_FLOOR_EVENT, *PETW_AUTOBOOST_SET_PRIORITY_FLOOR_EVENT;
-
-typedef struct _ETW_AUTOBOOST_CLEAR_PRIORITY_FLOOR_EVENT
-{
- PVOID Lock;
- ULONG ThreadId;
- union
- {
- //
- // The order of bits in this field must be the same as the bitmap field
- // in KLOCK_ENTRY.
- //
- struct
- {
- USHORT IoBoost : 1;
- USHORT CpuBoostsBitmap : 15;
- };
- USHORT BoostBitmap;
- };
- USHORT Reserved;
-} ETW_AUTOBOOST_CLEAR_PRIORITY_FLOOR_EVENT, *PETW_AUTOBOOST_CLEAR_PRIORITY_FLOOR_EVENT;
-
-typedef struct _ETW_AUTOBOOST_NO_ENTRIES_EVENT
-{
- PVOID Lock;
- ULONG ThreadId;
-} ETW_AUTOBOOST_NO_ENTRIES_EVENT, *PETW_AUTOBOOST_NO_ENTRIES_EVENT;
-
-//
-// Priority and affinity change events.
-//
-typedef struct _ETW_PRIORITY_EVENT
-{
- ULONG ThreadId;
- SCHAR OldPriority;
- SCHAR NewPriority;
- SCHAR DynamicPriority; // SetBasePriority events only
- SCHAR Reserved;
-} ETW_PRIORITY_EVENT, *PETW_PRIORITY_EVENT;
-
-typedef struct _ETW_THREAD_AFFINITY_EVENT
-{
- KAFFINITY Mask;
- ULONG ThreadId;
- USHORT Group;
- USHORT Reserved;
-} ETW_THREAD_AFFINITY_EVENT, *PETW_THREAD_AFFINITY_EVENT;
-
-typedef struct _ETW_DEBUG_PRINT_EVENT
-{
- ULONG Component;
- ULONG Level;
- CHAR Message[1];
-} ETW_DEBUG_PRINT_EVENT, *PETW_DEBUG_PRINT_EVENT;
-
-//
-// Note that BIGPOOL mask is carefully chosen to avoid conflict, and
-// this is only for instrumentation. So, there is possibility that
-// mask is used by pool component at future.
-//
-
-#define ETW_POOLTRACE_BIGPOOL_MASK 0x10000000
-
-typedef struct _ETW_POOL_EVENT
-{
- ULONG PoolType;
- ULONG Tag;
- SIZE_T NumberOfBytes;
- PVOID Entry;
-} ETW_POOL_EVENT, *PETW_POOL_EVENT;
-
-//
-// Object Manager events
-//
-
-#define ETW_KERNEL_HANDLE_MASK 0x80000000
-
-typedef struct _ETW_CREATE_HANDLE_EVENT
-{
- PVOID Object;
- ULONG Handle;
- USHORT ObjectType;
-} ETW_CREATE_HANDLE_EVENT, *PETW_CREATE_HANDLE_EVENT;
-
-typedef ETW_CREATE_HANDLE_EVENT ETW_CLOSE_HANDLE_EVENT, *PETW_CLOSE_HANDLE_EVENT;
-
-#include
-typedef struct _ETW_DUPLICATE_HANDLE_EVENT
-{
- PVOID Object;
- ULONG SourceHandle;
- ULONG TargetHandle;
- ULONG TargetProcessId;
- USHORT ObjectType;
- ULONG SourceProcessId;
-} ETW_DUPLICATE_HANDLE_EVENT, *PETW_DUPLICATE_HANDLE_EVENT;
-#include
-
-typedef struct _ETW_OBJECT_TYPE_EVENT
-{
- USHORT ObjectType;
- USHORT Reserved;
- WCHAR Name[ANYSIZE_ARRAY];
-} ETW_OBJECT_TYPE_EVENT, *PETW_OBJECT_TYPE_EVENT;
-
-typedef struct _ETW_OBJECT_HANDLE_EVENT
-{
- PVOID Object;
- ULONG ProcessId;
- ULONG Handle;
- USHORT ObjectType;
-} ETW_OBJECT_HANDLE_EVENT, *PETW_OBJECT_HANDLE_EVENT;
-
-typedef struct _ETW_REFDEREF_OBJECT_EVENT
-{
- PVOID Object;
- ULONG Tag;
- ULONG Count;
-} ETW_REFDEREF_OBJECT_EVENT, *PETW_REFDEREF_OBJECT_EVENT;
-
-typedef struct _ETW_CREATEDELETE_OBJECT_EVENT
-{
- PVOID Object;
- USHORT ObjectType;
-} ETW_CREATEDELETE_OBJECT_EVENT, *PETW_CREATEDELETE_OBJECT_EVENT;
-
-//
-// Wake Counter events
-//
-typedef struct _ETW_WAKE_COUNTER_EVENT
-{
- PVOID Object;
- ULONG_PTR Tag;
- ULONG ProcessId;
- LONG Count;
-} ETW_WAKE_COUNTER_EVENT, *PETW_WAKE_COUNTER_EVENT;
-
-//
-// Heap events
-//
-
-#include
-typedef struct _ETW_HEAP_EVENT_COMMON
-{
- SYSTEM_TRACE_HEADER Header; // Header
- PVOID Handle; // Handle of Heap
-} ETW_HEAP_EVENT_COMMON, *PETW_HEAP_EVENT_COMMON;
-#include
-
-#include
-typedef struct _ETW_HEAP_EVENT_ALLOC
-{
- SYSTEM_TRACE_HEADER Header; // Header
- PVOID HeapHandle; // Handle of Heap
- SIZE_T Size; // Size of allocation in bytes
- PVOID Address; // Address of Allocation
- ULONG Source; // Type ie Lookaside, Lowfrag or main path
-
-} ETW_HEAP_EVENT_ALLOC, *PETW_HEAP_EVENT_ALLOC;
-#include
-
-#include
-typedef struct _ETW_HEAP_EVENT_FREE
-{
- SYSTEM_TRACE_HEADER Header; // Header
- PVOID HeapHandle; // Handle of Heap
- PVOID Address; // Address to free
- ULONG Source; // Type ie Lookaside, Lowfrag or main path
-
-} ETW_HEAP_EVENT_FREE, *PETW_HEAP_EVENT_FREE;
-#include
-
-#include
-typedef struct _ETW_HEAP_EVENT_REALLOC
-{
- SYSTEM_TRACE_HEADER Header; // Header
- PVOID HeapHandle; // Handle of Heap
- PVOID NewAddress; // New Address returned to user
- PVOID OldAddress; // Old Address got from user
- SIZE_T NewSize; // New Size in bytes
- SIZE_T OldSize; // Old Size in bytes
- ULONG Source; // Type ie Lookaside, Lowfrag or main path
-} ETW_HEAP_EVENT_REALLOC, *PETW_HEAP_EVENT_REALLOC;
-#include
-
-#include
-typedef struct _ETW_HEAP_EVENT_EXPANSION
-{
- SYSTEM_TRACE_HEADER Header; // Header
- PVOID HeapHandle; // Handle of Heap
- SIZE_T CommittedSize; // Memory Size in bytes actually committed
- PVOID Address; // Address of free block or segment
- SIZE_T FreeSpace; // Total free Space in Heap
- SIZE_T CommittedSpace; // Memory Committed
- SIZE_T ReservedSpace; // Memory reserved
- ULONG NoOfUCRs; // Number of uncommitted ranges
- SIZE_T AllocatedSpace; // Memory allocated
-} ETW_HEAP_EVENT_EXPANSION, *PETW_HEAP_EVENT_EXPANSION;
-#include
-
-#include
-typedef struct _ETW_HEAP_EVENT_CONTRACTION
-{
- SYSTEM_TRACE_HEADER Header; // Header
- PVOID HeapHandle; // Handle of Heap
- SIZE_T DeCommitSize; // The size of DeCommitted Block
- PVOID DeCommitAddress; // Address of the Decommitted block
- SIZE_T FreeSpace; // Total free Space in Heap in bytes
- SIZE_T CommittedSpace; // Memory Committed in bytes
- SIZE_T ReservedSpace; // Memory reserved in bytes
- ULONG NoOfUCRs; // Number of UnCommitted Ranges
- SIZE_T AllocatedSpace; // Memory allocated
-
-} ETW_HEAP_EVENT_CONTRACTION, *PETW_HEAP_EVENT_CONTRACTION;
-#include
-
-#include
-typedef struct _ETW_HEAP_EVENT_CREATE
-{
- SYSTEM_TRACE_HEADER Header; // Header
- PVOID HeapHandle; // Handle of Heap
- ULONG Flags; // Flags passed while creating heap.
- SIZE_T ReserveSize;
- SIZE_T CommitSize;
- SIZE_T AllocatedSize;
-} ETW_HEAP_EVENT_CREATE, *PETW_HEAP_EVENT_CREATE;
-#include
-
-#define HEAP_LOG_CREATE_HEAP 1
-#define HEAP_LOG_FIND_AND_COMMIT_PAGES 2
-#define HEAP_LOG_INITIALIZE_SEGMENT 3
-#define HEAP_LOG_EXTEND_HEAP 4
-#define HEAP_LOG_DECOMMIT_FREE_BLOCK 5
-#define HEAP_LOG_DECOMMIT_FREE_BLOCK2 6
-#define HEAP_LOG_DECOMMIT_BLOCK 7
-#define HEAP_LOG_COMMIT_BLOCK 8
-#define HEAP_LOG_ALLOCATE_HEAP 9
-#define HEAP_LOG_COMMIT_AND_INITIALIZE_PAGES 10
-#define HEAP_LOG_ALLOCATE_SEGMENT_HEAP 11
-#define HEAP_LOG_ALLOCATE_NEW_SEGMENT 12
-#define HEAP_LOG_DECOMMIT_PAGE_RANGE 13
-
-typedef struct _HEAP_EVENT_COMMIT_DECOMMIT
-{
- PVOID HeapHandle;
- PVOID Block;
- SIZE_T Size;
- ULONG Caller;
-} HEAP_EVENT_COMMIT_DECOMMIT, *PHEAP_EVENT_COMMIT_DECOMMIT;
-
-typedef struct _HEAP_COMMIT_DECOMMIT
-{
- SYSTEM_TRACE_HEADER Header;
- HEAP_EVENT_COMMIT_DECOMMIT Event;
-} HEAP_COMMIT_DECOMMIT, *PHEAP_COMMIT_DECOMMIT;
-
-typedef struct _HEAP_EVENT_SUBSEGMENT_ALLOC_FREE
-{
- PVOID HeapHandle;
- PVOID SubSegment;
- SIZE_T SubSegmentSize;
- SIZE_T BlockSize;
-} HEAP_EVENT_SUBSEGMENT_ALLOC_FREE, *PHEAP_EVENT_SUBSEGMENT_ALLOC_FREE;
-
-typedef struct _HEAP_SUBSEGMENT_FREE
-{
- SYSTEM_TRACE_HEADER Header;
- HEAP_EVENT_SUBSEGMENT_ALLOC_FREE Event;
-} HEAP_SUBSEGMENT_FREE, *PHEAP_SUBSEGMENT_FREE;
-
-typedef struct _HEAP_SUBSEGMENT_ALLOC
-{
- SYSTEM_TRACE_HEADER Header;
- HEAP_EVENT_SUBSEGMENT_ALLOC_FREE Event;
-} HEAP_SUBSEGMENT_ALLOC, *PHEAP_SUBSEGMENT_ALLOC;
-
-#include
-typedef struct _HEAP_SUBSEGMENT_INIT
-{
- SYSTEM_TRACE_HEADER Header;
- PVOID HeapHandle;
- PVOID SubSegment;
- SIZE_T BlockSize;
- SIZE_T BlockCount;
- ULONG AffinityIndex;
-} HEAP_SUBSEGMENT_INIT, *PHEAP_SUBSEGMENT_INIT;
-#include
-
-#include
-typedef struct _HEAP_AFINITY_MANAGER_ENABLE
-{
- SYSTEM_TRACE_HEADER Header;
- PVOID HeapHandle;
- ULONG BucketIndex;
-} HEAP_AFFINITY_MANAGER_ENABLE, *PHEAP_AFFINITY_MANAGER_ENABLE;
-#include
-
-#include
-typedef struct _HEAP_AFFINITY_SLOT_ASSIGN
-{
- SYSTEM_TRACE_HEADER Header;
- PVOID HeapHandle;
- PVOID SubSegment;
- ULONG SlotIndex;
-} HEAP_AFFINITY_SLOT_ASSIGN, *PHEAP_AFFINITY_SLOT_ASSIGN;
-#include
-
-#include
-typedef struct _HEAP_REUSE_THRESHOLD_ACTIVATED
-{
- SYSTEM_TRACE_HEADER Header;
- PVOID HeapHandle;
- PVOID SubSegment;
- ULONG BucketIndex;
-} HEAP_REUSE_THRESHOLD_ACTIVATED, *PHEAP_REUSE_THRESHOLD_ACTIVATED;
-#include
-
-#include
-typedef struct _HEAP_SUBSEGMENT_ACTIVATED
-{
- SYSTEM_TRACE_HEADER Header;
- PVOID HeapHandle;
- PVOID SubSegment;
-} HEAP_SUBSEGMENT_ACTIVATED, *PHEAP_AFFINITY_SLOT_ACTIVATED;
-#include
-
-#include
-typedef struct _ETW_HEAP_EVENT_SNAPSHOT
-{
- SYSTEM_TRACE_HEADER Header; // Header
- PVOID HeapHandle; // Handle of Heap
- SIZE_T FreeSpace; // Total free Space in Heap in bytes
- SIZE_T CommittedSpace; // Memory Committed in bytes
- SIZE_T ReservedSpace; // Memory reserved in bytes
- ULONG Flags; // Flags passed while creating heap.
- ULONG ProcessId;
- SIZE_T LargeUCRSpace;
- ULONG FreeListLength;
- ULONG UCRLength;
- SIZE_T AllocatedSpace; // Total allocated space in heap, in bytes
-} ETW_HEAP_EVENT_SNAPSHOT, *PETW_HEAP_EVENT_SNAPSHOT;
-#include
-
-#include
-typedef struct _ETW_HEAP_EVENT_RUNDOWN_RANGE
-{
- PVOID Address;
- SIZE_T Size;
-} ETW_HEAP_EVENT_RUNDOWN_RANGE, *PETW_HEAP_EVENT_RUNDOWN_RANGE;
-#include
-
-#include
-typedef struct _ETW_HEAP_EVENT_RUNDOWN
-{
- SYSTEM_TRACE_HEADER Header; // Header
- PVOID HeapHandle;
- ULONG Flags;
- ULONG ProcessId;
- ULONG RangeCount;
- ULONG Reserved; // for padding
- ETW_HEAP_EVENT_RUNDOWN_RANGE Ranges[1];
-} ETW_HEAP_EVENT_RUNDOWN, *PETW_HEAP_EVENT_RUNDOWN;
-#include
-
-typedef struct _HEAP_EVENT_RANGE_CREATE
-{
- PVOID HeapHandle;
- SIZE_T FirstRangeSize;
- ULONG Flags;
-} HEAP_EVENT_RANGE_CREATE, *PHEAP_EVENT_RANGE_CREATE;
-
-typedef struct _HEAP_EVENT_RANGE
-{
- PVOID HeapHandle;
- PVOID Address;
- SIZE_T Size;
-} HEAP_EVENT_RANGE, *PHEAP_EVENT_RANGE;
-
-typedef struct _HEAP_RANGE_CREATE
-{
- SYSTEM_TRACE_HEADER Header;
- HEAP_EVENT_RANGE_CREATE Event;
-} HEAP_RANGE_CREATE, *PHEAP_RANGE_CREATE;
-
-typedef struct _HEAP_RANGE_DESTROY
-{
- SYSTEM_TRACE_HEADER Header;
- PVOID HeapHandle;
-} HEAP_RANGE_DESTROY, *PHEAP_RANGE_DESTROY;
-
-typedef struct _HEAP_RANGE_LOG
-{
- SYSTEM_TRACE_HEADER Header;
- HEAP_EVENT_RANGE Range;
-} HEAP_RANGE_LOG, *PHEAP_RANGE_LOG;
-
-typedef struct _ETW_CRITSEC_EVENT_COLLISION
-{
- SYSTEM_TRACE_HEADER Header; // Header
- ULONG LockCount; // Lock Count
- ULONG SpinCount; // Spin Count
- PVOID OwningThread; // Thread having Lock
- PVOID Address; // Address of Critical Section
-} ETW_CRITSEC_EVENT_COLLISION, *PETW_CRITSEC_EVENT_COLLISION;
-
-typedef struct _ETW_CRITSEC_EVENT_INIT
-{
- SYSTEM_TRACE_HEADER Header; // Header
- PVOID SpinCount; // Spin Count
- PVOID Address; // Address of Critical Section
-} ETW_CRITSEC_EVENT_INIT, *PETW_CRITSEC_EVENT_INIT;
-
-typedef struct _STACK_WALK_EVENT_DATA
-{
- ULONGLONG TimeStamp;
- ULONG ProcessId;
- ULONG ThreadId;
- PVOID Addresses[1]; //Address of captured Stack address
-} STACK_WALK_EVENT_DATA, * PSTACK_WALK_EVENT_DATA;
-
-typedef struct _LOAD_DLL_EVENT_DATA
-{
- WCHAR ImageName[1];
-} LOAD_DLL_EVENT_DATA, *PLOAD_DLL_EVENT_DATA;
-
-typedef struct _CM_PERF_COUNTERS
-{
- ULONGLONG OpenedKeys; // number of kcbs in the system
- ULONGLONG DelayCloseKCBs; // number of kcbs in delay close
- ULONGLONG PrivateAllocPages; // number of pages used by the private allocator for kcbs
- ULONGLONG PrivateAllocFree; // number of fixed size allocations which are currently free
- ULONGLONG PrivateAllocUsed; // number of fixed size allocations which are currently in use
- ULONGLONG LookupCacheHit; // cache hit
- ULONGLONG LookupCacheMissFound; // cache miss but key was opened from the hive
- ULONGLONG LookupCacheMissNotFound; // cache miss; key does not exist
- ULONGLONG ViewMap; // number of times we mapped a view
- ULONGLONG ViewUnMap; // number of times we mapped a view
- ULONGLONG HiveShrink; // number of times we have shrunk a hive
-} CM_PERF_COUNTERS, *PCM_PERF_COUNTERS;
-
-//
-// The class scheduler events
-//
-typedef struct _CI_LOG_SCHEDULER_EVENT
-{
- EVENT_TRACE_HEADER Header; // Header
- ULONG ProcessId; // Process id of the the thread being scheduled
- ULONG ThreadId; // Thread id of the thread being scheduled
- ULONG Priority; // Scheduling priority
- ULONG TaskIndex; // Task index the thread being scheduled linked to.
-} CI_LOG_SCHEDULER_EVENT, *PCI_LOG_SCHEDULER_EVENT;
-
-typedef struct _CI_LOG_SCHEDULER_WAKEUP
-{
- EVENT_TRACE_HEADER Header; // Header
- ULONG Reason;
-} CI_LOG_SCHEDULER_WAKEUP, *PCI_LOG_SCHEDULER_WAKEUP;
-
-typedef struct _CI_LOG_SCHEDULER_SLEEP
-{
- EVENT_TRACE_HEADER Header; // Header
-} CI_LOG_SCHEDULER_SLEEP, *PCI_LOG_SCHEDULER_SLEEP;
-
-typedef struct _CI_LOG_SCHEDULER_SLEEP_RESPONSE
-{
- EVENT_TRACE_HEADER Header; // Header
-} CI_LOG_SCHEDULER_SLEEP_RESPONSE, *PCI_LOG_SCHEDULER_SLEEP_RESPONSE;
-
-typedef struct _CI_LOG_MMCSS_START
-{
- EVENT_TRACE_HEADER Header; // Header
-} CI_LOG_MMCSS_START, *PCI_LOG_MMCSS_START;
-
-typedef struct _CI_LOG_MMCSS_STOP
-{
- EVENT_TRACE_HEADER Header; // Header
-} CI_LOG_MMCSS_STOP, *PCI_LOG_MMCSS_STOP;
-
-//
-// UMS events.
-//
-#define UMS_ETW_DIRECTED_SWITCH_START_VOLATILE (0x1)
-
-typedef struct _ETW_UMS_EVENT_DIRECTED_SWITCH_START
-{
- ULONG ProcessId;
- ULONG ScheduledThreadId;
- ULONG PrimaryThreadId;
- ULONG SwitchFlags;
-} ETW_UMS_EVENT_DIRECTED_SWITCH_START, *PETW_UMS_EVENT_DIRECTED_SWITCH_START;
-
-#define UMS_ETW_DIRECTED_SWITCH_END_FAST (0x1)
-
-typedef struct _ETW_UMS_EVENT_DIRECTED_SWITCH_END
-{
- ULONG ProcessId;
- ULONG ScheduledThreadId;
- ULONG PrimaryThreadId;
- ULONG SwitchFlags;
-} ETW_UMS_EVENT_DIRECTED_SWITCH_END, *PETW_UMS_EVENT_DIRECTED_SWITCH_END;
-
-#define UMS_ETW_PARK_VOLATILE (0x1)
-#define UMS_ETW_PARK_PRIMARY_PRESENT (0x2)
-#define UMS_ETW_PARK_PRIMARY_DELIVERED_CONTEXT (0x4)
-
-typedef struct _ETW_UMS_EVENT_PARK
-{
- ULONG ProcessId;
- ULONG ScheduledThreadId;
- ULONG ParkFlags;
-} ETW_UMS_EVENT_PARK, *PETW_UMS_EVENT_PARK;
-
-typedef struct _ETW_UMS_EVENT_DISASSOCIATE
-{
- ULONG ProcessId;
- ULONG ScheduledThreadId;
- ULONG PrimaryThreadId;
- ULONG UmsApcControlFlags;
- NTSTATUS Status;
-} ETW_UMS_EVENT_DISASSOCIATE, *PETW_UMS_EVENT_DISASSOCIATE;
-
-typedef struct _ETW_UMS_EVENT_CONTEXT_SWITCH
-{
- SYSTEM_TRACE_HEADER Header;
- ULONG ScheduledThreadId;
- ULONG SwitchCount;
- ULONG KernelYieldCount;
- ULONG MixedYieldCount;
- ULONG YieldCount; // Used to determine event size; needs to be the last field.
-} ETW_UMS_EVENT_CONTEXT_SWITCH, *PETW_UMS_EVENT_CONTEXT_SWITCH;
-
-//
-// For ETW_SET_TIMER_EVENT, Period must always be defined as the last member as
-// the same structure is used for periodic and one-shot timers. In the latter
-// case, the payload size is truncated to ignore the period field.
-//
-typedef struct _ETW_SET_TIMER_EVENT
-{
- ULONG64 ExpectedDueTime;
- ULONG_PTR TimerAddress;
- USHORT TargetProcessorGroup;
- UCHAR TargetProcessorIndex;
- UCHAR Flags;
- ULONG Period;
- UCHAR EncodedDelay;
- UCHAR Reserved0;
- USHORT Reserved1;
-} ETW_SET_TIMER_EVENT, *PETW_SET_TIMER_EVENT;
-
-typedef struct _ETW_CANCEL_TIMER_EVENT
-{
- ULONG_PTR TimerAddress;
-} ETW_CANCEL_TIMER_EVENT, *PETW_CANCEL_TIMER_EVENT;
-
-typedef struct _ETW_TIMER_EXPIRATION_EVENT
-{
- ULONG64 ExpectedDueTime;
- ULONG_PTR TimerAddress;
- ULONG_PTR DeferredRoutine;
- UCHAR EncodedDelay;
-} ETW_TIMER_EXPIRATION_EVENT, *PETW_TIMER_EXPIRATION_EVENT;
-
-typedef struct _ETW_TIMER_EXPIRATION_START_EVENT
-{
- ULONG64 InterruptTime;
-} ETW_TIMER_EXPIRATION_START_EVENT, *PETW_TIMER_EXPIRATION_START_EVENT;
-
-#define ETW_KTIMER2_HAS_CALLBACK 0x01
-#define ETW_KTIMER2_PERIODIC 0x02
-#define ETW_KTIMER2_IDLE_RESILIENT 0x04
-#define ETW_KTIMER2_HIGH_RESOLUTION 0x08
-#define ETW_KTIMER2_NO_WAKE 0x10
-#define ETW_KTIMER2_NO_WAKE_FINITE 0x20
-
-//
-// Define timer events.
-//
-
-#define ETW_TIMER_COALESCABLE 0x01
-#define ETW_TIMER_DPC 0x02
-#define ETW_TIMER_IDLE_RESILIENT ETW_KTIMER2_IDLE_RESILIENT
-#define ETW_TIMER_HIGH_RESOLUTION ETW_KTIMER2_HIGH_RESOLUTION
-#define ETW_TIMER_NO_WAKE ETW_KTIMER2_NO_WAKE
-
-typedef struct _ETW_SET_KTIMER2_EVENT
-{
- ULONG64 DueTime;
- ULONG64 MaximumDueTime;
- ULONG64 Period;
- ULONG_PTR TimerKey;
- ULONG_PTR Callback;
- ULONG_PTR CallbackContextKey;
- UCHAR Flags;
-} ETW_SET_KTIMER2_EVENT, *PETW_SET_KTIMER2_EVENT;
-
-typedef ETW_SET_KTIMER2_EVENT ETW_KTIMER2_EXPIRATION_EVENT, *PETW_KTIMER2_EXPIRATION_EVENT;
-
-typedef struct _ETW_CANCEL_KTIMER2_EVENT
-{
- ULONG_PTR TimerKey;
-} ETW_CANCEL_KTIMER2_EVENT, *PETW_CANCEL_KTIMER2_EVENT;
-
-#define ETW_DISABLE_KTIMER2_CANCEL 0x1
-#define ETW_DISABLE_KTIMER2_WAIT 0x2
-#define ETW_DISABLE_KTIMER2_DELAYED 0x4
-#define ETW_DISABLE_KTIMER2_HAS_DISABLE_CALLBACK 0x8
-
-typedef struct _ETW_DISABLE_KTIMER2_EVENT
-{
- ULONG_PTR TimerKey;
- ULONG_PTR DisableCallback;
- ULONG_PTR DisableContextKey;
- UCHAR Flags;
-} ETW_DISABLE_KTIMER2_EVENT, *PETW_DISABLE_KTIMER2_EVENT;
-
-typedef struct _ETW_FINALIZE_KTIMER2_EVENT
-{
- ULONG_PTR TimerKey;
- ULONG_PTR DisableCallback;
- ULONG_PTR DisableContextKey;
-} ETW_FINALIZE_KTIMER2_EVENT, *PETW_FINALIZE_KTIMER2_EVENT;
-
-//
-// Clock event definitions.
-//
-typedef enum _PERFINFO_DYNAMIC_TICK_VETO_REASON
-{
- DynamicTickVetoNone = 0,
- DynamicTickVetoProcBusy,
- DynamicTickVetoSoftwareTimer,
- DynamicTickVetoClockConstraint,
- DynamicTickVetoClockOutOfSync,
- DynamicTickVetoClockUpdateFailed,
- DynamicTickVetoMax
-} PERFINFO_DYNAMIC_TICK_VETO_REASON, *PPERFINFO_DYNAMIC_TICK_VETO_REASON;
-
-typedef enum _PERFINFO_DYNAMIC_TICK_DISABLE_REASON
-{
- DynamicTickDisableReasonNone = 0,
- DynamicTickDisableReasonBcdOverride,
- DynamicTickDisableReasonNoHwSupport,
- DynamicTickDisableReasonEmOverride,
- DynamicTickDisableReasonMax
-} PERFINFO_DYNAMIC_TICK_DISABLE_REASON, *PPERFINFO_DYNAMIC_TICK_DISABLE_REASON;
-
-typedef struct _ETW_CLOCK_CONFIGURATION_EVENT
-{
- ULONG KnownType;
- ULONG Capabilities;
- PERFINFO_DYNAMIC_TICK_DISABLE_REASON DisableReason;
-} ETW_CLOCK_CONFIGURATION_EVENT, *PETW_CLOCK_CONFIGURATION_EVENT;
-
-typedef struct _ETW_CLOCK_TIME_UPDATE
-{
- ULONG64 InterruptTime;
- ULONG ClockOwner;
-} ETW_CLOCK_TIME_UPDATE, *PETW_CLOCK_TIME_UPDATE;
-
-typedef struct _ETW_CLOCK_STATE_CHANGE_EVENT
-{
- UCHAR NewState;
- UCHAR PrevState;
- UCHAR Reserved[6];
- union
- {
- struct
- {
- ULONG64 DeliveredIncrement;
- ULONG64 RequestedIncrement;
- };
- ULONG64 NextClockUpdateTime;
- };
-} ETW_CLOCK_STATE_CHANGE_EVENT, *PETW_CLOCK_STATE_CHANGE_EVENT;
-
-//
-// DFSS Events
-//
-typedef struct _ETW_PER_SESSION_QUOTA
-{
- ULONG SessionId;
- ULONG CpuShareWeight;
- LONGLONG CapturedWeightData;
- ULONG64 CyclesAccumulated;
-} ETW_PER_SESSION_QUOTA, *PETW_PER_SESSION_QUOTA;
-
-typedef struct _ETW_DFSS_START_NEW_INTERVAL
-{
- ULONG CurrentGeneration;
- ULONG SessionCount;
- ULONG64 TotalCycleCredit;
- ULONG64 TotalCyclesAccumulated;
- ETW_PER_SESSION_QUOTA SessionQuota[1];
-} ETW_DFSS_START_NEW_INTERVAL, *PETW_DFSS_START_NEW_INTERVAL;
-
-typedef struct _ETW_DFSS_RELEASE_THREAD_ON_IDLE
-{
- ULONG CurrentGeneration;
- ULONG SessionSelectedToRun;
- ULONG64 CycleBaseAllowance;
- LONG64 CyclesRemaining;
-} ETW_DFSS_RELEASE_THREAD_ON_IDLE, *PETW_DFSS_RELEASE_THREAD_ON_IDLE;
-
-typedef struct _ETW_CPU_CACHE_FLUSH_EVENT
-{
- PVOID Address;
- SIZE_T Bytes;
- BOOLEAN Clean;
- BOOLEAN FullFlush;
- BOOLEAN Rectangle;
- BOOLEAN Reserved0;
- ULONG Reserved1;
-} ETW_CPU_CACHE_FLUSH_EVENT, *PETW_CPU_CACHE_FLUSH_EVENT;
-
-DEFINE_GUID( /* 2b88b710-1c93-4f7c-b06c-655ecc50decc */
- EtwSecondaryDumpDataGuid,
- 0x2b88b710,
- 0x1c93,
- 0x4f7c,
- 0xb0, 0x6c, 0x65, 0x5e, 0xcc, 0x50, 0xde, 0xcc
- );
-
-//
-// CKCL Name and Guid
-//
-#define CKCL_NAMEW L"Circular Kernel Context Logger"
-#define CKCL_NAMEA "Circular Kernel Context Logger"
-
-DEFINE_GUID( /* 54dea73a-ed1f-42a4-af71-3e63d056f174 */
- CKCLGuid,
- 0x54dea73a,
- 0xed1f,
- 0x42a4,
- 0xaf, 0x71, 0x3e, 0x63, 0xd0, 0x56, 0xf1, 0x74
- );
-
-//
-// Audit Session Name and Guid
-//
-#define AUDIT_LOGGER_NAMEW L"Eventlog-Security"
-#define AUDIT_LOGGER_NAMEA "Eventlog-Security"
-
-DEFINE_GUID( /* 0e66e20b-b802-ba6a-9272-31199d0ed295 */
- AuditLoggerGuid,
- 0x0e66e20b,
- 0xb802,
- 0xba6a,
- 0x92, 0x72, 0x31, 0x19, 0x9d, 0x0e, 0xd2, 0x95
- );
-
-//
-// Security Provider (LSASS) Guid
-//
-DEFINE_GUID( /* 54849625-5478-4994-a5ba-3e3b0328c30d */
- SecurityProviderGuid,
- 0x54849625,
- 0x5478,
- 0x4994,
- 0xa5, 0xba, 0x3e, 0x3b, 0x03, 0x28, 0xc3, 0x0d
- );
-
-DEFINE_GUID( /* 472496cf-0daf-4f7c-ac2e-3f8457ecc6bb */
- PrivateLoggerSecurityGuid,
- 0x472496cf,
- 0x0daf,
- 0x4f7c,
- 0xac, 0x2e, 0x3f, 0x84, 0x57, 0xec, 0xc6, 0xbb
- );
-
-//
-// Spare guids for Perf/System events.
-//
-
-DEFINE_GUID( /* 3282fc76-feed-498e-8aa7-e70f459d430e */
- JobGuid,
- 0x3282fc76,
- 0xfeed,
- 0x498e,
- 0x8a, 0xa7, 0xe7, 0x0f, 0x45, 0x9d, 0x43, 0x0e
- );
-
-DEFINE_GUID( /* 99134383-5248-43fc-834b-529454e75df3 */
- EventTraceSpare1,
- 0x99134383,
- 0x5248,
- 0x43fc,
- 0x83, 0x4b, 0x52, 0x94, 0x54, 0xe7, 0x5d, 0xf3
- );
-
-DEFINE_GUID( /* 42695762-ea50-497a-9068-5cbbb35e0b95 */
- WnfGuid,
- 0x42695762,
- 0xea50,
- 0x497a,
- 0x90, 0x68, 0x5c, 0xbb, 0xb3, 0x5e, 0x0b, 0x95
- );
-
-DEFINE_GUID( /* 3BEEF58A-6E0F-445D-B2A4-37AB737BD47E */
- UmglThreadGuid,
- 0x3beef58a,
- 0x6e0f,
- 0x445d, 0xb2, 0xa4, 0x37, 0xab, 0x73, 0x7b, 0xd4, 0x7e
- );
-
-////
-//// DefaultTraceSecurityGuid. Specifies the default event tracing security
-////
-//DEFINE_GUID( /* 0811c1af-7a07-4a06-82ed-869455cdf713 */
-// DefaultTraceSecurityGuid,
-// 0x0811c1af,
-// 0x7a07,
-// 0x4a06,
-// 0x82, 0xed, 0x86, 0x94, 0x55, 0xcd, 0xf7, 0x13
-// );
-
-DEFINE_GUID( /* 3d6fa8d4-fe05-11d0-9dda-00c04fd7ba7c */
- DiskIoGuid,
- 0x3d6fa8d4,
- 0xfe05,
- 0x11d0,
- 0x9d, 0xda, 0x00, 0xc0, 0x4f, 0xd7, 0xba, 0x7c
- );
-
-DEFINE_GUID( /* B3E675D7-2554-4f18-830B-2762732560DE */
- ImageIdGuid,
- 0xb3e675d7,
- 0x2554,
- 0x4f18,
- 0x83, 0xb, 0x27, 0x62, 0x73, 0x25, 0x60, 0xde
- );
-
-DEFINE_GUID( /* 0268a8b6-74fd-4302-9dd0-6e8f1795c0cf */
- PoolGuid,
- 0x0268a8b6,
- 0x74fd,
- 0x4302,
- 0x9d, 0xd0, 0x6e, 0x8f, 0x17, 0x95, 0xc0, 0xcf
- );
-
-DEFINE_GUID( /* ce1dbfb4-137e-4da6-87b0-3f59aa102cbc */
- PerfinfoGuid,
- 0xce1dbfb4,
- 0x137e,
- 0x4da6,
- 0x87, 0xb0, 0x3f, 0x59, 0xaa, 0x10, 0x2c, 0xbc
- );
-
-DEFINE_GUID( /* 222962ab-6180-4b88-a825-346b75f2a24a */
- HeapGuid,
- 0x222962ab,
- 0x6180,
- 0x4b88,
- 0xa8, 0x25, 0x34, 0x6b, 0x75, 0xf2, 0xa2, 0x4a
- );
-
-DEFINE_GUID( /* d781ca11-61c0-4387-b83d-af52d3d2dd6a */
- HeapRangeGuid,
- 0xd781ca11,
- 0x61c0,
- 0x4387,
- 0xb8, 0x3d, 0xaf, 0x52, 0xd3, 0xd2, 0xdd, 0x6a
- );
-
-DEFINE_GUID( /* 05867806-c246-43ef-a147-e17d2bdb1496 */
- HeapSummaryGuid,
- 0x05867806,
- 0xc246,
- 0x43ef,
- 0xa1, 0x47, 0xe1, 0x7d, 0x2b, 0xdb, 0x14, 0x96
- );
-
-DEFINE_GUID( /* 3AC66736-CC59-4cff-8115-8DF50E39816B */
- CritSecGuid,
- 0x3ac66736,
- 0xcc59,
- 0x4cff,
- 0x81, 0x15, 0x8d, 0xf5, 0xe, 0x39, 0x81, 0x6b
- );
-
-DEFINE_GUID( /* DEF2FE46-7BD6-4b80-bd94-F57FE20D0CE3 */
- StackWalkGuid,
- 0xdef2fe46,
- 0x7bd6,
- 0x4b80,
- 0xbd, 0x94, 0xf5, 0x7f, 0xe2, 0xd, 0xc, 0xe3
- );
-
-DEFINE_GUID( /* 45d8cccd-539f-4b72-a8b7-5c683142609a */
- ALPCGuid,
- 0x45d8cccd,
- 0x539f,
- 0x4b72,
- 0xa8, 0xb7, 0x5c, 0x68, 0x31, 0x42, 0x60, 0x9a
- );
-
-DEFINE_GUID( /* 6A399AE0-4BC6-4DE9-870B-3657F8947E7E */
- RTLostEventsGuid,
- 0x6a399ae0,
- 0x4bc6,
- 0x4de9,
- 0x87, 0x0b, 0x36, 0x57, 0xf8, 0x94, 0x7e, 0x7e
- );
-
-DEFINE_GUID( /* E21D2142-DF90-4d93-BBD9-30E63D5A4AD6 */
- NtdllTraceGuid,
- 0xe21d2142,
- 0xdf90,
- 0x4d93,
- 0xbb, 0xd9, 0x30, 0xe6, 0x3d, 0x5a, 0x4a, 0xd6
- );
-
-DEFINE_GUID( /* d3de60b2-a663-45d5-9826-a0a5949d2cb0 */
- LoadMUIDllGuid,
- 0xd3de60b2,
- 0xa663,
- 0x45d5,
- 0x98, 0x26, 0xa0, 0xa5, 0x94, 0x9d, 0x2c, 0xb0
- );
-
-DEFINE_GUID( /* 89497f50-effe-4440-8cf2-ce6b1cdcaca7 */
- ObjectGuid,
- 0x89497f50,
- 0xeffe,
- 0x4440,
- 0x8c, 0xf2, 0xce, 0x6b, 0x1c, 0xdc, 0xac, 0xa7
- );
-
-DEFINE_GUID( /* a9152f00-3f58-4bee-92a1-70c7d079d5dd */
- ModBoundGuid,
- 0xa9152f00,
- 0x3f58,
- 0x4bee,
- 0x92, 0xa1, 0x70, 0xc7, 0xd0, 0x79, 0xd5, 0xdd
- );
-
-DEFINE_GUID( /* 3d6fa8d0-fe05-11d0-9dda-00c04fd7ba7c */
- ProcessGuid,
- 0x3d6fa8d0,
- 0xfe05,
- 0x11d0,
- 0x9d, 0xda, 0x00, 0xc0, 0x4f, 0xd7, 0xba, 0x7c
- );
-
-DEFINE_GUID( /* E43445E0-0903-48c3-B878-FF0FCCEBDD04 */
- PowerGuid,
- 0xe43445e0,
- 0x903,
- 0x48c3,
- 0xb8, 0x78, 0xff, 0xf, 0xcc, 0xeb, 0xdd, 0x4
- );
-
-DEFINE_GUID( /* F8F10121-B617-4A56-868B-9dF1B27FE32C */
- MmcssGuid,
- 0xf8f10121,
- 0xb617,
- 0x4a56,
- 0x86, 0x8b, 0x9d, 0xf1, 0xb2, 0x7f, 0xe3, 0x2c
- );
-
-DEFINE_GUID( /* b2d14872-7c5b-463d-8419-ee9bf7d23e04 */
- DpcGuid,
- 0xb2d14872,
- 0x7c5b,
- 0x463d,
- 0x84, 0x19, 0xee, 0x9b, 0xf7, 0xd2, 0x3e, 0x04
- );
-
-DEFINE_GUID( /* d837ca92-12b9-44a5-ad6a-3a65b3578aa8 */
- SplitIoGuid,
- 0xd837ca92,
- 0x12b9,
- 0x44a5,
- 0xad, 0x6a, 0x3a, 0x65, 0xb3, 0x57, 0x8a, 0xa8
- );
-
-DEFINE_GUID( /* c861d0e2-a2c1-4d36-9f9c-970bab943a12 */
- ThreadPoolGuid,
- 0xc861d0e2,
- 0xa2c1,
- 0x4d36,
- 0x9f, 0x9c, 0x97, 0x0b, 0xab, 0x94, 0x3a, 0x12
- );
-
-DEFINE_GUID( /* bddad2c1-52d1-4aea-94d6-b3ca9236f62e */
- UmsTraceGuid,
- 0xbddad2c1,
- 0x52d1,
- 0x4aea,
- 0x94, 0xd6, 0xb3, 0xca, 0x92, 0x36, 0xf6, 0x2e
- );
-
-DEFINE_GUID( /* 9aec974b-5b8e-4118-9b92-3186d8002ce5 */
- UmsEventGuid,
- 0x9aec974b,
- 0x5b8e,
- 0x4118,
- 0x9b, 0x92, 0x31, 0x86, 0xd8, 0x00, 0x2c, 0xe5
- );
-
-DEFINE_GUID( /* 7f2a405c-69b5-4bf9-a1f5-30e8f1afab5e */
- HypervisorTraceGuid,
- 0x7f2a405c,
- 0x69b5,
- 0x4bf9,
- 0xa1, 0xf5, 0x30, 0xe8, 0xf1, 0xaf, 0xab, 0x5e
- );
-
-DEFINE_GUID( /* 2ce9a149-effe-42f0-a635-a1d39e26c8f2 */
- HypervisorXTraceGuid,
- 0x2ce9a149,
- 0xeffe,
- 0x42f0,
- 0xa6, 0x35, 0xa1, 0xd3, 0x9e, 0x26, 0xc8, 0xf2
- );
-
-DEFINE_GUID( /* 2d9f3a42-01d4-4733-97f7-041e8021dc84 */
- LegacyEventLogGuid,
- 0x2d9f3a42,
- 0x01d4,
- 0x4733,
- 0x97, 0xf7, 0x04, 0x1e, 0x80, 0x21, 0xdc, 0x84
- );
-
-DEFINE_GUID( /* 3b9c9951-3480-4220-9377-9c8e5184f5cd */
- KernelRundownGuid,
- 0x3b9c9951,
- 0x3480,
- 0x4220,
- 0x93, 0x77, 0x9c, 0x8e, 0x51, 0x84, 0xf5, 0xcd
- );
-
-DEFINE_GUID( /* 2a6e185b-90de-4fc5-826c-9f44e608a427 */
- SessionNotificationGuid,
- 0x2a6e185b,
- 0x90de,
- 0x4fc5,
- 0x82, 0x6c, 0x9f, 0x44, 0xe6, 0x08, 0xa4, 0x27
- );
-
-DEFINE_GUID( /* 7687a439-f752-45b8-b741-321aec0f8df9 */
- CcGuid,
- 0x7687a439,
- 0xf752,
- 0x45b8,
- 0xb7, 0x41, 0x32, 0x1a, 0xec, 0x0f, 0x8d, 0xf9
- );
-
-DEFINE_GUID( /* 00000000-0000-0000-0000-000000000000 */
- NullGuid,
- 0x00000000,
- 0x0000,
- 0x0000,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
- );
-
-///
-// EventTraceGuid is used to identify a event tracing session
-//
-//DEFINE_GUID( /* 68fdd900-4a3e-11d1-84f4-0000f80464e3 */
-// EventTraceGuid,
-// 0x68fdd900,
-// 0x4a3e,
-// 0x11d1,
-// 0x84, 0xf4, 0x00, 0x00, 0xf8, 0x04, 0x64, 0xe3
-// );
-//
-//
-// EventTraceConfigGuid. Used to report system configuration records
-//
-//DEFINE_GUID( /* 01853a65-418f-4f36-aefc-dc0f1d2fd235 */
-// EventTraceConfigGuid,
-// 0x01853a65,
-// 0x418f,
-// 0x4f36,
-// 0xae, 0xfc, 0xdc, 0x0f, 0x1d, 0x2f, 0xd2, 0x35
-// );
-
-DEFINE_GUID( /* 90cbdc39-4a3e-11d1-84f4-0000f80464e3 */
- FileIoGuid,
- 0x90cbdc39,
- 0x4a3e,
- 0x11d1,
- 0x84, 0xf4, 0x00, 0x00, 0xf8, 0x04, 0x64, 0xe3
- );
-
-DEFINE_GUID( /* 2cb15d1d-5fc1-11d2-abe1-00a0c911f518 */
- ImageLoadGuid,
- 0x2cb15d1d,
- 0x5fc1,
- 0x11d2,
- 0xab, 0xe1, 0x00, 0xa0, 0xc9, 0x11, 0xf5, 0x18
- );
-
-DEFINE_GUID( /* 3d6fa8d3-fe05-11d0-9dda-00c04fd7ba7c */
- PageFaultGuid,
- 0x3d6fa8d3,
- 0xfe05,
- 0x11d0,
- 0x9d, 0xda, 0x00, 0xc0, 0x4f, 0xd7, 0xba, 0x7c
- );
-
-DEFINE_GUID( /* AE53722E-C863-11d2-8659-00C04FA321A1 */
- RegistryGuid,
- 0xae53722e,
- 0xc863,
- 0x11d2,
- 0x86, 0x59, 0x0, 0xc0, 0x4f, 0xa3, 0x21, 0xa1
- );
-
-DEFINE_GUID( /* 9a280ac0-c8e0-11d1-84e2-00c04fb998a2 */
- TcpIpGuid,
- 0x9a280ac0,
- 0xc8e0,
- 0x11d1,
- 0x84, 0xe2, 0x00, 0xc0, 0x4f, 0xb9, 0x98, 0xa2
- );
-
-DEFINE_GUID( /* 3d6fa8d1-fe05-11d0-9dda-00c04fd7ba7c */
- ThreadGuid,
- 0x3d6fa8d1,
- 0xfe05,
- 0x11d0,
- 0x9d, 0xda, 0x00, 0xc0, 0x4f, 0xd7, 0xba, 0x7c
- );
-
-DEFINE_GUID( /* bf3a50c5-a9c9-4988-a005-2df0b7c80f80 */
- UdpIpGuid,
- 0xbf3a50c5,
- 0xa9c9,
- 0x4988,
- 0xa0, 0x05, 0x2d, 0xf0, 0xb7, 0xc8, 0x0f, 0x80
- );
-
-//
-// ThreadPool Events
-// If you change these structures, may need to update some users of these
-// structures.
-// Avoid inner structure padding
-//
-
-typedef struct _ETW_TP_EVENT_CALLBACK_ENQUEUE
-{
- SYSTEM_TRACE_HEADER Header; // Header
- PVOID PoolId; // Pool Identifier
- PVOID TaskId; // Task Identifier
- PVOID Callback; // Callback Function
- PVOID Context; // Callback Context
- PVOID SubProcessTag; // Sub-components in a process
- // SubProcessTag must be the last field or update users
-} ETW_TP_EVENT_CALLBACK_ENQUEUE, *PETW_TP_EVENT_CALLBACK_ENQUEUE;
-
-//
-// Use the same struct for Enqueue and Dequeue
-//
-
-typedef ETW_TP_EVENT_CALLBACK_ENQUEUE ETW_TP_EVENT_CALLBACK_DEQUEUE, *PETW_TP_EVENT_CALLBACK_DEQUEUE;
-
-typedef struct _ETW_TP_EVENT_CALLBACK_START
-{
- SYSTEM_TRACE_HEADER Header; // Header
- PVOID PoolId; // Pool Identifier
- PVOID TaskId; // Task Identifier
- PVOID Callback; // Callback Function
- PVOID Context; // Callback Context
- PVOID SubProcessTag; // Sub-components in a process
- // SubProcessTag must be the last field or update users
-
-} ETW_TP_EVENT_CALLBACK_START, *PETW_TP_EVENT_CALLBACK_START;
-
-//
-// Use the same struct for Start and Stop
-//
-
-typedef ETW_TP_EVENT_CALLBACK_START ETW_TP_EVENT_CALLBACK_STOP, *PETW_TP_EVENT_CALLBACK_STOP;
-
-typedef struct _ETW_TP_EVENT_CALLBACK_CANCEL
-{
- SYSTEM_TRACE_HEADER Header; // Header
- PVOID PoolId; // Pool Identifier
- PVOID TaskId; // Task Identifier
- PVOID Callback; // Callback Function
- PVOID Context; // Callback Context
- PVOID SubProcessTag; // Sub-components in a process
- ULONG CancelCount; // Number of callbacks cancelled
- // CancelCount must be the last field or update users
-
-} ETW_TP_EVENT_CALLBACK_CANCEL, *PETW_TP_EVENT_CALLBACK_CANCEL;
-
-typedef struct _ETW_TP_EVENT_POOL_CREATE
-{
- SYSTEM_TRACE_HEADER Header; // Header
- PVOID PoolId; // Pool Identifier
- // PoolId must be the last field or update users
-
-} ETW_TP_EVENT_POOL_CREATE, *PETW_TP_EVENT_POOL_CREATE;
-
-typedef struct _ETW_TP_EVENT_POOL_CLOSE
-{
- SYSTEM_TRACE_HEADER Header; // Header
- PVOID PoolId; // Pool Identifier
- // PoolId must be the last field or update users
-
-} ETW_TP_EVENT_POOL_CLOSE, *PETW_TP_EVENT_POOL_CLOSE;
-
-typedef struct _ETW_TP_EVENT_POOL_TH_MIN_SET
-{
- SYSTEM_TRACE_HEADER Header; // Header
- PVOID PoolId; // Pool Identifier
- ULONG ThreadNum; // New limit on number of threads
- // ThreadNum must be the last field or update users
-
-} ETW_TP_EVENT_POOL_TH_MIN_SET, *PETW_TP_EVENT_POOL_TH_MIN_SET;
-
-typedef struct _ETW_TP_EVENT_POOL_TH_MAX_SET
-{
- SYSTEM_TRACE_HEADER Header; // Header
- PVOID PoolId; // Pool Identifier
- ULONG ThreadNum; // New limit on number of threads
- // ThreadNum must be the last field or update users
-
-} ETW_TP_EVENT_POOL_TH_MAX_SET, *PETW_TP_EVENT_POOL_TH_MAX_SET;
-
-typedef struct _ETW_TP_EVENT_WORKER_NUMANODE_SWITCH
-{
- SYSTEM_TRACE_HEADER Header; // Header
- PVOID PoolId; // Pool Identifier
- ULONG CurrentNode; // Thread's current numa node
- ULONG NextNode; // The node the thread is moving to
- USHORT CurrentGroup; // Thread's current group
- USHORT NextGroup; // The group the thread is moving to
- ULONG CurrentWorkerCount; // Current node's worker count
- ULONG NextWorkerCount; // Next node's worker count
- // NextWorkerCount must be the last field or update users
-
-} ETW_TP_EVENT_WORKER_NUMANODE_SWITCH, *PETW_TP_EVENT_WORKER_NUMANODE_SWITCH;
-
-#include
-typedef struct _ETW_TP_EVENT_TIMER_SET
-{
- SYSTEM_TRACE_HEADER Header; // Header
- LONG64 DueTime; // Due time
- PVOID SubQueue; // Sub Queue to be inserted
- PVOID Timer; // Timer to be set
- ULONG Period; // period of the timer
- ULONG WindowLength; // Tolerate period
- ULONG Absolute; // An absolute timer or relative timer
-} ETW_TP_EVENT_TIMER_SET, *PETW_TP_EVENT_TIMER_SET;
-
-typedef struct _ETW_TP_EVENT_TIMER_CANCELLED
-{
- SYSTEM_TRACE_HEADER Header; // Header
- PVOID SubQueue; // Sub Queue containing the timer
- PVOID Timer; // Timer to be cancelled
-} ETW_TP_EVENT_TIMER_CANCELLED, *PETW_TP_EVENT_TIMER_CANCELLED;
-
-typedef struct _ETW_TP_EVENT_TIMER_SET_NTTIMER
-{
- SYSTEM_TRACE_HEADER Header; // Header
- LONG64 DueTime; // Due time
- PVOID SubQueue; // Sub Queue to be inserted
- ULONG TolerableDelay; // Tolerance
-} ETW_TP_EVENT_TIMER_SET_NTTIMER, *PETW_TP_EVENT_TIMER_SET_NTTIMER;
-
-typedef struct _ETW_TP_EVENT_TIMER_CANCEL_NTTIMER
-{
- SYSTEM_TRACE_HEADER Header; // Header
- PVOID SubQueue; // Sub Queue to be cancelled
-} ETW_TP_EVENT_TIMER_CANCEL_NTTIMER, *PETW_TP_EVENT_TIMER_CANCEL_NTTIMER;
-
-typedef struct _ETW_TP_EVENT_TIMER_EXPIRATION_BEGIN
-{
- SYSTEM_TRACE_HEADER Header; // Header
- PVOID SubQueue; // Sub Queue to be expired
-} ETW_TP_EVENT_TIMER_EXPIRATION_BEGIN, *PETW_TP_EVENT_TIMER_EXPIRATION_BEGIN;
-
-typedef struct _ETW_TP_EVENT_TIMER_EXPIRATION_END
-{
- SYSTEM_TRACE_HEADER Header; // Header
- PVOID SubQueue; // Sub Queue to be expired
-} ETW_TP_EVENT_TIMER_EXPIRATION_END, *PETW_TP_EVENT_TIMER_EXPIRATION_END;
-
-typedef struct _ETW_TP_EVENT_TIMER_EXPIRATION
-{
- SYSTEM_TRACE_HEADER Header; // Header
- LONG64 DueTime; // Due time
- PVOID SubQueue; // Sub Queue containing the timer
- PVOID Timer; // Timer to be expired
- ULONG Period; // period of the timer
- ULONG WindowLength; // Tolerate period
-} ETW_TP_EVENT_TIMER_EXPIRATION, *PETW_TP_EVENT_TIMER_EXPIRATION;
-#include
-
-//
-// Thread SubProcessTag Changed Event
-//
-
-typedef struct _ETW_THREAD_EVENT_SUBPROCESSTAG
-{
- SYSTEM_TRACE_HEADER Header; // Header
- ULONG OldTag;
- ULONG NewTag;
-} ETW_THREAD_EVENT_SUBPROCESSTAG, *PETW_THREAD_EVENT_SUBPROCESSTAG;
-
-//
-// WNF Events
-//
-typedef struct _ETW_WNF_EVENT_SUBSCRIBE
-{
- SYSTEM_TRACE_HEADER Header; // Header
- LARGE_INTEGER StateName; // State name
- PVOID Subscription; // User Subscription
- PVOID NameSub; // Name Subscription
- PVOID Callback; // Callback function
- ULONG RefCount; // Name Subscription Refcount
- ULONG DeliveryFlags; // Requested Deliveries
-} ETW_WNF_EVENT_SUBSCRIBE, *PETW_WNF_EVENT_SUBSCRIBE;
-
-typedef ETW_WNF_EVENT_SUBSCRIBE ETW_WNF_EVENT_UNSUBSCRIBE, *PETW_WNF_EVENT_UNSUBSCRIBE;
-
-typedef struct _ETW_WNF_EVENT_CALLBACK
-{
- SYSTEM_TRACE_HEADER Header; // Header
- LARGE_INTEGER StateName; // State name
- PVOID Subscription; // User Subscription
- PVOID NameSub; // Name Subscription
- PVOID Callback; // Callback function
- ULONG ChangeStamp; // Change Stamp
- ULONG DeliveryFlags; // Delivery types
- ULONG Return; // Return status from callback
-} ETW_WNF_EVENT_CALLBACK, *PETW_WNF_EVENT_CALLBACK;
-
-typedef struct _ETW_WNF_EVENT_PUBLISH
-{
- SYSTEM_TRACE_HEADER Header; // Header
- LARGE_INTEGER StateName; // State name
- ULONG DataLength; // Length of State Data
-} ETW_WNF_EVENT_PUBLISH, *PETW_WNF_EVENT_PUBLISH;
-
-typedef struct _ETW_WNF_EVENT_NAME_SUB_RUNDOWN
-{
- SYSTEM_TRACE_HEADER Header; // Header
- LARGE_INTEGER StateName; // State name
- PVOID NameSub; // Name Subscription
-} ETW_WNF_EVENT_NAME_SUB_RUNDOWN, *PETW_WNF_EVENT_NAME_SUB_RUNDOWN;
-
-//
-// Data structures of events
-//
-#define PERFINFO_THREAD_SWAPABLE 0
-#define PERFINFO_THREAD_NONSWAPABLE 1
-
-typedef struct _PERFINFO_MARK_EVENT
-{
- ULONG TranId;
- UCHAR Level;
- UCHAR AppId;
- USHORT OpId;
- WCHAR Text[1];
-} PERFINFO_MARK_EVENT, *PPERFINFO_MARK_EVENT;
-
-//
-// Structures for Driver hooks
-//
-
-#include
-typedef struct _PERFINFO_DRIVER_MAJORFUNCTION
-{
- ULONG MajorFunction;
- ULONG MinorFunction;
- PVOID RoutineAddr;
- PVOID FileNamePointer;
- PVOID Irp;
- ULONG UniqMatchId;
-} PERFINFO_DRIVER_MAJORFUNCTION, *PPERFINFO_DRIVER_MAJORFUNCTION;
-#include
-
-#include
-typedef struct _PERFINFO_DRIVER_MAJORFUNCTION_RET
-{
- PVOID Irp;
- ULONG UniqMatchId;
-} PERFINFO_DRIVER_MAJORFUNCTION_RET, *PPERFINFO_DRIVER_MAJORFUNCTION_RET;
-#include
-
-#include
-typedef struct _PERFINFO_DRIVER_COMPLETE_REQUEST
-{
- //
- // Driver major function routine address for the "current" stack location
- // on the IRP when it was completed. It is used to identify which driver
- // was processing the IRP when the IRP got completed.
- //
-
- PVOID RoutineAddr;
-
- //
- // Irp field and UniqMatchId is used to match COMPLETE_REQUEST
- // and COMPLETE_REQUEST_RET logged for an IRP completion.
- //
-
- PVOID Irp;
- ULONG UniqMatchId;
-
-} PERFINFO_DRIVER_COMPLETE_REQUEST, *PPERFINFO_DRIVER_COMPLETE_REQUEST;
-#include
-
-#include
-typedef struct _PERFINFO_DRIVER_COMPLETE_REQUEST_RET
-{
- //
- // Irp field and UniqMatchId is used to match COMPLETE_REQUEST
- // and COMPLETE_REQUEST_RET logged for an IRP completion.
- //
- PVOID Irp;
- ULONG UniqMatchId;
-} PERFINFO_DRIVER_COMPLETE_REQUEST_RET, *PPERFINFO_DRIVER_COMPLETE_REQUEST_RET;
-#include
-
-#include
-typedef struct _PERFINFO_DRIVER_COMPLETIONROUTINE
-{
- PVOID Routine;
- PVOID IrpPtr;
- ULONG UniqMatchId;
-} PERFINFO_DRIVER_COMPLETIONROUTINE, *PPERFINFO_DRIVER_COMPLETIONROUTINE;
-#include
-
-//
-// Power hooks
-//
-typedef struct _PERFINFO_BATTERY_LIFE_INFO
-{
- ULONG RemainingCapacity;
- ULONG Rate;
-} PERFINFO_BATTERY_LIFE_INFO, *PPERFINFO_BATTERY_LIFE_INFO;
-
-typedef struct _PERFINFO_IDLE_STATE_CHANGE
-{
- ULONG State;
- ULONG Throttle;
- ULONG Direction;
-} PERFINFO_IDLE_STATE_CHANGE, *PPERFINFO_IDLE_STATE_CHANGE;
-
-//
-// This structure is logged when PopSetPowerAction is called to start
-// propagating a new power action (e.g. standby/hibernate/shutdown)
-//
-typedef struct _PERFINFO_SET_POWER_ACTION
-{
- //
- // This field is used to match SET_POWER_ACTION_RET entry.
- //
- PVOID Trigger;
- ULONG PowerAction;
- ULONG LightestState;
-} PERFINFO_SET_POWER_ACTION, *PPERFINFO_SET_POWER_ACTION;
-
-//
-// This structure is logged when PopSetPowerAction completes.
-//
-typedef struct _PERFINFO_SET_POWER_ACTION_RET
-{
- PVOID Trigger;
- NTSTATUS Status;
-} PERFINFO_SET_POWER_ACTION_RET, *PPERFINFO_SET_POWER_ACTION_RET;
-
-//
-// This structure is logged when PopSetDevicesSystemState is called to
-// propagate a system state to all devices.
-//
-typedef struct _PERFINFO_SET_DEVICES_STATE
-{
- ULONG SystemState;
- BOOLEAN Waking;
- BOOLEAN Shutdown;
- UCHAR IrpMinor;
-} PERFINFO_SET_DEVICES_STATE, *PPERFINFO_SET_DEVICES_STATE;
-
-//
-// This structure is logged when PopSetDevicesSystemState is done.
-//
-typedef struct _PERFINFO_SET_DEVICES_STATE_RET
-{
- NTSTATUS Status;
-} PERFINFO_SET_DEVICES_STATE_RET, *PPERFINFO_SET_DEVICES_STATE_RET;
-
-//
-// This structure is logged when PopNotifyDevice calls into a driver
-// to set the power state of a device.
-//
-typedef struct _PERFINFO_PO_NOTIFY_DEVICE
-{
- //
- // This field is used to match notification and completion log
- // entries for a device.
- //
-
- PVOID Irp;
-
- //
- // Base address of the driver that owns this device.
- //
-
- PVOID DriverStart;
-
- //
- // Device node properties.
- //
-
- UCHAR OrderLevel;
-
- //
- // Major and minor IRP codes for the request made to the driver.
- //
-
- UCHAR MajorFunction;
- UCHAR MinorFunction;
-
- //
- // Type of power irp
- //
- POWER_STATE_TYPE Type;
- POWER_STATE State;
-
- //
- // Length of the device name in characters excluding terminating NUL,
- // and the device name itself. Depending on how much fits into our
- // stack buffer, this is the *last* part of the device name.
- //
-
- ULONG DeviceNameLength;
- WCHAR DeviceName[1];
-
-} PERFINFO_PO_NOTIFY_DEVICE, *PPERFINFO_PO_NOTIFY_DEVICE;
-
-//
-// This structure is logged when a PopNotifyDevice processing for a
-// particular device completes.
-//
-
-typedef struct _PERFINFO_PO_NOTIFY_DEVICE_COMPLETE
-{
- //
- // This field is used to match notification and completion log
- // entries for a device.
- //
-
- PVOID Irp;
-
- //
- // Status with which the notify power IRP was completed.
- //
-
- NTSTATUS Status;
-
-} PERFINFO_PO_NOTIFY_DEVICE_COMPLETE, *PPERFINFO_PO_NOTIFY_DEVICE_COMPLETE;
-
-//
-// This structure is logged around every win32 state callout
-//
-typedef struct _PERFINFO_PO_SESSION_CALLOUT
-{
- POWER_ACTION SystemAction;
- SYSTEM_POWER_STATE MinSystemState;
- ULONG Flags;
- ULONG PowerStateTask;
-} PERFINFO_PO_SESSION_CALLOUT, *PPERFINFO_PO_SESSION_CALLOUT;
-
-typedef struct _PERFINFO_PO_PRESLEEP
-{
- LARGE_INTEGER PerformanceCounter;
- LARGE_INTEGER PerformanceFrequency;
-} PERFINFO_PO_PRESLEEP, *PPERFINFO_PO_PRESLEEP;
-
-typedef struct _PERFINFO_PO_POSTSLEEP
-{
- LARGE_INTEGER PerformanceCounter;
-} PERFINFO_PO_POSTSLEEP, *PPERFINFO_PO_POSTSLEEP;
-
-typedef struct _PERFINFO_PO_CALIBRATED_PERFCOUNTER
-{
- LARGE_INTEGER PerformanceCounter;
-} PERFINFO_PO_CALIBRATED_PERFCOUNTER, *PPERFINFO_PO_CALIBRATED_PERFCOUNTER;
-
-typedef struct _PERFINFO_BOOT_PHASE_START
-{
- LONG Phase;
-} PERFINFO_BOOT_PHASE_START, *PPERFINFO_BOOT_PHASE_START;
-
-typedef struct _PERFINFO_BOOT_PREFETCH_INFORMATION
-{
- LONG Action;
- NTSTATUS Status;
- LONG Pages;
-} PERFINFO_BOOT_PREFETCH_INFORMATION, *PPERFINFO_BOOT_PREFETCH_INFORMATION;
-
-typedef struct _PERFINFO_PO_SESSION_CALLOUT_RET
-{
- NTSTATUS Status;
-} PERFINFO_PO_SESSION_CALLOUT_RET, *PPERFINFO_PO_SESSION_CALLOUT_RET;
-
-typedef struct _PERFINFO_PPM_IDLE_STATE_CHANGE
-{
- ULONG NewState;
- ULONG OldState;
- ULONG64 Processors;
-} PERFINFO_PPM_IDLE_STATE_CHANGE, *PPERFINFO_PPM_IDLE_STATE_CHANGE;
-
-//
-// Flags related to each processor idle entry.
-//
-// DUE_INTERRUPT: Idle duration hint is based on next expected h/w interrupt.
-// When not set, it indicates the the idle duration hint was based on the next
-// due s/w timer.
-//
-// IR_RETRY: The idle transition follows a failed previous attempt to pick the
-// optimal idle state with an IR based hint.
-//
-// IR_ENABLED: Idle-resiliency was enabled during the idle transition.
-//
-// PLATFORM_ENTER: The idle entry was part of a platform idle transition.
-//
-// LOCK_PROCESSORS: The idle transition required locking at least one other
-// processor.
-//
-// CONSTRAINT_PLATFORM: The idle entry was capable of a platform idle
-// transition.
-//
-// CONSTRAINT_NI: The idle transition is capable of entering a non-interruptible
-// idle state.
-//
-// OVERRIDE_ENABLED: The idle transition had force-idle override enabled.
-//
-// MEASURING_EXIT_LATENCY: Exit latency measurment is engaged during the idle
-// transition.
-//
-// WAKE_REQUESTED: Idle transition was accompanied with a request to wake
-// another processor.
-//
-// IPI_CLOCK_OWNER: Idle transition was on non clock owner and observed to be
-// the last processor to be going idle. It send an IPI to clock owner to wake
-// it up.
-//
-// PLATFORM_HINT_OVERRIDE: Idle duration hint is based on global platform idle
-// hint.
-//
-
-#define PERFINFO_PPM_IDLE_FLAG_DUE_INTERRUPT (1 << 0)
-#define PERFINFO_PPM_IDLE_FLAG_IR_RETRY (1 << 1)
-#define PERFINFO_PPM_IDLE_FLAG_IR_ENABLED (1 << 2)
-#define PERFINFO_PPM_IDLE_FLAG_CLOCK_OWNER (1 << 3)
-#define PERFINFO_PPM_IDLE_FLAG_PLATFORM_ENTER (1 << 4)
-#define PERFINFO_PPM_IDLE_FLAG_LOCK_PROCESSORS (1 << 5)
-#define PERFINFO_PPM_IDLE_FLAG_CONSTRAINT_NI (1 << 6)
-#define PERFINFO_PPM_IDLE_FLAG_CONSTRAINT_PLATFORM (1 << 7)
-#define PERFINFO_PPM_IDLE_FLAG_OVERRIDE_ENABLED (1 << 8)
-#define PERFINFO_PPM_IDLE_FLAG_MEASURING_EXIT_LATENCY (1 << 9)
-#define PERFINFO_PPM_IDLE_FLAG_WAKE_REQUESTED (1 << 10)
-#define PERFINFO_PPM_IDLE_FLAG_IPI_CLOCK_OWNER (1 << 11)
-#define PERFINFO_PPM_IDLE_FLAG_PLATFORM_HINT_OVERRIDE (1 << 12)
-#define PERFINFO_PPM_IDLE_FLAG_DURATION_EXPIRATION (1 << 13)
-
-typedef struct _PERFINFO_PPM_IDLE_STATE_ENTER
-{
- ULONG State;
- union
- {
- struct
- {
- USHORT Properties;
- UCHAR ExpectedWakeReason;
- UCHAR Reserved;
- };
- ULONG Flags;
- };
-
- ULONG64 ExpectedDuration;
-} PERFINFO_PPM_IDLE_STATE_ENTER, *PPERFINFO_PPM_IDLE_STATE_ENTER;
-
-typedef struct _PERFINFO_PPM_IDLE_STATE_EXIT
-{
- ULONG State;
- ULONG Status;
-} PERFINFO_PPM_IDLE_STATE_EXIT, *PPERFINFO_PPM_IDLE_STATE_EXIT;
-
-typedef struct _PERFINFO_PPM_STATE_SELECTION
-{
- ULONG SelectedState;
- ULONG VetoedStates;
- _Field_size_(VetoedStates) ULONG VetoReason[ANYSIZE_ARRAY];
-} PERFINFO_PPM_STATE_SELECTION, *PPERFINFO_PPM_STATE_SELECTION;
-
-#define PERFINFO_PPM_IDLE_VETO_PREREGISTERED_VETO (0x80000000)
-#define PERFINFO_PPM_IDLE_VETO_WRONG_INITIATOR (0x80000001)
-#define PERFINFO_PPM_IDLE_VETO_SYSTEM_LATENCY (0x80000002)
-#define PERFINFO_PPM_IDLE_VETO_IDLE_DURATION (0x80000003)
-#define PERFINFO_PPM_IDLE_VETO_DEVICE_DEPENDENCY (0x80000004)
-#define PERFINFO_PPM_IDLE_VETO_PROCESSOR_DEPENDENCY (0x80000005)
-#define PERFINFO_PPM_IDLE_VETO_PLATFORM_ONLY (0x80000006)
-#define PERFINFO_PPM_IDLE_VETO_INTERRUPTIBLE (0x80000007)
-#define PERFINFO_PPM_IDLE_VETO_LEGACY_OVEERIDE (0x80000008)
-#define PERFINFO_PPM_IDLE_VETO_C_STATE_CHECK (0x80000009)
-#define PERFINFO_PPM_IDLE_VETO_NO_C_STATE (0x8000000a)
-#define PERFINFO_PPM_IDLE_VETO_COORDINATED_DEPENDENCY (0x8000000b)
-#define PERFINFO_PPM_IDLE_VETO_DISABLED_IN_MENU (0xfffffffe)
-#define PERFINFO_PPM_IDLE_VETO_ACTIVE_PROCESSOR (0xffffffff)
-
-#define PERFINFO_PPM_IDLE_NON_INTERRUPTIBLE (1 << 0)
-#define PERFINFO_PPM_IDLE_ALL_PROC_LOCKED (1 << 1)
-#define PERFINFO_PPM_IDLE_EXIT_SAMPLE_INVALID (1 << 2)
-
-typedef struct _PERFINFO_PPM_IDLE_EXIT_LATENCY
-{
- ULONG Flags;
- ULONG PlatformState;
- ULONG ProcessorState;
- ULONG ReturnLatency;
- ULONG TotalLatency;
-} PERFINFO_PPM_IDLE_EXIT_LATENCY, *PPERFINFO_PPM_IDLE_EXIT_LATENCY;
-
-#define PERFINFO_PPM_FREQUENCY_VOLTAGE_STATE 1
-#define PERFINFO_PPM_STOPCLOCK_THROTTLE_STATE 2
-
-typedef struct _PERFINFO_PPM_PERF_STATE_CHANGE
-{
- ULONG Type;
- ULONG NewState;
- ULONG OldState;
- NTSTATUS Result;
- ULONG64 Processors;
-} PERFINFO_PPM_PERF_STATE_CHANGE, *PPERFINFO_PPM_PERF_STATE_CHANGE;
-
-typedef struct _PERFINFO_PPM_THERMAL_CONSTRAINT{
- ULONG Constraint;
- ULONG64 Processors;
-} PERFINFO_PPM_THERMAL_CONSTRAINT, *PPERFINFO_PPM_THERMAL_CONSTRAINT;
-
-//
-// File Name realted hooks
-//
-
-typedef struct _PERFINFO_FILEOBJECT_INFORMATION
-{
- PVOID FileObject;
-} PERFINFO_FILEOBJECT_INFORMATION, *PPERFINFO_FILEOBJECT_INFORMATION;
-
-typedef struct _PERFINFO_FILENAME_SAME_INFORMATION
-{
- PVOID OldFile;
- PVOID NewFile;
-} PERFINFO_FILENAME_SAME_INFORMATION, *PPERFINFO_FILENAME_SAME_INFORMATION;
-
-typedef struct _PERFINFO_PFMAPPED_SECTION_INFORMATION
-{
- PVOID RangeBase;
- PVOID RangeEnd;
- ULONG CreatingProcessId;
-} PERFINFO_PFMAPPED_SECTION_INFORMATION, *PPERFINFO_PFMAPPED_SECTION_INFORMATION;
-
-typedef struct _PERFINFO_PFMAPPED_SECTION_OBJECT_INFORMATION
-{
- PVOID SectionObject;
- PVOID RangeBase;
-} PERFINFO_PFMAPPED_SECTION_OBJECT_INFORMATION, *PPERFINFO_PFMAPPED_SECTION_OBJECT_INFORMATION;
-
-//
-// Sample profile
-//
-typedef struct _PERFINFO_SAMPLED_PROFILE_INFORMATION
-{
- PVOID InstructionPointer;
- ULONG ThreadId;
- USHORT Count;
- union {
- struct {
- UCHAR ExecutingDpc : 1;
- UCHAR ExecutingIsr : 1;
- UCHAR Reserved : 1;
- UCHAR Priority : 5;
- } DUMMYSTRUCTNAME;
- UCHAR Flags;
- } DUMMYUNIONNAME;
- UCHAR Rank;
-} PERFINFO_SAMPLED_PROFILE_INFORMATION, *PPERFINFO_SAMPLED_PROFILE_INFORMATION;
-
-#define PERFINFO_SAMPLED_PROFILE_CACHE_MAX 20
-typedef struct _PERFINFO_SAMPLED_PROFILE_CACHE
-{
- ULONG Entries;
- PERFINFO_SAMPLED_PROFILE_INFORMATION Sample[PERFINFO_SAMPLED_PROFILE_CACHE_MAX];
-} PERFINFO_SAMPLED_PROFILE_CACHE, *PPERFINFO_SAMPLED_PROFILE_CACHE;
-
-typedef struct _PERFINFO_SAMPLED_PROFILE_CONFIG
-{
- ULONG Source;
- ULONG NewInterval;
- ULONG OldInterval;
-} PERFINFO_SAMPLED_PROFILE_CONFIG, *PPERFINFO_SAMPLED_PROFILE_CONFIG;
-
-typedef struct _PERFINFO_PMC_SAMPLE_INFORMATION
-{
- PVOID InstructionPointer;
- ULONG ThreadId;
- USHORT ProfileSource;
- USHORT Reserved;
-} PERFINFO_PMC_SAMPLE_INFORMATION, *PPERFINFO_PMC_SAMPLE_INFORMATION;
-
-typedef struct _PERFINFO_DPC_INFORMATION
-{
- ULONGLONG InitialTime;
- PVOID DpcRoutine;
-} PERFINFO_DPC_INFORMATION, *PPERFINFO_DPC_INFORMATION;
-
-typedef struct _PERFINFO_DPC_ENQUEUE_INFORMATION
-{
- ULONG_PTR Key;
- LONG DpcQueueDepth;
- ULONG DpcCount;
- ULONG TargetProcessorIndex;
- UCHAR Importance;
- UCHAR Reserved[3];
-} PERFINFO_DPC_ENQUEUE_INFORMATION, *PPERFINFO_DPC_ENQUEUE_INFORMATION;
-
-typedef struct _PERFINFO_DPC_EXECUTION_INFORMATION
-{
- PVOID DpcRoutine;
- ULONG_PTR Key;
-} PERFINFO_DPC_EXECUTION_INFORMATION, *PPERFINFO_DPC_EXECUTION_INFORMATION;
-
-typedef struct _PERFINFO_YIELD_PROCESSOR_INFORMATION
-{
- ULONG YieldReason;
- ULONG DpcWatchdogCount;
- ULONG DpcTimeCount;
-} PERFINFO_YIELD_PROCESSOR_INFORMATION, *PPERFINFO_YIELD_PROCESSOR_INFORMATION;
-
-#include
-typedef struct _PERFINFO_INTERRUPT_INFORMATION
-{
- ULONGLONG InitialTime;
- PVOID ServiceRoutine;
- UCHAR ReturnValue;
- USHORT Vector;
- UCHAR Reserved;
-} PERFINFO_INTERRUPT_INFORMATION, *PPERFINFO_INTERRUPT_INFORMATION;
-#include
-
-#define PERFINFO_CLOCK_INTERRUPT_CLOCK_OWNER 0x0001
-#define PERFINFO_CLOCK_INTERRUPT_TIMER_PENDING 0x0008
-
-typedef struct _PERFINFO_CLOCK_INTERRUPT_INFORMATION
-{
- ULONG64 InterruptTime;
- SHORT Flags;
-} PERFINFO_CLOCK_INTERRUPT_INFORMATION, *PPERFINFO_CLOCK_INTERRUPT_INFORMATION;
-
-#define PERFINFO_IPI_APC_REQUEST 0x1
-#define PERFINFO_IPI_DPC_REQUEST 0x2
-
-//
-// Spinlock
-//
-#include
-typedef struct _PERFINFO_SPINLOCK_CONFIG
-{
- ULONG SpinLockSpinThreshold;
- ULONG SpinLockContentionSampleRate;
- ULONG SpinLockAcquireSampleRate;
- ULONG SpinLockHoldThreshold;
-} PERFINFO_SPINLOCK_CONFIG, *PPERFINFO_SPINLOCK_CONFIG;
-#include
-
-//
-// Stores Executive Resource sampling parameters.
-//
-// Note: NumberOfExcessiveTimeouts uses counting units of 4 (four) seconds.
-// It inherits the granularity of ExResourceTimeoutCount used in
-// ...\ntos\ex\resource.c.
-// The later, takes a reg-key settable timeout with a default value of
-// 30 days used to trigger a debug spew for excessive waits on the checked
-// builds: 648000 * 4 seconds = 2592000 seconds = 30 days.
-//
-// HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\
-// ResourceTimeoutCount (REG_DWORD), Default: 0x9E340 (648000)
-//
-typedef struct _PERFINFO_EXECUTIVE_RESOURCE_CONFIG
-{
- ULONG ReleaseSamplingRate;
- ULONG ContentionSamplingRate;
- ULONG NumberOfExcessiveTimeouts;
-} PERFINFO_EXECUTIVE_RESOURCE_CONFIG, *PPERFINFO_EXECUTIVE_RESOURCE_CONFIG;
-
-//
-// MM related hooks
-//
-
-#define NTWMI_BITSIZE(type) (sizeof(type) * 8)
-
-typedef struct _PERFINFO_SESSIONCREATE_INFORMATION
-{
- ULONG_PTR UniqueSessionId;
- ULONG SessionId;
-} PERFINFO_SESSIONCREATE_INFORMATION, *PPERFINFO_SESSIONCREATE_INFORMATION;
-
-typedef struct _PERFINFO_PAGE_RANGE_IDENTITY
-{
- struct
- {
- ULONGLONG UseDescription : 4; // MMPFNUSE_*
- ULONGLONG UniqueKey : 48; // Used for SessionVAs/AWE/LargePages.
- ULONGLONG Reserved : 12;
- };
- union
- {
- PVOID ProtoPteAddress; // Used for large page PFMapped sections.
- ULONG_PTR PageFrameIndex; // Used for DriverLocked/UserPhysical Mdls.
- PVOID VirtualAddress; // Used otherwise.
- };
- ULONG_PTR PageCount; // Number of pages.
-} PERFINFO_PAGE_RANGE_IDENTITY, *PPERFINFO_PAGE_RANGE_IDENTITY;
-
-#define PERFINFO_MM_KERNELMEMORY_USAGE_TYPE_BITS 5
-
-typedef enum _PERFINFO_KERNELMEMORY_USAGE_TYPE
-{
- PerfInfoMemUsagePfnMetadata,
- PerfInfoMemUsageMax
-} PERFINFO_KERNELMEMORY_USAGE_TYPE, *PPERFINFO_KERNELMEMORY_USAGE_TYPE;
-
-C_ASSERT(PerfInfoMemUsageMax <= (1 << PERFINFO_MM_KERNELMEMORY_USAGE_TYPE_BITS));
-
-typedef struct _PERFINFO_KERNELMEMORY_RANGE_USAGE
-{
- ULONG UsageType : PERFINFO_MM_KERNELMEMORY_USAGE_TYPE_BITS;
- ULONG Spare: (NTWMI_BITSIZE (ULONG) - PERFINFO_MM_KERNELMEMORY_USAGE_TYPE_BITS);
- PVOID VirtualAddress; // Starting VA (where meaningful).
- ULONG_PTR PageCount; // Number of pages.
-} PERFINFO_KERNELMEMORY_RANGE_USAGE, *PPERFINFO_KERNELMEMORY_RANGE_USAGE;
-
-#define PERFINFO_MM_STAT_TYPE_BITS 6
-
-typedef enum _PERFINFO_MM_STAT
-{
- PerfInfoMMStatNotUsed,
- PerfInfoMMStatAggregatePageCombine,
- PerfInfoMMStatIterationPageCombine,
- PerfInfoMMStatMax
-} PERFINFO_MM_STAT, *PPERFINFO_MM_STAT;
-
-C_ASSERT(PerfInfoMMStatMax <= (1 << PERFINFO_MM_STAT_TYPE_BITS));
-
-//
-// This is logged as part of the end rundown.
-// PerfTrack traces can be mined for this low-overhead information logged with
-// MemInfo classic.
-//
-
-typedef struct _PERFINFO_PAGECOMBINE_AGGREGATE_STAT
-{
- ULONG StatType : PERFINFO_MM_STAT_TYPE_BITS; // Value one of PERFINFO_MM_STATS
- ULONG Spare: (NTWMI_BITSIZE (ULONG) - PERFINFO_MM_STAT_TYPE_BITS);
-
- //
- // The following provide average stats for a scan.
- //
-
- ULONG CombineScanCount;
- ULONGLONG PagesScanned;
- ULONGLONG PagesCombined;
-
- //
- // These help compute the memory saved.
- //
-
- LONG CombinedBlocksInUse; // Count of CombinedPTEs in use.
- LONG SumCombinedBlocksReferenceCount; // Sum of the referencecounts of combined PTEs.
-} PERFINFO_PAGECOMBINE_AGGREGATE_STAT, *PPERFINFO_PAGECOMBINE_AGGREGATE_STAT;
-
-//
-// This is logged subsequent to each combine scan. Logged with MemInfo classic.
-//
-
-typedef struct _PERFINFO_PAGECOMBINE_ITERATION_STAT
-{
- ULONG StatType : PERFINFO_MM_STAT_TYPE_BITS; // Value of type PERFINFO_MM_STATS
- ULONG Spare : (NTWMI_BITSIZE (ULONG) - PERFINFO_MM_STAT_TYPE_BITS);
-
- ULONG PagesScanned;
- ULONG PagesCombined;
-} PERFINFO_PAGECOMBINE_ITERATION_STAT, *PPERFINFO_PAGECOMBINE_ITERATION_STAT;
-
-//
-// NOTE: Hard Fault event starts with InitialTime (LARGE_INTEGER)
-// not shown in the structure.
-//
-
-typedef struct _PERFINFO_HARDPAGEFAULT_INFORMATION
-{
- LARGE_INTEGER ReadOffset;
- PVOID VirtualAddress;
- PVOID FileObject;
- ULONG ThreadId;
- ULONG ByteCount;
-} PERFINFO_HARDPAGEFAULT_INFORMATION, *PPERFINFO_HARDPAGEFAULT_INFORMATION;
-
-//
-// The first four fields of this data structure mirror PROCESS_VIRTUAL_ALLOC_INFO.
-//
-
-typedef struct _PERFINFO_VIRTUAL_ALLOC
-{
- PVOID CapturedBase;
- SIZE_T CapturedRegionSize;
- ULONG ProcessId;
- ULONG Flags;
-} PERFINFO_VIRTUAL_ALLOC, *PPERFINFO_VIRTUAL_ALLOC;
-
-typedef struct _PERFINFO_VAD_ROTATE_INFO
-{
- PVOID BaseAddress;
- SIZE_T SizeInBytes;
- union
- {
- struct
- {
- ULONG Direction : 4;
- ULONG Spare : (NTWMI_BITSIZE (ULONG) - 4);
- };
- ULONG Flags;
- };
-} PERFINFO_VAD_ROTATE_INFO, *PPERFINFO_VAD_ROTATE_INFO;
-
-typedef enum _PERFINFO_MEM_RESET_INFO_TYPE
-{
- PerfInfoMemReset,
- PerfInfoMemResetUndo,
- PerfInfoMemResetUndoFailed,
- PerfInfoMemResetMax
-} PERFINFO_MEM_RESET_INFO_TYPE, *PPERFINFO_MEM_RESET_INFO_TYPE;
-
-typedef struct _PERFINFO_MEM_RESET_INFO
-{
- PVOID BaseAddress;
- SIZE_T SizeInBytes;
- union
- {
- struct
- {
- ULONG TypeInfo : 2;
- ULONG Spare : (NTWMI_BITSIZE (ULONG) - 2);
- };
- ULONG Flags;
- };
-} PERFINFO_MEM_RESET_INFO, *PPERFINFO_MEM_RESET_INFO;
-
-//
-// Cache manager
-//
-
-#define PERFINFO_CC_WORKQUEUE_FAST_TEARDOWN 0x000000001
-#define PERFINFO_CC_WORKQUEUE_EXPRESS 0x000000002
-#define PERFINFO_CC_WORKQUEUE_REGULAR 0x000000003
-#define PERFINFO_CC_WORKQUEUE_POST_TICK 0x000000004
-#define PERFINFO_CC_WORKQUEUE_ASYNC_READ 0x000000005
-#define PERFINFO_CC_WORKQUEUE_COMP_ASYNC_READ 0x000000006
-
-typedef struct _PERFINFO_CC_WORKITEM_ENQUEUE
-{
- ULONG_PTR WorkItemKey;
- ULONG_PTR FileObjectKey;
- UCHAR QueueType;
- UCHAR WorkItemType;
- BOOLEAN Requeue;
- UCHAR Reserved;
-} PERFINFO_CC_WORKITEM_ENQUEUE, *PPERFINFO_CC_WORKITEM_ENQUEUE;
-
-typedef struct _PERFINFO_CC_WORKITEM_DEQUEUE
-{
- ULONG_PTR WorkItemKey;
-} PERFINFO_CC_WORKITEM_DEQUEUE, *PPERFINFO_CC_WORKITEM_DEQUEUE;
-
-typedef struct _PERFINFO_CC_WORKITEM_COMPLETE
-{
- ULONG_PTR WorkItemKey;
-} PERFINFO_CC_WORKITEM_COMPLETE, *PPERFINFO_CC_WORKITEM_COMPLETE;
-
-#define PERFINFO_CC_WORKITEM_TYPE_READAHEAD 0x000000001
-#define PERFINFO_CC_WORKITEM_TYPE_WRITEBEHIND 0x000000002
-#define PERFINFO_CC_WORKITEM_TYPE_LAZYWRITESCAN 0x000000003
-#define PERFINFO_CC_WORKITEM_TYPE_EVENT_SET 0x000000004
-
-typedef struct _PERFINFO_CC_READ_AHEAD
-{
- ULONG_PTR WorkItemKey;
- ULONGLONG FileOffset;
- ULONG Size;
- ULONG PagePriority;
- ULONG DetectedPattern;
- ULONG Reserved;
-} PERFINFO_CC_READ_AHEAD_COMPLETE, *PPERFINFO_CC_READ_AHEAD_COMPLETE;
-
-typedef struct _PERFINFO_CC_SCHEDULE_READ_AHEAD
-{
- ULONG_PTR WorkItemKey;
- ULONG_PTR FileObjectKey;
- ULONGLONG FileOffset; //app read offset
- ULONG Length; //app read length
-
- ULONG ReadAheadUnit;
- ULONG ReadAheadLength;
- ULONGLONG ReadAheadOffset;
- ULONGLONG ReadAheadBeyondLastByte; //high water mark
- UCHAR ReadPattern;
- ULONG SequentialReadCount;
- ULONG SharedCacheMapFlags;
- ULONG ReadAheadSettingsChanged : 1;
- ULONG ReadAheadActive : 1;
-} PERFINFO_CC_SCHEDULE_READ_AHEAD, *PPERFINFO_CC_SCHEDULE_READ_AHEAD;
-
-typedef struct _PERFINFO_CC_LAZY_WRITE_SCAN
-{
- ULONG_PTR WorkItemKey;
- ULONG ReasonForFlush;
- ULONG PagesToWrite;
- SIZE_T TotalDirtyPages;
- SIZE_T AvailablePages;
- SIZE_T DirtyPageThreshold;
- SIZE_T NumberOfMappedVacbs;
- SIZE_T TopDirtyPageThreshold;
- SIZE_T BottomDirtyPageThreshold;
- SIZE_T AverageAvailablePages;
- SIZE_T AverageDirtyPages;
- SIZE_T ConsecutiveWorklessLazywriteScans;
-} PERFINFO_CC_LAZY_WRITE_SCAN, *PPERFINFO_CC_LAZY_WRITE_SCAN;
-
-typedef struct _PERFINFO_CC_CAN_WRITE_FAIL
-{
- ULONG_PTR FileObjectKey;
- SIZE_T TotalDirtyPages;
- SIZE_T DirtyPageThreshold;
- ULONG BytesToWrite;
-} PERFINFO_CC_CAN_WRITE_FAIL, *PPERFINFO_CC_CAN_WRITE_FAIL;
-
-typedef struct _PERFINFO_CC_FLUSH_SECTION
-{
- ULONG_PTR WorkItemKey;
- ULONG_PTR FileObjectKey;
- ULONGLONG Offset;
- ULONG Length;
- ULONG MmFlushFlags;
-} PERFINFO_CC_FLUSH_SECTION, *PPERFINFO_CC_FLUSH_SECTION;
-
-#define PERFINFO_CC_FLUSH_DATA_IS_LAZY_WRITER 0x000000001
-#define PERFINFO_CC_FLUSH_DATA_FAST_LAZY_WRITE 0x000000002
-#define PERFINFO_CC_FLUSH_DATA_FORCE_FULL_FLUSH 0x000000004
-
-//
-// Reason for lazy write scan
-// Note: These SHOULD be the same values as Cc's corresponding
-// reason codes in minkernel/ntos/inc/cache.h file.
-//
-
-#define PERFINFO_CC_NOTIFY_LOW_MEMORY 0x000000001
-#define PERFINFO_CC_NOTIFY_POWER 0x000000002
-#define PERFINFO_CC_NOTIFY_PERIODIC_SCAN 0x000000004
-#define PERFINFO_CC_NOTIFY_WAITING_TEARDOWN 0x000000008
-#define PERFINFO_CC_NOTIFY_FLUSH_DURING_COALESCING 0x000000010
-
-typedef struct _PERFINFO_CC_FLUSH_CACHE
-{
- ULONG_PTR WorkItemKey;
- ULONG_PTR FileObjectKey;
- ULONGLONG Offset;
- ULONG Length;
- ULONG SharedCacheMapFlags;
- ULONG Flags;
- ULONG Reserved;
-} PERFINFO_CC_FLUSH_CACHE, *PPERFINFO_CC_FLUSH_CACHE;
-
-typedef struct _PERFINFO_CC_LOGGED_STREAM_INFO
-{
- ULONG_PTR FileObjectKey;
- ULONG ReasonForFlush;
- ULONG PagesToWrite;
- SIZE_T DirtyLoggedPages;
- SIZE_T DirtyLoggedPageThreshold;
- LARGE_INTEGER LargestLsnForLWS;
-} PERFINFO_CC_LOGGED_STREAM_INFO, *PPERFINFO_CC_LOGGED_STREAM_INFO;
-
-//
-// Thread Action being logged
-//
-
-#define PERFINFO_CC_EXTRA_WB_THREAD_ADD 0x000000001
-#define PERFINFO_CC_EXTRA_WB_THREAD_REMOVE 0x000000002
-
-typedef struct _PERFINFO_CC_EXTRA_WB_THREAD_INFO
-{
- ULONG ThreadAction;
- ULONG ActiveExtraWBThreads;
- SIZE_T TotalDirtyPages;
- SIZE_T DirtyPageThreshold;
- SIZE_T AvailablePages;
-} PERFINFO_CC_EXTRA_WB_THREAD_INFO,*PPERFINFO_CC_EXTRA_WB_THREAD_INFO;
-
-//
-// Image backed by pagefile event.
-//
-
-typedef struct _PERFINFO_IMAGELOAD_IN_PAGEFILE_INFO
-{
- PVOID FileObject;
- ULONG DeviceCharacteristics;
- USHORT FileCharacteristics;
- union {
- USHORT Flags;
- struct {
- USHORT ActiveDataReference : 1;
- USHORT DeviceEjectable : 1;
- USHORT WritableHandles : 1;
- } DUMMYSTRUCTNAME;
- } Flags;
-} PERFINFO_IMAGELOAD_IN_PAGEFILE_INFO, *PPERFINFO_IMAGELOAD_IN_PAGEFILE_INFO;
-
-//
-// System call events
-//
-typedef struct _PERFINFO_SYSCALL_ENTER_DATA
-{
- PVOID SysCallAddr;
-} PERFINFO_SYSCALL_ENTER_DATA, *PPERFINFO_SYSCALL_ENTER_DATA;
-
-typedef struct _PERFINFO_SYSCALL_EXIT_DATA
-{
- NTSTATUS ReturnValue;
-} PERFINFO_SYSCALL_EXIT_DATA, *PPERFINFO_SYSCALL_EXIT_DATA;
-
-//
-// SetMark
-//
-typedef struct _PERFINFO_MARK_INFORMATION
-{
- char Name[1];
-} PERFINFO_MARK_INFORMATION, *PPERFINFO_MARK_INFORMATION;
-
-//
-// File system operations.
-//
-// Since these are also logged using event descriptors, it is important to
-// watch padding in the structure due to alignment or specify the appropriate
-// pack pragma.
-//
-
-typedef struct _PERFINFO_FILE_CREATE
-{
- ULONG_PTR Irp;
- ULONG_PTR FileObject;
- ULONG IssuingThreadId;
- ULONG Options;
- ULONG Attributes;
- ULONG ShareAccess;
- WCHAR OpenPath[1];
-} PERFINFO_FILE_CREATE, *PPERFINFO_FILE_CREATE;
-
-typedef struct _PERFINFO_FILE_INFORMATION
-{
- ULONG_PTR Irp;
- ULONG_PTR FileObject;
- ULONG_PTR FileKey;
- ULONG_PTR ExtraInformation;
- ULONG IssuingThreadId;
- ULONG InfoClass;
-} PERFINFO_FILE_INFORMATION, *PPERFINFO_FILE_INFORMATION;
-
-typedef struct _PERFINFO_FILE_DIRENUM
-{
- ULONG_PTR Irp;
- ULONG_PTR FileObject;
- ULONG_PTR FileKey;
- ULONG IssuingThreadId;
- ULONG Length;
- ULONG InfoClass;
- ULONG FileIndex;
- WCHAR FileName[1];
-} PERFINFO_FILE_DIRENUM, *PPERFINFO_FILE_DIRENUM;
-
-typedef struct _PERFINFO_FILE_PATH_OPERATION
-{
- ULONG_PTR Irp;
- ULONG_PTR FileObject;
- ULONG_PTR FileKey;
- ULONG_PTR ExtraInformation;
- ULONG IssuingThreadId;
- ULONG InfoClass;
- WCHAR Path[1];
-} PERFINFO_FILE_PATH_OPERATION, *PPERFINFO_FILE_PATH_OPERATION;
-
-#include
-
-#define PERFINFO_FILE_READ_WRITE_FLAG_MDL 0x1
-
-typedef struct _PERFINFO_FILE_READ_WRITE
-{
- ULONGLONG Offset;
- ULONG_PTR Irp;
- ULONG_PTR FileObject;
- ULONG_PTR FileKey;
- ULONG IssuingThreadId;
- ULONG Size;
- ULONG Flags;
- ULONG ExtraFlags;
-} PERFINFO_FILE_READ_WRITE, *PPERFINFO_FILE_READ_WRITE;
-
-typedef struct _PERFINFO_FILE_SIMPLE_OPERATION
-{
- ULONG_PTR Irp;
- ULONG_PTR FileObject;
- ULONG_PTR FileKey;
- ULONG IssuingThreadId;
-} PERFINFO_FILE_SIMPLE_OPERATION, *PPERFINFO_FILE_SIMPLE_OPERATION;
-
-typedef struct _PERFINFO_FILE_OPERATION_END
-{
- ULONG_PTR Irp;
- ULONG_PTR ExtraInformation;
- NTSTATUS Status;
-} PERFINFO_FILE_OPERATION_END, *PPERFINFO_FILE_OPERATION_END;
-
-typedef struct _PERFINFO_FLT_OPERATION
-{
- PVOID RoutineAddr;
- PVOID FileObject;
- PVOID FsContext;
- PVOID IrpPtr;
- PVOID CbdPtr;
- LONG MajorFunction;
-} PERFINFO_FLT_OPERATION, *PPERFINFO_FLT_OPERATION;
-
-typedef struct _PERFINFO_FLT_OPERATION_STATUS
-{
- PVOID RoutineAddr;
- PVOID FileObject;
- PVOID FsContext;
- PVOID IrpPtr;
- PVOID CbdPtr;
- LONG MajorFunction;
- NTSTATUS Status;
-} PERFINFO_FLT_OPERATION_STATUS, *PPERFINFO_FLT_OPERATION_STATUS;
-
-#include
-//
-// MemInfo event. This structure should parallel SYSTEM_MEMORY_LIST_INFORMATION.
-//
-
-#define PERFINFO_PAGE_PRIORITY_LEVELS 8
-
-typedef struct _PERFINFO_MEMORY_INFORMATION
-{
- ULONG_PTR ZeroPageCount;
- ULONG_PTR FreePageCount;
- ULONG_PTR ModifiedPageCount;
- ULONG_PTR ModifiedNoWritePageCount;
- ULONG_PTR BadPageCount;
- ULONG_PTR PageCountByPriority[PERFINFO_PAGE_PRIORITY_LEVELS];
- ULONG_PTR RepurposedPagesByPriority[PERFINFO_PAGE_PRIORITY_LEVELS];
- ULONG_PTR ModifiedPageCountPageFile;
-} PERFINFO_MEMORY_INFORMATION, *PPERFINFO_MEMORY_INFORMATION;
-
-typedef struct _PERFINFO_SYSTEM_MEMORY_INFORMATION
-{
- ULONG_PTR PagedPoolCommitPageCount;
- ULONG_PTR NonPagedPoolPageCount;
- ULONG_PTR MdlPageCount;
- ULONG_PTR CommitPageCount;
-} PERFINFO_SYSTEM_MEMORY_INFORMATION, *PPERFINFO_SYSTEM_MEMORY_INFORMATION;
-
-//
-// Used for MemInfoWS/MemInfoSessionWs event.
-//
-
-#include
-typedef struct _PERFINFO_WORKINGSET_ENTRY
-{
- union
- {
- ULONG UniqueProcessId;
- ULONG SessionId;
- };
- ULONG_PTR WorkingSetPageCount;
- ULONG_PTR CommitPageCount;
- union
- {
- ULONG_PTR PagedPoolPageCount; // Used for SessionWs.
- ULONG_PTR VirtualSizeInPages; // Used for ProcessWs.
- };
- ULONG_PTR PrivateWorkingSetPageCount;
- ULONG_PTR StoreSizeInPages;
- ULONG_PTR StoredPageCount;
- ULONG_PTR CommitDebtInPages;
- ULONG_PTR SharedCommitInPages;
-} PERFINFO_WORKINGSET_ENTRY, *PPERFINFO_WORKINGSET_ENTRY;
-
-typedef struct _PERFINFO_WORKINGSET_INFORMATION
-{
- ULONG Count;
- PERFINFO_WORKINGSET_ENTRY WsEntry[1];
-} PERFINFO_WORKINGSET_INFORMATION, *PPERFINFO_WORKINGSET_INFORMATION;
-#include
-
-//
-// Contiguous page generation event.
-//
-typedef struct _PERFINFO_CONTIGUOUS_PAGE_GENERATE
-{
- ULONGLONG ThreadId;
- ULONGLONG NumberOfBytes;
-} PERFINFO_CONTIGUOUS_PAGE_GENERATE, PERFINFO_CONTIGUOUS_PAGE_GENERATE;
-
-//
-// Debugger (debug event) events
-//
-typedef enum _PERFINFO_DEBUG_EVENT_REASON
-{
- PerfInfoDebugEventReceived = 1,
- PerfInfoDebugEventContinued,
- PerfInfoDebugEventMax
-} PERFINFO_DEBUG_EVENT_REASON, *PPERFINFO_DEBUG_EVENT_REASON;
-
-typedef struct _PERFINFO_DEBUG_EVENT
-{
- ULONG ProcessId;
- ULONG ThreadId;
- PERFINFO_DEBUG_EVENT_REASON Reason;
-} PERFINFO_DEBUG_EVENT, *PPERFINFO_DEBUG_EVENT;
-
-//
-// Compressed Context Swap events
-//
-
-/*
-
- 1) packets of 2- 4- and 8-byte are used to store context switch event
- according to the content of the event. (cf. ccswap.c)
- 2) a local cache of thread ids and the base priorities are stored in each
- buffer so that a short index can be used to log the thread id of the
- switching-out thread.
-
-*/
-
-//
-// Number of bits allocated for the necessary fields:
-//
-#define PERFINFO_CCSWAP_BIT_TYPE 2 // packet type
-#define PERFINFO_CCSWAP_BIT_TID 4 // size of the tid table
-#define PERFINFO_CCSWAP_BIT_STATE_WR 6 // store state+wait reason
-#define PERFINFO_CCSWAP_BIT_PRIORITY 5 // full priority in 'full' packet
-#define PERFINFO_CCSWAP_BIT_PRI_INC 3 // priority increment in 'lite' packet
-
-//
-// The following are the number of bits left after allocating bits for
-// the necessary fields. These bits are used to store time deltas. If the
-// value of a time delta is too big for a short format, the longer format
-// is used.
-//
-
-#define PERFINFO_CCSWAP_BIT_FULL_TS 30
-C_ASSERT (PERFINFO_CCSWAP_BIT_FULL_TS == (32 - PERFINFO_CCSWAP_BIT_TYPE));
-
-#define PERFINFO_CCSWAP_BIT_SHORT_TS 14
-C_ASSERT(PERFINFO_CCSWAP_BIT_SHORT_TS == (16 - PERFINFO_CCSWAP_BIT_TYPE));
-
-#define PERFINFO_CCSWAP_BIT_SMALL_TS 17
-C_ASSERT (PERFINFO_CCSWAP_BIT_SMALL_TS ==
- (32 - PERFINFO_CCSWAP_BIT_TYPE - PERFINFO_CCSWAP_BIT_TID - PERFINFO_CCSWAP_BIT_PRI_INC - PERFINFO_CCSWAP_BIT_STATE_WR));
-
-#define PERFINFO_CCSWAP_BIT_WAIT_TIME 17
-C_ASSERT (PERFINFO_CCSWAP_BIT_WAIT_TIME ==
- (32 - PERFINFO_CCSWAP_BIT_TID - PERFINFO_CCSWAP_BIT_STATE_WR - PERFINFO_CCSWAP_BIT_PRIORITY));
-
-//
-// size of the tid table:
-//
-#define PERFINFO_CCSWAP_MAX_TID (1<UserModeGlobalLogger[Index]))->LoggerId)
-#define UMGL_LOGGER_FLAGS(Index) (((PETW_UMGL_KEY)(&USER_SHARED_DATA->UserModeGlobalLogger[Index]))->Flags)
-#define IS_UMGL_LOGGING_ENABLED(Index) (UMGL_LOGGER_ID(Index) != 0)
-#define IS_UMGL_FLAG_ENABLED(Index, Flag) ((UMGL_LOGGER_FLAGS(Index) & Flag) != 0)
-
-#define IS_HEAP_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_HEAP) && (NtCurrentPeb()->HeapTracingEnabled != FALSE))
-#define IS_HEAP_RANGE_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_HEAPRANGE))
-#define HEAP_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_HEAP))
-
-#define IS_CRITSEC_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_CRITSEC) && (NtCurrentPeb()->CritSecTracingEnabled != FALSE))
-#define CRITSEC_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_CRITSEC))
-#define IS_LOADER_LOGGING_ENABLED_FLAG(Flag) (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_LDR) && ((UMGL_LOGGER_FLAGS(ETW_UMGL_INDEX_LDR) & Flag) != 0) )
-#define IS_PER_PROCESS_LOADER_LOGGING_ENABLED_FLAG(Flag) (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_LDR) && (NtCurrentPeb()->LibLoaderTracingEnabled != FALSE) && ((UMGL_LOGGER_FLAGS(ETW_UMGL_INDEX_LDR) & Flag) != 0) )
-#define IS_GLOBAL_LOADER_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_LDR))
-#define LOADER_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_LDR))
-#define HEAPRANGE_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_HEAPRANGE))
-#define IS_THREAD_POOL_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_THREAD_POOL))
-#define THREAD_POOL_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_THREAD_POOL))
-#define IS_UMS_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_UMS))
-#define UMS_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_UMS))
-#define HEAPSUMMARY_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_HEAPSUMMARY))
-#define IS_HEAPSUMMARY_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_HEAPSUMMARY))
-#define WNF_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_WNF))
-#define IS_WNF_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_WNF))
-#define UMGL_THREAD_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_THREAD))
-#define IS_UMGL_THREAD_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_THREAD))
-
-//
-// Flags used by user mode loader logging to UMGL.
-//
-#define ETW_UMGL_LDR_MUI_VERBOSE_FLAG 0x0001
-#define ETW_UMGL_LDR_MUI_TEST_FLAG 0x0002
-#define ETW_UMGL_LDR_RELOCATION_FLAG 0x0004
-#define ETW_UMGL_LDR_NEW_DLL_FLAG 0x0010
-#define ETW_UMGL_LDR_TEST_FLAG 0x0020
-#define ETW_UMGL_LDR_SECURITY_FLAG 0x0040
-
-//
-// Constants for heap log
-//
-#define MEMORY_FROM_LOOKASIDE 1 //Activity from LookAside
-#define MEMORY_FROM_LOWFRAG 2 //Activity from Low Frag Heap
-#define MEMORY_FROM_MAINPATH 3 //Activity from Main Code Path
-#define MEMORY_FROM_SLOWPATH 4 //Activity from Slow C
-#define MEMORY_FROM_INVALID 5
-#define MEMORY_FROM_SEGMENT_HEAP 6 //Activity from segment heap.
-
-//
-// Header preparation macro for UMGL
-//
-#define TRACE_HEADER_TYPE_SYSTEM32 1
-#define TRACE_HEADER_TYPE_SYSTEM64 2
-#define TRACE_HEADER_TYPE_COMPACT32 3
-#define TRACE_HEADER_TYPE_COMPACT64 4
-#define TRACE_HEADER_TYPE_FULL_HEADER32 10
-#define TRACE_HEADER_TYPE_INSTANCE32 11
-#define TRACE_HEADER_TYPE_TIMED 12 // Not used
-#define TRACE_HEADER_TYPE_ERROR 13 // Error while logging event
-#define TRACE_HEADER_TYPE_WNODE_HEADER 14 // Not used
-#define TRACE_HEADER_TYPE_MESSAGE 15
-#define TRACE_HEADER_TYPE_PERFINFO32 16
-#define TRACE_HEADER_TYPE_PERFINFO64 17
-#define TRACE_HEADER_TYPE_EVENT_HEADER32 18
-#define TRACE_HEADER_TYPE_EVENT_HEADER64 19
-#define TRACE_HEADER_TYPE_FULL_HEADER64 20
-#define TRACE_HEADER_TYPE_INSTANCE64 21
-
-#define EVENT_HEADER_SIZE_MASK 0x0000FFFF
-
-#define SYSTEM_TRACE_VERSION 2
-
-#define TRACE_HEADER_FLAG 0x80000000
-
-#define EVENT_HEADER_EVENT64 ((USHORT)(((TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE) >> 16) | TRACE_HEADER_TYPE_EVENT_HEADER64))
-#define EVENT_HEADER_EVENT32 ((USHORT)(((TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE) >> 16) | TRACE_HEADER_TYPE_EVENT_HEADER32))
-#define EVENT_HEADER_ERROR ((USHORT)(((TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE) >> 16) | TRACE_HEADER_TYPE_ERROR))
-#define TRACE_HEADER_FULL32 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_FULL_HEADER32 << 16))
-#define TRACE_HEADER_FULL64 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_FULL_HEADER64 << 16))
-#define TRACE_HEADER_INSTANCE32 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_INSTANCE32 << 16))
-#define TRACE_HEADER_INSTANCE64 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_INSTANCE64 << 16))
-
-#ifdef _WIN64
-#define EVENT_HEADER_EVENT EVENT_HEADER_EVENT64
-#define TRACE_HEADER_FULL TRACE_HEADER_FULL64
-#define TRACE_HEADER_INSTANCE TRACE_HEADER_INSTANCE64
-#else
-#define EVENT_HEADER_EVENT EVENT_HEADER_EVENT32
-#define TRACE_HEADER_FULL TRACE_HEADER_FULL32
-#define TRACE_HEADER_INSTANCE TRACE_HEADER_INSTANCE32
-#endif
-
-#define PREPARE_ETW_TRACE_HEADER_GUID(Header, EventStruct, EventType, EventGuid, LoggerId) \
- (Header)->Size = sizeof(EventStruct); \
- (Header)->Class.Type = (EventType); \
- RtlCopyMemory(&((Header)->Guid), (EventGuid), sizeof(*(EventGuid))); \
-
-// Used with OpenTrace(), prevents conversion of TimeStamps to UTC
-#define EVENT_TRACE_USE_RAWTIMESTAMP 0x00000002
-// Used with OpenTrace(), retrieves event from file as is.
-#define EVENT_TRACE_GET_RAWEVENT 0x00000100
-// Used with OpenTrace() to ReadBehind a live logger session
-#define EVENT_TRACE_READ_BEHIND 0x00000200
-// Used in EventCallbacks to indicate that the InstanceId field is a sequence number.
-#define EVENT_TRACE_USE_SEQUENCE 0x0004
-// Kernel Event Version is used to indicate if any kernel event has changed.
-#define ETW_KERNEL_EVENT_VERSION 60
-
-typedef struct _ETW_KERNEL_HEADER_EXTENSION
-{
- PERFINFO_GROUPMASK GroupMasks;
- ULONG Version;
-} ETW_KERNEL_HEADER_EXTENSION, *PETW_KERNEL_HEADER_EXTENSION;
-
-#define ETW_SET_MARK_WITH_FLUSH 0x00000001
-
-typedef struct _ETW_SET_MARK_INFORMATION
-{
- ULONG Flag;
- WCHAR Mark[1];
-} ETW_SET_MARK_INFORMATION, *PETW_SET_MARK_INFORMATION;
-
-//
-// Data Block structure for ETW notification
-//
-typedef enum _ETW_NOTIFICATION_TYPE
-{
- EtwNotificationTypeNoReply = 1, // No data block reply
- EtwNotificationTypeLegacyEnable, // Enable notification for RegisterTraceGuids
- EtwNotificationTypeEnable, // Enable notification for EventRegister
- EtwNotificationTypePrivateLogger, // Private logger notification for ETW
- EtwNotificationTypePerflib, // PERFLIB V2 counter data request/delivery block
- EtwNotificationTypeAudio, // Private notification for audio policy
- EtwNotificationTypeSession, // Session related ETW notifications
- EtwNotificationTypeReserved, // For internal use (test)
- EtwNotificationTypeCredentialUI, // Private notification for media center elevation detection
- EtwNotificationTypeInProcSession, // Private in-proc session related ETW notifications
- EtwNotificationTypeMax
-} ETW_NOTIFICATION_TYPE;
-
-#define ETW_MAX_DATA_BLOCK_BUFFER_SIZE (65536)
-
-typedef struct _ETW_NOTIFICATION_HEADER
-{
- ETW_NOTIFICATION_TYPE NotificationType; // Notification type
- ULONG NotificationSize; // Notification size in bytes
- ULONG Offset; // Offset to the next notification
- BOOLEAN ReplyRequested; // Reply Requested
- ULONG Timeout; // Timeout in milliseconds when requesting reply
- union
- {
- ULONG ReplyCount; // Out to sender: the number of notifications sent
- ULONG NotifyeeCount; // Out to notifyee: the order during notification
- };
- ULONGLONG Reserved2;
- ULONG TargetPID;
- ULONG SourcePID;
- GUID DestinationGuid; // Desctination GUID
- GUID SourceGuid; // Source GUID
-} ETW_NOTIFICATION_HEADER, *PETW_NOTIFICATION_HEADER;
-
-typedef ULONG (NTAPI *PETW_NOTIFICATION_CALLBACK)(
- _In_ PETW_NOTIFICATION_HEADER NotificationHeader,
- _In_ PVOID Context
- );
-
-typedef enum _ETW_SESSION_NOTIFICATION_TYPE
-{
- EtwSessionNotificationMediaChanged = 1,
- EtwSessionNotificationSessionTerminated,
- EtwSessionNotificationLogfileError,
- EtwSessionNotificationRealtimeError,
- EtwSessionNotificationSessionStarted,
- EtwSessionNotificationMax
-} ETW_SESSION_NOTIFICATION_TYPE;
-
-typedef struct _ETW_SESSION_NOTIFICATION_PACKET
-{
- ETW_NOTIFICATION_HEADER NotificationHeader;
- ETW_SESSION_NOTIFICATION_TYPE Type;
- NTSTATUS Status;
- TRACEHANDLE TraceHandle;
- ULONG Reserved[2];
-} ETW_SESSION_NOTIFICATION_PACKET, *PETW_SESSION_NOTIFICATION_PACKET;
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-#ifndef EVENT_DESCRIPTOR_DEF
-#define EVENT_DESCRIPTOR_DEF
-typedef struct _EVENT_DESCRIPTOR
-{
- USHORT Id;
- UCHAR Version;
- UCHAR Channel;
- UCHAR Level;
- UCHAR Opcode;
- USHORT Task;
- ULONGLONG Keyword;
-} EVENT_DESCRIPTOR, *PEVENT_DESCRIPTOR;
-typedef const EVENT_DESCRIPTOR* PCEVENT_DESCRIPTOR;
-#endif
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwSetMark(
- _In_opt_ TRACEHANDLE TraceHandle,
- _In_ PETW_SET_MARK_INFORMATION MarkInfo,
- _In_ ULONG Size
- );
-
-typedef struct _EVENT_DATA_DESCRIPTOR EVENT_DATA_DESCRIPTOR, *PEVENT_DATA_DESCRIPTOR;
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwEventWriteFull(
- _In_ REGHANDLE RegHandle,
- _In_ PCEVENT_DESCRIPTOR EventDescriptor,
- _In_ USHORT EventProperty,
- _In_opt_ LPCGUID ActivityId,
- _In_opt_ LPCGUID RelatedActivityId,
- _In_ ULONG UserDataCount,
- _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData
- );
-
-//NTSYSAPI
-//ULONG
-//NTAPI
-//EtwEventRegister(
-// _In_ LPCGUID ProviderId,
-// _In_opt_ PENABLECALLBACK EnableCallback,
-// _In_opt_ PVOID CallbackContext,
-// _Out_ PREGHANDLE RegHandle
-// );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwEventUnregister(
- _In_ REGHANDLE RegHandle
- );
-
-typedef enum _EVENT_INFO_CLASS EVENT_INFO_CLASS;
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwEventSetInformation(
- _In_ REGHANDLE RegHandle,
- _In_ EVENT_INFO_CLASS InformationClass,
- _In_reads_bytes_(InformationLength) PVOID EventInformation,
- _In_ ULONG InformationLength
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwRegisterSecurityProvider(
- VOID
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-EtwEventProviderEnabled(
- _In_ REGHANDLE RegHandle,
- _In_ UCHAR Level,
- _In_ ULONGLONG Keyword
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-EtwEventEnabled(
- _In_ REGHANDLE RegHandle,
- _In_ PCEVENT_DESCRIPTOR EventDescriptor
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwEventWrite(
- _In_ REGHANDLE RegHandle,
- _In_ PCEVENT_DESCRIPTOR EventDescriptor,
- _In_ ULONG UserDataCount,
- _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwEventWriteTransfer(
- _In_ REGHANDLE RegHandle,
- _In_ PCEVENT_DESCRIPTOR EventDescriptor,
- _In_opt_ LPCGUID ActivityId,
- _In_opt_ LPCGUID RelatedActivityId,
- _In_ ULONG UserDataCount,
- _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwEventWriteString(
- _In_ REGHANDLE RegHandle,
- _In_ UCHAR Level,
- _In_ ULONGLONG Keyword,
- _In_ PCWSTR String
- );
-
-ULONG
-NTAPI
-EtwEventWriteEx(
- _In_ REGHANDLE RegHandle,
- _In_ PCEVENT_DESCRIPTOR EventDescriptor,
- _In_ ULONG64 Filter,
- _In_ ULONG Flags,
- _In_opt_ LPCGUID ActivityId,
- _In_opt_ LPCGUID RelatedActivityId,
- _In_ ULONG UserDataCount,
- _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwEventWriteStartScenario(
- _In_ REGHANDLE RegHandle,
- _In_ PCEVENT_DESCRIPTOR EventDescriptor,
- _In_ ULONG UserDataCount,
- _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwEventWriteEndScenario(
- _In_ REGHANDLE RegHandle,
- _In_ PCEVENT_DESCRIPTOR EventDescriptor,
- _In_ ULONG UserDataCount,
- _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwWriteUMSecurityEvent(
- _In_ PCEVENT_DESCRIPTOR EventDescriptor,
- _In_ USHORT EventProperty,
- _In_ ULONG UserDataCount,
- _In_opt_ PEVENT_DATA_DESCRIPTOR UserData
- );
-
-ULONG
-NTAPI
-EtwEventWriteNoRegistration(
- _In_ LPCGUID ProviderId,
- _In_ PCEVENT_DESCRIPTOR EventDescriptor,
- _In_ ULONG UserDataCount,
- _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwEventActivityIdControl(
- _In_ ULONG ControlCode,
- _Inout_ LPGUID ActivityId
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwNotificationRegister(
- _In_ LPCGUID Guid,
- _In_ ULONG Type,
- _In_ PETW_NOTIFICATION_CALLBACK Callback,
- _In_opt_ PVOID Context,
- _Out_ PREGHANDLE RegHandle
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwNotificationUnregister(
- _In_ REGHANDLE RegHandle,
- _Out_opt_ PVOID * Context
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwSendNotification(
- _In_ PETW_NOTIFICATION_HEADER DataBlock,
- _In_ ULONG ReceiveDataBlockSize,
- _Inout_ PVOID ReceiveDataBlock,
- _Out_ PULONG ReplyReceived,
- _Out_ PULONG ReplySizeNeeded
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwReplyNotification(
- _In_ PETW_NOTIFICATION_HEADER Notification
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwEnumerateProcessRegGuids(
- _Out_writes_bytes_opt_(OutBufferSize) PVOID OutBuffer,
- _In_ ULONG OutBufferSize,
- _Out_ PULONG ReturnLength
- );
-
-NTSYSAPI
-ULONG
-NTAPI
-EtwQueryRealtimeConsumer(
- _In_ TRACEHANDLE TraceHandle,
- _Out_ PULONG EventsLostCount,
- _Out_ PULONG BuffersLostCount
- );
-#endif
-
-// public TRACE_PROVIDER_INSTANCE_INFO
-typedef struct _ETW_TRACE_PROVIDER_INSTANCE_INFO
-{
- ULONG NextOffset;
- ULONG EnableCount;
- ULONG Pid;
- ULONG Flags;
-} ETW_TRACE_PROVIDER_INSTANCE_INFO, * PETW_TRACE_PROVIDER_INSTANCE_INFO;
-
-// public TRACE_GUID_INFO
-typedef struct _ETW_TRACE_GUID_INFO
-{
- ULONG InstanceCount;
- ULONG Reserved;
- //ETW_TRACE_PROVIDER_INSTANCE_INFO Instances[1];
-} ETW_TRACE_GUID_INFO, * PETW_TRACE_GUID_INFO;
-
-// rev
-typedef enum _ETWTRACECONTROLCODE
-{
- EtwStartLoggerCode = 1, // inout WMI_LOGGER_INFORMATION
- EtwStopLoggerCode = 2, // inout WMI_LOGGER_INFORMATION
- EtwQueryLoggerCode = 3, // inout WMI_LOGGER_INFORMATION
- EtwUpdateLoggerCode = 4, // inout WMI_LOGGER_INFORMATION
- EtwFlushLoggerCode = 5, // inout WMI_LOGGER_INFORMATION
- EtwIncrementLoggerFile = 6, // inout WMI_LOGGER_INFORMATION
- EtwRealtimeTransition = 7, // inout WMI_LOGGER_INFORMATION
- // reserved
- EtwRealtimeConnectCode = 11,
- EtwActivityIdCreate = 12,
- EtwWdiScenarioCode = 13,
- EtwRealtimeDisconnectCode = 14, // in HANDLE
- EtwRegisterGuidsCode = 15,
- EtwReceiveNotification = 16,
- EtwSendDataBlock = 17, // ETW_ENABLE_NOTIFICATION_PACKET // ETW_SESSION_NOTIFICATION_PACKET
- EtwSendReplyDataBlock = 18,
- EtwReceiveReplyDataBlock = 19,
- EtwWdiSemUpdate = 20,
- EtwEnumTraceGuidList = 21, // out GUID[]
- EtwGetTraceGuidInfo = 22, // in GUID, out ETW_TRACE_GUID_INFO
- EtwEnumerateTraceGuids = 23,
- EtwRegisterSecurityProv = 24,
- EtwReferenceTimeCode = 25, // in ULONG LoggerId, out ETW_REF_CLOCK
- EtwTrackBinaryCode = 26, // in HANDLE
- EtwAddNotificationEvent = 27,
- EtwUpdateDisallowList = 28,
- EtwSetEnableAllKeywordsCode = 29,
- EtwSetProviderTraitsCode = 30,
- EtwUseDescriptorTypeCode = 31,
- EtwEnumTraceGroupList = 32,
- EtwGetTraceGroupInfo = 33,
- EtwGetDisallowList = 34,
- EtwSetCompressionSettings = 35,
- EtwGetCompressionSettings = 36,
- EtwUpdatePeriodicCaptureState = 37,
- EtwGetPrivateSessionTraceHandle = 38,
- EtwRegisterPrivateSession = 39,
- EtwQuerySessionDemuxObject = 40,
- EtwSetProviderBinaryTracking = 41,
- EtwMaxLoggers = 42, // out ULONG
- EtwMaxPmcCounter = 43, // out ULONG
- EtwQueryUsedProcessorCount = 44, // ULONG // since WIN11
- EtwGetPmcOwnership = 45,
- EtwGetPmcSessions = 46,
-} ETWTRACECONTROLCODE;
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtTraceControl(
- _In_ ETWTRACECONTROLCODE FunctionCode,
- _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
- _In_ ULONG InputBufferLength,
- _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
- _In_ ULONG OutputBufferLength,
- _Out_ PULONG ReturnLength
- );
-#endif
-
-#if (PHNT_VERSION >= PHNT_WINXP)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtTraceEvent(
- _In_opt_ HANDLE TraceHandle,
- _In_ ULONG Flags,
- _In_ ULONG FieldSize,
- _In_ PVOID Fields
- );
-#endif
-
-// private
-typedef struct _TELEMETRY_COVERAGE_POINT
-{
- PWSTR Name;
- ULONG Hash;
- ULONG LastCoveredRound;
- ULONG Flags;
-} TELEMETRY_COVERAGE_POINT, *PTELEMETRY_COVERAGE_POINT;
-
-#if (PHNT_VERSION >= PHNT_REDSTONE3)
-// rev
-NTSYSAPI
-BOOLEAN
-NTAPI
-EtwCheckCoverage(
- _Inout_ PTELEMETRY_COVERAGE_POINT CoveragePoint
- );
-#endif
-
-EXTERN_C_END
-
-#endif
diff --git a/deps/phnt-nightly/ntwow64.h b/deps/phnt-nightly/ntwow64.h
deleted file mode 100644
index c118bb9..0000000
--- a/deps/phnt-nightly/ntwow64.h
+++ /dev/null
@@ -1,782 +0,0 @@
-/*
- * Windows on Windows support functions
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTWOW64_H
-#define _NTWOW64_H
-
-#define WOW64_SYSTEM_DIRECTORY "SysWOW64"
-#define WOW64_SYSTEM_DIRECTORY_U L"SysWOW64"
-#define WOW64_X86_TAG " (x86)"
-#define WOW64_X86_TAG_U L" (x86)"
-
-// In USER_SHARED_DATA
-typedef enum _WOW64_SHARED_INFORMATION
-{
- SharedNtdll32LdrInitializeThunk,
- SharedNtdll32KiUserExceptionDispatcher,
- SharedNtdll32KiUserApcDispatcher,
- SharedNtdll32KiUserCallbackDispatcher,
- SharedNtdll32ExpInterlockedPopEntrySListFault,
- SharedNtdll32ExpInterlockedPopEntrySListResume,
- SharedNtdll32ExpInterlockedPopEntrySListEnd,
- SharedNtdll32RtlUserThreadStart,
- SharedNtdll32pQueryProcessDebugInformationRemote,
- SharedNtdll32BaseAddress,
- SharedNtdll32LdrSystemDllInitBlock,
- Wow64SharedPageEntriesCount
-} WOW64_SHARED_INFORMATION;
-
-// 32-bit definitions
-
-#define WOW64_POINTER(Type) ULONG
-
-typedef struct _RTL_BALANCED_NODE32
-{
- union
- {
- WOW64_POINTER(struct _RTL_BALANCED_NODE *) Children[2];
- struct
- {
- WOW64_POINTER(struct _RTL_BALANCED_NODE *) Left;
- WOW64_POINTER(struct _RTL_BALANCED_NODE *) Right;
- };
- };
- union
- {
- WOW64_POINTER(UCHAR) Red : 1;
- WOW64_POINTER(UCHAR) Balance : 2;
- WOW64_POINTER(ULONG_PTR) ParentValue;
- };
-} RTL_BALANCED_NODE32, *PRTL_BALANCED_NODE32;
-
-typedef struct _RTL_RB_TREE32
-{
- WOW64_POINTER(PRTL_BALANCED_NODE) Root;
- WOW64_POINTER(PRTL_BALANCED_NODE) Min;
-} RTL_RB_TREE32, *PRTL_RB_TREE32;
-
-typedef struct _PEB_LDR_DATA32
-{
- ULONG Length;
- BOOLEAN Initialized;
- WOW64_POINTER(HANDLE) SsHandle;
- LIST_ENTRY32 InLoadOrderModuleList;
- LIST_ENTRY32 InMemoryOrderModuleList;
- LIST_ENTRY32 InInitializationOrderModuleList;
- WOW64_POINTER(PVOID) EntryInProgress;
- BOOLEAN ShutdownInProgress;
- WOW64_POINTER(HANDLE) ShutdownThreadId;
-} PEB_LDR_DATA32, *PPEB_LDR_DATA32;
-
-typedef struct _LDR_SERVICE_TAG_RECORD32
-{
- WOW64_POINTER(struct _LDR_SERVICE_TAG_RECORD *) Next;
- ULONG ServiceTag;
-} LDR_SERVICE_TAG_RECORD32, *PLDR_SERVICE_TAG_RECORD32;
-
-typedef struct _LDRP_CSLIST32
-{
- WOW64_POINTER(PSINGLE_LIST_ENTRY) Tail;
-} LDRP_CSLIST32, *PLDRP_CSLIST32;
-
-typedef struct _LDR_DDAG_NODE32
-{
- LIST_ENTRY32 Modules;
- WOW64_POINTER(PLDR_SERVICE_TAG_RECORD) ServiceTagList;
- ULONG LoadCount;
- ULONG LoadWhileUnloadingCount;
- ULONG LowestLink;
- union
- {
- LDRP_CSLIST32 Dependencies;
- SINGLE_LIST_ENTRY32 RemovalLink;
- };
- LDRP_CSLIST32 IncomingDependencies;
- LDR_DDAG_STATE State;
- SINGLE_LIST_ENTRY32 CondenseLink;
- ULONG PreorderNumber;
-} LDR_DDAG_NODE32, *PLDR_DDAG_NODE32;
-
-#define LDR_DATA_TABLE_ENTRY_SIZE_WINXP_32 FIELD_OFFSET(LDR_DATA_TABLE_ENTRY32, DdagNode)
-#define LDR_DATA_TABLE_ENTRY_SIZE_WIN7_32 FIELD_OFFSET(LDR_DATA_TABLE_ENTRY32, BaseNameHashValue)
-#define LDR_DATA_TABLE_ENTRY_SIZE_WIN8_32 FIELD_OFFSET(LDR_DATA_TABLE_ENTRY32, ImplicitPathOptions)
-#define LDR_DATA_TABLE_ENTRY_SIZE_WIN10_32 FIELD_OFFSET(LDR_DATA_TABLE_ENTRY32, SigningLevel)
-#define LDR_DATA_TABLE_ENTRY_SIZE_WIN11_32 sizeof(LDR_DATA_TABLE_ENTRY32)
-
-typedef struct _LDR_DATA_TABLE_ENTRY32
-{
- LIST_ENTRY32 InLoadOrderLinks;
- LIST_ENTRY32 InMemoryOrderLinks;
- union
- {
- LIST_ENTRY32 InInitializationOrderLinks;
- LIST_ENTRY32 InProgressLinks;
- };
- WOW64_POINTER(PVOID) DllBase;
- WOW64_POINTER(PVOID) EntryPoint;
- ULONG SizeOfImage;
- UNICODE_STRING32 FullDllName;
- UNICODE_STRING32 BaseDllName;
- union
- {
- UCHAR FlagGroup[4];
- ULONG Flags;
- struct
- {
- ULONG PackagedBinary : 1;
- ULONG MarkedForRemoval : 1;
- ULONG ImageDll : 1;
- ULONG LoadNotificationsSent : 1;
- ULONG TelemetryEntryProcessed : 1;
- ULONG ProcessStaticImport : 1;
- ULONG InLegacyLists : 1;
- ULONG InIndexes : 1;
- ULONG ShimDll : 1;
- ULONG InExceptionTable : 1;
- ULONG ReservedFlags1 : 2;
- ULONG LoadInProgress : 1;
- ULONG LoadConfigProcessed : 1;
- ULONG EntryProcessed : 1;
- ULONG ProtectDelayLoad : 1;
- ULONG ReservedFlags3 : 2;
- ULONG DontCallForThreads : 1;
- ULONG ProcessAttachCalled : 1;
- ULONG ProcessAttachFailed : 1;
- ULONG CorDeferredValidate : 1;
- ULONG CorImage : 1;
- ULONG DontRelocate : 1;
- ULONG CorILOnly : 1;
- ULONG ChpeImage : 1;
- ULONG ReservedFlags5 : 2;
- ULONG Redirected : 1;
- ULONG ReservedFlags6 : 2;
- ULONG CompatDatabaseProcessed : 1;
- };
- };
- USHORT ObsoleteLoadCount;
- USHORT TlsIndex;
- LIST_ENTRY32 HashLinks;
- ULONG TimeDateStamp;
- WOW64_POINTER(struct _ACTIVATION_CONTEXT *) EntryPointActivationContext;
- WOW64_POINTER(PVOID) Lock;
- WOW64_POINTER(PLDR_DDAG_NODE) DdagNode;
- LIST_ENTRY32 NodeModuleLink;
- WOW64_POINTER(struct _LDRP_LOAD_CONTEXT *) LoadContext;
- WOW64_POINTER(PVOID) ParentDllBase;
- WOW64_POINTER(PVOID) SwitchBackContext;
- RTL_BALANCED_NODE32 BaseAddressIndexNode;
- RTL_BALANCED_NODE32 MappingInfoIndexNode;
- WOW64_POINTER(ULONG_PTR) OriginalBase;
- LARGE_INTEGER LoadTime;
- ULONG BaseNameHashValue;
- LDR_DLL_LOAD_REASON LoadReason;
- ULONG ImplicitPathOptions;
- ULONG ReferenceCount;
- ULONG DependentLoadFlags;
- UCHAR SigningLevel; // since REDSTONE2
- ULONG CheckSum; // since 22H1
- WOW64_POINTER(PVOID) ActivePatchImageBase;
- LDR_HOT_PATCH_STATE HotPatchState;
-} LDR_DATA_TABLE_ENTRY32, *PLDR_DATA_TABLE_ENTRY32;
-
-typedef struct _CURDIR32
-{
- UNICODE_STRING32 DosPath;
- WOW64_POINTER(HANDLE) Handle;
-} CURDIR32, *PCURDIR32;
-
-typedef struct _RTL_DRIVE_LETTER_CURDIR32
-{
- USHORT Flags;
- USHORT Length;
- ULONG TimeStamp;
- STRING32 DosPath;
-} RTL_DRIVE_LETTER_CURDIR32, *PRTL_DRIVE_LETTER_CURDIR32;
-
-typedef struct _RTL_USER_PROCESS_PARAMETERS32
-{
- ULONG MaximumLength;
- ULONG Length;
-
- ULONG Flags;
- ULONG DebugFlags;
-
- WOW64_POINTER(HANDLE) ConsoleHandle;
- ULONG ConsoleFlags;
- WOW64_POINTER(HANDLE) StandardInput;
- WOW64_POINTER(HANDLE) StandardOutput;
- WOW64_POINTER(HANDLE) StandardError;
-
- CURDIR32 CurrentDirectory;
- UNICODE_STRING32 DllPath;
- UNICODE_STRING32 ImagePathName;
- UNICODE_STRING32 CommandLine;
- WOW64_POINTER(PVOID) Environment;
-
- ULONG StartingX;
- ULONG StartingY;
- ULONG CountX;
- ULONG CountY;
- ULONG CountCharsX;
- ULONG CountCharsY;
- ULONG FillAttribute;
-
- ULONG WindowFlags;
- ULONG ShowWindowFlags;
- UNICODE_STRING32 WindowTitle;
- UNICODE_STRING32 DesktopInfo;
- UNICODE_STRING32 ShellInfo;
- UNICODE_STRING32 RuntimeData;
- RTL_DRIVE_LETTER_CURDIR32 CurrentDirectories[RTL_MAX_DRIVE_LETTERS];
-
- WOW64_POINTER(ULONG_PTR) EnvironmentSize;
- WOW64_POINTER(ULONG_PTR) EnvironmentVersion;
- WOW64_POINTER(PVOID) PackageDependencyData;
- ULONG ProcessGroupId;
- ULONG LoaderThreads;
-
- UNICODE_STRING32 RedirectionDllName; // REDSTONE4
- UNICODE_STRING32 HeapPartitionName; // 19H1
- WOW64_POINTER(ULONG_PTR) DefaultThreadpoolCpuSetMasks;
- ULONG DefaultThreadpoolCpuSetMaskCount;
- ULONG DefaultThreadpoolThreadMaximum;
-} RTL_USER_PROCESS_PARAMETERS32, *PRTL_USER_PROCESS_PARAMETERS32;
-
-typedef struct _LEAP_SECOND_DATA *PLEAP_SECOND_DATA;
-
-typedef struct _PEB32
-{
- BOOLEAN InheritedAddressSpace;
- BOOLEAN ReadImageFileExecOptions;
- BOOLEAN BeingDebugged;
- union
- {
- BOOLEAN BitField;
- struct
- {
- BOOLEAN ImageUsesLargePages : 1;
- BOOLEAN IsProtectedProcess : 1;
- BOOLEAN IsImageDynamicallyRelocated : 1;
- BOOLEAN SkipPatchingUser32Forwarders : 1;
- BOOLEAN IsPackagedProcess : 1;
- BOOLEAN IsAppContainer : 1;
- BOOLEAN IsProtectedProcessLight : 1;
- BOOLEAN IsLongPathAwareProcess : 1;
- };
- };
- WOW64_POINTER(HANDLE) Mutant;
-
- WOW64_POINTER(PVOID) ImageBaseAddress;
- WOW64_POINTER(PPEB_LDR_DATA) Ldr;
- WOW64_POINTER(PRTL_USER_PROCESS_PARAMETERS) ProcessParameters;
- WOW64_POINTER(PVOID) SubSystemData;
- WOW64_POINTER(PVOID) ProcessHeap;
- WOW64_POINTER(PRTL_CRITICAL_SECTION) FastPebLock;
- WOW64_POINTER(PVOID) AtlThunkSListPtr;
- WOW64_POINTER(PVOID) IFEOKey;
- union
- {
- ULONG CrossProcessFlags;
- struct
- {
- ULONG ProcessInJob : 1;
- ULONG ProcessInitializing : 1;
- ULONG ProcessUsingVEH : 1;
- ULONG ProcessUsingVCH : 1;
- ULONG ProcessUsingFTH : 1;
- ULONG ReservedBits0 : 27;
- };
- };
- union
- {
- WOW64_POINTER(PVOID) KernelCallbackTable;
- WOW64_POINTER(PVOID) UserSharedInfoPtr;
- };
- ULONG SystemReserved;
- ULONG AtlThunkSListPtr32;
- WOW64_POINTER(PVOID) ApiSetMap;
- ULONG TlsExpansionCounter;
- WOW64_POINTER(PVOID) TlsBitmap;
- ULONG TlsBitmapBits[2];
- WOW64_POINTER(PVOID) ReadOnlySharedMemoryBase;
- WOW64_POINTER(PVOID) SharedData;
- WOW64_POINTER(PVOID *) ReadOnlyStaticServerData;
- WOW64_POINTER(PVOID) AnsiCodePageData;
- WOW64_POINTER(PVOID) OemCodePageData;
- WOW64_POINTER(PVOID) UnicodeCaseTableData;
-
- ULONG NumberOfProcessors;
- ULONG NtGlobalFlag;
-
- LARGE_INTEGER CriticalSectionTimeout;
- WOW64_POINTER(SIZE_T) HeapSegmentReserve;
- WOW64_POINTER(SIZE_T) HeapSegmentCommit;
- WOW64_POINTER(SIZE_T) HeapDeCommitTotalFreeThreshold;
- WOW64_POINTER(SIZE_T) HeapDeCommitFreeBlockThreshold;
-
- ULONG NumberOfHeaps;
- ULONG MaximumNumberOfHeaps;
- WOW64_POINTER(PVOID *) ProcessHeaps;
-
- WOW64_POINTER(PVOID) GdiSharedHandleTable;
- WOW64_POINTER(PVOID) ProcessStarterHelper;
- ULONG GdiDCAttributeList;
-
- WOW64_POINTER(PRTL_CRITICAL_SECTION) LoaderLock;
-
- ULONG OSMajorVersion;
- ULONG OSMinorVersion;
- USHORT OSBuildNumber;
- USHORT OSCSDVersion;
- ULONG OSPlatformId;
- ULONG ImageSubsystem;
- ULONG ImageSubsystemMajorVersion;
- ULONG ImageSubsystemMinorVersion;
- WOW64_POINTER(ULONG_PTR) ActiveProcessAffinityMask;
- GDI_HANDLE_BUFFER32 GdiHandleBuffer;
- WOW64_POINTER(PVOID) PostProcessInitRoutine;
-
- WOW64_POINTER(PVOID) TlsExpansionBitmap;
- ULONG TlsExpansionBitmapBits[32];
-
- ULONG SessionId;
-
- ULARGE_INTEGER AppCompatFlags;
- ULARGE_INTEGER AppCompatFlagsUser;
- WOW64_POINTER(PVOID) pShimData;
- WOW64_POINTER(PVOID) AppCompatInfo;
-
- UNICODE_STRING32 CSDVersion;
-
- WOW64_POINTER(PACTIVATION_CONTEXT_DATA) ActivationContextData;
- WOW64_POINTER(PVOID) ProcessAssemblyStorageMap;
- WOW64_POINTER(PACTIVATION_CONTEXT_DATA) SystemDefaultActivationContextData;
- WOW64_POINTER(PVOID) SystemAssemblyStorageMap;
-
- WOW64_POINTER(SIZE_T) MinimumStackCommit;
-
- WOW64_POINTER(PVOID) SparePointers[2]; // 19H1 (previously FlsCallback to FlsHighIndex)
- WOW64_POINTER(PVOID) PatchLoaderData;
- WOW64_POINTER(PVOID) ChpeV2ProcessInfo; // _CHPEV2_PROCESS_INFO
-
- ULONG AppModelFeatureState;
- ULONG SpareUlongs[2];
-
- USHORT ActiveCodePage;
- USHORT OemCodePage;
- USHORT UseCaseMapping;
- USHORT UnusedNlsField;
-
- WOW64_POINTER(PVOID) WerRegistrationData;
- WOW64_POINTER(PVOID) WerShipAssertPtr;
-
- union
- {
- WOW64_POINTER(PVOID) pContextData; // WIN7
- WOW64_POINTER(PVOID) pUnused; // WIN10
- WOW64_POINTER(PVOID) EcCodeBitMap; // WIN11
- };
-
- WOW64_POINTER(PVOID) pImageHeaderHash;
- union
- {
- ULONG TracingFlags;
- struct
- {
- ULONG HeapTracingEnabled : 1;
- ULONG CritSecTracingEnabled : 1;
- ULONG LibLoaderTracingEnabled : 1;
- ULONG SpareTracingBits : 29;
- };
- };
- ULONGLONG CsrServerReadOnlySharedMemoryBase;
- WOW64_POINTER(PVOID) TppWorkerpListLock;
- LIST_ENTRY32 TppWorkerpList;
- WOW64_POINTER(PVOID) WaitOnAddressHashTable[128];
- WOW64_POINTER(PVOID) TelemetryCoverageHeader; // REDSTONE3
- ULONG CloudFileFlags;
- ULONG CloudFileDiagFlags; // REDSTONE4
- CHAR PlaceholderCompatibilityMode;
- CHAR PlaceholderCompatibilityModeReserved[7];
- WOW64_POINTER(PLEAP_SECOND_DATA) LeapSecondData; // REDSTONE5
- union
- {
- ULONG LeapSecondFlags;
- struct
- {
- ULONG SixtySecondEnabled : 1;
- ULONG Reserved : 31;
- };
- };
- ULONG NtGlobalFlag2;
- ULONGLONG ExtendedFeatureDisableMask; // since WIN11
-} PEB32, *PPEB32;
-
-//C_ASSERT(sizeof(PEB32) == 0x460); // REDSTONE3
-//C_ASSERT(sizeof(PEB32) == 0x470); // REDSTONE5
-C_ASSERT(sizeof(PEB32) == 0x488); // WIN11
-
-// Note: Use PhGetProcessPeb32 instead. (dmex)
-//#define WOW64_GET_PEB32(peb64) ((PPEB32)PTR_ADD_OFFSET((peb64), ALIGN_UP_BY(sizeof(PEB), PAGE_SIZE)))
-
-#define GDI_BATCH_BUFFER_SIZE 310
-
-typedef struct _GDI_TEB_BATCH32
-{
- ULONG Offset;
- WOW64_POINTER(ULONG_PTR) HDC;
- ULONG Buffer[GDI_BATCH_BUFFER_SIZE];
-} GDI_TEB_BATCH32, *PGDI_TEB_BATCH32;
-
-typedef struct _TEB32
-{
- NT_TIB32 NtTib;
-
- WOW64_POINTER(PVOID) EnvironmentPointer;
- CLIENT_ID32 ClientId;
- WOW64_POINTER(PVOID) ActiveRpcHandle;
- WOW64_POINTER(PVOID) ThreadLocalStoragePointer;
- WOW64_POINTER(PPEB) ProcessEnvironmentBlock;
-
- ULONG LastErrorValue;
- ULONG CountOfOwnedCriticalSections;
- WOW64_POINTER(PVOID) CsrClientThread;
- WOW64_POINTER(PVOID) Win32ThreadInfo;
- ULONG User32Reserved[26];
- ULONG UserReserved[5];
- WOW64_POINTER(PVOID) WOW32Reserved;
- LCID CurrentLocale;
- ULONG FpSoftwareStatusRegister;
- WOW64_POINTER(PVOID) ReservedForDebuggerInstrumentation[16];
- WOW64_POINTER(PVOID) SystemReserved1[36];
- UCHAR WorkingOnBehalfTicket[8];
- NTSTATUS ExceptionCode;
-
- WOW64_POINTER(PVOID) ActivationContextStackPointer;
- WOW64_POINTER(ULONG_PTR) InstrumentationCallbackSp;
- WOW64_POINTER(ULONG_PTR) InstrumentationCallbackPreviousPc;
- WOW64_POINTER(ULONG_PTR) InstrumentationCallbackPreviousSp;
- BOOLEAN InstrumentationCallbackDisabled;
- UCHAR SpareBytes[23];
- ULONG TxFsContext;
-
- GDI_TEB_BATCH32 GdiTebBatch;
- CLIENT_ID32 RealClientId;
- WOW64_POINTER(HANDLE) GdiCachedProcessHandle;
- ULONG GdiClientPID;
- ULONG GdiClientTID;
- WOW64_POINTER(PVOID) GdiThreadLocalInfo;
- WOW64_POINTER(ULONG_PTR) Win32ClientInfo[62];
- WOW64_POINTER(PVOID) glDispatchTable[233];
- WOW64_POINTER(ULONG_PTR) glReserved1[29];
- WOW64_POINTER(PVOID) glReserved2;
- WOW64_POINTER(PVOID) glSectionInfo;
- WOW64_POINTER(PVOID) glSection;
- WOW64_POINTER(PVOID) glTable;
- WOW64_POINTER(PVOID) glCurrentRC;
- WOW64_POINTER(PVOID) glContext;
-
- NTSTATUS LastStatusValue;
- UNICODE_STRING32 StaticUnicodeString;
- WCHAR StaticUnicodeBuffer[261];
-
- WOW64_POINTER(PVOID) DeallocationStack;
- WOW64_POINTER(PVOID) TlsSlots[64];
- LIST_ENTRY32 TlsLinks;
-
- WOW64_POINTER(PVOID) Vdm;
- WOW64_POINTER(PVOID) ReservedForNtRpc;
- WOW64_POINTER(PVOID) DbgSsReserved[2];
-
- ULONG HardErrorMode;
- WOW64_POINTER(PVOID) Instrumentation[9];
- GUID ActivityId;
-
- WOW64_POINTER(PVOID) SubProcessTag;
- WOW64_POINTER(PVOID) PerflibData;
- WOW64_POINTER(PVOID) EtwTraceData;
- WOW64_POINTER(PVOID) WinSockData;
- ULONG GdiBatchCount;
-
- union
- {
- PROCESSOR_NUMBER CurrentIdealProcessor;
- ULONG IdealProcessorValue;
- struct
- {
- UCHAR ReservedPad0;
- UCHAR ReservedPad1;
- UCHAR ReservedPad2;
- UCHAR IdealProcessor;
- };
- };
-
- ULONG GuaranteedStackBytes;
- WOW64_POINTER(PVOID) ReservedForPerf;
- WOW64_POINTER(PVOID) ReservedForOle;
- ULONG WaitingOnLoaderLock;
- WOW64_POINTER(PVOID) SavedPriorityState;
- WOW64_POINTER(ULONG_PTR) ReservedForCodeCoverage;
- WOW64_POINTER(PVOID) ThreadPoolData;
- WOW64_POINTER(PVOID *) TlsExpansionSlots;
-
- ULONG MuiGeneration;
- ULONG IsImpersonating;
- WOW64_POINTER(PVOID) NlsCache;
- WOW64_POINTER(PVOID) pShimData;
- USHORT HeapVirtualAffinity;
- USHORT LowFragHeapDataSlot;
- WOW64_POINTER(HANDLE) CurrentTransactionHandle;
- WOW64_POINTER(PTEB_ACTIVE_FRAME) ActiveFrame;
- WOW64_POINTER(PVOID) FlsData;
-
- WOW64_POINTER(PVOID) PreferredLanguages;
- WOW64_POINTER(PVOID) UserPrefLanguages;
- WOW64_POINTER(PVOID) MergedPrefLanguages;
- ULONG MuiImpersonation;
-
- union
- {
- USHORT CrossTebFlags;
- USHORT SpareCrossTebBits : 16;
- };
- union
- {
- USHORT SameTebFlags;
- struct
- {
- USHORT SafeThunkCall : 1;
- USHORT InDebugPrint : 1;
- USHORT HasFiberData : 1;
- USHORT SkipThreadAttach : 1;
- USHORT WerInShipAssertCode : 1;
- USHORT RanProcessInit : 1;
- USHORT ClonedThread : 1;
- USHORT SuppressDebugMsg : 1;
- USHORT DisableUserStackWalk : 1;
- USHORT RtlExceptionAttached : 1;
- USHORT InitialThread : 1;
- USHORT SessionAware : 1;
- USHORT LoadOwner : 1;
- USHORT LoaderWorker : 1;
- USHORT SpareSameTebBits : 2;
- };
- };
-
- WOW64_POINTER(PVOID) TxnScopeEnterCallback;
- WOW64_POINTER(PVOID) TxnScopeExitCallback;
- WOW64_POINTER(PVOID) TxnScopeContext;
- ULONG LockCount;
- LONG WowTebOffset;
- WOW64_POINTER(PVOID) ResourceRetValue;
- WOW64_POINTER(PVOID) ReservedForWdf;
- ULONGLONG ReservedForCrt;
- GUID EffectiveContainerId;
-} TEB32, *PTEB32;
-
-C_ASSERT(FIELD_OFFSET(TEB32, ProcessEnvironmentBlock) == 0x030);
-C_ASSERT(FIELD_OFFSET(TEB32, ExceptionCode) == 0x1a4);
-C_ASSERT(FIELD_OFFSET(TEB32, TxFsContext) == 0x1d0);
-C_ASSERT(FIELD_OFFSET(TEB32, glContext) == 0xbf0);
-C_ASSERT(FIELD_OFFSET(TEB32, StaticUnicodeBuffer) == 0xc00);
-C_ASSERT(FIELD_OFFSET(TEB32, TlsLinks) == 0xf10);
-C_ASSERT(FIELD_OFFSET(TEB32, DbgSsReserved) == 0xf20);
-C_ASSERT(FIELD_OFFSET(TEB32, ActivityId) == 0xf50);
-C_ASSERT(FIELD_OFFSET(TEB32, GdiBatchCount) == 0xf70);
-C_ASSERT(FIELD_OFFSET(TEB32, TlsExpansionSlots) == 0xf94);
-C_ASSERT(FIELD_OFFSET(TEB32, FlsData) == 0xfb4);
-C_ASSERT(FIELD_OFFSET(TEB32, MuiImpersonation) == 0xfc4);
-C_ASSERT(FIELD_OFFSET(TEB32, ReservedForCrt) == 0xfe8);
-C_ASSERT(FIELD_OFFSET(TEB32, EffectiveContainerId) == 0xff0);
-C_ASSERT(sizeof(TEB32) == 0x1000);
-
-// Conversion
-
-FORCEINLINE VOID UStr32ToUStr(
- _Out_ PUNICODE_STRING Destination,
- _In_ PUNICODE_STRING32 Source
- )
-{
- Destination->Length = Source->Length;
- Destination->MaximumLength = Source->MaximumLength;
- Destination->Buffer = (PWCH)UlongToPtr(Source->Buffer);
-}
-
-FORCEINLINE VOID UStrToUStr32(
- _Out_ PUNICODE_STRING32 Destination,
- _In_ PUNICODE_STRING Source
- )
-{
- Destination->Length = Source->Length;
- Destination->MaximumLength = Source->MaximumLength;
- Destination->Buffer = PtrToUlong(Source->Buffer);
-}
-
-// The Wow64Info structure follows the PEB32/TEB32 structures and is shared between 32-bit and 64-bit modules inside a Wow64 process.
-// from SDK/10.0.10240.0/um/minwin/wow64t.h (dmex)
-//
-// Page size on x86 NT
-//
-#define PAGE_SIZE_X86NT 0x1000
-#define PAGE_SHIFT_X86NT 12L
-#define WOW64_SPLITS_PER_PAGE (PAGE_SIZE_X86NT / PAGE_SIZE_X86NT)
-
-//
-// Convert the number of native pages to sub x86-pages
-//
-#define Wow64GetNumberOfX86Pages(NativePages) \
- (NativePages * (PAGE_SIZE_X86NT >> PAGE_SHIFT_X86NT))
-
-//
-// Macro to round to the nearest page size
-//
-#define WOW64_ROUND_TO_PAGES(Size) \
- (((ULONG_PTR)(Size) + PAGE_SIZE_X86NT - 1) & ~(PAGE_SIZE_X86NT - 1))
-
-//
-// Get number of native pages
-//
-#define WOW64_BYTES_TO_PAGES(Size) \
- (((ULONG)(Size) >> WOW64_ROUND_TO_PAGES) + (((ULONG)(Size) & (PAGE_SIZE_X86NT - 1)) != 0))
-
-//
-// Get the 32-bit TEB without doing a memory reference.
-//
-#define WOW64_GET_TEB32(teb64) ((PTEB32)(PVOID)RtlOffsetToPointer((teb64), WOW64_ROUND_TO_PAGES(sizeof(TEB))))
-#define WOW64_TEB32_POINTER_ADDRESS(teb64) (PVOID)&((teb64)->NtTib.ExceptionList)
-
-typedef union _WOW64_EXECUTE_OPTIONS
-{
- ULONG Flags;
- struct
- {
- ULONG StackReserveSize : 8;
- ULONG StackCommitSize : 4;
- ULONG Deprecated0 : 1;
- ULONG DisableWowAssert : 1;
- ULONG DisableTurboDispatch : 1;
- ULONG Unused : 13;
- ULONG Reserved0 : 1;
- ULONG Reserved1 : 1;
- ULONG Reserved2 : 1;
- ULONG Reserved3 : 1;
- };
-} WOW64_EXECUTE_OPTIONS, *PWOW64_EXECUTE_OPTIONS;
-
-#define WOW64_CPUFLAGS_MSFT64 0x00000001
-#define WOW64_CPUFLAGS_SOFTWARE 0x00000002
-#define WOW64_CPUFLAGS_IA64 0x00000004
-
-typedef struct _WOW64INFO
-{
- ULONG NativeSystemPageSize;
- ULONG CpuFlags;
- WOW64_EXECUTE_OPTIONS Wow64ExecuteFlags;
- ULONG InstrumentationCallback;
-} WOW64INFO, *PWOW64INFO;
-
-typedef struct _PEB32_WITH_WOW64INFO
-{
- PEB32 Peb32;
- WOW64INFO Wow64Info;
-} PEB32_WITH_WOW64INFO, *PPEB32_WITH_WOW64INFO;
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-#ifdef _M_X64
-
-FORCEINLINE
-TEB32*
-POINTER_UNSIGNED
-Wow64CurrentGuestTeb(
- VOID
- )
-{
- TEB* POINTER_UNSIGNED Teb;
- TEB32* POINTER_UNSIGNED Teb32;
-
- Teb = NtCurrentTeb();
-
- if (Teb->WowTebOffset == 0)
- {
- //
- // Not running under or over WoW, so there is no "guest teb"
- //
-
- return NULL;
- }
-
- if (Teb->WowTebOffset < 0)
- {
- //
- // Was called while running under WoW. The current teb is the guest
- // teb.
- //
-
- Teb32 = (PTEB32)Teb;
-
- RTL_ASSERT(&Teb32->WowTebOffset == &Teb->WowTebOffset);
- }
- else
- {
- //
- // Called by the WoW Host, so calculate the position of the guest teb
- // relative to the current (host) teb.
- //
-
- Teb32 = (PTEB32)RtlOffsetToPointer(Teb, Teb->WowTebOffset);
- }
-
- RTL_ASSERT(Teb32->NtTib.Self == PtrToUlong(Teb32));
-
- return Teb32;
-}
-
-FORCEINLINE
-VOID*
-POINTER_UNSIGNED
-Wow64CurrentNativeTeb(
- VOID
- )
-{
- TEB* POINTER_UNSIGNED Teb;
- VOID* POINTER_UNSIGNED HostTeb;
-
- Teb = NtCurrentTeb();
-
- if (Teb->WowTebOffset >= 0)
- {
- //
- // Not running under WoW, so it it either not running on WoW at all, or
- // it is the host. Return the current teb as native teb.
- //
-
- HostTeb = (PVOID)Teb;
- }
- else
- {
- //
- // Called while runnign under WoW Host, so calculate the position of the
- // host teb relative to the current (guest) teb.
- //
-
- HostTeb = (PVOID)RtlOffsetToPointer(Teb, Teb->WowTebOffset);
- }
-
- RTL_ASSERT((((PTEB32)HostTeb)->NtTib.Self == PtrToUlong(HostTeb)) || ((ULONG_PTR)((PTEB)HostTeb)->NtTib.Self == (ULONG_PTR)HostTeb));
-
- return HostTeb;
-}
-
-#define NtCurrentTeb32() (Wow64CurrentGuestTeb())
-#define NtCurrentPeb32() ((PPEB32)(UlongToPtr((NtCurrentTeb32()->ProcessEnvironmentBlock))))
-
-#define Wow64GetNativeTebField(teb, field) (((ULONG)(teb) == ((PTEB32)(teb))->NtTib.Self) ? (((PTEB32)(teb))->##field) : (((PTEB)(teb))->##field) )
-#define Wow64SetNativeTebField(teb, field, value) { if ((ULONG)(teb) == ((PTEB32)(teb))->NtTib.Self) {(((PTEB32)(teb))->##field) = (value);} else {(((PTEB)(teb))->##field) = (value);} }
-
-#endif
-#endif
-
-#endif
diff --git a/deps/phnt-nightly/ntxcapi.h b/deps/phnt-nightly/ntxcapi.h
deleted file mode 100644
index 52265e2..0000000
--- a/deps/phnt-nightly/ntxcapi.h
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Exception support functions
- *
- * This file is part of System Informer.
- */
-
-#ifndef _NTXCAPI_H
-#define _NTXCAPI_H
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlDispatchException(
- _In_ PEXCEPTION_RECORD ExceptionRecord,
- _In_ PCONTEXT ContextRecord
- );
-
-NTSYSAPI
-DECLSPEC_NORETURN
-VOID
-NTAPI
-RtlRaiseStatus(
- _In_ NTSTATUS Status
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlRaiseException(
- _In_ PEXCEPTION_RECORD ExceptionRecord
- );
-
-#if (PHNT_VERSION >= PHNT_20H1)
-// rev
-NTSYSAPI
-VOID
-NTAPI
-RtlRaiseExceptionForReturnAddressHijack(
- VOID
- );
-
-// rev
-NTSYSAPI
-DECLSPEC_NORETURN
-VOID
-NTAPI
-RtlRaiseNoncontinuableException(
- _In_ PEXCEPTION_RECORD ExceptionRecord,
- _In_ PCONTEXT ContextRecord
- );
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtContinue(
- _In_ PCONTEXT ContextRecord,
- _In_ BOOLEAN TestAlert
- );
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-typedef enum _KCONTINUE_TYPE
-{
- KCONTINUE_UNWIND,
- KCONTINUE_RESUME,
- KCONTINUE_LONGJUMP,
- KCONTINUE_SET,
- KCONTINUE_LAST,
-} KCONTINUE_TYPE;
-
-typedef struct _KCONTINUE_ARGUMENT
-{
- KCONTINUE_TYPE ContinueType;
- ULONG ContinueFlags;
- ULONGLONG Reserved[2];
-} KCONTINUE_ARGUMENT, *PKCONTINUE_ARGUMENT;
-
-#define KCONTINUE_FLAG_TEST_ALERT 0x00000001 // wbenny
-#define KCONTINUE_FLAG_DELIVER_APC 0x00000002 // wbenny
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtContinueEx(
- _In_ PCONTEXT ContextRecord,
- _In_ PVOID ContinueArgument // PKCONTINUE_ARGUMENT and BOOLEAN are valid
- );
-
-//FORCEINLINE
-//NTSTATUS
-//NtContinue(
-// _In_ PCONTEXT ContextRecord,
-// _In_ BOOLEAN TestAlert
-// )
-//{
-// return NtContinueEx(ContextRecord, (PCONTINUE_ARGUMENT)TestAlert);
-//}
-#endif
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtRaiseException(
- _In_ PEXCEPTION_RECORD ExceptionRecord,
- _In_ PCONTEXT ContextRecord,
- _In_ BOOLEAN FirstChance
- );
-
-NTSYSCALLAPI
-DECLSPEC_NORETURN
-VOID
-NTAPI
-RtlAssert(
- _In_ PVOID VoidFailedAssertion,
- _In_ PVOID VoidFileName,
- _In_ ULONG LineNumber,
- _In_opt_ PSTR MutableMessage
- );
-
-#define RTL_ASSERT(exp) \
- ((!(exp)) ? (RtlAssert((PVOID)#exp, (PVOID)__FILE__, __LINE__, NULL), FALSE) : TRUE)
-#define RTL_ASSERTMSG(msg, exp) \
- ((!(exp)) ? (RtlAssert((PVOID)#exp, (PVOID)__FILE__, __LINE__, msg), FALSE) : TRUE)
-#define RTL_SOFT_ASSERT(_exp) \
- ((!(_exp)) ? (DbgPrint("%s(%d): Soft assertion failed\n Expression: %s\n", __FILE__, __LINE__, #_exp), FALSE) : TRUE)
-#define RTL_SOFT_ASSERTMSG(_msg, _exp) \
- ((!(_exp)) ? (DbgPrint("%s(%d): Soft assertion failed\n Expression: %s\n Message: %s\n", __FILE__, __LINE__, #_exp, (_msg)), FALSE) : TRUE)
-
-#endif
diff --git a/deps/phnt-nightly/ntzwapi.h b/deps/phnt-nightly/ntzwapi.h
deleted file mode 100644
index 949384e..0000000
--- a/deps/phnt-nightly/ntzwapi.h
+++ /dev/null
@@ -1,4816 +0,0 @@
-#ifndef _NTZWAPI_H
-#define _NTZWAPI_H
-
-// This file was automatically generated. Do not edit.
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAcceptConnectPort(
- _Out_ PHANDLE PortHandle,
- _In_opt_ PVOID PortContext,
- _In_ PPORT_MESSAGE ConnectionRequest,
- _In_ BOOLEAN AcceptConnection,
- _Inout_opt_ PPORT_VIEW ServerView,
- _Out_opt_ PREMOTE_PORT_VIEW ClientView
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAccessCheck(
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_ HANDLE ClientToken,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ PGENERIC_MAPPING GenericMapping,
- _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet,
- _Inout_ PULONG PrivilegeSetLength,
- _Out_ PACCESS_MASK GrantedAccess,
- _Out_ PNTSTATUS AccessStatus
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAccessCheckAndAuditAlarm(
- _In_ PUNICODE_STRING SubsystemName,
- _In_opt_ PVOID HandleId,
- _In_ PUNICODE_STRING ObjectTypeName,
- _In_ PUNICODE_STRING ObjectName,
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ PGENERIC_MAPPING GenericMapping,
- _In_ BOOLEAN ObjectCreation,
- _Out_ PACCESS_MASK GrantedAccess,
- _Out_ PNTSTATUS AccessStatus,
- _Out_ PBOOLEAN GenerateOnClose
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAccessCheckByType(
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_opt_ PSID PrincipalSelfSid,
- _In_ HANDLE ClientToken,
- _In_ ACCESS_MASK DesiredAccess,
- _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
- _In_ ULONG ObjectTypeListLength,
- _In_ PGENERIC_MAPPING GenericMapping,
- _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet,
- _Inout_ PULONG PrivilegeSetLength,
- _Out_ PACCESS_MASK GrantedAccess,
- _Out_ PNTSTATUS AccessStatus
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAccessCheckByTypeAndAuditAlarm(
- _In_ PUNICODE_STRING SubsystemName,
- _In_opt_ PVOID HandleId,
- _In_ PUNICODE_STRING ObjectTypeName,
- _In_ PUNICODE_STRING ObjectName,
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_opt_ PSID PrincipalSelfSid,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ AUDIT_EVENT_TYPE AuditType,
- _In_ ULONG Flags,
- _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
- _In_ ULONG ObjectTypeListLength,
- _In_ PGENERIC_MAPPING GenericMapping,
- _In_ BOOLEAN ObjectCreation,
- _Out_ PACCESS_MASK GrantedAccess,
- _Out_ PNTSTATUS AccessStatus,
- _Out_ PBOOLEAN GenerateOnClose
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAccessCheckByTypeResultList(
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_opt_ PSID PrincipalSelfSid,
- _In_ HANDLE ClientToken,
- _In_ ACCESS_MASK DesiredAccess,
- _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
- _In_ ULONG ObjectTypeListLength,
- _In_ PGENERIC_MAPPING GenericMapping,
- _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet,
- _Inout_ PULONG PrivilegeSetLength,
- _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess,
- _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAccessCheckByTypeResultListAndAuditAlarm(
- _In_ PUNICODE_STRING SubsystemName,
- _In_opt_ PVOID HandleId,
- _In_ PUNICODE_STRING ObjectTypeName,
- _In_ PUNICODE_STRING ObjectName,
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_opt_ PSID PrincipalSelfSid,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ AUDIT_EVENT_TYPE AuditType,
- _In_ ULONG Flags,
- _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
- _In_ ULONG ObjectTypeListLength,
- _In_ PGENERIC_MAPPING GenericMapping,
- _In_ BOOLEAN ObjectCreation,
- _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess,
- _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus,
- _Out_ PBOOLEAN GenerateOnClose
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAccessCheckByTypeResultListAndAuditAlarmByHandle(
- _In_ PUNICODE_STRING SubsystemName,
- _In_opt_ PVOID HandleId,
- _In_ HANDLE ClientToken,
- _In_ PUNICODE_STRING ObjectTypeName,
- _In_ PUNICODE_STRING ObjectName,
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_opt_ PSID PrincipalSelfSid,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ AUDIT_EVENT_TYPE AuditType,
- _In_ ULONG Flags,
- _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
- _In_ ULONG ObjectTypeListLength,
- _In_ PGENERIC_MAPPING GenericMapping,
- _In_ BOOLEAN ObjectCreation,
- _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess,
- _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus,
- _Out_ PBOOLEAN GenerateOnClose
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAcquireCMFViewOwnership(
- _Out_ PULONGLONG TimeStamp,
- _Out_ PBOOLEAN tokenTaken,
- _In_ BOOLEAN replaceExisting
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAddAtom(
- _In_reads_bytes_opt_(Length) PWSTR AtomName,
- _In_ ULONG Length,
- _Out_opt_ PRTL_ATOM Atom
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAddAtomEx(
- _In_reads_bytes_opt_(Length) PWSTR AtomName,
- _In_ ULONG Length,
- _Out_opt_ PRTL_ATOM Atom,
- _In_ ULONG Flags
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAddBootEntry(
- _In_ PBOOT_ENTRY BootEntry,
- _Out_opt_ PULONG Id
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAddDriverEntry(
- _In_ PEFI_DRIVER_ENTRY DriverEntry,
- _Out_opt_ PULONG Id
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAdjustGroupsToken(
- _In_ HANDLE TokenHandle,
- _In_ BOOLEAN ResetToDefault,
- _In_opt_ PTOKEN_GROUPS NewState,
- _In_opt_ ULONG BufferLength,
- _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAdjustPrivilegesToken(
- _In_ HANDLE TokenHandle,
- _In_ BOOLEAN DisableAllPrivileges,
- _In_opt_ PTOKEN_PRIVILEGES NewState,
- _In_ ULONG BufferLength,
- _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAdjustTokenClaimsAndDeviceGroups(
- _In_ HANDLE TokenHandle,
- _In_ BOOLEAN UserResetToDefault,
- _In_ BOOLEAN DeviceResetToDefault,
- _In_ BOOLEAN DeviceGroupsResetToDefault,
- _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION NewUserState,
- _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION NewDeviceState,
- _In_opt_ PTOKEN_GROUPS NewDeviceGroupsState,
- _In_ ULONG UserBufferLength,
- _Out_writes_bytes_to_opt_(UserBufferLength, *UserReturnLength) PTOKEN_SECURITY_ATTRIBUTES_INFORMATION PreviousUserState,
- _In_ ULONG DeviceBufferLength,
- _Out_writes_bytes_to_opt_(DeviceBufferLength, *DeviceReturnLength) PTOKEN_SECURITY_ATTRIBUTES_INFORMATION PreviousDeviceState,
- _In_ ULONG DeviceGroupsBufferLength,
- _Out_writes_bytes_to_opt_(DeviceGroupsBufferLength, *DeviceGroupsReturnBufferLength) PTOKEN_GROUPS PreviousDeviceGroups,
- _Out_opt_ PULONG UserReturnLength,
- _Out_opt_ PULONG DeviceReturnLength,
- _Out_opt_ PULONG DeviceGroupsReturnBufferLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAlertResumeThread(
- _In_ HANDLE ThreadHandle,
- _Out_opt_ PULONG PreviousSuspendCount
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAlertThread(
- _In_ HANDLE ThreadHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAlertThreadByThreadId(
- _In_ HANDLE ThreadId
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAllocateLocallyUniqueId(
- _Out_ PLUID Luid
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAllocateReserveObject(
- _Out_ PHANDLE MemoryReserveHandle,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ MEMORY_RESERVE_TYPE Type
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAllocateUserPhysicalPages(
- _In_ HANDLE ProcessHandle,
- _Inout_ PULONG_PTR NumberOfPages,
- _Out_writes_(*NumberOfPages) PULONG_PTR UserPfnArray
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAllocateUserPhysicalPagesEx(
- _In_ HANDLE ProcessHandle,
- _Inout_ PULONG_PTR NumberOfPages,
- _Out_writes_(*NumberOfPages) PULONG_PTR UserPfnArray,
- _Inout_updates_opt_(ParameterCount) PMEM_EXTENDED_PARAMETER ExtendedParameters,
- _In_ ULONG ExtendedParameterCount
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAllocateUuids(
- _Out_ PULARGE_INTEGER Time,
- _Out_ PULONG Range,
- _Out_ PULONG Sequence,
- _Out_ PCHAR Seed
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAllocateVirtualMemory(
- _In_ HANDLE ProcessHandle,
- _Inout_ _At_(*BaseAddress, _Readable_bytes_(*RegionSize) _Writable_bytes_(*RegionSize) _Post_readable_byte_size_(*RegionSize)) PVOID *BaseAddress,
- _In_ ULONG_PTR ZeroBits,
- _Inout_ PSIZE_T RegionSize,
- _In_ ULONG AllocationType,
- _In_ ULONG Protect
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAllocateVirtualMemoryEx(
- _In_ HANDLE ProcessHandle,
- _Inout_ _At_(*BaseAddress, _Readable_bytes_(*RegionSize) _Writable_bytes_(*RegionSize) _Post_readable_byte_size_(*RegionSize)) PVOID *BaseAddress,
- _Inout_ PSIZE_T RegionSize,
- _In_ ULONG AllocationType,
- _In_ ULONG PageProtection,
- _Inout_updates_opt_(ExtendedParameterCount) PMEM_EXTENDED_PARAMETER ExtendedParameters,
- _In_ ULONG ExtendedParameterCount
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAlpcAcceptConnectPort(
- _Out_ PHANDLE PortHandle,
- _In_ HANDLE ConnectionPortHandle,
- _In_ ULONG Flags,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_opt_ PALPC_PORT_ATTRIBUTES PortAttributes,
- _In_opt_ PVOID PortContext,
- _In_reads_bytes_(ConnectionRequest->u1.s1.TotalLength) PPORT_MESSAGE ConnectionRequest,
- _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES ConnectionMessageAttributes,
- _In_ BOOLEAN AcceptConnection
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAlpcCancelMessage(
- _In_ HANDLE PortHandle,
- _In_ ULONG Flags,
- _In_ PALPC_CONTEXT_ATTR MessageContext
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAlpcConnectPort(
- _Out_ PHANDLE PortHandle,
- _In_ PUNICODE_STRING PortName,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_opt_ PALPC_PORT_ATTRIBUTES PortAttributes,
- _In_ ULONG Flags,
- _In_opt_ PSID RequiredServerSid,
- _Inout_updates_bytes_to_opt_(*BufferLength, *BufferLength) PPORT_MESSAGE ConnectionMessage,
- _Inout_opt_ PSIZE_T BufferLength,
- _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES OutMessageAttributes,
- _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES InMessageAttributes,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAlpcConnectPortEx(
- _Out_ PHANDLE PortHandle,
- _In_ POBJECT_ATTRIBUTES ConnectionPortObjectAttributes,
- _In_opt_ POBJECT_ATTRIBUTES ClientPortObjectAttributes,
- _In_opt_ PALPC_PORT_ATTRIBUTES PortAttributes,
- _In_ ULONG Flags,
- _In_opt_ PSECURITY_DESCRIPTOR ServerSecurityRequirements,
- _Inout_updates_bytes_to_opt_(*BufferLength, *BufferLength) PPORT_MESSAGE ConnectionMessage,
- _Inout_opt_ PSIZE_T BufferLength,
- _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES OutMessageAttributes,
- _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES InMessageAttributes,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAlpcCreatePort(
- _Out_ PHANDLE PortHandle,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_opt_ PALPC_PORT_ATTRIBUTES PortAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAlpcCreatePortSection(
- _In_ HANDLE PortHandle,
- _In_ ULONG Flags,
- _In_opt_ HANDLE SectionHandle,
- _In_ SIZE_T SectionSize,
- _Out_ PALPC_HANDLE AlpcSectionHandle,
- _Out_ PSIZE_T ActualSectionSize
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAlpcCreateResourceReserve(
- _In_ HANDLE PortHandle,
- _Reserved_ ULONG Flags,
- _In_ SIZE_T MessageSize,
- _Out_ PALPC_HANDLE ResourceId
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAlpcCreateSectionView(
- _In_ HANDLE PortHandle,
- _Reserved_ ULONG Flags,
- _Inout_ PALPC_DATA_VIEW_ATTR ViewAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAlpcCreateSecurityContext(
- _In_ HANDLE PortHandle,
- _Reserved_ ULONG Flags,
- _Inout_ PALPC_SECURITY_ATTR SecurityAttribute
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAlpcDeletePortSection(
- _In_ HANDLE PortHandle,
- _Reserved_ ULONG Flags,
- _In_ ALPC_HANDLE SectionHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAlpcDeleteResourceReserve(
- _In_ HANDLE PortHandle,
- _Reserved_ ULONG Flags,
- _In_ ALPC_HANDLE ResourceId
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAlpcDeleteSectionView(
- _In_ HANDLE PortHandle,
- _Reserved_ ULONG Flags,
- _In_ PVOID ViewBase
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAlpcDeleteSecurityContext(
- _In_ HANDLE PortHandle,
- _Reserved_ ULONG Flags,
- _In_ ALPC_HANDLE ContextHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAlpcDisconnectPort(
- _In_ HANDLE PortHandle,
- _In_ ULONG Flags
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAlpcImpersonateClientContainerOfPort(
- _In_ HANDLE PortHandle,
- _In_ PPORT_MESSAGE Message,
- _Reserved_ ULONG Flags
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAlpcImpersonateClientOfPort(
- _In_ HANDLE PortHandle,
- _In_ PPORT_MESSAGE Message,
- _In_ PVOID Flags
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAlpcOpenSenderProcess(
- _Out_ PHANDLE ProcessHandle,
- _In_ HANDLE PortHandle,
- _In_ PPORT_MESSAGE PortMessage,
- _Reserved_ ULONG Flags,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAlpcOpenSenderThread(
- _Out_ PHANDLE ThreadHandle,
- _In_ HANDLE PortHandle,
- _In_ PPORT_MESSAGE PortMessage,
- _Reserved_ ULONG Flags,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAlpcQueryInformation(
- _In_opt_ HANDLE PortHandle,
- _In_ ALPC_PORT_INFORMATION_CLASS PortInformationClass,
- _Inout_updates_bytes_to_(Length, *ReturnLength) PVOID PortInformation,
- _In_ ULONG Length,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAlpcQueryInformationMessage(
- _In_ HANDLE PortHandle,
- _In_ PPORT_MESSAGE PortMessage,
- _In_ ALPC_MESSAGE_INFORMATION_CLASS MessageInformationClass,
- _Out_writes_bytes_to_opt_(Length, *ReturnLength) PVOID MessageInformation,
- _In_ ULONG Length,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAlpcRevokeSecurityContext(
- _In_ HANDLE PortHandle,
- _Reserved_ ULONG Flags,
- _In_ ALPC_HANDLE ContextHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAlpcSendWaitReceivePort(
- _In_ HANDLE PortHandle,
- _In_ ULONG Flags,
- _In_reads_bytes_opt_(SendMessage->u1.s1.TotalLength) PPORT_MESSAGE SendMessage,
- _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES SendMessageAttributes,
- _Out_writes_bytes_to_opt_(*BufferLength, *BufferLength) PPORT_MESSAGE ReceiveMessage,
- _Inout_opt_ PSIZE_T BufferLength,
- _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES ReceiveMessageAttributes,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAlpcSetInformation(
- _In_ HANDLE PortHandle,
- _In_ ALPC_PORT_INFORMATION_CLASS PortInformationClass,
- _In_reads_bytes_opt_(Length) PVOID PortInformation,
- _In_ ULONG Length
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAreMappedFilesTheSame(
- _In_ PVOID File1MappedAsAnImage,
- _In_ PVOID File2MappedAsFile
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAssignProcessToJobObject(
- _In_ HANDLE JobHandle,
- _In_ HANDLE ProcessHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwAssociateWaitCompletionPacket(
- _In_ HANDLE WaitCompletionPacketHandle,
- _In_ HANDLE IoCompletionHandle,
- _In_ HANDLE TargetObjectHandle,
- _In_opt_ PVOID KeyContext,
- _In_opt_ PVOID ApcContext,
- _In_ NTSTATUS IoStatus,
- _In_ ULONG_PTR IoStatusInformation,
- _Out_opt_ PBOOLEAN AlreadySignaled
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCallbackReturn(
- _In_reads_bytes_opt_(OutputLength) PVOID OutputBuffer,
- _In_ ULONG OutputLength,
- _In_ NTSTATUS Status
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCallEnclave(
- _In_ PENCLAVE_ROUTINE Routine,
- _In_ PVOID Reserved, // reserved for dispatch (RtlEnclaveCallDispatch)
- _In_ ULONG Flags, // ENCLAVE_CALL_FLAG_*
- _Inout_ PVOID* RoutineParamReturn // input routine parameter, output routine return value
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCancelIoFile(
- _In_ HANDLE FileHandle,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCancelIoFileEx(
- _In_ HANDLE FileHandle,
- _In_opt_ PIO_STATUS_BLOCK IoRequestToCancel,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCancelSynchronousIoFile(
- _In_ HANDLE ThreadHandle,
- _In_opt_ PIO_STATUS_BLOCK IoRequestToCancel,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCancelTimer(
- _In_ HANDLE TimerHandle,
- _Out_opt_ PBOOLEAN CurrentState
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCancelTimer2(
- _In_ HANDLE TimerHandle,
- _In_ PT2_CANCEL_PARAMETERS Parameters
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCancelWaitCompletionPacket(
- _In_ HANDLE WaitCompletionPacketHandle,
- _In_ BOOLEAN RemoveSignaledPacket
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwChangeProcessState(
- _In_ HANDLE ProcessStateChangeHandle,
- _In_ HANDLE ProcessHandle,
- _In_ PROCESS_STATE_CHANGE_TYPE StateChangeType,
- _In_opt_ PVOID ExtendedInformation,
- _In_opt_ SIZE_T ExtendedInformationLength,
- _In_opt_ ULONG64 Reserved
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwChangeThreadState(
- _In_ HANDLE ThreadStateChangeHandle,
- _In_ HANDLE ThreadHandle,
- _In_ THREAD_STATE_CHANGE_TYPE StateChangeType,
- _In_opt_ PVOID ExtendedInformation,
- _In_opt_ SIZE_T ExtendedInformationLength,
- _In_opt_ ULONG64 Reserved
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwClearEvent(
- _In_ HANDLE EventHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwClose(
- _In_ _Post_ptr_invalid_ HANDLE Handle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCloseObjectAuditAlarm(
- _In_ PUNICODE_STRING SubsystemName,
- _In_opt_ PVOID HandleId,
- _In_ BOOLEAN GenerateOnClose
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCommitComplete(
- _In_ HANDLE EnlistmentHandle,
- _In_opt_ PLARGE_INTEGER TmVirtualClock
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCommitEnlistment(
- _In_ HANDLE EnlistmentHandle,
- _In_opt_ PLARGE_INTEGER TmVirtualClock
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCommitTransaction(
- _In_ HANDLE TransactionHandle,
- _In_ BOOLEAN Wait
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCompactKeys(
- _In_ ULONG Count,
- _In_reads_(Count) HANDLE KeyArray[]
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCompareObjects(
- _In_ HANDLE FirstObjectHandle,
- _In_ HANDLE SecondObjectHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCompareSigningLevels(
- _In_ SE_SIGNING_LEVEL FirstSigningLevel,
- _In_ SE_SIGNING_LEVEL SecondSigningLevel
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCompareTokens(
- _In_ HANDLE FirstTokenHandle,
- _In_ HANDLE SecondTokenHandle,
- _Out_ PBOOLEAN Equal
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCompleteConnectPort(
- _In_ HANDLE PortHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCompressKey(
- _In_ HANDLE KeyHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwConnectPort(
- _Out_ PHANDLE PortHandle,
- _In_ PUNICODE_STRING PortName,
- _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQos,
- _Inout_opt_ PPORT_VIEW ClientView,
- _Inout_opt_ PREMOTE_PORT_VIEW ServerView,
- _Out_opt_ PULONG MaxMessageLength,
- _Inout_updates_bytes_to_opt_(*ConnectionInformationLength, *ConnectionInformationLength) PVOID ConnectionInformation,
- _Inout_opt_ PULONG ConnectionInformationLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwContinue(
- _In_ PCONTEXT ContextRecord,
- _In_ BOOLEAN TestAlert
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwContinueEx(
- _In_ PCONTEXT ContextRecord,
- _In_ PVOID ContinueArgument // PKCONTINUE_ARGUMENT and BOOLEAN are valid
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwConvertBetweenAuxiliaryCounterAndPerformanceCounter(
- _In_ BOOLEAN ConvertAuxiliaryToPerformanceCounter,
- _In_ PLARGE_INTEGER PerformanceOrAuxiliaryCounterValue,
- _Out_ PLARGE_INTEGER ConvertedValue,
- _Out_opt_ PLARGE_INTEGER ConversionError
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCopyFileChunk(
- _In_ HANDLE SourceHandle,
- _In_ HANDLE DestinationHandle,
- _In_opt_ HANDLE EventHandle,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_ ULONG Length,
- _In_ PLARGE_INTEGER SourceOffset,
- _In_ PLARGE_INTEGER DestOffset,
- _In_opt_ PULONG SourceKey,
- _In_opt_ PULONG DestKey,
- _In_ ULONG Flags
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateDebugObject(
- _Out_ PHANDLE DebugObjectHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ ULONG Flags
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateDirectoryObject(
- _Out_ PHANDLE DirectoryHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateDirectoryObjectEx(
- _Out_ PHANDLE DirectoryHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ HANDLE ShadowDirectoryHandle,
- _In_ ULONG Flags
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateEnclave(
- _In_ HANDLE ProcessHandle,
- _Inout_ PVOID* BaseAddress,
- _In_ ULONG_PTR ZeroBits,
- _In_ SIZE_T Size,
- _In_ SIZE_T InitialCommitment,
- _In_ ULONG EnclaveType,
- _In_reads_bytes_(EnclaveInformationLength) PVOID EnclaveInformation,
- _In_ ULONG EnclaveInformationLength,
- _Out_opt_ PULONG EnclaveError
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateEnlistment(
- _Out_ PHANDLE EnlistmentHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ HANDLE ResourceManagerHandle,
- _In_ HANDLE TransactionHandle,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_opt_ ULONG CreateOptions,
- _In_ NOTIFICATION_MASK NotificationMask,
- _In_opt_ PVOID EnlistmentKey
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateEvent(
- _Out_ PHANDLE EventHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ EVENT_TYPE EventType,
- _In_ BOOLEAN InitialState
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateEventPair(
- _Out_ PHANDLE EventPairHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateFile(
- _Out_ PHANDLE FileHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_opt_ PLARGE_INTEGER AllocationSize,
- _In_ ULONG FileAttributes,
- _In_ ULONG ShareAccess,
- _In_ ULONG CreateDisposition,
- _In_ ULONG CreateOptions,
- _In_reads_bytes_opt_(EaLength) PVOID EaBuffer,
- _In_ ULONG EaLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateIoCompletion(
- _Out_ PHANDLE IoCompletionHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_opt_ ULONG Count
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateIoRing(
- _Out_ PHANDLE IoRingHandle,
- _In_ ULONG CreateParametersLength,
- _In_ PVOID CreateParameters,
- _In_ ULONG OutputParametersLength,
- _Out_ PVOID OutputParameters
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateIRTimer(
- _Out_ PHANDLE TimerHandle,
- _In_ ACCESS_MASK DesiredAccess
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateJobObject(
- _Out_ PHANDLE JobHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateJobSet(
- _In_ ULONG NumJob,
- _In_reads_(NumJob) PJOB_SET_ARRAY UserJobSet,
- _In_ ULONG Flags
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateKey(
- _Out_ PHANDLE KeyHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _Reserved_ ULONG TitleIndex,
- _In_opt_ PUNICODE_STRING Class,
- _In_ ULONG CreateOptions,
- _Out_opt_ PULONG Disposition
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateKeyedEvent(
- _Out_ PHANDLE KeyedEventHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _Reserved_ ULONG Flags
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateKeyTransacted(
- _Out_ PHANDLE KeyHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _Reserved_ ULONG TitleIndex,
- _In_opt_ PUNICODE_STRING Class,
- _In_ ULONG CreateOptions,
- _In_ HANDLE TransactionHandle,
- _Out_opt_ PULONG Disposition
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateLowBoxToken(
- _Out_ PHANDLE TokenHandle,
- _In_ HANDLE ExistingTokenHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ PSID PackageSid,
- _In_ ULONG CapabilityCount,
- _In_reads_opt_(CapabilityCount) PSID_AND_ATTRIBUTES Capabilities,
- _In_ ULONG HandleCount,
- _In_reads_opt_(HandleCount) HANDLE *Handles
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateMailslotFile(
- _Out_ PHANDLE FileHandle,
- _In_ ULONG DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_ ULONG CreateOptions,
- _In_ ULONG MailslotQuota,
- _In_ ULONG MaximumMessageSize,
- _In_ PLARGE_INTEGER ReadTimeout
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateMutant(
- _Out_ PHANDLE MutantHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ BOOLEAN InitialOwner
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateNamedPipeFile(
- _Out_ PHANDLE FileHandle,
- _In_ ULONG DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_ ULONG ShareAccess,
- _In_ ULONG CreateDisposition,
- _In_ ULONG CreateOptions,
- _In_ ULONG NamedPipeType,
- _In_ ULONG ReadMode,
- _In_ ULONG CompletionMode,
- _In_ ULONG MaximumInstances,
- _In_ ULONG InboundQuota,
- _In_ ULONG OutboundQuota,
- _In_ PLARGE_INTEGER DefaultTimeout
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreatePagingFile(
- _In_ PUNICODE_STRING PageFileName,
- _In_ PLARGE_INTEGER MinimumSize,
- _In_ PLARGE_INTEGER MaximumSize,
- _In_ ULONG Priority
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreatePartition(
- _In_opt_ HANDLE ParentPartitionHandle,
- _Out_ PHANDLE PartitionHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ ULONG PreferredNode
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreatePort(
- _Out_ PHANDLE PortHandle,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ ULONG MaxConnectionInfoLength,
- _In_ ULONG MaxMessageLength,
- _In_opt_ ULONG MaxPoolUsage
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreatePrivateNamespace(
- _Out_ PHANDLE NamespaceHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ POBJECT_BOUNDARY_DESCRIPTOR BoundaryDescriptor
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateProcess(
- _Out_ PHANDLE ProcessHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ HANDLE ParentProcess,
- _In_ BOOLEAN InheritObjectTable,
- _In_opt_ HANDLE SectionHandle,
- _In_opt_ HANDLE DebugPort,
- _In_opt_ HANDLE TokenHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateProcessEx(
- _Out_ PHANDLE ProcessHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ HANDLE ParentProcess,
- _In_ ULONG Flags, // PROCESS_CREATE_FLAGS_*
- _In_opt_ HANDLE SectionHandle,
- _In_opt_ HANDLE DebugPort,
- _In_opt_ HANDLE TokenHandle,
- _Reserved_ ULONG Reserved // JobMemberLevel
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateProcessStateChange(
- _Out_ PHANDLE ProcessStateChangeHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ HANDLE ProcessHandle,
- _In_opt_ ULONG64 Reserved
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateProfile(
- _Out_ PHANDLE ProfileHandle,
- _In_opt_ HANDLE Process,
- _In_ PVOID ProfileBase,
- _In_ SIZE_T ProfileSize,
- _In_ ULONG BucketSize,
- _In_reads_bytes_(BufferSize) PULONG Buffer,
- _In_ ULONG BufferSize,
- _In_ KPROFILE_SOURCE ProfileSource,
- _In_ KAFFINITY Affinity
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateProfileEx(
- _Out_ PHANDLE ProfileHandle,
- _In_opt_ HANDLE Process,
- _In_ PVOID ProfileBase,
- _In_ SIZE_T ProfileSize,
- _In_ ULONG BucketSize,
- _In_reads_bytes_(BufferSize) PULONG Buffer,
- _In_ ULONG BufferSize,
- _In_ KPROFILE_SOURCE ProfileSource,
- _In_ USHORT GroupCount,
- _In_reads_(GroupCount) PGROUP_AFFINITY GroupAffinity
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateResourceManager(
- _Out_ PHANDLE ResourceManagerHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ HANDLE TmHandle,
- _In_ LPGUID RmGuid,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_opt_ ULONG CreateOptions,
- _In_opt_ PUNICODE_STRING Description
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateSection(
- _Out_ PHANDLE SectionHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_opt_ PLARGE_INTEGER MaximumSize,
- _In_ ULONG SectionPageProtection,
- _In_ ULONG AllocationAttributes,
- _In_opt_ HANDLE FileHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateSectionEx(
- _Out_ PHANDLE SectionHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_opt_ PLARGE_INTEGER MaximumSize,
- _In_ ULONG SectionPageProtection,
- _In_ ULONG AllocationAttributes,
- _In_opt_ HANDLE FileHandle,
- _Inout_updates_opt_(ExtendedParameterCount) PMEM_EXTENDED_PARAMETER ExtendedParameters,
- _In_ ULONG ExtendedParameterCount
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateSemaphore(
- _Out_ PHANDLE SemaphoreHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ LONG InitialCount,
- _In_ LONG MaximumCount
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateSymbolicLinkObject(
- _Out_ PHANDLE LinkHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ PUNICODE_STRING LinkTarget
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateThread(
- _Out_ PHANDLE ThreadHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ HANDLE ProcessHandle,
- _Out_ PCLIENT_ID ClientId,
- _In_ PCONTEXT ThreadContext,
- _In_ PINITIAL_TEB InitialTeb,
- _In_ BOOLEAN CreateSuspended
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateThreadEx(
- _Out_ PHANDLE ThreadHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ HANDLE ProcessHandle,
- _In_ PUSER_THREAD_START_ROUTINE StartRoutine,
- _In_opt_ PVOID Argument,
- _In_ ULONG CreateFlags, // THREAD_CREATE_FLAGS_*
- _In_ SIZE_T ZeroBits,
- _In_ SIZE_T StackSize,
- _In_ SIZE_T MaximumStackSize,
- _In_opt_ PPS_ATTRIBUTE_LIST AttributeList
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateThreadStateChange(
- _Out_ PHANDLE ThreadStateChangeHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ HANDLE ThreadHandle,
- _In_opt_ ULONG64 Reserved
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateTimer(
- _Out_ PHANDLE TimerHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ TIMER_TYPE TimerType
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateTimer2(
- _Out_ PHANDLE TimerHandle,
- _In_opt_ PVOID Reserved1,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ ULONG Attributes,
- _In_ ACCESS_MASK DesiredAccess
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateToken(
- _Out_ PHANDLE TokenHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ TOKEN_TYPE Type,
- _In_ PLUID AuthenticationId,
- _In_ PLARGE_INTEGER ExpirationTime,
- _In_ PTOKEN_USER User,
- _In_ PTOKEN_GROUPS Groups,
- _In_ PTOKEN_PRIVILEGES Privileges,
- _In_opt_ PTOKEN_OWNER Owner,
- _In_ PTOKEN_PRIMARY_GROUP PrimaryGroup,
- _In_opt_ PTOKEN_DEFAULT_DACL DefaultDacl,
- _In_ PTOKEN_SOURCE Source
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateTokenEx(
- _Out_ PHANDLE TokenHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ TOKEN_TYPE Type,
- _In_ PLUID AuthenticationId,
- _In_ PLARGE_INTEGER ExpirationTime,
- _In_ PTOKEN_USER User,
- _In_ PTOKEN_GROUPS Groups,
- _In_ PTOKEN_PRIVILEGES Privileges,
- _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION UserAttributes,
- _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION DeviceAttributes,
- _In_opt_ PTOKEN_GROUPS DeviceGroups,
- _In_opt_ PTOKEN_MANDATORY_POLICY MandatoryPolicy,
- _In_opt_ PTOKEN_OWNER Owner,
- _In_ PTOKEN_PRIMARY_GROUP PrimaryGroup,
- _In_opt_ PTOKEN_DEFAULT_DACL DefaultDacl,
- _In_ PTOKEN_SOURCE Source
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateTransaction(
- _Out_ PHANDLE TransactionHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_opt_ LPGUID Uow,
- _In_opt_ HANDLE TmHandle,
- _In_opt_ ULONG CreateOptions,
- _In_opt_ ULONG IsolationLevel,
- _In_opt_ ULONG IsolationFlags,
- _In_opt_ PLARGE_INTEGER Timeout,
- _In_opt_ PUNICODE_STRING Description
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateTransactionManager(
- _Out_ PHANDLE TmHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_opt_ PUNICODE_STRING LogFileName,
- _In_opt_ ULONG CreateOptions,
- _In_opt_ ULONG CommitStrength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateUserProcess(
- _Out_ PHANDLE ProcessHandle,
- _Out_ PHANDLE ThreadHandle,
- _In_ ACCESS_MASK ProcessDesiredAccess,
- _In_ ACCESS_MASK ThreadDesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ProcessObjectAttributes,
- _In_opt_ POBJECT_ATTRIBUTES ThreadObjectAttributes,
- _In_ ULONG ProcessFlags, // PROCESS_CREATE_FLAGS_*
- _In_ ULONG ThreadFlags, // THREAD_CREATE_FLAGS_*
- _In_opt_ PVOID ProcessParameters, // PRTL_USER_PROCESS_PARAMETERS
- _Inout_ PPS_CREATE_INFO CreateInfo,
- _In_opt_ PPS_ATTRIBUTE_LIST AttributeList
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateWaitablePort(
- _Out_ PHANDLE PortHandle,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ ULONG MaxConnectionInfoLength,
- _In_ ULONG MaxMessageLength,
- _In_opt_ ULONG MaxPoolUsage
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateWaitCompletionPacket(
- _Out_ PHANDLE WaitCompletionPacketHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateWnfStateName(
- _Out_ PWNF_STATE_NAME StateName,
- _In_ WNF_STATE_NAME_LIFETIME NameLifetime,
- _In_ WNF_DATA_SCOPE DataScope,
- _In_ BOOLEAN PersistData,
- _In_opt_ PCWNF_TYPE_ID TypeId,
- _In_ ULONG MaximumStateSize,
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwCreateWorkerFactory(
- _Out_ PHANDLE WorkerFactoryHandleReturn,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ HANDLE CompletionPortHandle,
- _In_ HANDLE WorkerProcessHandle,
- _In_ PVOID StartRoutine,
- _In_opt_ PVOID StartParameter,
- _In_opt_ ULONG MaxThreadCount,
- _In_opt_ SIZE_T StackReserve,
- _In_opt_ SIZE_T StackCommit
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwDebugActiveProcess(
- _In_ HANDLE ProcessHandle,
- _In_ HANDLE DebugObjectHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwDebugContinue(
- _In_ HANDLE DebugObjectHandle,
- _In_ PCLIENT_ID ClientId,
- _In_ NTSTATUS ContinueStatus
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwDelayExecution(
- _In_ BOOLEAN Alertable,
- _In_ PLARGE_INTEGER DelayInterval
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwDeleteAtom(
- _In_ RTL_ATOM Atom
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwDeleteBootEntry(
- _In_ ULONG Id
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwDeleteDriverEntry(
- _In_ ULONG Id
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwDeleteFile(
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwDeleteKey(
- _In_ HANDLE KeyHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwDeleteObjectAuditAlarm(
- _In_ PUNICODE_STRING SubsystemName,
- _In_opt_ PVOID HandleId,
- _In_ BOOLEAN GenerateOnClose
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwDeletePrivateNamespace(
- _In_ HANDLE NamespaceHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwDeleteValueKey(
- _In_ HANDLE KeyHandle,
- _In_ PUNICODE_STRING ValueName
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwDeleteWnfStateData(
- _In_ PCWNF_STATE_NAME StateName,
- _In_opt_ const VOID* ExplicitScope
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwDeleteWnfStateName(
- _In_ PCWNF_STATE_NAME StateName
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwDeviceIoControlFile(
- _In_ HANDLE FileHandle,
- _In_opt_ HANDLE Event,
- _In_opt_ PIO_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_ ULONG IoControlCode,
- _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
- _In_ ULONG InputBufferLength,
- _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
- _In_ ULONG OutputBufferLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwDisableLastKnownGood(
- VOID
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwDisplayString(
- _In_ PUNICODE_STRING String
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwDrawText(
- _In_ PUNICODE_STRING Text
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwDuplicateObject(
- _In_ HANDLE SourceProcessHandle,
- _In_ HANDLE SourceHandle,
- _In_opt_ HANDLE TargetProcessHandle,
- _Out_opt_ PHANDLE TargetHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ ULONG HandleAttributes,
- _In_ ULONG Options
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwDuplicateToken(
- _In_ HANDLE ExistingTokenHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ BOOLEAN EffectiveOnly,
- _In_ TOKEN_TYPE Type,
- _Out_ PHANDLE NewTokenHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwEnableLastKnownGood(
- VOID
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwEnumerateBootEntries(
- _Out_writes_bytes_opt_(*BufferLength) PVOID Buffer,
- _Inout_ PULONG BufferLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwEnumerateDriverEntries(
- _Out_writes_bytes_opt_(*BufferLength) PVOID Buffer,
- _Inout_ PULONG BufferLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwEnumerateKey(
- _In_ HANDLE KeyHandle,
- _In_ ULONG Index,
- _In_ KEY_INFORMATION_CLASS KeyInformationClass,
- _Out_writes_bytes_opt_(Length) PVOID KeyInformation,
- _In_ ULONG Length,
- _Out_ PULONG ResultLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwEnumerateSystemEnvironmentValuesEx(
- _In_ ULONG InformationClass, // SYSTEM_ENVIRONMENT_INFORMATION_CLASS
- _Out_ PVOID Buffer,
- _Inout_ PULONG BufferLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwEnumerateTransactionObject(
- _In_opt_ HANDLE RootObjectHandle,
- _In_ KTMOBJECT_TYPE QueryType,
- _Inout_updates_bytes_(ObjectCursorLength) PKTMOBJECT_CURSOR ObjectCursor,
- _In_ ULONG ObjectCursorLength,
- _Out_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwEnumerateValueKey(
- _In_ HANDLE KeyHandle,
- _In_ ULONG Index,
- _In_ KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
- _Out_writes_bytes_opt_(Length) PVOID KeyValueInformation,
- _In_ ULONG Length,
- _Out_ PULONG ResultLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwExtendSection(
- _In_ HANDLE SectionHandle,
- _Inout_ PLARGE_INTEGER NewSectionSize
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwFilterBootOption(
- _In_ FILTER_BOOT_OPTION_OPERATION FilterOperation,
- _In_ ULONG ObjectType,
- _In_ ULONG ElementType,
- _In_reads_bytes_opt_(DataSize) PVOID Data,
- _In_ ULONG DataSize
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwFilterToken(
- _In_ HANDLE ExistingTokenHandle,
- _In_ ULONG Flags,
- _In_opt_ PTOKEN_GROUPS SidsToDisable,
- _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete,
- _In_opt_ PTOKEN_GROUPS RestrictedSids,
- _Out_ PHANDLE NewTokenHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwFilterTokenEx(
- _In_ HANDLE ExistingTokenHandle,
- _In_ ULONG Flags,
- _In_opt_ PTOKEN_GROUPS SidsToDisable,
- _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete,
- _In_opt_ PTOKEN_GROUPS RestrictedSids,
- _In_ ULONG DisableUserClaimsCount,
- _In_opt_ PUNICODE_STRING UserClaimsToDisable,
- _In_ ULONG DisableDeviceClaimsCount,
- _In_opt_ PUNICODE_STRING DeviceClaimsToDisable,
- _In_opt_ PTOKEN_GROUPS DeviceGroupsToDisable,
- _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION RestrictedUserAttributes,
- _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION RestrictedDeviceAttributes,
- _In_opt_ PTOKEN_GROUPS RestrictedDeviceGroups,
- _Out_ PHANDLE NewTokenHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwFindAtom(
- _In_reads_bytes_opt_(Length) PWSTR AtomName,
- _In_ ULONG Length,
- _Out_opt_ PRTL_ATOM Atom
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwFlushBuffersFile(
- _In_ HANDLE FileHandle,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwFlushBuffersFileEx(
- _In_ HANDLE FileHandle,
- _In_ ULONG Flags,
- _In_reads_bytes_(ParametersSize) PVOID Parameters,
- _In_ ULONG ParametersSize,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwFlushInstallUILanguage(
- _In_ LANGID InstallUILanguage,
- _In_ ULONG SetComittedFlag
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwFlushInstructionCache(
- _In_ HANDLE ProcessHandle,
- _In_opt_ PVOID BaseAddress,
- _In_ SIZE_T Length
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwFlushKey(
- _In_ HANDLE KeyHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwFlushProcessWriteBuffers(
- VOID
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwFlushVirtualMemory(
- _In_ HANDLE ProcessHandle,
- _Inout_ PVOID *BaseAddress,
- _Inout_ PSIZE_T RegionSize,
- _Out_ PIO_STATUS_BLOCK IoStatus
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwFlushWriteBuffer(
- VOID
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwFreeUserPhysicalPages(
- _In_ HANDLE ProcessHandle,
- _Inout_ PULONG_PTR NumberOfPages,
- _In_reads_(*NumberOfPages) PULONG_PTR UserPfnArray
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwFreeVirtualMemory(
- _In_ HANDLE ProcessHandle,
- _Inout_ PVOID *BaseAddress,
- _Inout_ PSIZE_T RegionSize,
- _In_ ULONG FreeType
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwFreezeRegistry(
- _In_ ULONG TimeOutInSeconds
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwFreezeTransactions(
- _In_ PLARGE_INTEGER FreezeTimeout,
- _In_ PLARGE_INTEGER ThawTimeout
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwFsControlFile(
- _In_ HANDLE FileHandle,
- _In_opt_ HANDLE Event,
- _In_opt_ PIO_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_ ULONG FsControlCode,
- _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
- _In_ ULONG InputBufferLength,
- _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
- _In_ ULONG OutputBufferLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwGetCachedSigningLevel(
- _In_ HANDLE File,
- _Out_ PULONG Flags,
- _Out_ PSE_SIGNING_LEVEL SigningLevel,
- _Out_writes_bytes_to_opt_(*ThumbprintSize, *ThumbprintSize) PUCHAR Thumbprint,
- _Inout_opt_ PULONG ThumbprintSize,
- _Out_opt_ PULONG ThumbprintAlgorithm
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwGetCompleteWnfStateSubscription(
- _In_opt_ PWNF_STATE_NAME OldDescriptorStateName,
- _In_opt_ ULONG64 *OldSubscriptionId,
- _In_opt_ ULONG OldDescriptorEventMask,
- _In_opt_ ULONG OldDescriptorStatus,
- _Out_writes_bytes_(DescriptorSize) PWNF_DELIVERY_DESCRIPTOR NewDeliveryDescriptor,
- _In_ ULONG DescriptorSize
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwGetContextThread(
- _In_ HANDLE ThreadHandle,
- _Inout_ PCONTEXT ThreadContext
- );
-
-NTSYSCALLAPI
-ULONG
-NTAPI
-ZwGetCurrentProcessorNumber(
- VOID
- );
-
-NTSYSCALLAPI
-ULONG
-NTAPI
-ZwGetCurrentProcessorNumberEx(
- _Out_opt_ PPROCESSOR_NUMBER ProcessorNumber
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwGetDevicePowerState(
- _In_ HANDLE Device,
- _Out_ PDEVICE_POWER_STATE State
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwGetMUIRegistryInfo(
- _In_ ULONG Flags,
- _Inout_ PULONG DataSize,
- _Out_ PVOID Data
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwGetNextProcess(
- _In_opt_ HANDLE ProcessHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ ULONG HandleAttributes,
- _In_ ULONG Flags,
- _Out_ PHANDLE NewProcessHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwGetNextThread(
- _In_ HANDLE ProcessHandle,
- _In_opt_ HANDLE ThreadHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ ULONG HandleAttributes,
- _In_ ULONG Flags,
- _Out_ PHANDLE NewThreadHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwGetNlsSectionPtr(
- _In_ ULONG SectionType,
- _In_ ULONG SectionData,
- _In_ PVOID ContextData,
- _Out_ PVOID *SectionPointer,
- _Out_ PULONG SectionSize
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwGetNotificationResourceManager(
- _In_ HANDLE ResourceManagerHandle,
- _Out_ PTRANSACTION_NOTIFICATION TransactionNotification,
- _In_ ULONG NotificationLength,
- _In_opt_ PLARGE_INTEGER Timeout,
- _Out_opt_ PULONG ReturnLength,
- _In_ ULONG Asynchronous,
- _In_opt_ ULONG_PTR AsynchronousContext
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwGetPlugPlayEvent(
- _In_ HANDLE EventHandle,
- _In_opt_ PVOID Context,
- _Out_writes_bytes_(EventBufferSize) PPLUGPLAY_EVENT_BLOCK EventBlock,
- _In_ ULONG EventBufferSize
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwGetWriteWatch(
- _In_ HANDLE ProcessHandle,
- _In_ ULONG Flags,
- _In_ PVOID BaseAddress,
- _In_ SIZE_T RegionSize,
- _Out_writes_(*EntriesInUserAddressArray) PVOID *UserAddressArray,
- _Inout_ PULONG_PTR EntriesInUserAddressArray,
- _Out_ PULONG Granularity
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwImpersonateAnonymousToken(
- _In_ HANDLE ThreadHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwImpersonateClientOfPort(
- _In_ HANDLE PortHandle,
- _In_ PPORT_MESSAGE Message
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwImpersonateThread(
- _In_ HANDLE ServerThreadHandle,
- _In_ HANDLE ClientThreadHandle,
- _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQos
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwInitializeEnclave(
- _In_ HANDLE ProcessHandle,
- _In_ PVOID BaseAddress,
- _In_reads_bytes_(EnclaveInformationLength) PVOID EnclaveInformation,
- _In_ ULONG EnclaveInformationLength,
- _Out_opt_ PULONG EnclaveError
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwInitializeNlsFiles(
- _Out_ PVOID *BaseAddress,
- _Out_ PLCID DefaultLocaleId,
- _Out_ PLARGE_INTEGER DefaultCasingTableSize,
- _Out_opt_ PULONG CurrentNLSVersion
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwInitializeRegistry(
- _In_ USHORT BootCondition
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwInitiatePowerAction(
- _In_ POWER_ACTION SystemAction,
- _In_ SYSTEM_POWER_STATE LightestSystemState,
- _In_ ULONG Flags, // POWER_ACTION_* flags
- _In_ BOOLEAN Asynchronous
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwIsProcessInJob(
- _In_ HANDLE ProcessHandle,
- _In_opt_ HANDLE JobHandle
- );
-
-NTSYSCALLAPI
-BOOLEAN
-NTAPI
-ZwIsSystemResumeAutomatic(
- VOID
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwIsUILanguageComitted(
- VOID
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwListenPort(
- _In_ HANDLE PortHandle,
- _Out_ PPORT_MESSAGE ConnectionRequest
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwLoadDriver(
- _In_ PUNICODE_STRING DriverServiceName
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwLoadEnclaveData(
- _In_ HANDLE ProcessHandle,
- _In_ PVOID BaseAddress,
- _In_reads_bytes_(BufferSize) PVOID Buffer,
- _In_ SIZE_T BufferSize,
- _In_ ULONG Protect,
- _In_reads_bytes_(PageInformationLength) PVOID PageInformation,
- _In_ ULONG PageInformationLength,
- _Out_opt_ PSIZE_T NumberOfBytesWritten,
- _Out_opt_ PULONG EnclaveError
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwLoadKey(
- _In_ POBJECT_ATTRIBUTES TargetKey,
- _In_ POBJECT_ATTRIBUTES SourceFile
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwLoadKey2(
- _In_ POBJECT_ATTRIBUTES TargetKey,
- _In_ POBJECT_ATTRIBUTES SourceFile,
- _In_ ULONG Flags
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwLoadKey3(
- _In_ POBJECT_ATTRIBUTES TargetKey,
- _In_ POBJECT_ATTRIBUTES SourceFile,
- _In_ ULONG Flags,
- _In_reads_(ExtendedParameterCount) PCM_EXTENDED_PARAMETER ExtendedParameters,
- _In_ ULONG ExtendedParameterCount,
- _In_opt_ ACCESS_MASK DesiredAccess,
- _Out_opt_ PHANDLE RootHandle,
- _Reserved_ PVOID Reserved
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwLoadKeyEx(
- _In_ POBJECT_ATTRIBUTES TargetKey,
- _In_ POBJECT_ATTRIBUTES SourceFile,
- _In_ ULONG Flags,
- _In_opt_ HANDLE TrustClassKey, // this and below were added on Win10
- _In_opt_ HANDLE Event,
- _In_opt_ ACCESS_MASK DesiredAccess,
- _Out_opt_ PHANDLE RootHandle,
- _Reserved_ PVOID Reserved // previously PIO_STATUS_BLOCK
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwLockFile(
- _In_ HANDLE FileHandle,
- _In_opt_ HANDLE Event,
- _In_opt_ PIO_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_ PLARGE_INTEGER ByteOffset,
- _In_ PLARGE_INTEGER Length,
- _In_ ULONG Key,
- _In_ BOOLEAN FailImmediately,
- _In_ BOOLEAN ExclusiveLock
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwLockProductActivationKeys(
- _Inout_opt_ ULONG *pPrivateVer,
- _Out_opt_ ULONG *pSafeMode
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwLockRegistryKey(
- _In_ HANDLE KeyHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwLockVirtualMemory(
- _In_ HANDLE ProcessHandle,
- _Inout_ PVOID *BaseAddress,
- _Inout_ PSIZE_T RegionSize,
- _In_ ULONG MapType
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwMakePermanentObject(
- _In_ HANDLE Handle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwMakeTemporaryObject(
- _In_ HANDLE Handle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwManagePartition(
- _In_ HANDLE TargetHandle,
- _In_opt_ HANDLE SourceHandle,
- _In_ PARTITION_INFORMATION_CLASS PartitionInformationClass,
- _Inout_updates_bytes_(PartitionInformationLength) PVOID PartitionInformation,
- _In_ ULONG PartitionInformationLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwMapCMFModule(
- _In_ ULONG What,
- _In_ ULONG Index,
- _Out_opt_ PULONG CacheIndexOut,
- _Out_opt_ PULONG CacheFlagsOut,
- _Out_opt_ PULONG ViewSizeOut,
- _Out_opt_ PVOID *BaseAddress
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwMapUserPhysicalPages(
- _In_ PVOID VirtualAddress,
- _In_ ULONG_PTR NumberOfPages,
- _In_reads_opt_(NumberOfPages) PULONG_PTR UserPfnArray
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwMapUserPhysicalPagesScatter(
- _In_reads_(NumberOfPages) PVOID *VirtualAddresses,
- _In_ ULONG_PTR NumberOfPages,
- _In_reads_opt_(NumberOfPages) PULONG_PTR UserPfnArray
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwMapViewOfSection(
- _In_ HANDLE SectionHandle,
- _In_ HANDLE ProcessHandle,
- _Inout_ _At_(*BaseAddress, _Readable_bytes_(*ViewSize) _Writable_bytes_(*ViewSize) _Post_readable_byte_size_(*ViewSize)) PVOID *BaseAddress,
- _In_ ULONG_PTR ZeroBits,
- _In_ SIZE_T CommitSize,
- _Inout_opt_ PLARGE_INTEGER SectionOffset,
- _Inout_ PSIZE_T ViewSize,
- _In_ SECTION_INHERIT InheritDisposition,
- _In_ ULONG AllocationType,
- _In_ ULONG Win32Protect
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwMapViewOfSectionEx(
- _In_ HANDLE SectionHandle,
- _In_ HANDLE ProcessHandle,
- _Inout_ _At_(*BaseAddress, _Readable_bytes_(*ViewSize) _Writable_bytes_(*ViewSize) _Post_readable_byte_size_(*ViewSize)) PVOID *BaseAddress,
- _Inout_opt_ PLARGE_INTEGER SectionOffset,
- _Inout_ PSIZE_T ViewSize,
- _In_ ULONG AllocationType,
- _In_ ULONG Win32Protect,
- _Inout_updates_opt_(ExtendedParameterCount) PMEM_EXTENDED_PARAMETER ExtendedParameters,
- _In_ ULONG ExtendedParameterCount
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwModifyBootEntry(
- _In_ PBOOT_ENTRY BootEntry
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwModifyDriverEntry(
- _In_ PEFI_DRIVER_ENTRY DriverEntry
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwNotifyChangeDirectoryFile(
- _In_ HANDLE FileHandle,
- _In_opt_ HANDLE Event,
- _In_opt_ PIO_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _Out_writes_bytes_(Length) PVOID Buffer, // FILE_NOTIFY_INFORMATION
- _In_ ULONG Length,
- _In_ ULONG CompletionFilter,
- _In_ BOOLEAN WatchTree
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwNotifyChangeDirectoryFileEx(
- _In_ HANDLE FileHandle,
- _In_opt_ HANDLE Event,
- _In_opt_ PIO_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _Out_writes_bytes_(Length) PVOID Buffer,
- _In_ ULONG Length,
- _In_ ULONG CompletionFilter,
- _In_ BOOLEAN WatchTree,
- _In_opt_ DIRECTORY_NOTIFY_INFORMATION_CLASS DirectoryNotifyInformationClass
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwNotifyChangeKey(
- _In_ HANDLE KeyHandle,
- _In_opt_ HANDLE Event,
- _In_opt_ PIO_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_ ULONG CompletionFilter,
- _In_ BOOLEAN WatchTree,
- _Out_writes_bytes_opt_(BufferSize) PVOID Buffer,
- _In_ ULONG BufferSize,
- _In_ BOOLEAN Asynchronous
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwNotifyChangeMultipleKeys(
- _In_ HANDLE MasterKeyHandle,
- _In_opt_ ULONG Count,
- _In_reads_opt_(Count) OBJECT_ATTRIBUTES SubordinateObjects[],
- _In_opt_ HANDLE Event,
- _In_opt_ PIO_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_ ULONG CompletionFilter,
- _In_ BOOLEAN WatchTree,
- _Out_writes_bytes_opt_(BufferSize) PVOID Buffer,
- _In_ ULONG BufferSize,
- _In_ BOOLEAN Asynchronous
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwNotifyChangeSession(
- _In_ HANDLE SessionHandle,
- _In_ ULONG ChangeSequenceNumber,
- _In_ PLARGE_INTEGER ChangeTimeStamp,
- _In_ IO_SESSION_EVENT Event,
- _In_ IO_SESSION_STATE NewState,
- _In_ IO_SESSION_STATE PreviousState,
- _In_reads_bytes_opt_(PayloadSize) PVOID Payload,
- _In_ ULONG PayloadSize
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenDirectoryObject(
- _Out_ PHANDLE DirectoryHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenEnlistment(
- _Out_ PHANDLE EnlistmentHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ HANDLE ResourceManagerHandle,
- _In_ LPGUID EnlistmentGuid,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenEvent(
- _Out_ PHANDLE EventHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenEventPair(
- _Out_ PHANDLE EventPairHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenFile(
- _Out_ PHANDLE FileHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_ ULONG ShareAccess,
- _In_ ULONG OpenOptions
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenIoCompletion(
- _Out_ PHANDLE IoCompletionHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenJobObject(
- _Out_ PHANDLE JobHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenKey(
- _Out_ PHANDLE KeyHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenKeyedEvent(
- _Out_ PHANDLE KeyedEventHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenKeyEx(
- _Out_ PHANDLE KeyHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ ULONG OpenOptions
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenKeyTransacted(
- _Out_ PHANDLE KeyHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ HANDLE TransactionHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenKeyTransactedEx(
- _Out_ PHANDLE KeyHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ ULONG OpenOptions,
- _In_ HANDLE TransactionHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenMutant(
- _Out_ PHANDLE MutantHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenObjectAuditAlarm(
- _In_ PUNICODE_STRING SubsystemName,
- _In_opt_ PVOID HandleId,
- _In_ PUNICODE_STRING ObjectTypeName,
- _In_ PUNICODE_STRING ObjectName,
- _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_ HANDLE ClientToken,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ ACCESS_MASK GrantedAccess,
- _In_opt_ PPRIVILEGE_SET Privileges,
- _In_ BOOLEAN ObjectCreation,
- _In_ BOOLEAN AccessGranted,
- _Out_ PBOOLEAN GenerateOnClose
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenPartition(
- _Out_ PHANDLE PartitionHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenPrivateNamespace(
- _Out_ PHANDLE NamespaceHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ POBJECT_BOUNDARY_DESCRIPTOR BoundaryDescriptor
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenProcess(
- _Out_ PHANDLE ProcessHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_opt_ PCLIENT_ID ClientId
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenProcessToken(
- _In_ HANDLE ProcessHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _Out_ PHANDLE TokenHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenProcessTokenEx(
- _In_ HANDLE ProcessHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ ULONG HandleAttributes,
- _Out_ PHANDLE TokenHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenResourceManager(
- _Out_ PHANDLE ResourceManagerHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ HANDLE TmHandle,
- _In_opt_ LPGUID ResourceManagerGuid,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenSection(
- _Out_ PHANDLE SectionHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenSemaphore(
- _Out_ PHANDLE SemaphoreHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenSession(
- _Out_ PHANDLE SessionHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenSymbolicLinkObject(
- _Out_ PHANDLE LinkHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenThread(
- _Out_ PHANDLE ThreadHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_opt_ PCLIENT_ID ClientId
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenThreadToken(
- _In_ HANDLE ThreadHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ BOOLEAN OpenAsSelf,
- _Out_ PHANDLE TokenHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenThreadTokenEx(
- _In_ HANDLE ThreadHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ BOOLEAN OpenAsSelf,
- _In_ ULONG HandleAttributes,
- _Out_ PHANDLE TokenHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenTimer(
- _Out_ PHANDLE TimerHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenTransaction(
- _Out_ PHANDLE TransactionHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ LPGUID Uow,
- _In_opt_ HANDLE TmHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwOpenTransactionManager(
- _Out_ PHANDLE TmHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_opt_ PUNICODE_STRING LogFileName,
- _In_opt_ LPGUID TmIdentity,
- _In_opt_ ULONG OpenOptions
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwPlugPlayControl(
- _In_ PLUGPLAY_CONTROL_CLASS PnPControlClass,
- _Inout_updates_bytes_(PnPControlDataLength) PVOID PnPControlData,
- _In_ ULONG PnPControlDataLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwPowerInformation(
- _In_ POWER_INFORMATION_LEVEL InformationLevel,
- _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
- _In_ ULONG InputBufferLength,
- _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
- _In_ ULONG OutputBufferLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwPrepareComplete(
- _In_ HANDLE EnlistmentHandle,
- _In_opt_ PLARGE_INTEGER TmVirtualClock
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwPrepareEnlistment(
- _In_ HANDLE EnlistmentHandle,
- _In_opt_ PLARGE_INTEGER TmVirtualClock
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwPrePrepareComplete(
- _In_ HANDLE EnlistmentHandle,
- _In_opt_ PLARGE_INTEGER TmVirtualClock
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwPrePrepareEnlistment(
- _In_ HANDLE EnlistmentHandle,
- _In_opt_ PLARGE_INTEGER TmVirtualClock
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwPrivilegeCheck(
- _In_ HANDLE ClientToken,
- _Inout_ PPRIVILEGE_SET RequiredPrivileges,
- _Out_ PBOOLEAN Result
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwPrivilegedServiceAuditAlarm(
- _In_ PUNICODE_STRING SubsystemName,
- _In_ PUNICODE_STRING ServiceName,
- _In_ HANDLE ClientToken,
- _In_ PPRIVILEGE_SET Privileges,
- _In_ BOOLEAN AccessGranted
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwPrivilegeObjectAuditAlarm(
- _In_ PUNICODE_STRING SubsystemName,
- _In_opt_ PVOID HandleId,
- _In_ HANDLE ClientToken,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ PPRIVILEGE_SET Privileges,
- _In_ BOOLEAN AccessGranted
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwPropagationComplete(
- _In_ HANDLE ResourceManagerHandle,
- _In_ ULONG RequestCookie,
- _In_ ULONG BufferLength,
- _In_ PVOID Buffer
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwPropagationFailed(
- _In_ HANDLE ResourceManagerHandle,
- _In_ ULONG RequestCookie,
- _In_ NTSTATUS PropStatus
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwProtectVirtualMemory(
- _In_ HANDLE ProcessHandle,
- _Inout_ PVOID *BaseAddress,
- _Inout_ PSIZE_T RegionSize,
- _In_ ULONG NewProtect,
- _Out_ PULONG OldProtect
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwPssCaptureVaSpaceBulk(
- _In_ HANDLE ProcessHandle,
- _In_opt_ PVOID BaseAddress,
- _In_ PNTPSS_MEMORY_BULK_INFORMATION BulkInformation,
- _In_ SIZE_T BulkInformationLength,
- _Out_opt_ PSIZE_T ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwPulseEvent(
- _In_ HANDLE EventHandle,
- _Out_opt_ PLONG PreviousState
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryAttributesFile(
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _Out_ PFILE_BASIC_INFORMATION FileInformation
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryAuxiliaryCounterFrequency(
- _Out_ PLARGE_INTEGER AuxiliaryCounterFrequency
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryBootEntryOrder(
- _Out_writes_opt_(*Count) PULONG Ids,
- _Inout_ PULONG Count
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryBootOptions(
- _Out_writes_bytes_opt_(*BootOptionsLength) PBOOT_OPTIONS BootOptions,
- _Inout_ PULONG BootOptionsLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryDebugFilterState(
- _In_ ULONG ComponentId,
- _In_ ULONG Level
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryDefaultLocale(
- _In_ BOOLEAN UserProfile,
- _Out_ PLCID DefaultLocaleId
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryDefaultUILanguage(
- _Out_ LANGID *DefaultUILanguageId
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryDirectoryFile(
- _In_ HANDLE FileHandle,
- _In_opt_ HANDLE Event,
- _In_opt_ PIO_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _Out_writes_bytes_(Length) PVOID FileInformation,
- _In_ ULONG Length,
- _In_ FILE_INFORMATION_CLASS FileInformationClass,
- _In_ BOOLEAN ReturnSingleEntry,
- _In_opt_ PUNICODE_STRING FileName,
- _In_ BOOLEAN RestartScan
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryDirectoryFileEx(
- _In_ HANDLE FileHandle,
- _In_opt_ HANDLE Event,
- _In_opt_ PIO_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _Out_writes_bytes_(Length) PVOID FileInformation,
- _In_ ULONG Length,
- _In_ FILE_INFORMATION_CLASS FileInformationClass,
- _In_ ULONG QueryFlags,
- _In_opt_ PUNICODE_STRING FileName
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryDirectoryObject(
- _In_ HANDLE DirectoryHandle,
- _Out_writes_bytes_opt_(Length) PVOID Buffer,
- _In_ ULONG Length,
- _In_ BOOLEAN ReturnSingleEntry,
- _In_ BOOLEAN RestartScan,
- _Inout_ PULONG Context,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryDriverEntryOrder(
- _Out_writes_opt_(*Count) PULONG Ids,
- _Inout_ PULONG Count
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryEaFile(
- _In_ HANDLE FileHandle,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _Out_writes_bytes_(Length) PVOID Buffer,
- _In_ ULONG Length,
- _In_ BOOLEAN ReturnSingleEntry,
- _In_reads_bytes_opt_(EaListLength) PVOID EaList,
- _In_ ULONG EaListLength,
- _In_opt_ PULONG EaIndex,
- _In_ BOOLEAN RestartScan
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryEvent(
- _In_ HANDLE EventHandle,
- _In_ EVENT_INFORMATION_CLASS EventInformationClass,
- _Out_writes_bytes_(EventInformationLength) PVOID EventInformation,
- _In_ ULONG EventInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryFullAttributesFile(
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _Out_ PFILE_NETWORK_OPEN_INFORMATION FileInformation
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryInformationAtom(
- _In_ RTL_ATOM Atom,
- _In_ ATOM_INFORMATION_CLASS AtomInformationClass,
- _Out_writes_bytes_(AtomInformationLength) PVOID AtomInformation,
- _In_ ULONG AtomInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryInformationByName(
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _Out_writes_bytes_(Length) PVOID FileInformation,
- _In_ ULONG Length,
- _In_ FILE_INFORMATION_CLASS FileInformationClass
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryInformationEnlistment(
- _In_ HANDLE EnlistmentHandle,
- _In_ ENLISTMENT_INFORMATION_CLASS EnlistmentInformationClass,
- _Out_writes_bytes_(EnlistmentInformationLength) PVOID EnlistmentInformation,
- _In_ ULONG EnlistmentInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryInformationFile(
- _In_ HANDLE FileHandle,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _Out_writes_bytes_(Length) PVOID FileInformation,
- _In_ ULONG Length,
- _In_ FILE_INFORMATION_CLASS FileInformationClass
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryInformationJobObject(
- _In_opt_ HANDLE JobHandle,
- _In_ JOBOBJECTINFOCLASS JobObjectInformationClass,
- _Out_writes_bytes_(JobObjectInformationLength) PVOID JobObjectInformation,
- _In_ ULONG JobObjectInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryInformationPort(
- _In_ HANDLE PortHandle,
- _In_ PORT_INFORMATION_CLASS PortInformationClass,
- _Out_writes_bytes_to_(Length, *ReturnLength) PVOID PortInformation,
- _In_ ULONG Length,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryInformationProcess(
- _In_ HANDLE ProcessHandle,
- _In_ PROCESSINFOCLASS ProcessInformationClass,
- _Out_writes_bytes_(ProcessInformationLength) PVOID ProcessInformation,
- _In_ ULONG ProcessInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryInformationResourceManager(
- _In_ HANDLE ResourceManagerHandle,
- _In_ RESOURCEMANAGER_INFORMATION_CLASS ResourceManagerInformationClass,
- _Out_writes_bytes_(ResourceManagerInformationLength) PVOID ResourceManagerInformation,
- _In_ ULONG ResourceManagerInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryInformationThread(
- _In_ HANDLE ThreadHandle,
- _In_ THREADINFOCLASS ThreadInformationClass,
- _Out_writes_bytes_(ThreadInformationLength) PVOID ThreadInformation,
- _In_ ULONG ThreadInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryInformationToken(
- _In_ HANDLE TokenHandle,
- _In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
- _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation,
- _In_ ULONG TokenInformationLength,
- _Out_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryInformationTransaction(
- _In_ HANDLE TransactionHandle,
- _In_ TRANSACTION_INFORMATION_CLASS TransactionInformationClass,
- _Out_writes_bytes_(TransactionInformationLength) PVOID TransactionInformation,
- _In_ ULONG TransactionInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryInformationTransactionManager(
- _In_ HANDLE TransactionManagerHandle,
- _In_ TRANSACTIONMANAGER_INFORMATION_CLASS TransactionManagerInformationClass,
- _Out_writes_bytes_(TransactionManagerInformationLength) PVOID TransactionManagerInformation,
- _In_ ULONG TransactionManagerInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryInformationWorkerFactory(
- _In_ HANDLE WorkerFactoryHandle,
- _In_ WORKERFACTORYINFOCLASS WorkerFactoryInformationClass,
- _Out_writes_bytes_(WorkerFactoryInformationLength) PVOID WorkerFactoryInformation,
- _In_ ULONG WorkerFactoryInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryInstallUILanguage(
- _Out_ LANGID *InstallUILanguageId
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryIntervalProfile(
- _In_ KPROFILE_SOURCE ProfileSource,
- _Out_ PULONG Interval
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryIoCompletion(
- _In_ HANDLE IoCompletionHandle,
- _In_ IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass,
- _Out_writes_bytes_(IoCompletionInformationLength) PVOID IoCompletionInformation,
- _In_ ULONG IoCompletionInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryIoRingCapabilities(
- _In_ SIZE_T IoRingCapabilitiesLength,
- _Out_ PVOID IoRingCapabilities
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryKey(
- _In_ HANDLE KeyHandle,
- _In_ KEY_INFORMATION_CLASS KeyInformationClass,
- _Out_writes_bytes_opt_(Length) PVOID KeyInformation,
- _In_ ULONG Length,
- _Out_ PULONG ResultLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryLicenseValue(
- _In_ PUNICODE_STRING ValueName,
- _Out_opt_ PULONG Type,
- _Out_writes_bytes_to_opt_(DataSize, *ResultDataSize) PVOID Data,
- _In_ ULONG DataSize,
- _Out_ PULONG ResultDataSize
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryMultipleValueKey(
- _In_ HANDLE KeyHandle,
- _Inout_updates_(EntryCount) PKEY_VALUE_ENTRY ValueEntries,
- _In_ ULONG EntryCount,
- _Out_writes_bytes_(*BufferLength) PVOID ValueBuffer,
- _Inout_ PULONG BufferLength,
- _Out_opt_ PULONG RequiredBufferLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryMutant(
- _In_ HANDLE MutantHandle,
- _In_ MUTANT_INFORMATION_CLASS MutantInformationClass,
- _Out_writes_bytes_(MutantInformationLength) PVOID MutantInformation,
- _In_ ULONG MutantInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryObject(
- _In_opt_ HANDLE Handle,
- _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass,
- _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation,
- _In_ ULONG ObjectInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryOpenSubKeys(
- _In_ POBJECT_ATTRIBUTES TargetKey,
- _Out_ PULONG HandleCount
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryOpenSubKeysEx(
- _In_ POBJECT_ATTRIBUTES TargetKey,
- _In_ ULONG BufferLength,
- _Out_writes_bytes_opt_(BufferLength) PVOID Buffer,
- _Out_ PULONG RequiredSize
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryPerformanceCounter(
- _Out_ PLARGE_INTEGER PerformanceCounter,
- _Out_opt_ PLARGE_INTEGER PerformanceFrequency
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryPortInformationProcess(
- VOID
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryQuotaInformationFile(
- _In_ HANDLE FileHandle,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _Out_writes_bytes_(Length) PVOID Buffer,
- _In_ ULONG Length,
- _In_ BOOLEAN ReturnSingleEntry,
- _In_reads_bytes_opt_(SidListLength) PVOID SidList,
- _In_ ULONG SidListLength,
- _In_opt_ PSID StartSid,
- _In_ BOOLEAN RestartScan
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQuerySection(
- _In_ HANDLE SectionHandle,
- _In_ SECTION_INFORMATION_CLASS SectionInformationClass,
- _Out_writes_bytes_(SectionInformationLength) PVOID SectionInformation,
- _In_ SIZE_T SectionInformationLength,
- _Out_opt_ PSIZE_T ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQuerySecurityAttributesToken(
- _In_ HANDLE TokenHandle,
- _In_reads_opt_(NumberOfAttributes) PUNICODE_STRING Attributes,
- _In_ ULONG NumberOfAttributes,
- _Out_writes_bytes_(Length) PVOID Buffer, // PTOKEN_SECURITY_ATTRIBUTES_INFORMATION
- _In_ ULONG Length,
- _Out_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQuerySecurityObject(
- _In_ HANDLE Handle,
- _In_ SECURITY_INFORMATION SecurityInformation,
- _Out_writes_bytes_opt_(Length) PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_ ULONG Length,
- _Out_ PULONG LengthNeeded
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQuerySemaphore(
- _In_ HANDLE SemaphoreHandle,
- _In_ SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass,
- _Out_writes_bytes_(SemaphoreInformationLength) PVOID SemaphoreInformation,
- _In_ ULONG SemaphoreInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQuerySymbolicLinkObject(
- _In_ HANDLE LinkHandle,
- _Inout_ PUNICODE_STRING LinkTarget,
- _Out_opt_ PULONG ReturnedLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQuerySystemEnvironmentValue(
- _In_ PUNICODE_STRING VariableName,
- _Out_writes_bytes_(ValueLength) PWSTR VariableValue,
- _In_ USHORT ValueLength,
- _Out_opt_ PUSHORT ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQuerySystemEnvironmentValueEx(
- _In_ PUNICODE_STRING VariableName,
- _In_ PCGUID VendorGuid,
- _Out_writes_bytes_opt_(*ValueLength) PVOID Value,
- _Inout_ PULONG ValueLength,
- _Out_opt_ PULONG Attributes // EFI_VARIABLE_*
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQuerySystemInformation(
- _In_ SYSTEM_INFORMATION_CLASS SystemInformationClass,
- _Out_writes_bytes_opt_(SystemInformationLength) PVOID SystemInformation,
- _In_ ULONG SystemInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQuerySystemInformationEx(
- _In_ SYSTEM_INFORMATION_CLASS SystemInformationClass,
- _In_reads_bytes_(InputBufferLength) PVOID InputBuffer,
- _In_ ULONG InputBufferLength,
- _Out_writes_bytes_opt_(SystemInformationLength) PVOID SystemInformation,
- _In_ ULONG SystemInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQuerySystemTime(
- _Out_ PLARGE_INTEGER SystemTime
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryTimer(
- _In_ HANDLE TimerHandle,
- _In_ TIMER_INFORMATION_CLASS TimerInformationClass,
- _Out_writes_bytes_(TimerInformationLength) PVOID TimerInformation,
- _In_ ULONG TimerInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryTimerResolution(
- _Out_ PULONG MaximumTime,
- _Out_ PULONG MinimumTime,
- _Out_ PULONG CurrentTime
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryValueKey(
- _In_ HANDLE KeyHandle,
- _In_ PUNICODE_STRING ValueName,
- _In_ KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
- _Out_writes_bytes_opt_(Length) PVOID KeyValueInformation,
- _In_ ULONG Length,
- _Out_ PULONG ResultLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryVirtualMemory(
- _In_ HANDLE ProcessHandle,
- _In_opt_ PVOID BaseAddress,
- _In_ MEMORY_INFORMATION_CLASS MemoryInformationClass,
- _Out_writes_bytes_(MemoryInformationLength) PVOID MemoryInformation,
- _In_ SIZE_T MemoryInformationLength,
- _Out_opt_ PSIZE_T ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryVolumeInformationFile(
- _In_ HANDLE FileHandle,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _Out_writes_bytes_(Length) PVOID FsInformation,
- _In_ ULONG Length,
- _In_ FSINFOCLASS FsInformationClass
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryWnfStateData(
- _In_ PCWNF_STATE_NAME StateName,
- _In_opt_ PCWNF_TYPE_ID TypeId,
- _In_opt_ const VOID* ExplicitScope,
- _Out_ PWNF_CHANGE_STAMP ChangeStamp,
- _Out_writes_bytes_opt_(*BufferSize) PVOID Buffer,
- _Inout_ PULONG BufferSize
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueryWnfStateNameInformation(
- _In_ PCWNF_STATE_NAME StateName,
- _In_ WNF_STATE_NAME_INFORMATION NameInfoClass,
- _In_opt_ const VOID* ExplicitScope,
- _Out_writes_bytes_(InfoBufferSize) PVOID InfoBuffer,
- _In_ ULONG InfoBufferSize
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueueApcThread(
- _In_ HANDLE ThreadHandle,
- _In_ PPS_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcArgument1,
- _In_opt_ PVOID ApcArgument2,
- _In_opt_ PVOID ApcArgument3
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueueApcThreadEx(
- _In_ HANDLE ThreadHandle,
- _In_opt_ HANDLE ReserveHandle, // NtAllocateReserveObject // SPECIAL_USER_APC
- _In_ PPS_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcArgument1,
- _In_opt_ PVOID ApcArgument2,
- _In_opt_ PVOID ApcArgument3
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwQueueApcThreadEx2(
- _In_ HANDLE ThreadHandle,
- _In_opt_ HANDLE ReserveHandle, // NtAllocateReserveObject
- _In_ ULONG ApcFlags, // QUEUE_USER_APC_FLAGS
- _In_ PPS_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcArgument1,
- _In_opt_ PVOID ApcArgument2,
- _In_opt_ PVOID ApcArgument3
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwRaiseException(
- _In_ PEXCEPTION_RECORD ExceptionRecord,
- _In_ PCONTEXT ContextRecord,
- _In_ BOOLEAN FirstChance
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwRaiseHardError(
- _In_ NTSTATUS ErrorStatus,
- _In_ ULONG NumberOfParameters,
- _In_ ULONG UnicodeStringParameterMask,
- _In_reads_(NumberOfParameters) PULONG_PTR Parameters,
- _In_ ULONG ValidResponseOptions,
- _Out_ PULONG Response
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwReadFile(
- _In_ HANDLE FileHandle,
- _In_opt_ HANDLE Event,
- _In_opt_ PIO_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _Out_writes_bytes_(Length) PVOID Buffer,
- _In_ ULONG Length,
- _In_opt_ PLARGE_INTEGER ByteOffset,
- _In_opt_ PULONG Key
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwReadFileScatter(
- _In_ HANDLE FileHandle,
- _In_opt_ HANDLE Event,
- _In_opt_ PIO_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_ PFILE_SEGMENT_ELEMENT SegmentArray,
- _In_ ULONG Length,
- _In_opt_ PLARGE_INTEGER ByteOffset,
- _In_opt_ PULONG Key
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwReadOnlyEnlistment(
- _In_ HANDLE EnlistmentHandle,
- _In_opt_ PLARGE_INTEGER TmVirtualClock
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwReadRequestData(
- _In_ HANDLE PortHandle,
- _In_ PPORT_MESSAGE Message,
- _In_ ULONG DataEntryIndex,
- _Out_writes_bytes_to_(BufferSize, *NumberOfBytesRead) PVOID Buffer,
- _In_ SIZE_T BufferSize,
- _Out_opt_ PSIZE_T NumberOfBytesRead
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwReadVirtualMemory(
- _In_ HANDLE ProcessHandle,
- _In_opt_ PVOID BaseAddress,
- _Out_writes_bytes_(BufferSize) PVOID Buffer,
- _In_ SIZE_T BufferSize,
- _Out_opt_ PSIZE_T NumberOfBytesRead
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwReadVirtualMemoryEx(
- _In_ HANDLE ProcessHandle,
- _In_opt_ PVOID BaseAddress,
- _Out_writes_bytes_(BufferSize) PVOID Buffer,
- _In_ SIZE_T BufferSize,
- _Out_opt_ PSIZE_T NumberOfBytesRead,
- _In_ ULONG Flags
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwRecoverEnlistment(
- _In_ HANDLE EnlistmentHandle,
- _In_opt_ PVOID EnlistmentKey
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwRecoverResourceManager(
- _In_ HANDLE ResourceManagerHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwRecoverTransactionManager(
- _In_ HANDLE TransactionManagerHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwRegisterProtocolAddressInformation(
- _In_ HANDLE ResourceManager,
- _In_ PCRM_PROTOCOL_ID ProtocolId,
- _In_ ULONG ProtocolInformationSize,
- _In_ PVOID ProtocolInformation,
- _In_opt_ ULONG CreateOptions
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwRegisterThreadTerminatePort(
- _In_ HANDLE PortHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwReleaseCMFViewOwnership(
- VOID
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwReleaseKeyedEvent(
- _In_opt_ HANDLE KeyedEventHandle,
- _In_ PVOID KeyValue,
- _In_ BOOLEAN Alertable,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwReleaseMutant(
- _In_ HANDLE MutantHandle,
- _Out_opt_ PLONG PreviousCount
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwReleaseSemaphore(
- _In_ HANDLE SemaphoreHandle,
- _In_ LONG ReleaseCount,
- _Out_opt_ PLONG PreviousCount
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwReleaseWorkerFactoryWorker(
- _In_ HANDLE WorkerFactoryHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwRemoveIoCompletion(
- _In_ HANDLE IoCompletionHandle,
- _Out_ PVOID *KeyContext,
- _Out_ PVOID *ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwRemoveIoCompletionEx(
- _In_ HANDLE IoCompletionHandle,
- _Out_writes_to_(Count, *NumEntriesRemoved) PFILE_IO_COMPLETION_INFORMATION IoCompletionInformation,
- _In_ ULONG Count,
- _Out_ PULONG NumEntriesRemoved,
- _In_opt_ PLARGE_INTEGER Timeout,
- _In_ BOOLEAN Alertable
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwRemoveProcessDebug(
- _In_ HANDLE ProcessHandle,
- _In_ HANDLE DebugObjectHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwRenameKey(
- _In_ HANDLE KeyHandle,
- _In_ PUNICODE_STRING NewName
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwRenameTransactionManager(
- _In_ PUNICODE_STRING LogFileName,
- _In_ LPGUID ExistingTransactionManagerGuid
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwReplaceKey(
- _In_ POBJECT_ATTRIBUTES NewFile,
- _In_ HANDLE TargetHandle,
- _In_ POBJECT_ATTRIBUTES OldFile
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwReplacePartitionUnit(
- _In_ PUNICODE_STRING TargetInstancePath,
- _In_ PUNICODE_STRING SpareInstancePath,
- _In_ ULONG Flags
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwReplyPort(
- _In_ HANDLE PortHandle,
- _In_reads_bytes_(ReplyMessage->u1.s1.TotalLength) PPORT_MESSAGE ReplyMessage
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwReplyWaitReceivePort(
- _In_ HANDLE PortHandle,
- _Out_opt_ PVOID *PortContext,
- _In_reads_bytes_opt_(ReplyMessage->u1.s1.TotalLength) PPORT_MESSAGE ReplyMessage,
- _Out_ PPORT_MESSAGE ReceiveMessage
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwReplyWaitReceivePortEx(
- _In_ HANDLE PortHandle,
- _Out_opt_ PVOID *PortContext,
- _In_reads_bytes_opt_(ReplyMessage->u1.s1.TotalLength) PPORT_MESSAGE ReplyMessage,
- _Out_ PPORT_MESSAGE ReceiveMessage,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwReplyWaitReplyPort(
- _In_ HANDLE PortHandle,
- _Inout_ PPORT_MESSAGE ReplyMessage
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwRequestPort(
- _In_ HANDLE PortHandle,
- _In_reads_bytes_(RequestMessage->u1.s1.TotalLength) PPORT_MESSAGE RequestMessage
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwRequestWaitReplyPort(
- _In_ HANDLE PortHandle,
- _In_reads_bytes_(RequestMessage->u1.s1.TotalLength) PPORT_MESSAGE RequestMessage,
- _Out_ PPORT_MESSAGE ReplyMessage
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwRequestWakeupLatency(
- _In_ LATENCY_TIME latency
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwResetEvent(
- _In_ HANDLE EventHandle,
- _Out_opt_ PLONG PreviousState
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwResetWriteWatch(
- _In_ HANDLE ProcessHandle,
- _In_ PVOID BaseAddress,
- _In_ SIZE_T RegionSize
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwRestoreKey(
- _In_ HANDLE KeyHandle,
- _In_ HANDLE FileHandle,
- _In_ ULONG Flags
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwResumeProcess(
- _In_ HANDLE ProcessHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwResumeThread(
- _In_ HANDLE ThreadHandle,
- _Out_opt_ PULONG PreviousSuspendCount
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwRevertContainerImpersonation(
- VOID
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwRollbackComplete(
- _In_ HANDLE EnlistmentHandle,
- _In_opt_ PLARGE_INTEGER TmVirtualClock
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwRollbackEnlistment(
- _In_ HANDLE EnlistmentHandle,
- _In_opt_ PLARGE_INTEGER TmVirtualClock
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwRollbackTransaction(
- _In_ HANDLE TransactionHandle,
- _In_ BOOLEAN Wait
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwRollforwardTransactionManager(
- _In_ HANDLE TransactionManagerHandle,
- _In_opt_ PLARGE_INTEGER TmVirtualClock
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSaveKey(
- _In_ HANDLE KeyHandle,
- _In_ HANDLE FileHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSaveKeyEx(
- _In_ HANDLE KeyHandle,
- _In_ HANDLE FileHandle,
- _In_ ULONG Format
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSaveMergedKeys(
- _In_ HANDLE HighPrecedenceKeyHandle,
- _In_ HANDLE LowPrecedenceKeyHandle,
- _In_ HANDLE FileHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSecureConnectPort(
- _Out_ PHANDLE PortHandle,
- _In_ PUNICODE_STRING PortName,
- _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQos,
- _Inout_opt_ PPORT_VIEW ClientView,
- _In_opt_ PSID RequiredServerSid,
- _Inout_opt_ PREMOTE_PORT_VIEW ServerView,
- _Out_opt_ PULONG MaxMessageLength,
- _Inout_updates_bytes_to_opt_(*ConnectionInformationLength, *ConnectionInformationLength) PVOID ConnectionInformation,
- _Inout_opt_ PULONG ConnectionInformationLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSerializeBoot(
- VOID
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetBootEntryOrder(
- _In_reads_(Count) PULONG Ids,
- _In_ ULONG Count
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetBootOptions(
- _In_ PBOOT_OPTIONS BootOptions,
- _In_ ULONG FieldsToChange
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetCachedSigningLevel(
- _In_ ULONG Flags,
- _In_ SE_SIGNING_LEVEL InputSigningLevel,
- _In_reads_(SourceFileCount) PHANDLE SourceFiles,
- _In_ ULONG SourceFileCount,
- _In_opt_ HANDLE TargetFile
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetContextThread(
- _In_ HANDLE ThreadHandle,
- _In_ PCONTEXT ThreadContext
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetDebugFilterState(
- _In_ ULONG ComponentId,
- _In_ ULONG Level,
- _In_ BOOLEAN State
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetDefaultHardErrorPort(
- _In_ HANDLE DefaultHardErrorPort
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetDefaultLocale(
- _In_ BOOLEAN UserProfile,
- _In_ LCID DefaultLocaleId
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetDefaultUILanguage(
- _In_ LANGID DefaultUILanguageId
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetDriverEntryOrder(
- _In_reads_(Count) PULONG Ids,
- _In_ ULONG Count
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetEaFile(
- _In_ HANDLE FileHandle,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_reads_bytes_(Length) PVOID Buffer,
- _In_ ULONG Length
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetEvent(
- _In_ HANDLE EventHandle,
- _Out_opt_ PLONG PreviousState
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetEventBoostPriority(
- _In_ HANDLE EventHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetHighEventPair(
- _In_ HANDLE EventPairHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetHighWaitLowEventPair(
- _In_ HANDLE EventPairHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetInformationDebugObject(
- _In_ HANDLE DebugObjectHandle,
- _In_ DEBUGOBJECTINFOCLASS DebugObjectInformationClass,
- _In_ PVOID DebugInformation,
- _In_ ULONG DebugInformationLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetInformationEnlistment(
- _In_opt_ HANDLE EnlistmentHandle,
- _In_ ENLISTMENT_INFORMATION_CLASS EnlistmentInformationClass,
- _In_reads_bytes_(EnlistmentInformationLength) PVOID EnlistmentInformation,
- _In_ ULONG EnlistmentInformationLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetInformationFile(
- _In_ HANDLE FileHandle,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_reads_bytes_(Length) PVOID FileInformation,
- _In_ ULONG Length,
- _In_ FILE_INFORMATION_CLASS FileInformationClass
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetInformationIoRing(
- _In_ HANDLE IoRingHandle,
- _In_ ULONG IoRingInformationClass,
- _In_ ULONG IoRingInformationLength,
- _In_ PVOID IoRingInformation
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetInformationJobObject(
- _In_ HANDLE JobHandle,
- _In_ JOBOBJECTINFOCLASS JobObjectInformationClass,
- _In_reads_bytes_(JobObjectInformationLength) PVOID JobObjectInformation,
- _In_ ULONG JobObjectInformationLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetInformationKey(
- _In_ HANDLE KeyHandle,
- _In_ KEY_SET_INFORMATION_CLASS KeySetInformationClass,
- _In_reads_bytes_(KeySetInformationLength) PVOID KeySetInformation,
- _In_ ULONG KeySetInformationLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetInformationObject(
- _In_ HANDLE Handle,
- _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass,
- _In_reads_bytes_(ObjectInformationLength) PVOID ObjectInformation,
- _In_ ULONG ObjectInformationLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetInformationProcess(
- _In_ HANDLE ProcessHandle,
- _In_ PROCESSINFOCLASS ProcessInformationClass,
- _In_reads_bytes_(ProcessInformationLength) PVOID ProcessInformation,
- _In_ ULONG ProcessInformationLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetInformationResourceManager(
- _In_ HANDLE ResourceManagerHandle,
- _In_ RESOURCEMANAGER_INFORMATION_CLASS ResourceManagerInformationClass,
- _In_reads_bytes_(ResourceManagerInformationLength) PVOID ResourceManagerInformation,
- _In_ ULONG ResourceManagerInformationLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetInformationSymbolicLink(
- _In_ HANDLE LinkHandle,
- _In_ SYMBOLIC_LINK_INFO_CLASS SymbolicLinkInformationClass,
- _In_reads_bytes_(SymbolicLinkInformationLength) PVOID SymbolicLinkInformation,
- _In_ ULONG SymbolicLinkInformationLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetInformationThread(
- _In_ HANDLE ThreadHandle,
- _In_ THREADINFOCLASS ThreadInformationClass,
- _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation,
- _In_ ULONG ThreadInformationLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetInformationToken(
- _In_ HANDLE TokenHandle,
- _In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
- _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation,
- _In_ ULONG TokenInformationLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetInformationTransaction(
- _In_ HANDLE TransactionHandle,
- _In_ TRANSACTION_INFORMATION_CLASS TransactionInformationClass,
- _In_reads_bytes_(TransactionInformationLength) PVOID TransactionInformation,
- _In_ ULONG TransactionInformationLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetInformationTransactionManager(
- _In_opt_ HANDLE TmHandle,
- _In_ TRANSACTIONMANAGER_INFORMATION_CLASS TransactionManagerInformationClass,
- _In_reads_bytes_(TransactionManagerInformationLength) PVOID TransactionManagerInformation,
- _In_ ULONG TransactionManagerInformationLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetInformationVirtualMemory(
- _In_ HANDLE ProcessHandle,
- _In_ VIRTUAL_MEMORY_INFORMATION_CLASS VmInformationClass,
- _In_ ULONG_PTR NumberOfEntries,
- _In_reads_(NumberOfEntries) PMEMORY_RANGE_ENTRY VirtualAddresses,
- _In_reads_bytes_(VmInformationLength) PVOID VmInformation,
- _In_ ULONG VmInformationLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetInformationWorkerFactory(
- _In_ HANDLE WorkerFactoryHandle,
- _In_ WORKERFACTORYINFOCLASS WorkerFactoryInformationClass,
- _In_reads_bytes_(WorkerFactoryInformationLength) PVOID WorkerFactoryInformation,
- _In_ ULONG WorkerFactoryInformationLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetIntervalProfile(
- _In_ ULONG Interval,
- _In_ KPROFILE_SOURCE Source
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetIoCompletion(
- _In_ HANDLE IoCompletionHandle,
- _In_opt_ PVOID KeyContext,
- _In_opt_ PVOID ApcContext,
- _In_ NTSTATUS IoStatus,
- _In_ ULONG_PTR IoStatusInformation
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetIoCompletionEx(
- _In_ HANDLE IoCompletionHandle,
- _In_ HANDLE IoCompletionPacketHandle,
- _In_opt_ PVOID KeyContext,
- _In_opt_ PVOID ApcContext,
- _In_ NTSTATUS IoStatus,
- _In_ ULONG_PTR IoStatusInformation
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetIRTimer(
- _In_ HANDLE TimerHandle,
- _In_opt_ PLARGE_INTEGER DueTime
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetLdtEntries(
- _In_ ULONG Selector0,
- _In_ ULONG Entry0Low,
- _In_ ULONG Entry0Hi,
- _In_ ULONG Selector1,
- _In_ ULONG Entry1Low,
- _In_ ULONG Entry1Hi
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetLowEventPair(
- _In_ HANDLE EventPairHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetLowWaitHighEventPair(
- _In_ HANDLE EventPairHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetQuotaInformationFile(
- _In_ HANDLE FileHandle,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_reads_bytes_(Length) PVOID Buffer,
- _In_ ULONG Length
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetSecurityObject(
- _In_ HANDLE Handle,
- _In_ SECURITY_INFORMATION SecurityInformation,
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetSystemEnvironmentValue(
- _In_ PUNICODE_STRING VariableName,
- _In_ PUNICODE_STRING VariableValue
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetSystemEnvironmentValueEx(
- _In_ PUNICODE_STRING VariableName,
- _In_ PCGUID VendorGuid,
- _In_reads_bytes_opt_(ValueLength) PVOID Value,
- _In_ ULONG ValueLength, // 0 = delete variable
- _In_ ULONG Attributes // EFI_VARIABLE_*
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetSystemInformation(
- _In_ SYSTEM_INFORMATION_CLASS SystemInformationClass,
- _In_reads_bytes_opt_(SystemInformationLength) PVOID SystemInformation,
- _In_ ULONG SystemInformationLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetSystemPowerState(
- _In_ POWER_ACTION SystemAction,
- _In_ SYSTEM_POWER_STATE LightestSystemState,
- _In_ ULONG Flags // POWER_ACTION_* flags
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetSystemTime(
- _In_opt_ PLARGE_INTEGER SystemTime,
- _Out_opt_ PLARGE_INTEGER PreviousTime
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetThreadExecutionState(
- _In_ EXECUTION_STATE NewFlags, // ES_* flags
- _Out_ EXECUTION_STATE *PreviousFlags
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetTimer(
- _In_ HANDLE TimerHandle,
- _In_ PLARGE_INTEGER DueTime,
- _In_opt_ PTIMER_APC_ROUTINE TimerApcRoutine,
- _In_opt_ PVOID TimerContext,
- _In_ BOOLEAN ResumeTimer,
- _In_opt_ LONG Period,
- _Out_opt_ PBOOLEAN PreviousState
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetTimer2(
- _In_ HANDLE TimerHandle,
- _In_ PLARGE_INTEGER DueTime,
- _In_opt_ PLARGE_INTEGER Period,
- _In_ PT2_SET_PARAMETERS Parameters
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetTimerEx(
- _In_ HANDLE TimerHandle,
- _In_ TIMER_SET_INFORMATION_CLASS TimerSetInformationClass,
- _Inout_updates_bytes_opt_(TimerSetInformationLength) PVOID TimerSetInformation,
- _In_ ULONG TimerSetInformationLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetTimerResolution(
- _In_ ULONG DesiredTime,
- _In_ BOOLEAN SetResolution,
- _Out_ PULONG ActualTime
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetUuidSeed(
- _In_ PCHAR Seed
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetValueKey(
- _In_ HANDLE KeyHandle,
- _In_ PUNICODE_STRING ValueName,
- _In_opt_ ULONG TitleIndex,
- _In_ ULONG Type,
- _In_reads_bytes_opt_(DataSize) PVOID Data,
- _In_ ULONG DataSize
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetVolumeInformationFile(
- _In_ HANDLE FileHandle,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_reads_bytes_(Length) PVOID FsInformation,
- _In_ ULONG Length,
- _In_ FSINFOCLASS FsInformationClass
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSetWnfProcessNotificationEvent(
- _In_ HANDLE NotificationEvent
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwShutdownSystem(
- _In_ SHUTDOWN_ACTION Action
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwShutdownWorkerFactory(
- _In_ HANDLE WorkerFactoryHandle,
- _Inout_ volatile LONG *PendingWorkerCount
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSignalAndWaitForSingleObject(
- _In_ HANDLE SignalHandle,
- _In_ HANDLE WaitHandle,
- _In_ BOOLEAN Alertable,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSinglePhaseReject(
- _In_ HANDLE EnlistmentHandle,
- _In_opt_ PLARGE_INTEGER TmVirtualClock
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwStartProfile(
- _In_ HANDLE ProfileHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwStopProfile(
- _In_ HANDLE ProfileHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSubmitIoRing(
- _In_ HANDLE IoRingHandle,
- _In_ ULONG Flags,
- _In_opt_ ULONG WaitOperations,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSubscribeWnfStateChange(
- _In_ PCWNF_STATE_NAME StateName,
- _In_opt_ WNF_CHANGE_STAMP ChangeStamp,
- _In_ ULONG EventMask,
- _Out_opt_ PULONG64 SubscriptionId
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSuspendProcess(
- _In_ HANDLE ProcessHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSuspendThread(
- _In_ HANDLE ThreadHandle,
- _Out_opt_ PULONG PreviousSuspendCount
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwSystemDebugControl(
- _In_ SYSDBG_COMMAND Command,
- _Inout_updates_bytes_opt_(InputBufferLength) PVOID InputBuffer,
- _In_ ULONG InputBufferLength,
- _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
- _In_ ULONG OutputBufferLength,
- _Out_opt_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwTerminateEnclave(
- _In_ PVOID BaseAddress,
- _In_ ULONG Flags // TERMINATE_ENCLAVE_FLAG_*
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwTerminateJobObject(
- _In_ HANDLE JobHandle,
- _In_ NTSTATUS ExitStatus
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwTerminateProcess(
- _In_opt_ HANDLE ProcessHandle,
- _In_ NTSTATUS ExitStatus
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwTerminateThread(
- _In_opt_ HANDLE ThreadHandle,
- _In_ NTSTATUS ExitStatus
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwTestAlert(
- VOID
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwThawRegistry(
- VOID
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwThawTransactions(
- VOID
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwTraceControl(
- _In_ ETWTRACECONTROLCODE TraceControlCode,
- _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
- _In_ ULONG InputBufferLength,
- _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
- _In_ ULONG OutputBufferLength,
- _Out_ PULONG ReturnLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwTraceEvent(
- _In_ HANDLE TraceHandle,
- _In_ ULONG Flags,
- _In_ ULONG FieldSize,
- _In_ PVOID Fields
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwTranslateFilePath(
- _In_ PFILE_PATH InputFilePath,
- _In_ ULONG OutputType,
- _Out_writes_bytes_opt_(*OutputFilePathLength) PFILE_PATH OutputFilePath,
- _Inout_opt_ PULONG OutputFilePathLength
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwUmsThreadYield(
- _In_ PVOID SchedulerParam
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwUnloadDriver(
- _In_ PUNICODE_STRING DriverServiceName
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwUnloadKey(
- _In_ POBJECT_ATTRIBUTES TargetKey
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwUnloadKey2(
- _In_ POBJECT_ATTRIBUTES TargetKey,
- _In_ ULONG Flags
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwUnloadKeyEx(
- _In_ POBJECT_ATTRIBUTES TargetKey,
- _In_opt_ HANDLE Event
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwUnlockFile(
- _In_ HANDLE FileHandle,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_ PLARGE_INTEGER ByteOffset,
- _In_ PLARGE_INTEGER Length,
- _In_ ULONG Key
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwUnlockVirtualMemory(
- _In_ HANDLE ProcessHandle,
- _Inout_ PVOID *BaseAddress,
- _Inout_ PSIZE_T RegionSize,
- _In_ ULONG MapType
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwUnmapViewOfSection(
- _In_ HANDLE ProcessHandle,
- _In_opt_ PVOID BaseAddress
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwUnmapViewOfSectionEx(
- _In_ HANDLE ProcessHandle,
- _In_opt_ PVOID BaseAddress,
- _In_ ULONG Flags
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwUnsubscribeWnfStateChange(
- _In_ PCWNF_STATE_NAME StateName
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwUpdateWnfStateData(
- _In_ PCWNF_STATE_NAME StateName,
- _In_reads_bytes_opt_(Length) const VOID* Buffer,
- _In_opt_ ULONG Length,
- _In_opt_ PCWNF_TYPE_ID TypeId,
- _In_opt_ const VOID* ExplicitScope,
- _In_ WNF_CHANGE_STAMP MatchingChangeStamp,
- _In_ LOGICAL CheckStamp
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwVdmControl(
- _In_ VDMSERVICECLASS Service,
- _Inout_ PVOID ServiceData
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwWaitForAlertByThreadId(
- _In_ PVOID Address,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwWaitForDebugEvent(
- _In_ HANDLE DebugObjectHandle,
- _In_ BOOLEAN Alertable,
- _In_opt_ PLARGE_INTEGER Timeout,
- _Out_ PDBGUI_WAIT_STATE_CHANGE WaitStateChange
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwWaitForKeyedEvent(
- _In_opt_ HANDLE KeyedEventHandle,
- _In_ PVOID KeyValue,
- _In_ BOOLEAN Alertable,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwWaitForMultipleObjects(
- _In_ ULONG Count,
- _In_reads_(Count) HANDLE Handles[],
- _In_ WAIT_TYPE WaitType,
- _In_ BOOLEAN Alertable,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwWaitForMultipleObjects32(
- _In_ ULONG Count,
- _In_reads_(Count) LONG Handles[],
- _In_ WAIT_TYPE WaitType,
- _In_ BOOLEAN Alertable,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwWaitForSingleObject(
- _In_ HANDLE Handle,
- _In_ BOOLEAN Alertable,
- _In_opt_ PLARGE_INTEGER Timeout
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwWaitForWorkViaWorkerFactory(
- _In_ HANDLE WorkerFactoryHandle,
- _Out_writes_to_(Count, *PacketsReturned) PFILE_IO_COMPLETION_INFORMATION MiniPackets,
- _In_ ULONG Count,
- _Out_ PULONG PacketsReturned,
- _In_ PWORKER_FACTORY_DEFERRED_WORK DeferredWork
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwWaitHighEventPair(
- _In_ HANDLE EventPairHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwWaitLowEventPair(
- _In_ HANDLE EventPairHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwWorkerFactoryWorkerReady(
- _In_ HANDLE WorkerFactoryHandle
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwWriteFile(
- _In_ HANDLE FileHandle,
- _In_opt_ HANDLE Event,
- _In_opt_ PIO_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_reads_bytes_(Length) PVOID Buffer,
- _In_ ULONG Length,
- _In_opt_ PLARGE_INTEGER ByteOffset,
- _In_opt_ PULONG Key
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwWriteFileGather(
- _In_ HANDLE FileHandle,
- _In_opt_ HANDLE Event,
- _In_opt_ PIO_APC_ROUTINE ApcRoutine,
- _In_opt_ PVOID ApcContext,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock,
- _In_ PFILE_SEGMENT_ELEMENT SegmentArray,
- _In_ ULONG Length,
- _In_opt_ PLARGE_INTEGER ByteOffset,
- _In_opt_ PULONG Key
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwWriteRequestData(
- _In_ HANDLE PortHandle,
- _In_ PPORT_MESSAGE Message,
- _In_ ULONG DataEntryIndex,
- _In_reads_bytes_(BufferSize) PVOID Buffer,
- _In_ SIZE_T BufferSize,
- _Out_opt_ PSIZE_T NumberOfBytesWritten
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwWriteVirtualMemory(
- _In_ HANDLE ProcessHandle,
- _In_opt_ PVOID BaseAddress,
- _In_reads_bytes_(BufferSize) PVOID Buffer,
- _In_ SIZE_T BufferSize,
- _Out_opt_ PSIZE_T NumberOfBytesWritten
- );
-
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwYieldExecution(
- VOID
- );
-
-#endif
diff --git a/deps/phnt-nightly/phnt.h b/deps/phnt-nightly/phnt.h
deleted file mode 100644
index 6999473..0000000
--- a/deps/phnt-nightly/phnt.h
+++ /dev/null
@@ -1,123 +0,0 @@
-/*
- * NT Header annotations
- *
- * This file is part of System Informer.
- */
-
-#ifndef _PHNT_H
-#define _PHNT_H
-
-// This header file provides access to NT APIs.
-
-// Definitions are annotated to indicate their source. If a definition is not annotated, it has been
-// retrieved from an official Microsoft source (NT headers, DDK headers, winnt.h).
-
-// * "winbase" indicates that a definition has been reconstructed from a Win32-ized NT definition in
-// winbase.h.
-// * "rev" indicates that a definition has been reverse-engineered.
-// * "dbg" indicates that a definition has been obtained from a debug message or assertion in a
-// checked build of the kernel or file.
-
-// Reliability:
-// 1. No annotation.
-// 2. dbg.
-// 3. symbols, private. Types may be incorrect.
-// 4. winbase. Names and types may be incorrect.
-// 5. rev.
-
-// Mode
-#define PHNT_MODE_KERNEL 0
-#define PHNT_MODE_USER 1
-
-// Version
-#define PHNT_WIN2K 50
-#define PHNT_WINXP 51
-#define PHNT_WS03 52
-#define PHNT_VISTA 60
-#define PHNT_WIN7 61
-#define PHNT_WIN8 62
-#define PHNT_WINBLUE 63
-#define PHNT_THRESHOLD 100
-#define PHNT_THRESHOLD2 101
-#define PHNT_REDSTONE 102
-#define PHNT_REDSTONE2 103
-#define PHNT_REDSTONE3 104
-#define PHNT_REDSTONE4 105
-#define PHNT_REDSTONE5 106
-#define PHNT_19H1 107
-#define PHNT_19H2 108
-#define PHNT_20H1 109
-#define PHNT_20H2 110
-#define PHNT_21H1 111
-#define PHNT_WIN10_21H2 112
-#define PHNT_WIN10_22H2 113
-#define PHNT_WIN11 114
-#define PHNT_WIN11_22H2 115
-#define PHNT_WIN11_23H2 116
-
-#ifndef PHNT_MODE
-#define PHNT_MODE PHNT_MODE_USER
-#endif
-
-#ifndef PHNT_VERSION
-#define PHNT_VERSION PHNT_WIN11
-#endif
-
-// Options
-
-//#define PHNT_NO_INLINE_INIT_STRING
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-#include
-#include
-#endif
-
-#include
-#include
-#include
-
-#include
-#include
-#include
-#include
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#endif
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
-
-#include
-#include
-#include
-#include
-
-#include
-
-#include
-#include
-
-#include
-
-#include
-
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/deps/phnt-nightly/phnt_ntdef.h b/deps/phnt-nightly/phnt_ntdef.h
deleted file mode 100644
index 9166d1a..0000000
--- a/deps/phnt-nightly/phnt_ntdef.h
+++ /dev/null
@@ -1,365 +0,0 @@
-/*
- * Native definition support
- *
- * This file is part of System Informer.
- */
-
-#ifndef _PHNT_NTDEF_H
-#define _PHNT_NTDEF_H
-
-#ifndef _NTDEF_
-#define _NTDEF_
-
-// This header file provides basic NT types not included in Win32. If you have included winnt.h
-// (perhaps indirectly), you must use this file instead of ntdef.h.
-
-#ifndef NOTHING
-#define NOTHING
-#endif
-
-// Basic types
-
-typedef struct _QUAD
-{
- union
- {
- __int64 UseThisFieldToCopy;
- double DoNotUseThisField;
- };
-} QUAD, *PQUAD;
-
-// This isn't in NT, but it's useful.
-typedef struct DECLSPEC_ALIGN(MEMORY_ALLOCATION_ALIGNMENT) _QUAD_PTR
-{
- ULONG_PTR DoNotUseThisField1;
- ULONG_PTR DoNotUseThisField2;
-} QUAD_PTR, *PQUAD_PTR;
-
-typedef ULONG LOGICAL;
-typedef ULONG *PLOGICAL;
-
-typedef _Return_type_success_(return >= 0) LONG NTSTATUS;
-typedef NTSTATUS *PNTSTATUS;
-
-// Cardinal types
-
-typedef char CCHAR;
-typedef short CSHORT;
-typedef ULONG CLONG;
-
-typedef CCHAR *PCCHAR;
-typedef CSHORT *PCSHORT;
-typedef CLONG *PCLONG;
-
-typedef PCSTR PCSZ;
-
-typedef PVOID* PPVOID;
-
-// Specific
-
-typedef UCHAR KIRQL, *PKIRQL;
-typedef LONG KPRIORITY, *PKPRIORITY;
-typedef USHORT RTL_ATOM, *PRTL_ATOM;
-
-typedef LARGE_INTEGER PHYSICAL_ADDRESS, *PPHYSICAL_ADDRESS;
-
-typedef struct _LARGE_INTEGER_128
-{
- LONGLONG QuadPart[2];
-} LARGE_INTEGER_128, *PLARGE_INTEGER_128;
-
-// NT status macros
-
-#define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0)
-#define NT_INFORMATION(Status) ((((ULONG)(Status)) >> 30) == 1)
-#define NT_WARNING(Status) ((((ULONG)(Status)) >> 30) == 2)
-#define NT_ERROR(Status) ((((ULONG)(Status)) >> 30) == 3)
-
-#define NT_CUSTOMER_SHIFT 29
-#define NT_CUSTOMER(Status) ((((ULONG)(Status)) >> NT_CUSTOMER_SHIFT) & 1)
-
-#define NT_FACILITY_MASK 0xfff
-#define NT_FACILITY_SHIFT 16
-#define NT_FACILITY(Status) ((((ULONG)(Status)) >> NT_FACILITY_SHIFT) & NT_FACILITY_MASK)
-
-#define NT_NTWIN32(Status) (NT_FACILITY(Status) == FACILITY_NTWIN32)
-#define WIN32_FROM_NTSTATUS(Status) (((ULONG)(Status)) & 0xffff)
-
-// Functions
-
-#ifndef _WIN64
-#define FASTCALL __fastcall
-#else
-#define FASTCALL
-#endif
-
-// Synchronization enumerations
-
-typedef enum _EVENT_TYPE
-{
- NotificationEvent,
- SynchronizationEvent
-} EVENT_TYPE;
-
-typedef enum _TIMER_TYPE
-{
- NotificationTimer,
- SynchronizationTimer
-} TIMER_TYPE;
-
-typedef enum _WAIT_TYPE
-{
- WaitAll,
- WaitAny,
- WaitNotification
-} WAIT_TYPE;
-
-// Strings
-
-typedef struct _STRING
-{
- USHORT Length;
- USHORT MaximumLength;
- _Field_size_bytes_part_opt_(MaximumLength, Length) PCHAR Buffer;
-} STRING, *PSTRING, ANSI_STRING, *PANSI_STRING, OEM_STRING, *POEM_STRING;
-
-typedef STRING UTF8_STRING;
-typedef PSTRING PUTF8_STRING;
-
-typedef const STRING *PCSTRING;
-typedef const ANSI_STRING *PCANSI_STRING;
-typedef const OEM_STRING *PCOEM_STRING;
-
-typedef struct _UNICODE_STRING
-{
- USHORT Length;
- USHORT MaximumLength;
- _Field_size_bytes_part_opt_(MaximumLength, Length) PWCH Buffer;
-} UNICODE_STRING, *PUNICODE_STRING;
-
-typedef const UNICODE_STRING *PCUNICODE_STRING;
-
-#define RTL_CONSTANT_STRING(s) { sizeof(s) - sizeof((s)[0]), sizeof(s), s }
-
-#define DECLARE_CONST_UNICODE_STRING(_var, _str) \
-const WCHAR _var ## _buffer[] = _str; \
-const UNICODE_STRING _var = { sizeof(_str) - sizeof(WCHAR), sizeof(_str), (PWCH) _var ## _buffer }
-
-#define DECLARE_GLOBAL_CONST_UNICODE_STRING(_var, _str) \
-extern const DECLSPEC_SELECTANY UNICODE_STRING _var = RTL_CONSTANT_STRING(_str)
-
-#define DECLARE_UNICODE_STRING_SIZE(_var, _size) \
-WCHAR _var ## _buffer[_size]; \
-UNICODE_STRING _var = { 0, (_size) * sizeof(WCHAR) , _var ## _buffer }
-
-// Balanced tree node
-
-#define RTL_BALANCED_NODE_RESERVED_PARENT_MASK 3
-
-typedef struct _RTL_BALANCED_NODE
-{
- union
- {
- struct _RTL_BALANCED_NODE *Children[2];
- struct
- {
- struct _RTL_BALANCED_NODE *Left;
- struct _RTL_BALANCED_NODE *Right;
- };
- };
- union
- {
- UCHAR Red : 1;
- UCHAR Balance : 2;
- ULONG_PTR ParentValue;
- };
-} RTL_BALANCED_NODE, *PRTL_BALANCED_NODE;
-
-#define RTL_BALANCED_NODE_GET_PARENT_POINTER(Node) \
- ((PRTL_BALANCED_NODE)((Node)->ParentValue & ~RTL_BALANCED_NODE_RESERVED_PARENT_MASK))
-
-// Portability
-
-typedef struct _SINGLE_LIST_ENTRY32
-{
- ULONG Next;
-} SINGLE_LIST_ENTRY32, *PSINGLE_LIST_ENTRY32;
-
-typedef struct _STRING32
-{
- USHORT Length;
- USHORT MaximumLength;
- ULONG Buffer;
-} STRING32, *PSTRING32;
-
-typedef STRING32 UNICODE_STRING32, *PUNICODE_STRING32;
-typedef STRING32 ANSI_STRING32, *PANSI_STRING32;
-
-typedef struct _STRING64
-{
- USHORT Length;
- USHORT MaximumLength;
- ULONGLONG Buffer;
-} STRING64, *PSTRING64;
-
-typedef STRING64 UNICODE_STRING64, *PUNICODE_STRING64;
-typedef STRING64 ANSI_STRING64, *PANSI_STRING64;
-
-// Object attributes
-
-#define OBJ_PROTECT_CLOSE 0x00000001L
-#define OBJ_INHERIT 0x00000002L
-#define OBJ_AUDIT_OBJECT_CLOSE 0x00000004L
-#define OBJ_NO_RIGHTS_UPGRADE 0x00000008L
-#define OBJ_PERMANENT 0x00000010L
-#define OBJ_EXCLUSIVE 0x00000020L
-#define OBJ_CASE_INSENSITIVE 0x00000040L
-#define OBJ_OPENIF 0x00000080L
-#define OBJ_OPENLINK 0x00000100L
-#define OBJ_KERNEL_HANDLE 0x00000200L
-#define OBJ_FORCE_ACCESS_CHECK 0x00000400L
-#define OBJ_IGNORE_IMPERSONATED_DEVICEMAP 0x00000800L
-#define OBJ_DONT_REPARSE 0x00001000L
-#define OBJ_VALID_ATTRIBUTES 0x00001FF2L
-
-typedef struct _OBJECT_ATTRIBUTES
-{
- ULONG Length;
- HANDLE RootDirectory;
- PUNICODE_STRING ObjectName;
- ULONG Attributes;
- PVOID SecurityDescriptor; // PSECURITY_DESCRIPTOR;
- PVOID SecurityQualityOfService; // PSECURITY_QUALITY_OF_SERVICE
-} OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
-
-typedef const OBJECT_ATTRIBUTES *PCOBJECT_ATTRIBUTES;
-
-#define InitializeObjectAttributes(p, n, a, r, s) { \
- (p)->Length = sizeof(OBJECT_ATTRIBUTES); \
- (p)->RootDirectory = r; \
- (p)->Attributes = a; \
- (p)->ObjectName = n; \
- (p)->SecurityDescriptor = s; \
- (p)->SecurityQualityOfService = NULL; \
- }
-
-#define RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a) { sizeof(OBJECT_ATTRIBUTES), NULL, n, a, NULL, NULL }
-#define RTL_INIT_OBJECT_ATTRIBUTES(n, a) RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a)
-
-#define OBJ_NAME_PATH_SEPARATOR ((WCHAR)L'\\')
-#define OBJ_NAME_ALTPATH_SEPARATOR ((WCHAR)L'/')
-
-// Portability
-
-typedef struct _OBJECT_ATTRIBUTES64
-{
- ULONG Length;
- ULONG64 RootDirectory;
- ULONG64 ObjectName;
- ULONG Attributes;
- ULONG64 SecurityDescriptor;
- ULONG64 SecurityQualityOfService;
-} OBJECT_ATTRIBUTES64, *POBJECT_ATTRIBUTES64;
-
-typedef const OBJECT_ATTRIBUTES64 *PCOBJECT_ATTRIBUTES64;
-
-typedef struct _OBJECT_ATTRIBUTES32
-{
- ULONG Length;
- ULONG RootDirectory;
- ULONG ObjectName;
- ULONG Attributes;
- ULONG SecurityDescriptor;
- ULONG SecurityQualityOfService;
-} OBJECT_ATTRIBUTES32, *POBJECT_ATTRIBUTES32;
-
-typedef const OBJECT_ATTRIBUTES32 *PCOBJECT_ATTRIBUTES32;
-
-// Product types
-
-typedef enum _NT_PRODUCT_TYPE
-{
- NtProductWinNt = 1,
- NtProductLanManNt,
- NtProductServer
-} NT_PRODUCT_TYPE, *PNT_PRODUCT_TYPE;
-
-typedef enum _SUITE_TYPE
-{
- SmallBusiness,
- Enterprise,
- BackOffice,
- CommunicationServer,
- TerminalServer,
- SmallBusinessRestricted,
- EmbeddedNT,
- DataCenter,
- SingleUserTS,
- Personal,
- Blade,
- EmbeddedRestricted,
- SecurityAppliance,
- StorageServer,
- ComputeServer,
- WHServer,
- PhoneNT,
- MaxSuiteType
-} SUITE_TYPE;
-
-// Specific
-
-typedef struct _CLIENT_ID
-{
- HANDLE UniqueProcess;
- HANDLE UniqueThread;
-} CLIENT_ID, *PCLIENT_ID;
-
-typedef struct _CLIENT_ID32
-{
- ULONG UniqueProcess;
- ULONG UniqueThread;
-} CLIENT_ID32, *PCLIENT_ID32;
-
-typedef struct _CLIENT_ID64
-{
- ULONGLONG UniqueProcess;
- ULONGLONG UniqueThread;
-} CLIENT_ID64, *PCLIENT_ID64;
-
-#include
-
-typedef struct _KSYSTEM_TIME
-{
- ULONG LowPart;
- LONG High1Time;
- LONG High2Time;
-} KSYSTEM_TIME, *PKSYSTEM_TIME;
-
-#include
-
-#ifndef AFFINITY_MASK
-#define AFFINITY_MASK(n) ((KAFFINITY)1 << (n))
-#endif
-
-#ifndef FlagOn
-#define FlagOn(_F, _SF) ((_F) & (_SF))
-#endif
-#ifndef BooleanFlagOn
-#define BooleanFlagOn(F, SF) ((BOOLEAN)(((F) & (SF)) != 0))
-#endif
-#ifndef SetFlag
-#define SetFlag(_F, _SF) ((_F) |= (_SF))
-#endif
-#ifndef ClearFlag
-#define ClearFlag(_F, _SF) ((_F) &= ~(_SF))
-#endif
-
-#endif
-
-#if defined(_WIN64)
-#define POINTER_ALIGNMENT DECLSPEC_ALIGN(8)
-#else
-#define POINTER_ALIGNMENT
-#endif
-
-#endif
diff --git a/deps/phnt-nightly/phnt_windows.h b/deps/phnt-nightly/phnt_windows.h
deleted file mode 100644
index c1cbd5e..0000000
--- a/deps/phnt-nightly/phnt_windows.h
+++ /dev/null
@@ -1,128 +0,0 @@
-/*
- * Win32 definition support
- *
- * This file is part of System Informer.
- */
-
-#ifndef _PHNT_WINDOWS_H
-#define _PHNT_WINDOWS_H
-
-// This header file provides access to Win32, plus NTSTATUS values and some access mask values.
-
-#ifndef __cplusplus
-#ifndef CINTERFACE
-#define CINTERFACE
-#endif
-
-#ifndef COBJMACROS
-#define COBJMACROS
-#endif
-#endif
-
-#ifndef NOMINMAX
-#define NOMINMAX
-#endif
-
-#ifndef INT_ERROR
-#define INT_ERROR (-1)
-#endif
-
-#ifndef ULONG64_MAX
-#define ULONG64_MAX 0xffffffffffffffffui64
-#endif
-
-#ifndef SIZE_T_MAX
-#ifdef _WIN64
-#define SIZE_T_MAX 0xffffffffffffffffui64
-#else
-#define SIZE_T_MAX 0xffffffffUL
-#endif
-#endif
-
-#ifndef ENABLE_RTL_NUMBER_OF_V2
-#define ENABLE_RTL_NUMBER_OF_V2
-#endif
-
-#ifndef INITGUID
-#define INITGUID
-#endif
-
-#ifndef WIN32_LEAN_AND_MEAN
-#define WIN32_LEAN_AND_MEAN
-#endif
-
-#ifndef WIN32_NO_STATUS
-#define WIN32_NO_STATUS
-#endif
-
-#ifndef __cplusplus
-// This is needed to workaround C17 preprocessor errors when using legacy versions of the Windows SDK. (dmex)
-#ifndef MICROSOFT_WINDOWS_WINBASE_H_DEFINE_INTERLOCKED_CPLUSPLUS_OVERLOADS
-#define MICROSOFT_WINDOWS_WINBASE_H_DEFINE_INTERLOCKED_CPLUSPLUS_OVERLOADS 0
-#endif
-#endif
-
-#include
-#include
-#undef WIN32_NO_STATUS
-#include
-#include
-#include
-
-typedef double DOUBLE;
-typedef GUID *PGUID;
-
-// Desktop access rights
-#define DESKTOP_ALL_ACCESS \
- (DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | DESKTOP_ENUMERATE | \
- DESKTOP_HOOKCONTROL | DESKTOP_JOURNALPLAYBACK | DESKTOP_JOURNALRECORD | \
- DESKTOP_READOBJECTS | DESKTOP_SWITCHDESKTOP | DESKTOP_WRITEOBJECTS | \
- STANDARD_RIGHTS_REQUIRED)
-#define DESKTOP_GENERIC_READ \
- (DESKTOP_ENUMERATE | DESKTOP_READOBJECTS | STANDARD_RIGHTS_READ)
-#define DESKTOP_GENERIC_WRITE \
- (DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | DESKTOP_HOOKCONTROL | \
- DESKTOP_JOURNALPLAYBACK | DESKTOP_JOURNALRECORD | DESKTOP_WRITEOBJECTS | \
- STANDARD_RIGHTS_WRITE)
-#define DESKTOP_GENERIC_EXECUTE \
- (DESKTOP_SWITCHDESKTOP | STANDARD_RIGHTS_EXECUTE)
-
-// Window station access rights
-#define WINSTA_GENERIC_READ \
- (WINSTA_ENUMDESKTOPS | WINSTA_ENUMERATE | WINSTA_READATTRIBUTES | \
- WINSTA_READSCREEN | STANDARD_RIGHTS_READ)
-#define WINSTA_GENERIC_WRITE \
- (WINSTA_ACCESSCLIPBOARD | WINSTA_CREATEDESKTOP | WINSTA_WRITEATTRIBUTES | \
- STANDARD_RIGHTS_WRITE)
-#define WINSTA_GENERIC_EXECUTE \
- (WINSTA_ACCESSGLOBALATOMS | WINSTA_EXITWINDOWS | STANDARD_RIGHTS_EXECUTE)
-
-// WMI access rights
-#define WMIGUID_GENERIC_READ \
- (WMIGUID_QUERY | WMIGUID_NOTIFICATION | WMIGUID_READ_DESCRIPTION | \
- STANDARD_RIGHTS_READ)
-#define WMIGUID_GENERIC_WRITE \
- (WMIGUID_SET | TRACELOG_CREATE_REALTIME | TRACELOG_CREATE_ONDISK | \
- STANDARD_RIGHTS_WRITE)
-#define WMIGUID_GENERIC_EXECUTE \
- (WMIGUID_EXECUTE | TRACELOG_GUID_ENABLE | TRACELOG_LOG_EVENT | \
- TRACELOG_ACCESS_REALTIME | TRACELOG_REGISTER_GUIDS | \
- STANDARD_RIGHTS_EXECUTE)
-
-// Note: Some parts of the Windows Runtime, COM or third party hooks are returning
-// S_FALSE and null pointers on errors when S_FALSE is a success code. (dmex)
-#define HR_SUCCESS(hr) (((HRESULT)(hr)) == S_OK)
-#define HR_FAILED(hr) (((HRESULT)(hr)) != S_OK)
-
-// Note: The CONTAINING_RECORD macro doesn't support UBSan and generates false positives,
-// we redefine the macro with FIELD_OFFSET as a workaround until the WinSDK is fixed (dmex)
-#undef CONTAINING_RECORD
-#define CONTAINING_RECORD(address, type, field) \
- ((type *)((ULONG_PTR)(address) - UFIELD_OFFSET(type, field)))
-
-#ifndef __PCGUID_DEFINED__
-#define __PCGUID_DEFINED__
-typedef const GUID* PCGUID;
-#endif
-
-#endif
diff --git a/deps/phnt-nightly/subprocesstag.h b/deps/phnt-nightly/subprocesstag.h
deleted file mode 100644
index 6f2ee53..0000000
--- a/deps/phnt-nightly/subprocesstag.h
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Subprocess tag information
- *
- * This file is part of System Informer.
- */
-
-#ifndef _SUBPROCESSTAG_H
-#define _SUBPROCESSTAG_H
-
-typedef enum _TAG_INFO_LEVEL
-{
- eTagInfoLevelNameFromTag = 1, // TAG_INFO_NAME_FROM_TAG
- eTagInfoLevelNamesReferencingModule, // TAG_INFO_NAMES_REFERENCING_MODULE
- eTagInfoLevelNameTagMapping, // TAG_INFO_NAME_TAG_MAPPING
- eTagInfoLevelMax
-} TAG_INFO_LEVEL;
-
-typedef enum _TAG_TYPE
-{
- eTagTypeService = 1,
- eTagTypeMax
-} TAG_TYPE;
-
-typedef struct _TAG_INFO_NAME_FROM_TAG_IN_PARAMS
-{
- ULONG dwPid;
- ULONG dwTag;
-} TAG_INFO_NAME_FROM_TAG_IN_PARAMS, *PTAG_INFO_NAME_FROM_TAG_IN_PARAMS;
-
-typedef struct _TAG_INFO_NAME_FROM_TAG_OUT_PARAMS
-{
- ULONG eTagType;
- PWSTR pszName;
-} TAG_INFO_NAME_FROM_TAG_OUT_PARAMS, *PTAG_INFO_NAME_FROM_TAG_OUT_PARAMS;
-
-typedef struct _TAG_INFO_NAME_FROM_TAG
-{
- TAG_INFO_NAME_FROM_TAG_IN_PARAMS InParams;
- TAG_INFO_NAME_FROM_TAG_OUT_PARAMS OutParams;
-} TAG_INFO_NAME_FROM_TAG, *PTAG_INFO_NAME_FROM_TAG;
-
-typedef struct _TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS
-{
- ULONG dwPid;
- PWSTR pszModule;
-} TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS, *PTAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS;
-
-typedef struct _TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS
-{
- ULONG eTagType;
- PWSTR pmszNames;
-} TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS, *PTAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS;
-
-typedef struct _TAG_INFO_NAMES_REFERENCING_MODULE
-{
- TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS InParams;
- TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS OutParams;
-} TAG_INFO_NAMES_REFERENCING_MODULE, *PTAG_INFO_NAMES_REFERENCING_MODULE;
-
-typedef struct _TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS
-{
- ULONG dwPid;
-} TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS, *PTAG_INFO_NAME_TAG_MAPPING_IN_PARAMS;
-
-typedef struct _TAG_INFO_NAME_TAG_MAPPING_ELEMENT
-{
- ULONG eTagType;
- ULONG dwTag;
- PWSTR pszName;
- PWSTR pszGroupName;
-} TAG_INFO_NAME_TAG_MAPPING_ELEMENT, *PTAG_INFO_NAME_TAG_MAPPING_ELEMENT;
-
-typedef struct _TAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS
-{
- ULONG cElements;
- PTAG_INFO_NAME_TAG_MAPPING_ELEMENT pNameTagMappingElements;
-} TAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS, *PTAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS;
-
-typedef struct _TAG_INFO_NAME_TAG_MAPPING
-{
- TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS InParams;
- PTAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS pOutParams;
-} TAG_INFO_NAME_TAG_MAPPING, *PTAG_INFO_NAME_TAG_MAPPING;
-
-_Must_inspect_result_
-ULONG
-WINAPI
-I_QueryTagInformation(
- _In_opt_ PCWSTR MachineName,
- _In_ TAG_INFO_LEVEL InfoLevel,
- _Inout_ PVOID TagInfo
- );
-
-typedef ULONG (WINAPI *PQUERY_TAG_INFORMATION)(
- _In_opt_ PCWSTR MachineName,
- _In_ TAG_INFO_LEVEL InfoLevel,
- _Inout_ PVOID TagInfo
- );
-
-#endif
diff --git a/deps/phnt-nightly/usermgr.h b/deps/phnt-nightly/usermgr.h
deleted file mode 100644
index a8d4005..0000000
--- a/deps/phnt-nightly/usermgr.h
+++ /dev/null
@@ -1,223 +0,0 @@
-/*
- * User Manager service API definitions.
- *
- * This file is part of System Informer.
- */
-
-#ifndef _USERMGR_H
-#define _USERMGR_H
-
-// private
-typedef struct _SESSION_USER_CONTEXT
-{
- ULONGLONG ContextToken;
- ULONG SessionId;
- ULONG Reserved;
-} SESSION_USER_CONTEXT, *PSESSION_USER_CONTEXT;
-
-// private
-typedef struct _CRED_PROV_CREDENTIAL
-{
- ULONG Flags;
- ULONG AuthenticationPackage;
- ULONG Size;
- PVOID Information;
-} CRED_PROV_CREDENTIAL, *PCRED_PROV_CREDENTIAL;
-
-#define USERMGRAPI DECLSPEC_IMPORT
-
-// Contexts
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-
-// rev
-USERMGRAPI
-VOID
-WINAPI
-UMgrFreeSessionUsers(
- _In_ _Post_invalid_ PSESSION_USER_CONTEXT SessionUsers
- );
-
-// rev
-USERMGRAPI
-HRESULT
-WINAPI
-UMgrEnumerateSessionUsers(
- _Out_ PULONG Count,
- _Outptr_ PSESSION_USER_CONTEXT *SessionUsers
- );
-
-// rev
-USERMGRAPI
-HRESULT
-WINAPI
-UMgrQueryUserContext(
- _In_ HANDLE TokenHandle,
- _Out_ PULONGLONG ContextToken
- );
-
-// rev
-USERMGRAPI
-HRESULT
-WINAPI
-UMgrQueryUserContextFromSid(
- _In_ PWSTR SidString,
- _Out_ PULONGLONG ContextToken
- );
-
-// rev
-USERMGRAPI
-HRESULT
-WINAPI
-UMgrQueryUserContextFromName(
- _In_ PWSTR UserName,
- _Out_ PULONGLONG ContextToken
- );
-
-#endif
-
-// Tokens
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-
-// rev
-USERMGRAPI
-HRESULT
-WINAPI
-UMgrQueryDefaultAccountToken(
- _Out_ PHANDLE TokenHandle
- );
-
-// rev
-USERMGRAPI
-HRESULT
-WINAPI
-UMgrQuerySessionUserToken(
- _In_ ULONG SessionId,
- _Out_ PHANDLE TokenHandle
- );
-
-// rev
-USERMGRAPI
-HRESULT
-WINAPI
-UMgrQueryUserToken(
- _In_ ULONGLONG Context,
- _Out_ PHANDLE TokenHandle
- );
-
-// rev
-USERMGRAPI
-HRESULT
-WINAPI
-UMgrQueryUserTokenFromSid(
- _In_ PWSTR SidString,
- _Out_ PHANDLE TokenHandle
- );
-
-// rev
-USERMGRAPI
-HRESULT
-WINAPI
-UMgrQueryUserTokenFromName(
- _In_ PWSTR UserName,
- _Out_ PHANDLE TokenHandle
- );
-
-// rev
-USERMGRAPI
-HRESULT
-WINAPI
-UMgrGetConstrainedUserToken(
- _In_opt_ HANDLE InputTokenHandle,
- _In_ ULONGLONG Context,
- _In_opt_ PSECURITY_CAPABILITIES Capabilities,
- _Out_ _Ret_maybenull_ PHANDLE OutputTokenHandle
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD2)
-
-// rev
-USERMGRAPI
-HRESULT
-WINAPI
-UMgrChangeSessionUserToken(
- _In_ HANDLE TokenHandle
- );
-
-// rev
-USERMGRAPI
-HRESULT
-WINAPI
-UMgrGetImpersonationTokenForContext(
- _In_ HANDLE InputTokenHandle,
- _In_ ULONGLONG Context,
- _Out_ PHANDLE OutputTokenHandle
- );
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_REDSTONE)
-
-// rev
-USERMGRAPI
-HRESULT
-WINAPI
-UMgrGetSessionActiveShellUserToken(
- _In_ ULONG SessionId,
- _Out_ PHANDLE TokenHandle
- );
-
-#endif
-
-// Single-session SKU
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-
-// rev
-USERMGRAPI
-HRESULT
-WINAPI
-UMgrOpenProcessTokenForQuery(
- _In_ ULONG ProcessId,
- _Out_ PHANDLE TokenHandle
- );
-
-// rev
-USERMGRAPI
-HRESULT
-WINAPI
-UMgrOpenProcessHandleForAccess(
- _In_ ACCESS_MASK DesiredAccess,
- _In_ ULONG ProcessId,
- _Out_ PHANDLE ProcessHandle
- );
-
-#endif
-
-// Credentials
-
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
-
-// rev
-USERMGRAPI
-HRESULT
-WINAPI
-UMgrFreeUserCredentials(
- _In_ PCRED_PROV_CREDENTIAL Credentials
- );
-
-// rev
-USERMGRAPI
-HRESULT
-WINAPI
-UMgrGetCachedCredentials(
- _In_ PSID Sid,
- _Outptr_ PCRED_PROV_CREDENTIAL *Credentials
- );
-
-#endif
-
-#endif
diff --git a/deps/phnt-nightly/winsta.h b/deps/phnt-nightly/winsta.h
deleted file mode 100644
index 07d39eb..0000000
--- a/deps/phnt-nightly/winsta.h
+++ /dev/null
@@ -1,1168 +0,0 @@
-/*
- * Window Station Support functions
- *
- * This file is part of System Informer.
- */
-
-#ifndef _WINSTA_H
-#define _WINSTA_H
-
-// Specifies the current server.
-#define WINSTATION_CURRENT_SERVER ((HANDLE)NULL)
-#define WINSTATION_CURRENT_SERVER_HANDLE ((HANDLE)NULL)
-#define WINSTATION_CURRENT_SERVER_NAME (NULL)
-
-// Specifies the current session (SessionId)
-#define WINSTATION_CURRENT_SESSION ((ULONG)-1)
-
-// Specifies any-session (SessionId)
-#define WINSTATION_ANY_SESSION ((ULONG)-2)
-
-// Access rights
-
-#define WINSTATION_QUERY 0x00000001 // WinStationQueryInformation
-#define WINSTATION_SET 0x00000002 // WinStationSetInformation
-#define WINSTATION_RESET 0x00000004 // WinStationReset
-#define WINSTATION_VIRTUAL 0x00000008 //read/write direct data
-#define WINSTATION_SHADOW 0x00000010 // WinStationShadow
-#define WINSTATION_LOGON 0x00000020 // logon to WinStation
-#define WINSTATION_LOGOFF 0x00000040 // WinStationLogoff
-#define WINSTATION_MSG 0x00000080 // WinStationMsg
-#define WINSTATION_CONNECT 0x00000100 // WinStationConnect
-#define WINSTATION_DISCONNECT 0x00000200 // WinStationDisconnect
-#define WINSTATION_GUEST_ACCESS WINSTATION_LOGON
-
-#define WINSTATION_CURRENT_GUEST_ACCESS (WINSTATION_VIRTUAL | WINSTATION_LOGOFF)
-#define WINSTATION_USER_ACCESS (WINSTATION_GUEST_ACCESS | WINSTATION_QUERY | WINSTATION_CONNECT)
-#define WINSTATION_CURRENT_USER_ACCESS \
- (WINSTATION_SET | WINSTATION_RESET | WINSTATION_VIRTUAL | \
- WINSTATION_LOGOFF | WINSTATION_DISCONNECT)
-#define WINSTATION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | WINSTATION_QUERY | \
- WINSTATION_SET | WINSTATION_RESET | WINSTATION_VIRTUAL | \
- WINSTATION_SHADOW | WINSTATION_LOGON | WINSTATION_MSG | \
- WINSTATION_CONNECT | WINSTATION_DISCONNECT)
-
-#define WDPREFIX_LENGTH 12
-#define CALLBACK_LENGTH 50
-#define DLLNAME_LENGTH 32
-#define CDNAME_LENGTH 32
-#define WDNAME_LENGTH 32
-#define PDNAME_LENGTH 32
-#define DEVICENAME_LENGTH 128
-#define MODEMNAME_LENGTH DEVICENAME_LENGTH
-#define STACK_ADDRESS_LENGTH 128
-#define MAX_BR_NAME 65
-#define DIRECTORY_LENGTH 256
-#define INITIALPROGRAM_LENGTH 256
-#define USERNAME_LENGTH 20
-#define DOMAIN_LENGTH 17
-#define PASSWORD_LENGTH 14
-#define NASISPECIFICNAME_LENGTH 14
-#define NASIUSERNAME_LENGTH 47
-#define NASIPASSWORD_LENGTH 24
-#define NASISESSIONNAME_LENGTH 16
-#define NASIFILESERVER_LENGTH 47
-
-#define CLIENTDATANAME_LENGTH 7
-#define CLIENTNAME_LENGTH 20
-#define CLIENTADDRESS_LENGTH 30
-#define IMEFILENAME_LENGTH 32
-#define CLIENTLICENSE_LENGTH 32
-#define CLIENTMODEM_LENGTH 40
-#define CLIENT_PRODUCT_ID_LENGTH 32
-#define MAX_COUNTER_EXTENSIONS 2
-#define WINSTATIONNAME_LENGTH 32
-
-#define TERMSRV_TOTAL_SESSIONS 1
-#define TERMSRV_DISC_SESSIONS 2
-#define TERMSRV_RECON_SESSIONS 3
-#define TERMSRV_CURRENT_ACTIVE_SESSIONS 4
-#define TERMSRV_CURRENT_DISC_SESSIONS 5
-#define TERMSRV_PENDING_SESSIONS 6
-#define TERMSRV_SUCC_TOTAL_LOGONS 7
-#define TERMSRV_SUCC_LOCAL_LOGONS 8
-#define TERMSRV_SUCC_REMOTE_LOGONS 9
-#define TERMSRV_SUCC_SESSION0_LOGONS 10
-#define TERMSRV_CURRENT_TERMINATING_SESSIONS 11
-#define TERMSRV_CURRENT_LOGGEDON_SESSIONS 12
-
-typedef RTL_TIME_ZONE_INFORMATION TS_TIME_ZONE_INFORMATION, *PTS_TIME_ZONE_INFORMATION;
-
-typedef WCHAR WINSTATIONNAME[WINSTATIONNAME_LENGTH + 1];
-
-// Variable length data descriptor (not needed)
-typedef struct _VARDATA_WIRE
-{
- USHORT Size;
- USHORT Offset;
-} VARDATA_WIRE, *PVARDATA_WIRE;
-
-typedef enum _WINSTATIONSTATECLASS
-{
- State_Active = 0,
- State_Connected = 1,
- State_ConnectQuery = 2,
- State_Shadow = 3,
- State_Disconnected = 4,
- State_Idle = 5,
- State_Listen = 6,
- State_Reset = 7,
- State_Down = 8,
- State_Init = 9
-} WINSTATIONSTATECLASS;
-
-typedef struct _SESSIONIDW
-{
- union
- {
- ULONG SessionId;
- ULONG LogonId;
- };
- WINSTATIONNAME WinStationName;
- WINSTATIONSTATECLASS State;
-} SESSIONIDW, *PSESSIONIDW;
-
-// private
-typedef enum _WINSTATIONINFOCLASS
-{
- WinStationCreateData, // WINSTATIONCREATE
- WinStationConfiguration, // WINSTACONFIGWIRE + USERCONFIG
- WinStationPdParams, // PDPARAMS
- WinStationWd, // WDCONFIG
- WinStationPd, // PDCONFIG2 + PDPARAMS
- WinStationPrinter, // Not supported.
- WinStationClient, // WINSTATIONCLIENT
- WinStationModules,
- WinStationInformation, // WINSTATIONINFORMATION
- WinStationTrace,
- WinStationBeep,
- WinStationEncryptionOff,
- WinStationEncryptionPerm,
- WinStationNtSecurity, // s; (open secure desktop ctrl+alt+del)
- WinStationUserToken, // WINSTATIONUSERTOKEN
- WinStationUnused1,
- WinStationVideoData, // WINSTATIONVIDEODATA
- WinStationInitialProgram, // s; (set current process as initial program)
- WinStationCd, // CDCONFIG
- WinStationSystemTrace,
- WinStationVirtualData,
- WinStationClientData, // WINSTATIONCLIENTDATA
- WinStationSecureDesktopEnter,
- WinStationSecureDesktopExit,
- WinStationLoadBalanceSessionTarget, // ULONG
- WinStationLoadIndicator, // WINSTATIONLOADINDICATORDATA
- WinStationShadowInfo, // WINSTATIONSHADOW
- WinStationDigProductId, // WINSTATIONPRODID
- WinStationLockedState, // BOOL
- WinStationRemoteAddress, // WINSTATIONREMOTEADDRESS
- WinStationIdleTime, // ULONG
- WinStationLastReconnectType, // ULONG
- WinStationDisallowAutoReconnect, // BOOLEAN
- WinStationMprNotifyInfo,
- WinStationExecSrvSystemPipe, // WCHAR[48]
- WinStationSmartCardAutoLogon, // BOOLEAN
- WinStationIsAdminLoggedOn, // BOOLEAN
- WinStationReconnectedFromId, // ULONG
- WinStationEffectsPolicy, // ULONG
- WinStationType, // ULONG
- WinStationInformationEx, // WINSTATIONINFORMATIONEX
- WinStationValidationInfo
-} WINSTATIONINFOCLASS;
-
-// Retrieves general information on the type of terminal server session (protocol) to which the session belongs.
-typedef struct _WINSTATIONCREATE
-{
- ULONG fEnableWinStation : 1;
- ULONG MaxInstanceCount;
-} WINSTATIONCREATE, *PWINSTATIONCREATE;
-
-typedef struct _WINSTACONFIGWIRE
-{
- WCHAR Comment[61]; // The WinStation descriptive comment.
- CHAR OEMId[4]; // Value identifying the OEM implementor of the TermService Listener to which this session (WinStation) belongs. This can be any value defined by the implementer (OEM) of the listener.
- VARDATA_WIRE UserConfig; // VARDATA_WIRE structure defining the size and offset of the variable-length user configuration data succeeding it.
- VARDATA_WIRE NewFields; // VARDATA_WIRE structure defining the size and offset of the variable-length new data succeeding it. This field is not used and is a placeholder for any new data, if and when added.
-} WINSTACONFIGWIRE, *PWINSTACONFIGWIRE;
-
-typedef enum _CALLBACKCLASS
-{
- Callback_Disable,
- Callback_Roving,
- Callback_Fixed
-} CALLBACKCLASS;
-
-// The SHADOWCLASS enumeration is used to indicate the shadow-related settings for a session running on a terminal server.
-typedef enum _SHADOWCLASS
-{
- Shadow_Disable, // Shadowing is disabled.
- Shadow_EnableInputNotify, // Permission is asked first from the session being shadowed. The shadower is also permitted keyboard and mouse input.
- Shadow_EnableInputNoNotify, // Permission is not asked first from the session being shadowed. The shadower is also permitted keyboard and mouse input.
- Shadow_EnableNoInputNotify, // Permission is asked first from the session being shadowed. The shadower is not permitted keyboard and mouse input and MUST observe the shadowed session.
- Shadow_EnableNoInputNoNotify // Permission is not asked first from the session being shadowed. The shadower is not permitted keyboard and mouse input and MUST observe the shadowed session.
-} SHADOWCLASS;
-
-// For a specific terminal server session, the USERCONFIG structure indicates the user and session configuration.
-// https://msdn.microsoft.com/en-us/library/cc248610.aspx
-typedef struct _USERCONFIG
-{
- ULONG fInheritAutoLogon : 1;
- ULONG fInheritResetBroken : 1;
- ULONG fInheritReconnectSame : 1;
- ULONG fInheritInitialProgram : 1;
- ULONG fInheritCallback : 1;
- ULONG fInheritCallbackNumber : 1;
- ULONG fInheritShadow : 1;
- ULONG fInheritMaxSessionTime : 1;
- ULONG fInheritMaxDisconnectionTime : 1;
- ULONG fInheritMaxIdleTime : 1;
- ULONG fInheritAutoClient : 1;
- ULONG fInheritSecurity : 1;
- ULONG fPromptForPassword : 1;
- ULONG fResetBroken : 1;
- ULONG fReconnectSame : 1;
- ULONG fLogonDisabled : 1;
- ULONG fWallPaperDisabled : 1;
- ULONG fAutoClientDrives : 1;
- ULONG fAutoClientLpts : 1;
- ULONG fForceClientLptDef : 1;
- ULONG fRequireEncryption : 1;
- ULONG fDisableEncryption : 1;
- ULONG fUnused1 : 1;
- ULONG fHomeDirectoryMapRoot : 1;
- ULONG fUseDefaultGina : 1;
- ULONG fCursorBlinkDisabled : 1;
- ULONG fPublishedApp : 1;
- ULONG fHideTitleBar : 1;
- ULONG fMaximize : 1;
- ULONG fDisableCpm : 1;
- ULONG fDisableCdm : 1;
- ULONG fDisableCcm : 1;
- ULONG fDisableLPT : 1;
- ULONG fDisableClip : 1;
- ULONG fDisableExe : 1;
- ULONG fDisableCam : 1;
- ULONG fDisableAutoReconnect : 1;
- ULONG ColorDepth : 3;
- ULONG fInheritColorDepth : 1;
- ULONG fErrorInvalidProfile : 1;
- ULONG fPasswordIsScPin : 1;
- ULONG fDisablePNPRedir : 1;
- WCHAR UserName[USERNAME_LENGTH + 1];
- WCHAR Domain[DOMAIN_LENGTH + 1];
- WCHAR Password[PASSWORD_LENGTH + 1];
- WCHAR WorkDirectory[DIRECTORY_LENGTH + 1];
- WCHAR InitialProgram[INITIALPROGRAM_LENGTH + 1];
- WCHAR CallbackNumber[CALLBACK_LENGTH + 1];
- CALLBACKCLASS Callback;
- SHADOWCLASS Shadow;
- ULONG MaxConnectionTime;
- ULONG MaxDisconnectionTime;
- ULONG MaxIdleTime;
- ULONG KeyboardLayout;
- BYTE MinEncryptionLevel;
- WCHAR NWLogonServer[NASIFILESERVER_LENGTH + 1];
- WCHAR PublishedName[MAX_BR_NAME];
- WCHAR WFProfilePath[DIRECTORY_LENGTH + 1];
- WCHAR WFHomeDir[DIRECTORY_LENGTH + 1];
- WCHAR WFHomeDirDrive[4];
-} USERCONFIG, *PUSERCONFIG;
-
-typedef enum _SDCLASS
-{
- SdNone = 0,
- SdConsole,
- SdNetwork,
- SdAsync,
- SdOemTransport
-} SDCLASS;
-
-typedef WCHAR DEVICENAME[DEVICENAME_LENGTH + 1];
-typedef WCHAR MODEMNAME[MODEMNAME_LENGTH + 1];
-typedef WCHAR NASISPECIFICNAME[NASISPECIFICNAME_LENGTH + 1];
-typedef WCHAR NASIUSERNAME[NASIUSERNAME_LENGTH + 1];
-typedef WCHAR NASIPASSWORD[NASIPASSWORD_LENGTH + 1];
-typedef WCHAR NASISESIONNAME[NASISESSIONNAME_LENGTH + 1];
-typedef WCHAR NASIFILESERVER[NASIFILESERVER_LENGTH + 1];
-typedef WCHAR WDNAME[WDNAME_LENGTH + 1];
-typedef WCHAR WDPREFIX[WDPREFIX_LENGTH + 1];
-typedef WCHAR CDNAME[CDNAME_LENGTH + 1];
-typedef WCHAR DLLNAME[DLLNAME_LENGTH + 1];
-typedef WCHAR PDNAME[PDNAME_LENGTH + 1];
-
-typedef struct _NETWORKCONFIG
-{
- LONG LanAdapter;
- DEVICENAME NetworkName;
- ULONG Flags;
-} NETWORKCONFIG, *PNETWORKCONFIG;
-
-typedef enum _FLOWCONTROLCLASS
-{
- FlowControl_None,
- FlowControl_Hardware,
- FlowControl_Software
-} FLOWCONTROLCLASS;
-
-typedef enum _RECEIVEFLOWCONTROLCLASS
-{
- ReceiveFlowControl_None,
- ReceiveFlowControl_RTS,
- ReceiveFlowControl_DTR,
-} RECEIVEFLOWCONTROLCLASS;
-
-typedef enum _TRANSMITFLOWCONTROLCLASS
-{
- TransmitFlowControl_None,
- TransmitFlowControl_CTS,
- TransmitFlowControl_DSR,
-} TRANSMITFLOWCONTROLCLASS;
-
-typedef enum _ASYNCCONNECTCLASS
-{
- Connect_CTS,
- Connect_DSR,
- Connect_RI,
- Connect_DCD,
- Connect_FirstChar,
- Connect_Perm,
-} ASYNCCONNECTCLASS;
-
-typedef struct _FLOWCONTROLCONFIG
-{
- ULONG fEnableSoftwareTx : 1;
- ULONG fEnableSoftwareRx : 1;
- ULONG fEnableDTR : 1;
- ULONG fEnableRTS : 1;
- CHAR XonChar;
- CHAR XoffChar;
- FLOWCONTROLCLASS Type;
- RECEIVEFLOWCONTROLCLASS HardwareReceive;
- TRANSMITFLOWCONTROLCLASS HardwareTransmit;
-} FLOWCONTROLCONFIG, *PFLOWCONTROLCONFIG;
-
-typedef struct _CONNECTCONFIG
-{
- ASYNCCONNECTCLASS Type;
- ULONG fEnableBreakDisconnect : 1;
-} CONNECTCONFIG, *PCONNECTCONFIG;
-
-typedef struct _ASYNCCONFIG
-{
- DEVICENAME DeviceName;
- MODEMNAME ModemName;
- ULONG BaudRate;
- ULONG Parity;
- ULONG StopBits;
- ULONG ByteSize;
- ULONG fEnableDsrSensitivity : 1;
- ULONG fConnectionDriver : 1;
- FLOWCONTROLCONFIG FlowControl;
- CONNECTCONFIG Connect;
-} ASYNCCONFIG, *PASYNCCONFIG;
-
-typedef struct _NASICONFIG
-{
- NASISPECIFICNAME SpecificName;
- NASIUSERNAME UserName;
- NASIPASSWORD PassWord;
- NASISESIONNAME SessionName;
- NASIFILESERVER FileServer;
- BOOLEAN GlobalSession;
-} NASICONFIG, *PNASICONFIG;
-
-typedef struct _OEMTDCONFIG
-{
- LONG Adapter;
- DEVICENAME DeviceName;
- ULONG Flags;
-} OEMTDCONFIG, *POEMTDCONFIG;
-
-// Retrieves transport protocol driver parameters.
-typedef struct _PDPARAMS
-{
- SDCLASS SdClass; // Stack driver class. Indicates which one of the union's structures is valid.
- union
- {
- NETWORKCONFIG Network; // Configuration of network drivers. Used if SdClass is SdNetwork.
- ASYNCCONFIG Async; // Configuration of async (modem) driver. Used if SdClass is SdAsync.
- NASICONFIG Nasi; // Reserved.
- OEMTDCONFIG OemTd; // Configuration of OEM transport driver. Used if SdClass is SdOemTransport.
- };
-} PDPARAMS, *PPDPARAMS;
-
-// The WinStation (session) driver configuration.
-typedef struct _WDCONFIG
-{
- WDNAME WdName; // The descriptive name of the WinStation driver.
- DLLNAME WdDLL; // The driver's image name.
- DLLNAME WsxDLL; // Used by the Terminal Services service to communicate with the WinStation driver.
- ULONG WdFlag; // Driver flags.
- ULONG WdInputBufferLength; // Length, in bytes, of the input buffer used by the driver. Defaults to 2048.
- DLLNAME CfgDLL; // Configuration DLL used by Terminal Services administrative tools for configuring the driver.
- WDPREFIX WdPrefix; // Used as the prefix of the WinStation name generated for the connected sessions with this WinStation driver.
-} WDCONFIG, *PWDCONFIG;
-
-// The protocol driver's software configuration.
-typedef struct _PDCONFIG2
-{
- PDNAME PdName;
- SDCLASS SdClass;
- DLLNAME PdDLL;
- ULONG PdFlag;
- ULONG OutBufLength;
- ULONG OutBufCount;
- ULONG OutBufDelay;
- ULONG InteractiveDelay;
- ULONG PortNumber;
- ULONG KeepAliveTimeout;
-} PDCONFIG2, *PPDCONFIG2;
-
-// WinStationClient
-typedef struct _WINSTATIONCLIENT
-{
- ULONG fTextOnly : 1;
- ULONG fDisableCtrlAltDel : 1;
- ULONG fMouse : 1;
- ULONG fDoubleClickDetect : 1;
- ULONG fINetClient : 1;
- ULONG fPromptForPassword : 1;
- ULONG fMaximizeShell : 1;
- ULONG fEnableWindowsKey : 1;
- ULONG fRemoteConsoleAudio : 1;
- ULONG fPasswordIsScPin : 1;
- ULONG fNoAudioPlayback : 1;
- ULONG fUsingSavedCreds : 1;
- WCHAR ClientName[CLIENTNAME_LENGTH + 1];
- WCHAR Domain[DOMAIN_LENGTH + 1];
- WCHAR UserName[USERNAME_LENGTH + 1];
- WCHAR Password[PASSWORD_LENGTH + 1];
- WCHAR WorkDirectory[DIRECTORY_LENGTH + 1];
- WCHAR InitialProgram[INITIALPROGRAM_LENGTH + 1];
- ULONG SerialNumber;
- BYTE EncryptionLevel;
- ULONG ClientAddressFamily;
- WCHAR ClientAddress[CLIENTADDRESS_LENGTH + 1];
- USHORT HRes;
- USHORT VRes;
- USHORT ColorDepth;
- USHORT ProtocolType;
- ULONG KeyboardLayout;
- ULONG KeyboardType;
- ULONG KeyboardSubType;
- ULONG KeyboardFunctionKey;
- WCHAR ImeFileName[IMEFILENAME_LENGTH + 1];
- WCHAR ClientDirectory[DIRECTORY_LENGTH + 1];
- WCHAR ClientLicense[CLIENTLICENSE_LENGTH + 1];
- WCHAR ClientModem[CLIENTMODEM_LENGTH + 1];
- ULONG ClientBuildNumber;
- ULONG ClientHardwareId;
- USHORT ClientProductId;
- USHORT OutBufCountHost;
- USHORT OutBufCountClient;
- USHORT OutBufLength;
- WCHAR AudioDriverName[9];
- TS_TIME_ZONE_INFORMATION ClientTimeZone;
- ULONG ClientSessionId;
- WCHAR ClientDigProductId[CLIENT_PRODUCT_ID_LENGTH];
- ULONG PerformanceFlags;
- ULONG ActiveInputLocale;
-} WINSTATIONCLIENT, *PWINSTATIONCLIENT;
-
-typedef struct _TSHARE_COUNTERS
-{
- ULONG Reserved;
-} TSHARE_COUNTERS, *PTSHARE_COUNTERS;
-
-typedef struct _PROTOCOLCOUNTERS
-{
- ULONG WdBytes;
- ULONG WdFrames;
- ULONG WaitForOutBuf;
- ULONG Frames;
- ULONG Bytes;
- ULONG CompressedBytes;
- ULONG CompressFlushes;
- ULONG Errors;
- ULONG Timeouts;
- ULONG AsyncFramingError;
- ULONG AsyncOverrunError;
- ULONG AsyncOverflowError;
- ULONG AsyncParityError;
- ULONG TdErrors;
- USHORT ProtocolType;
- USHORT Length;
- union
- {
- TSHARE_COUNTERS TShareCounters;
- ULONG Reserved[100];
- } Specific;
-} PROTOCOLCOUNTERS, *PPROTOCOLCOUNTERS;
-
-typedef struct _THINWIRECACHE
-{
- ULONG CacheReads;
- ULONG CacheHits;
-} THINWIRECACHE, *PTHINWIRECACHE;
-
-#define MAX_THINWIRECACHE 4
-
-typedef struct _RESERVED_CACHE
-{
- THINWIRECACHE ThinWireCache[MAX_THINWIRECACHE];
-} RESERVED_CACHE, *PRESERVED_CACHE;
-
-typedef struct _TSHARE_CACHE
-{
- ULONG Reserved;
-} TSHARE_CACHE, *PTSHARE_CACHE;
-
-typedef struct CACHE_STATISTICS
-{
- USHORT ProtocolType;
- USHORT Length;
- union
- {
- RESERVED_CACHE ReservedCacheStats;
- TSHARE_CACHE TShareCacheStats;
- ULONG Reserved[20];
- } Specific;
-} CACHE_STATISTICS, *PCACHE_STATISTICS;
-
-typedef struct _PROTOCOLSTATUS
-{
- PROTOCOLCOUNTERS Output;
- PROTOCOLCOUNTERS Input;
- CACHE_STATISTICS Cache;
- ULONG AsyncSignal;
- ULONG AsyncSignalMask;
-} PROTOCOLSTATUS, *PPROTOCOLSTATUS;
-
-// Retrieves information on the session.
-typedef struct _WINSTATIONINFORMATION
-{
- WINSTATIONSTATECLASS ConnectState;
- WINSTATIONNAME WinStationName;
- ULONG LogonId;
- LARGE_INTEGER ConnectTime;
- LARGE_INTEGER DisconnectTime;
- LARGE_INTEGER LastInputTime;
- LARGE_INTEGER LogonTime;
- PROTOCOLSTATUS Status;
- WCHAR Domain[DOMAIN_LENGTH + 1];
- WCHAR UserName[USERNAME_LENGTH + 1];
- LARGE_INTEGER CurrentTime;
-} WINSTATIONINFORMATION, *PWINSTATIONINFORMATION;
-
-// Retrieves the user's token in the session. Caller requires WINSTATION_ALL_ACCESS permission.
-typedef struct _WINSTATIONUSERTOKEN
-{
- HANDLE ProcessId;
- HANDLE ThreadId;
- HANDLE UserToken;
-} WINSTATIONUSERTOKEN, *PWINSTATIONUSERTOKEN;
-
-// Retrieves resolution and color depth of the session.
-typedef struct _WINSTATIONVIDEODATA
-{
- USHORT HResolution;
- USHORT VResolution;
- USHORT fColorDepth;
-} WINSTATIONVIDEODATA, *PWINSTATIONVIDEODATA;
-
-typedef enum _CDCLASS
-{
- CdNone, // No connection driver.
- CdModem, // Connection driver is a modem.
- CdClass_Maximum,
-} CDCLASS;
-
-// Connection driver configuration. It is used for connecting via modem to a server.
-typedef struct _CDCONFIG
-{
- CDCLASS CdClass; // Connection driver type.
- CDNAME CdName; // Connection driver descriptive name.
- DLLNAME CdDLL; // Connection driver image name.
- ULONG CdFlag; // Connection driver flags. Connection driver specific.
-} CDCONFIG, *PCDCONFIG;
-
-// The name has the following form:
-// name syntax : xxxyyyy
-typedef CHAR CLIENTDATANAME[CLIENTDATANAME_LENGTH + 1];
-typedef CHAR* PCLIENTDATANAME;
-
-typedef struct _WINSTATIONCLIENTDATA
-{
- CLIENTDATANAME DataName; // Identifies the type of data sent in this WINSTATIONCLIENTDATA structure. The definition is dependent on the caller and on the client receiving it. This MUST be a data name following a format similar to that of the CLIENTDATANAME data type.
- BOOLEAN fUnicodeData; // TRUE indicates data is in Unicode format; FALSE otherwise.
-} WINSTATIONCLIENTDATA, *PWINSTATIONCLIENTDATA;
-
-typedef enum _LOADFACTORTYPE
-{
- ErrorConstraint, // An error occurred while obtaining constraint data.
- PagedPoolConstraint, // The amount of paged pool is the constraint.
- NonPagedPoolConstraint, // The amount of non-paged pool is the constraint.
- AvailablePagesConstraint, // The amount of available pages is the constraint.
- SystemPtesConstraint, // The number of system page table entries (PTEs) is the constraint.
- CPUConstraint // CPU usage is the constraint.
-} LOADFACTORTYPE;
-
-// The WINSTATIONLOADINDICATORDATA structure defines data used for the load balancing of a server.
-typedef struct _WINSTATIONLOADINDICATORDATA
-{
- ULONG RemainingSessionCapacity; // The estimated number of additional sessions that can be supported given the CPU constraint.
- LOADFACTORTYPE LoadFactor; // Indicates the most constrained current resource.
- ULONG TotalSessions; // The total number of sessions.
- ULONG DisconnectedSessions; // The number of disconnected sessions.
- LARGE_INTEGER IdleCPU; // This is always set to 0.
- LARGE_INTEGER TotalCPU; // This is always set to 0.
- ULONG RawSessionCapacity; // The raw number of sessions capacity.
- ULONG reserved[9]; // Reserved.
-} WINSTATIONLOADINDICATORDATA, *PWINSTATIONLOADINDICATORDATA;
-
-typedef enum _SHADOWSTATECLASS
-{
- State_NoShadow, // No shadow operations are currently being performed on this session.
- State_Shadowing, // The session is shadowing a different session. The current session is referred to as a shadow client.
- State_Shadowed // The session is being shadowed by a different session. The current session is referred to as a shadow target.
-} SHADOWSTATECLASS;
-
-#define PROTOCOL_CONSOLE 0
-#define PROTOCOL_OTHERS 1
-#define PROTOCOL_RDP 2
-
-// Retrieves the current shadow state of a session.
-typedef struct _WINSTATIONSHADOW
-{
- SHADOWSTATECLASS ShadowState; // Specifies the current state of shadowing.
- SHADOWCLASS ShadowClass; // Specifies the type of shadowing.
- ULONG SessionId; // Specifies the session ID of the session.
- ULONG ProtocolType; // Specifies the type of protocol on the session. Can be one of PROTOCOL_* values.
-} WINSTATIONSHADOW, *PWINSTATIONSHADOW;
-
-// Retrieves the client product ID and current product ID of the session.
-typedef struct _WINSTATIONPRODID
-{
- WCHAR DigProductId[CLIENT_PRODUCT_ID_LENGTH];
- WCHAR ClientDigProductId[CLIENT_PRODUCT_ID_LENGTH];
- WCHAR OuterMostDigProductId[CLIENT_PRODUCT_ID_LENGTH];
- ULONG CurrentSessionId;
- ULONG ClientSessionId;
- ULONG OuterMostSessionId;
-} WINSTATIONPRODID, *PWINSTATIONPRODID;
-
-// Retrieves the remote IP address of the terminal server client in the session.
-typedef struct _WINSTATIONREMOTEADDRESS
-{
- USHORT sin_family;
- union
- {
- struct
- {
- USHORT sin_port;
- ULONG sin_addr;
- UCHAR sin_zero[8];
- } ipv4;
- struct
- {
- USHORT sin6_port;
- ULONG sin6_flowinfo;
- USHORT sin6_addr[8];
- ULONG sin6_scope_id;
- } ipv6;
- };
-} WINSTATIONREMOTEADDRESS, *PWINSTATIONREMOTEADDRESS;
-
-// WinStationInformationEx
-
-// private
-typedef struct _WINSTATIONINFORMATIONEX_LEVEL1
-{
- ULONG SessionId;
- WINSTATIONSTATECLASS SessionState;
- LONG SessionFlags;
- WINSTATIONNAME WinStationName;
- WCHAR UserName[USERNAME_LENGTH + 1];
- WCHAR DomainName[DOMAIN_LENGTH + 1];
- LARGE_INTEGER LogonTime;
- LARGE_INTEGER ConnectTime;
- LARGE_INTEGER DisconnectTime;
- LARGE_INTEGER LastInputTime;
- LARGE_INTEGER CurrentTime;
- PROTOCOLSTATUS ProtocolStatus;
-} WINSTATIONINFORMATIONEX_LEVEL1, *PWINSTATIONINFORMATIONEX_LEVEL1;
-
-// private
-typedef struct _WINSTATIONINFORMATIONEX_LEVEL2
-{
- ULONG SessionId;
- WINSTATIONSTATECLASS SessionState;
- LONG SessionFlags;
- WINSTATIONNAME WinStationName;
- WCHAR SamCompatibleUserName[USERNAME_LENGTH + 1];
- WCHAR SamCompatibleDomainName[DOMAIN_LENGTH + 1];
- LARGE_INTEGER LogonTime;
- LARGE_INTEGER ConnectTime;
- LARGE_INTEGER DisconnectTime;
- LARGE_INTEGER LastInputTime;
- LARGE_INTEGER CurrentTime;
- PROTOCOLSTATUS ProtocolStatus;
- WCHAR UserName[257];
- WCHAR DomainName[256];
-} WINSTATIONINFORMATIONEX_LEVEL2, *PWINSTATIONINFORMATIONEX_LEVEL2;
-
-// private
-typedef union _WINSTATIONINFORMATIONEX_LEVEL
-{
- WINSTATIONINFORMATIONEX_LEVEL1 WinStationInfoExLevel1;
- WINSTATIONINFORMATIONEX_LEVEL2 WinStationInfoExLevel2;
-} WINSTATIONINFORMATIONEX_LEVEL, *PWINSTATIONINFORMATIONEX_LEVEL;
-
-// private
-typedef struct _WINSTATIONINFORMATIONEX
-{
- ULONG Level;
- WINSTATIONINFORMATIONEX_LEVEL Data;
-} WINSTATIONINFORMATIONEX, *PWINSTATIONINFORMATIONEX;
-
-#define TS_PROCESS_INFO_MAGIC_NT4 0x23495452
-
-typedef struct _TS_PROCESS_INFORMATION_NT4
-{
- ULONG MagicNumber;
- ULONG LogonId;
- PVOID ProcessSid;
- ULONG Pad;
-} TS_PROCESS_INFORMATION_NT4, *PTS_PROCESS_INFORMATION_NT4;
-
-#define SIZEOF_TS4_SYSTEM_THREAD_INFORMATION 64
-#define SIZEOF_TS4_SYSTEM_PROCESS_INFORMATION 136
-
-typedef struct _TS_SYS_PROCESS_INFORMATION
-{
- ULONG NextEntryOffset;
- ULONG NumberOfThreads;
- LARGE_INTEGER SpareLi1;
- LARGE_INTEGER SpareLi2;
- LARGE_INTEGER SpareLi3;
- LARGE_INTEGER CreateTime;
- LARGE_INTEGER UserTime;
- LARGE_INTEGER KernelTime;
- UNICODE_STRING ImageName;
- KPRIORITY BasePriority;
- ULONG UniqueProcessId;
- ULONG InheritedFromUniqueProcessId;
- ULONG HandleCount;
- ULONG SessionId;
- ULONG SpareUl3;
- SIZE_T PeakVirtualSize;
- SIZE_T VirtualSize;
- ULONG PageFaultCount;
- ULONG PeakWorkingSetSize;
- ULONG WorkingSetSize;
- SIZE_T QuotaPeakPagedPoolUsage;
- SIZE_T QuotaPagedPoolUsage;
- SIZE_T QuotaPeakNonPagedPoolUsage;
- SIZE_T QuotaNonPagedPoolUsage;
- SIZE_T PagefileUsage;
- SIZE_T PeakPagefileUsage;
- SIZE_T PrivatePageCount;
-} TS_SYS_PROCESS_INFORMATION, *PTS_SYS_PROCESS_INFORMATION;
-
-typedef struct _TS_ALL_PROCESSES_INFO
-{
- PTS_SYS_PROCESS_INFORMATION pTsProcessInfo;
- ULONG SizeOfSid;
- PSID pSid;
-} TS_ALL_PROCESSES_INFO, *PTS_ALL_PROCESSES_INFO;
-
-typedef struct _TS_COUNTER_HEADER
-{
- DWORD dwCounterID;
- BOOLEAN bResult;
-} TS_COUNTER_HEADER, *PTS_COUNTER_HEADER;
-
-typedef struct _TS_COUNTER
-{
- TS_COUNTER_HEADER CounterHead;
- DWORD dwValue;
- LARGE_INTEGER StartTime;
-} TS_COUNTER, *PTS_COUNTER;
-
-// Flags for WinStationShutdownSystem
-#define WSD_LOGOFF 0x1
-#define WSD_SHUTDOWN 0x2
-#define WSD_REBOOT 0x4
-#define WSD_POWEROFF 0x8
-
-// Flags for WinStationWaitSystemEvent
-#define WEVENT_NONE 0x0
-#define WEVENT_CREATE 0x1
-#define WEVENT_DELETE 0x2
-#define WEVENT_RENAME 0x4
-#define WEVENT_CONNECT 0x8
-#define WEVENT_DISCONNECT 0x10
-#define WEVENT_LOGON 0x20
-#define WEVENT_LOGOFF 0x40
-#define WEVENT_STATECHANGE 0x80
-#define WEVENT_LICENSE 0x100
-#define WEVENT_ALL 0x7fffffff
-#define WEVENT_FLUSH 0x80000000
-
-// Hotkey modifiers for WinStationShadow
-#define KBDSHIFT 0x1
-#define KBDCTRL 0x2
-#define KBDALT 0x4
-
-// begin_rev
-// Flags for WinStationRegisterConsoleNotification
-#define WNOTIFY_ALL_SESSIONS 0x1
-// end_rev
-
-// In the functions below, memory returned can be freed using LocalFree. NULL can be specified for
-// server handles to indicate the local server. -1 can be specified for session IDs to indicate the
-// current session ID.
-
-#define LOGONID_CURRENT (-1)
-#define SERVERNAME_CURRENT ((PWSTR)NULL)
-
-// rev
-NTSYSAPI
-BOOLEAN
-WINAPI
-WinStationFreeMemory(
- _In_ PVOID Buffer
- );
-
-// rev
-HANDLE
-WINAPI
-WinStationOpenServerW(
- _In_opt_ PWSTR ServerName
- );
-
-// rev
-NTSYSAPI
-BOOLEAN
-WINAPI
-WinStationCloseServer(
- _In_ HANDLE ServerHandle
- );
-
-// rev
-NTSYSAPI
-BOOLEAN
-WINAPI
-WinStationServerPing(
- _In_opt_ HANDLE ServerHandle
- );
-
-// rev
-NTSYSAPI
-BOOLEAN
-WINAPI
-WinStationGetTermSrvCountersValue(
- _In_opt_ HANDLE ServerHandle,
- _In_ ULONG Count,
- _Inout_ PTS_COUNTER Counters // set counter IDs before calling
- );
-
-NTSYSAPI
-BOOLEAN
-WINAPI
-WinStationShutdownSystem(
- _In_opt_ HANDLE ServerHandle,
- _In_ ULONG ShutdownFlags // WSD_*
- );
-
-// rev
-NTSYSAPI
-BOOLEAN
-WINAPI
-WinStationWaitSystemEvent(
- _In_opt_ HANDLE ServerHandle,
- _In_ ULONG EventMask, // WEVENT_*
- _Out_ PULONG EventFlags
- );
-
-// rev
-NTSYSAPI
-BOOLEAN
-WINAPI
-WinStationRegisterConsoleNotification(
- _In_opt_ HANDLE ServerHandle,
- _In_ HWND WindowHandle,
- _In_ ULONG Flags
- );
-
-// rev
-NTSYSAPI
-BOOLEAN
-WINAPI
-WinStationUnRegisterConsoleNotification(
- _In_opt_ HANDLE ServerHandle,
- _In_ HWND WindowHandle
- );
-
-// Sessions
-
-// rev
-BOOLEAN
-WINAPI
-WinStationEnumerateW(
- _In_opt_ HANDLE ServerHandle,
- _Out_ PSESSIONIDW *SessionIds,
- _Out_ PULONG Count
- );
-
-NTSYSAPI
-BOOLEAN
-WINAPI
-WinStationQueryInformationW(
- _In_opt_ HANDLE ServerHandle,
- _In_ ULONG SessionId,
- _In_ WINSTATIONINFOCLASS WinStationInformationClass,
- _Out_writes_bytes_(WinStationInformationLength) PVOID pWinStationInformation,
- _In_ ULONG WinStationInformationLength,
- _Out_ PULONG pReturnLength
- );
-
-// rev
-NTSYSAPI
-BOOLEAN
-WINAPI
-WinStationSetInformationW(
- _In_opt_ HANDLE ServerHandle,
- _In_ ULONG SessionId,
- _In_ WINSTATIONINFOCLASS WinStationInformationClass,
- _In_reads_bytes_(WinStationInformationLength) PVOID pWinStationInformation,
- _In_ ULONG WinStationInformationLength
- );
-
-NTSYSAPI
-BOOLEAN
-WINAPI
-WinStationNameFromLogonIdW(
- _In_opt_ HANDLE ServerHandle,
- _In_ ULONG SessionId,
- _Out_writes_(WINSTATIONNAME_LENGTH + 1) PWSTR pWinStationName
- );
-
-// rev
-NTSYSAPI
-BOOLEAN
-WINAPI
-LogonIdFromWinStationNameW(
- _In_opt_ HANDLE ServerHandle,
- _In_ PWSTR pWinStationName,
- _Out_ PULONG SessionId
- );
-
-// rev
-NTSYSAPI
-BOOLEAN
-WINAPI
-WinStationSendMessageW(
- _In_opt_ HANDLE ServerHandle,
- _In_ ULONG SessionId,
- _In_ PWSTR Title,
- _In_ ULONG TitleLength,
- _In_ PWSTR Message,
- _In_ ULONG MessageLength,
- _In_ ULONG Style,
- _In_ ULONG Timeout,
- _Out_ PULONG Response,
- _In_ BOOLEAN DoNotWait
- );
-
-NTSYSAPI
-BOOLEAN
-WINAPI
-WinStationConnectW(
- _In_opt_ HANDLE ServerHandle,
- _In_ ULONG SessionId,
- _In_ ULONG TargetSessionId,
- _In_opt_ PWSTR pPassword,
- _In_ BOOLEAN bWait
- );
-
-NTSYSAPI
-BOOLEAN
-WINAPI
-WinStationDisconnect(
- _In_opt_ HANDLE ServerHandle,
- _In_ ULONG SessionId,
- _In_ BOOLEAN bWait
- );
-
-// rev
-NTSYSAPI
-BOOLEAN
-WINAPI
-WinStationReset(
- _In_opt_ HANDLE ServerHandle,
- _In_ ULONG SessionId,
- _In_ BOOLEAN bWait
- );
-
-// rev
-NTSYSAPI
-BOOLEAN
-WINAPI
-WinStationShadow(
- _In_opt_ HANDLE ServerHandle,
- _In_ PWSTR TargetServerName,
- _In_ ULONG TargetSessionId,
- _In_ UCHAR HotKeyVk,
- _In_ USHORT HotkeyModifiers // KBD*
- );
-
-// rev
-NTSYSAPI
-BOOLEAN
-WINAPI
-WinStationShadowStop(
- _In_opt_ HANDLE ServerHandle,
- _In_ ULONG SessionId,
- _In_ BOOLEAN bWait // ignored
- );
-
-// Processes
-
-// rev
-NTSYSAPI
-BOOLEAN
-WINAPI
-WinStationEnumerateProcesses(
- _In_opt_ HANDLE ServerHandle,
- _Out_ PVOID *Processes
- );
-
-// rev
-NTSYSAPI
-BOOLEAN
-WINAPI
-WinStationGetAllProcesses(
- _In_opt_ HANDLE ServerHandle,
- _In_ ULONG Level,
- _Out_ PULONG NumberOfProcesses,
- _Out_ PTS_ALL_PROCESSES_INFO *Processes
- );
-
-// rev
-NTSYSAPI
-BOOLEAN
-WINAPI
-WinStationFreeGAPMemory(
- _In_ ULONG Level,
- _In_ PTS_ALL_PROCESSES_INFO Processes,
- _In_ ULONG NumberOfProcesses
- );
-
-// rev
-NTSYSAPI
-BOOLEAN
-WINAPI
-WinStationTerminateProcess(
- _In_opt_ HANDLE ServerHandle,
- _In_ ULONG ProcessId,
- _In_ ULONG ExitCode
- );
-
-NTSYSAPI
-BOOLEAN
-WINAPI
-WinStationGetProcessSid(
- _In_opt_ HANDLE ServerHandle,
- _In_ ULONG ProcessId,
- _In_ FILETIME ProcessStartTime,
- _Out_ PVOID pProcessUserSid,
- _Inout_ PULONG dwSidSize
- );
-
-// Services isolation
-
-#if (PHNT_VERSION >= PHNT_VISTA)
-
-// rev
-NTSYSAPI
-BOOLEAN
-WINAPI
-WinStationSwitchToServicesSession(
- VOID
- );
-
-// rev
-NTSYSAPI
-BOOLEAN
-WINAPI
-WinStationRevertFromServicesSession(
- VOID
- );
-
-#endif
-
-// Misc.
-NTSYSAPI
-BOOLEAN
-WINAPI
-_WinStationWaitForConnect(
- VOID
- );
-
-// rev
-NTSYSAPI
-HANDLE
-NTAPI
-WinStationVirtualOpen(
- _In_opt_ HANDLE ServerHandle,
- _In_ ULONG SessionId,
- _In_ PCSTR Name
- );
-
-// rev
-NTSYSAPI
-HANDLE
-NTAPI
-WinStationVirtualOpenEx(
- _In_opt_ HANDLE ServerHandle,
- _In_ ULONG SessionId,
- _In_ PCSTR Name,
- _In_ ULONG Flags
- );
-
-// rev
-NTSYSAPI
-BOOLEAN
-NTAPI
-WinStationIsCurrentSessionRemoteable(
- _Out_ PBOOLEAN IsRemoteable
- );
-
-EXTERN_C DECLSPEC_SELECTANY CONST GUID PROPERTY_TYPE_GET_MONITOR_CONFIG = { 0x865D5285, 0xF70A, 0x4ECF, { 0x8B, 0x28, 0x51, 0x2F, 0xE0, 0xAA, 0x2D, 0x53 } };
-EXTERN_C DECLSPEC_SELECTANY CONST GUID PROPERTY_TYPE_CORRELATIONID_GUID = { 0x9A363F8E, 0x1902, 0x40DA, { 0xA2, 0xCC, 0x56, 0x4F, 0x09, 0x40, 0xAD, 0xE3 } };
-
-typedef struct _TS_PROPERTY_INFORMATION
-{
- ULONG Length;
- PVOID Buffer;
-} TS_PROPERTY_INFORMATION, *PTS_PROPERTY_INFORMATION;
-
-// rev
-NTSYSAPI
-BOOLEAN
-NTAPI
-WinStationGetConnectionProperty(
- _In_ ULONG SessionId,
- _In_ PCGUID PropertyType,
- _Out_ PTS_PROPERTY_INFORMATION PropertyBuffer
- );
-
-// rev
-NTSYSAPI
-BOOLEAN
-NTAPI
-WinStationFreePropertyValue(
- _In_ PVOID PropertyBuffer
- );
-
-#endif
diff --git a/src/ffi/generated.rs b/src/ffi/generated.rs
index d5ef91e..89dbe26 100644
--- a/src/ffi/generated.rs
+++ b/src/ffi/generated.rs
@@ -1,12 +1,12 @@
/* automatically generated by rust-bindgen 0.69.4 */
-// Generated at 2024-04-08 04:20:22.090053500 +02:00
+// Generated at 2024-04-08 04:35:14.508602 +02:00
use cty;
-pub use windows::Win32::Foundation::NTSTATUS as NTSTATUS;
-pub use nt_string::unicode_string::NtUnicodeString as _UNICODE_STRING;
pub use windows::Win32::Foundation::BOOLEAN as BOOLEAN;
-pub use nt_string::unicode_string::NtUnicodeString as UNICODE_STRING;
pub use windows::Win32::Foundation::BOOL as BOOL;
+pub use nt_string::unicode_string::NtUnicodeString as _UNICODE_STRING;
+pub use nt_string::unicode_string::NtUnicodeString as UNICODE_STRING;
+pub use windows::Win32::Foundation::NTSTATUS as NTSTATUS;
#[repr(C)]
#[derive(Copy, Clone, Debug, Default, Eq, Hash, Ord, PartialEq, PartialOrd)]