Vendor dependencies for 0.3.0 release

vendor/ntapi/.cargo-checksum.json

@@ -0,0 +1 @@
+{"files":{"Cargo.toml":"712b07f03fa2c3836d9b33632ffb477bf65b8f502d43c2a894e20035cf8e4193","LICENSE-APACHE":"cf90d659de5c1e6418267ab8043b756e65508ee5d8d50b29eb2d2fe444c2c3eb","LICENSE-MIT":"11a7964ccc0dd115d16720ab1d826c5d03e52838748ffaba3d21bae8bcacd82a","README.md":"748712a61ff52ec28ed1695b01975a379125f9c3e8a4ad5b2e9b64096c2a3df1","build.rs":"13a274ea4cb1886872626b8a98269e9bf2e1f93cb1068fc8c797e421746cac7e","src/lib.rs":"261643e01f42e3b04cc0760811da090348923d40761c863eebb4735af6294207","src/macros.rs":"dfc7a037b5cf07c427885ed450c0309b4337ebe1124ec95164e754371bd8c097","src/ntapi_base.rs":"b2edefaf68709c32f7fb4377ea21457afd3c7546ba59596f9f25bbaeb220f4d4","src/ntdbg.rs":"f891d4b26ef9d6c68ca098ab70bb4b1dd4d7e1d05e0f65c32bc6cb1151528f91","src/ntexapi.rs":"4e0b3b7629c6ab1c119b5c290221f0b5bdc359db0dce16d90a894ff8dc6d97a0","src/ntgdi.rs":"9fa6610566d77e95294432957f8cb8564cef3bb09d2d8d0adcf23047fa3a5221","src/ntioapi.rs":"577f3c3d83a95a965fff62efbdaa01769e9b3cf713f0d296a948f34cdfddcedc","src/ntkeapi.rs":"1ede6613c94303e6087e30e64ee1f1623eada9d088ce50992904e1812b263923","src/ntldr.rs":"e70ac420828f47d35dade883efee4231b6455d53ff4d317ecf6d809d7bc5a2bc","src/ntlpcapi.rs":"da5070b1c1adad34091aedd01d2b888daa4dc9446fdcd69668565e6eeb2db11f","src/ntmisc.rs":"4904e383065828b86013ebd3b85d45b384b522899954ac89c561963061acc962","src/ntmmapi.rs":"3a371e9edb7df91d1242f9dae92bf6d295c9b6c3ca65846c8d1ebbba55bdf7ee","src/ntnls.rs":"ef90b985da124d2f4c4b8cb0addab766a0928843b4afa4bce40b3a9fcddaf163","src/ntobapi.rs":"3071d8bc73e40d92d769e4093744820c0a5e116ecf4a94676ca3cdc008adfd8e","src/ntpebteb.rs":"94a9fbc1b3c48fa368f1b602fa205d41d3201e4d8c638c0898402eb3ebb5b72a","src/ntpfapi.rs":"37270db61f2562cd5481302c2a5a64be186b8c7126eacfe12b6c66e9bec4bf61","src/ntpnpapi.rs":"cfcaa3dd6110f25a48c51c011bb8369e83e3817e142afb412e40d6e4b868a036","src/ntpoapi.rs":"a535206a89cd42f81e3b931e5802f8b3343fd35387e9f3fedd9b042a78853f34","src/ntpsapi.rs":"2ed2af3e90054aaf260952adcc4e46d6935db1efd57f843124f942388ecfc6ce","src/ntregapi.rs":"a6f5a830b48e88fd0a4824036fffda2d2d80d1cad07baf37607121142f2c4777","src/ntrtl.rs":"d970ae6cba47f346eef103d6bcac7260bb7fc70ebb7ec226b09acb6c5bc1f6c6","src/ntsam.rs":"dc59cfa944c27cf02b782fdbf110de4757ca6ae77806820a64a17742670242b4","src/ntseapi.rs":"c87688e028aa05513e361bb72288ef3af2f3dfe8e923745a84409d8fdeee57fd","src/ntsmss.rs":"6ac1f029b56a2a8856569c3acbedd7c560d2ccfac030aa2f2178f52d9312cdc5","src/nttmapi.rs":"7092c8b35aae642572c333b0fef1fe4a32f5a9c563249b585766317051670db5","src/nttp.rs":"47be534d36af7d6a715c87ef646824162bd3eb47f86a85ed8357c987c1a4fcdd","src/ntwow64.rs":"725baf7b32d24c0800abf730b58335e682332b821636ca699c40e80ba7148f94","src/ntxcapi.rs":"54fcadd43a0e146ade8ebdd750b09872d0e8f7a1295a9646910529048d5f6dca","src/ntzwapi.rs":"012932586fdbcac8eff57d90ce640e10d20e150dc7702100d1ea46f6f261f868","src/string.rs":"ac0e73f37384e03f14d9dc47fcfb3620a4157e122481f30c82b16fb21ab86a40","src/subprocesstag.rs":"4c85e44c91521cb20e5c6624b0cf4b27ca6ac7c3e560854ad34e0e66fb809971","src/winapi_local.rs":"2003099deec5e7039e5d2dd0aa6a43120816f67e94f4d9909c7f6689b62747e4","src/winapi_local/um.rs":"48859dfb53520bdd569c052ac26d06de2d16c57403ffbe4febbc1e1f25847f45","src/winapi_local/um/winioctl.rs":"00020fcda499ce558edfa4d684f5b4e198cbcfa5b3b8e9b62a122c0aca46514f","src/winapi_local/um/winnt.rs":"2640f7d4027632d45708fc085baaf90f55f792e9b9802625f2b7d4e7655f9da4","src/winsta.rs":"c5a28c5c55f08745b2b100a5a374af821cf173b053eb8ee54ae19a85455d3fac"},"package":"e8a3895c6391c39d7fe7ebc444a87eb2991b2a0bc718fdabd071eec617fc68e4"}

vendor/ntapi/Cargo.toml

@@ -0,0 +1,69 @@
+# THIS FILE IS AUTOMATICALLY GENERATED BY CARGO
+#
+# When uploading crates to the registry Cargo will automatically
+# "normalize" Cargo.toml files for maximal compatibility
+# with all versions of Cargo and also rewrite `path` dependencies
+# to registry (e.g., crates.io) dependencies.
+#
+# If you are reading this file be aware that the original Cargo.toml
+# will likely look very different (and much more reasonable).
+# See Cargo.toml.orig for the original contents.
+
+[package]
+edition = "2018"
+name = "ntapi"
+version = "0.4.1"
+authors = ["MSxDOS <melcodos@gmail.com>"]
+include = [
+    "src/**/*",
+    "Cargo.toml",
+    "build.rs",
+    "README.md",
+    "LICENSE-APACHE",
+    "LICENSE-MIT",
+]
+description = "FFI bindings for Native API"
+documentation = "https://docs.rs/ntapi/*/x86_64-pc-windows-msvc/ntapi/"
+readme = "README.md"
+keywords = [
+    "windows",
+    "ffi",
+    "ntapi",
+    "native",
+    "win32",
+]
+categories = [
+    "external-ffi-bindings",
+    "no-std",
+    "os::windows-apis",
+]
+license = "Apache-2.0 OR MIT"
+repository = "https://github.com/MSxDOS/ntapi"
+
+[package.metadata.docs.rs]
+default-target = "x86_64-pc-windows-msvc"
+targets = [
+    "aarch64-pc-windows-msvc",
+    "i686-pc-windows-msvc",
+    "x86_64-pc-windows-msvc",
+]
+
+[dependencies.winapi]
+version = "0.3.9"
+features = [
+    "cfg",
+    "evntrace",
+    "in6addr",
+    "inaddr",
+    "minwinbase",
+    "ntsecapi",
+    "windef",
+    "winioctl",
+]
+
+[features]
+default = ["user"]
+func-types = []
+impl-default = ["winapi/impl-default"]
+kernel = []
+user = []

vendor/ntapi/LICENSE-APACHE

@@ -0,0 +1,202 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+   

vendor/ntapi/LICENSE-MIT

@@ -0,0 +1,17 @@
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"),to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 
+SOFTWARE.

vendor/ntapi/README.md

@@ -0,0 +1,17 @@
+# ntapi [![AppVeyor][appveyor_badge]][appveyor_link] [![Crates.io][crates_badge]][crates_link] [![Documentation][docs_badge]][docs_link] [![Lines of Code][loc_badge]][loc_link] [![Unsafe][unsafe_badge]][unsafe_link]
+
+Rust FFI bindings for Native API. Mostly based on Process Hacker [phnt](https://github.com/processhacker/processhacker/tree/master/phnt) headers as the most complete source of bindings to be found. The comments there also contain useful information on how to use specific things.
+
+### Minimum supported Rust
+1.64
+
+[appveyor_link]: https://ci.appveyor.com/project/MSxDOS/ntapi
+[appveyor_badge]: https://ci.appveyor.com/api/projects/status/i1fcmm0c5b7c6b6u/branch/master?svg=true
+[crates_link]: https://crates.io/crates/ntapi
+[crates_badge]: https://img.shields.io/crates/v/ntapi.svg
+[docs_link]: https://docs.rs/ntapi/*/x86_64-pc-windows-msvc/ntapi/
+[docs_badge]: https://docs.rs/ntapi/badge.svg
+[loc_link]: https://github.com/Aaronepower/tokei
+[loc_badge]: https://tokei.rs/b1/github/MSxDOS/ntapi
+[unsafe_link]: https://doc.rust-lang.org/book/ch19-01-unsafe-rust.html
+[unsafe_badge]: https://img.shields.io/badge/unsafe-%E2%9C%94-C901DD.svg

vendor/ntapi/build.rs

@@ -0,0 +1,15 @@
+use std::env::var;
+
+fn main() {
+    #[cfg(feature = "user")] {
+        if var("TARGET").map(
+            |t| t == "x86_64-pc-windows-gnu" || t == "i686-pc-windows-gnu"
+        ).unwrap_or(false) {
+            if var("WINAPI_NO_BUNDLED_LIBRARIES").is_ok() {
+                println!("cargo:rustc-link-lib=ntdll");
+            } else {
+                println!("cargo:rustc-link-lib=winapi_ntdll");
+            }
+        }
+    }
+}

vendor/ntapi/src/lib.rs

@@ -0,0 +1,51 @@
+//! # Features
+//! **`func-types`** -- Generate [types][fn_ptr] for external functions.<br/>
+//! **`impl-default`** -- Implement [`Default`] for structs and unions.<br/>
+//! **`user`** *(default)* -- Link to `ntdll`.<br/>
+//! **`kernel`** -- Link to `ntoskrnl` on MSVC targets.<br/>
+//!
+//! [fn_ptr]: https://doc.rust-lang.org/reference/types.html#function-pointer-types
+//! [`Default`]: https://doc.rust-lang.org/std/default/trait.Default.html#tymethod.default
+#![cfg(all(windows, any(target_arch = "x86", target_arch = "x86_64", target_arch = "aarch64")))]
+#![no_std]
+#![deny(unused, unused_qualifications)]
+#![warn(unused_attributes)]
+#![allow(bad_style, deprecated, overflowing_literals, unused_macros, clippy::cast_lossless, clippy::cast_ptr_alignment, clippy::len_without_is_empty, clippy::trivially_copy_pass_by_ref, clippy::unreadable_literal)]
+#[doc(hidden)]
+pub extern crate core as _core;
+#[macro_use]
+#[doc(hidden)]
+pub extern crate winapi;
+#[macro_use]
+mod macros;
+pub mod ntapi_base;
+pub mod ntdbg;
+pub mod ntexapi;
+pub mod ntgdi;
+pub mod ntioapi;
+pub mod ntkeapi;
+pub mod ntldr;
+pub mod ntlpcapi;
+pub mod ntmisc;
+pub mod ntmmapi;
+pub mod ntnls;
+pub mod ntobapi;
+pub mod ntpebteb;
+pub mod ntpfapi;
+pub mod ntpnpapi;
+pub mod ntpoapi;
+pub mod ntpsapi;
+pub mod ntregapi;
+pub mod ntrtl;
+pub mod ntsam;
+pub mod ntseapi;
+pub mod ntsmss;
+pub mod nttmapi;
+pub mod nttp;
+pub mod ntwow64;
+pub mod ntxcapi;
+pub mod ntzwapi;
+pub mod string;
+pub mod subprocesstag;
+pub mod winapi_local;
+pub mod winsta;

vendor/ntapi/src/macros.rs

@@ -0,0 +1,102 @@
+#[macro_export]
+macro_rules! EXTERN {
+    (extern $c:tt {$(
+        fn $n:ident ($( $p:tt $(: $t:ty)?),* $(,)?) $(-> $r:ty)?;
+    )+}) => {
+        #[cfg_attr(all(target_env = "msvc", feature = "user"), link(name = "ntdll"))]
+        #[cfg_attr(all(target_env = "msvc", feature = "kernel"), link(name = "ntoskrnl"))]
+        extern $c {$(
+            pub fn $n(
+                $($p $(: $t)?),*
+            ) $(-> $r)?;
+        )+}
+        $(
+            #[cfg(feature = "func-types")]
+            pub type $n = unsafe extern $c fn($($p $(: $t)?),*) $(-> $r)?;
+        )+
+    };
+    (extern $c:tt {$(
+        static mut $n:ident : $t:ty;
+    )+}) => {
+        #[cfg_attr(all(target_env = "msvc", feature = "user"), link(name = "ntdll"))]
+        extern $c {$(
+            pub static mut $n: $t;
+        )+}
+    };
+}
+#[macro_export]
+#[doc(hidden)]
+macro_rules! FIELD_OFFSET {
+    ($_type:ty, $field:ident$(.$cfields:ident)*) => {{
+        let obj = core::mem::MaybeUninit::<$_type>::uninit();
+        let base = obj.as_ptr();
+        unsafe { core::ptr::addr_of!((*base).$field$(.$cfields)*) as usize - base as usize }
+    }};
+}
+macro_rules! BITFIELD {
+    ($base:ident $field:ident: $fieldtype:ty [
+        $($thing:ident $set_thing:ident[$r:expr],)+
+    ]) => {
+        impl $base {$(
+            #[inline]
+            pub const fn $thing(&self) -> $fieldtype {
+                const SIZE: usize = $crate::_core::mem::size_of::<$fieldtype>() * 8;
+                self.$field << (SIZE - $r.end) >> (SIZE - $r.end + $r.start)
+            }
+            #[inline]
+            pub fn $set_thing(&mut self, val: $fieldtype) {
+                const MASK: $fieldtype = ((1 << ($r.end - $r.start)) - 1) << $r.start;
+                self.$field &= !MASK;
+                self.$field |= (val << $r.start) & MASK;
+            }
+        )+}
+    };
+    (unsafe $base:ident $field:ident: $fieldtype:ty [
+        $($thing:ident $set_thing:ident[$r:expr],)+
+    ]) => {
+        impl $base {$(
+            #[inline]
+            pub unsafe fn $thing(&self) -> $fieldtype {
+                const SIZE: usize = $crate::_core::mem::size_of::<$fieldtype>() * 8;
+                self.$field << (SIZE - $r.end) >> (SIZE - $r.end + $r.start)
+            }
+            #[inline]
+            pub unsafe fn $set_thing(&mut self, val: $fieldtype) {
+                const MASK: $fieldtype = ((1 << ($r.end - $r.start)) - 1) << $r.start;
+                self.$field &= !MASK;
+                self.$field |= (val << $r.start) & MASK;
+            }
+        )+}
+    };
+}
+macro_rules! UNION {
+    ($(#[$attrs:meta])* union $name:ident {
+        $($variant:ident: $ftype:ty,)+
+    }) => (
+        #[repr(C)] $(#[$attrs])*
+        pub union $name {
+            $(pub $variant: $ftype,)+
+        }
+        impl Copy for $name {}
+        impl Clone for $name {
+            #[inline]
+            fn clone(&self) -> $name { *self }
+        }
+        #[cfg(feature = "impl-default")]
+        impl Default for $name {
+            #[inline]
+            fn default() -> $name { unsafe { $crate::_core::mem::zeroed() } }
+        }
+    );
+}
+macro_rules! FN {
+    (stdcall $func:ident($($p:ident: $t:ty,)*) -> $ret:ty) => (
+        pub type $func = Option<unsafe extern "system" fn($($p: $t,)*) -> $ret>;
+    );
+    (cdecl $func:ident($($p:ident: $t:ty,)*) -> $ret:ty) => (
+        pub type $func = Option<unsafe extern "C" fn($($p: $t,)*) -> $ret>;
+    );
+}
+macro_rules! IFDEF {
+    ($($thing:item)*) => ($($thing)*)
+}

vendor/ntapi/src/ntapi_base.rs

@@ -0,0 +1,40 @@
+use winapi::shared::ntdef::{HANDLE, LONG, NTSTATUS, ULONG, ULONGLONG, USHORT};
+use winapi::shared::ntstatus::FACILITY_NTWIN32;
+pub type KPRIORITY = LONG;
+pub type RTL_ATOM = USHORT;
+pub type PRTL_ATOM = *mut RTL_ATOM;
+pub const NT_FACILITY_MASK: ULONG = 0xfff;
+pub const NT_FACILITY_SHIFT: ULONG = 16;
+#[inline]
+pub const fn NT_FACILITY(Status: NTSTATUS) -> ULONG {
+    (Status as u32) >> NT_FACILITY_SHIFT & NT_FACILITY_MASK
+}
+#[inline]
+pub const fn NT_NTWIN32(Status: NTSTATUS) -> bool {
+    NT_FACILITY(Status) == FACILITY_NTWIN32 as u32
+}
+#[inline]
+pub const fn WIN32_FROM_NTSTATUS(Status: NTSTATUS) -> ULONG {
+    (Status as u32) & 0xffff
+}
+STRUCT!{struct CLIENT_ID {
+    UniqueProcess: HANDLE,
+    UniqueThread: HANDLE,
+}}
+pub type PCLIENT_ID = *mut CLIENT_ID;
+STRUCT!{struct CLIENT_ID32 {
+    UniqueProcess: ULONG,
+    UniqueThread: ULONG,
+}}
+pub type PCLIENT_ID32 = *mut CLIENT_ID32;
+STRUCT!{struct CLIENT_ID64 {
+    UniqueProcess: ULONGLONG,
+    UniqueThread: ULONGLONG,
+}}
+pub type PCLIENT_ID64 = *mut CLIENT_ID64;
+STRUCT!{struct KSYSTEM_TIME {
+    LowPart: ULONG,
+    High1Time: LONG,
+    High2Time: LONG,
+}}
+pub type PKSYSTEM_TIME = *mut KSYSTEM_TIME;

vendor/ntapi/src/ntdbg.rs

@@ -0,0 +1,239 @@
+use crate::ntapi_base::{CLIENT_ID, PCLIENT_ID};
+use winapi::shared::evntprov::EVENT_FILTER_DESCRIPTOR;
+use winapi::shared::guiddef::LPCGUID;
+use winapi::shared::ntdef::{
+    BOOLEAN, HANDLE, NTSTATUS, PCCH, PCH, PCSTR, PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES,
+    PULONG, PVOID, UCHAR, ULONG, ULONGLONG,
+};
+use winapi::um::minwinbase::LPDEBUG_EVENT;
+use winapi::um::winnt::{ACCESS_MASK, EXCEPTION_RECORD, STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE};
+use winapi::vc::vadefs::va_list;
+EXTERN!{extern "system" {
+    fn DbgUserBreakPoint();
+    fn DbgBreakPoint();
+    fn DbgBreakPointWithStatus(
+        Status: ULONG,
+    );
+}}
+pub const DBG_STATUS_CONTROL_C: u32 = 1;
+pub const DBG_STATUS_SYSRQ: u32 = 2;
+pub const DBG_STATUS_BUGCHECK_FIRST: u32 = 3;
+pub const DBG_STATUS_BUGCHECK_SECOND: u32 = 4;
+pub const DBG_STATUS_FATAL: u32 = 5;
+pub const DBG_STATUS_DEBUG_CONTROL: u32 = 6;
+pub const DBG_STATUS_WORKER: u32 = 7;
+EXTERN!{extern "C" {
+    fn DbgPrint(
+        Format: PCSTR,
+        ...
+    ) -> ULONG;
+    fn DbgPrintEx(
+        ComponentId: ULONG,
+        Level: ULONG,
+        Format: PCSTR,
+        ...
+    ) -> ULONG;
+}}
+EXTERN!{extern "system" {
+    fn vDbgPrintEx(
+        ComponentId: ULONG,
+        Level: ULONG,
+        Format: PCCH,
+        arglist: va_list,
+    ) -> ULONG;
+    fn vDbgPrintExWithPrefix(
+        Prefix: PCH,
+        ComponentId: ULONG,
+        Level: ULONG,
+        Format: PCCH,
+        arglist: va_list,
+    ) -> ULONG;
+    fn DbgQueryDebugFilterState(
+        ComponentId: ULONG,
+        Level: ULONG,
+    ) -> NTSTATUS;
+    fn DbgSetDebugFilterState(
+        ComponentId: ULONG,
+        Level: ULONG,
+        State: BOOLEAN,
+    ) -> NTSTATUS;
+    fn DbgPrompt(
+        Prompt: PCCH,
+        Response: PCH,
+        Length: ULONG,
+    ) -> ULONG;
+}}
+STRUCT!{struct DBGKM_EXCEPTION {
+    ExceptionRecord: EXCEPTION_RECORD,
+    FirstChance: ULONG,
+}}
+pub type PDBGKM_EXCEPTION = *mut DBGKM_EXCEPTION;
+STRUCT!{struct DBGKM_CREATE_THREAD {
+    SubSystemKey: ULONG,
+    StartAddress: PVOID,
+}}
+pub type PDBGKM_CREATE_THREAD = *mut DBGKM_CREATE_THREAD;
+STRUCT!{struct DBGKM_CREATE_PROCESS {
+    SubSystemKey: ULONG,
+    FileHandle: HANDLE,
+    BaseOfImage: PVOID,
+    DebugInfoFileOffset: ULONG,
+    DebugInfoSize: ULONG,
+    InitialThread: DBGKM_CREATE_THREAD,
+}}
+pub type PDBGKM_CREATE_PROCESS = *mut DBGKM_CREATE_PROCESS;
+STRUCT!{struct DBGKM_EXIT_THREAD {
+    ExitStatus: NTSTATUS,
+}}
+pub type PDBGKM_EXIT_THREAD = *mut DBGKM_EXIT_THREAD;
+STRUCT!{struct DBGKM_EXIT_PROCESS {
+    ExitStatus: NTSTATUS,
+}}
+pub type PDBGKM_EXIT_PROCESS = *mut DBGKM_EXIT_PROCESS;
+STRUCT!{struct DBGKM_LOAD_DLL {
+    FileHandle: HANDLE,
+    BaseOfDll: PVOID,
+    DebugInfoFileOffset: ULONG,
+    DebugInfoSize: ULONG,
+    NamePointer: PVOID,
+}}
+pub type PDBGKM_LOAD_DLL = *mut DBGKM_LOAD_DLL;
+STRUCT!{struct DBGKM_UNLOAD_DLL {
+    BaseAddress: PVOID,
+}}
+pub type PDBGKM_UNLOAD_DLL = *mut DBGKM_UNLOAD_DLL;
+ENUM!{enum DBG_STATE {
+    DbgIdle = 0,
+    DbgReplyPending = 1,
+    DbgCreateThreadStateChange = 2,
+    DbgCreateProcessStateChange = 3,
+    DbgExitThreadStateChange = 4,
+    DbgExitProcessStateChange = 5,
+    DbgExceptionStateChange = 6,
+    DbgBreakpointStateChange = 7,
+    DbgSingleStepStateChange = 8,
+    DbgLoadDllStateChange = 9,
+    DbgUnloadDllStateChange = 10,
+}}
+pub type PDBG_STATE = *mut DBG_STATE;
+STRUCT!{struct DBGUI_CREATE_THREAD {
+    HandleToThread: HANDLE,
+    NewThread: DBGKM_CREATE_THREAD,
+}}
+pub type PDBGUI_CREATE_THREAD = *mut DBGUI_CREATE_THREAD;
+STRUCT!{struct DBGUI_CREATE_PROCESS {
+    HandleToProcess: HANDLE,
+    HandleToThread: HANDLE,
+    NewProcess: DBGKM_CREATE_PROCESS,
+}}
+UNION!{union DBGUI_WAIT_STATE_CHANGE_StateInfo {
+    Exception: DBGKM_EXCEPTION,
+    CreateThread: DBGUI_CREATE_THREAD,
+    CreateProcessInfo: DBGUI_CREATE_PROCESS,
+    ExitThread: DBGKM_EXIT_THREAD,
+    ExitProcess: DBGKM_EXIT_PROCESS,
+    LoadDll: DBGKM_LOAD_DLL,
+    UnloadDll: DBGKM_UNLOAD_DLL,
+}}
+pub type PDBGUI_CREATE_PROCESS = *mut DBGUI_CREATE_PROCESS;
+STRUCT!{struct DBGUI_WAIT_STATE_CHANGE {
+    NewState: DBG_STATE,
+    AppClientId: CLIENT_ID,
+    StateInfo: DBGUI_WAIT_STATE_CHANGE_StateInfo,
+}}
+pub type PDBGUI_WAIT_STATE_CHANGE = *mut DBGUI_WAIT_STATE_CHANGE;
+pub const DEBUG_READ_EVENT: ULONG = 0x0001;
+pub const DEBUG_PROCESS_ASSIGN: ULONG = 0x0002;
+pub const DEBUG_SET_INFORMATION: ULONG = 0x0004;
+pub const DEBUG_QUERY_INFORMATION: ULONG = 0x0008;
+pub const DEBUG_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | DEBUG_READ_EVENT
+    | DEBUG_PROCESS_ASSIGN | DEBUG_SET_INFORMATION | DEBUG_QUERY_INFORMATION;
+pub const DEBUG_KILL_ON_CLOSE: u32 = 0x1;
+ENUM!{enum DEBUGOBJECTINFOCLASS {
+    DebugObjectUnusedInformation = 0,
+    DebugObjectKillProcessOnExitInformation = 1,
+    MaxDebugObjectInfoClass = 2,
+}}
+pub type PDEBUGOBJECTINFOCLASS = *mut DEBUGOBJECTINFOCLASS;
+EXTERN!{extern "system" {
+    fn NtCreateDebugObject(
+        DebugObjectHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        Flags: ULONG,
+    ) -> NTSTATUS;
+    fn NtDebugActiveProcess(
+        ProcessHandle: HANDLE,
+        DebugObjectHandle: HANDLE,
+    ) -> NTSTATUS;
+    fn NtDebugContinue(
+        DebugObjectHandle: HANDLE,
+        ClientId: PCLIENT_ID,
+        ContinueStatus: NTSTATUS,
+    ) -> NTSTATUS;
+    fn NtRemoveProcessDebug(
+        ProcessHandle: HANDLE,
+        DebugObjectHandle: HANDLE,
+    ) -> NTSTATUS;
+    fn NtSetInformationDebugObject(
+        DebugObjectHandle: HANDLE,
+        DebugObjectInformationClass: DEBUGOBJECTINFOCLASS,
+        DebugInformation: PVOID,
+        DebugInformationLength: ULONG,
+        ReturnLength: PULONG,
+    ) -> NTSTATUS;
+    fn NtWaitForDebugEvent(
+        DebugObjectHandle: HANDLE,
+        Alertable: BOOLEAN,
+        Timeout: PLARGE_INTEGER,
+        WaitStateChange: PVOID,
+    ) -> NTSTATUS;
+    fn DbgUiConnectToDbg() -> NTSTATUS;
+    fn DbgUiGetThreadDebugObject() -> HANDLE;
+    fn DbgUiSetThreadDebugObject(
+        DebugObject: HANDLE,
+    );
+    fn DbgUiWaitStateChange(
+        StateChange: PDBGUI_WAIT_STATE_CHANGE,
+        Timeout: PLARGE_INTEGER,
+    ) -> NTSTATUS;
+    fn DbgUiContinue(
+        AppClientId: PCLIENT_ID,
+        ContinueStatus: NTSTATUS,
+    ) -> NTSTATUS;
+    fn DbgUiStopDebugging(
+        Process: HANDLE,
+    ) -> NTSTATUS;
+    fn DbgUiDebugActiveProcess(
+        Process: HANDLE,
+    ) -> NTSTATUS;
+    fn DbgUiRemoteBreakin(
+        Context: PVOID,
+    );
+    fn DbgUiIssueRemoteBreakin(
+        Process: HANDLE,
+    ) -> NTSTATUS;
+    fn DbgUiConvertStateChangeStructure(
+        StateChange: PDBGUI_WAIT_STATE_CHANGE,
+        DebugEvent: LPDEBUG_EVENT,
+    ) -> NTSTATUS;
+}}
+FN!{stdcall PENABLECALLBACK(
+    SourceId: LPCGUID,
+    IsEnabled: ULONG,
+    Level: UCHAR,
+    MatchAnyKeyword: ULONGLONG,
+    MatchAllKeyword: ULONGLONG,
+    FilterData: *mut EVENT_FILTER_DESCRIPTOR,
+    CallbackContext: PVOID,
+) -> ()}
+pub type REGHANDLE = ULONGLONG;
+pub type PREGHANDLE = *mut ULONGLONG;
+EXTERN!{extern "system" {
+    fn EtwEventRegister(
+        ProviderId: LPCGUID,
+        EnableCallback: PENABLECALLBACK,
+        CallbackContext: PVOID,
+        RegHandle: PREGHANDLE,
+    ) -> NTSTATUS;
+}}

vendor/ntapi/src/ntgdi.rs

@@ -0,0 +1,123 @@
+use winapi::shared::ntdef::{PVOID, UCHAR, ULONG, USHORT};
+pub const GDI_MAX_HANDLE_COUNT: usize = 0x4000;
+pub const GDI_HANDLE_INDEX_SHIFT: ULONG = 0;
+pub const GDI_HANDLE_INDEX_BITS: ULONG = 16;
+pub const GDI_HANDLE_INDEX_MASK: ULONG = 0xffff;
+pub const GDI_HANDLE_TYPE_SHIFT: ULONG = 16;
+pub const GDI_HANDLE_TYPE_BITS: ULONG = 5;
+pub const GDI_HANDLE_TYPE_MASK: ULONG = 0x1f;
+pub const GDI_HANDLE_ALTTYPE_SHIFT: ULONG = 21;
+pub const GDI_HANDLE_ALTTYPE_BITS: ULONG = 2;
+pub const GDI_HANDLE_ALTTYPE_MASK: ULONG = 0x3;
+pub const GDI_HANDLE_STOCK_SHIFT: ULONG = 23;
+pub const GDI_HANDLE_STOCK_BITS: ULONG = 1;
+pub const GDI_HANDLE_STOCK_MASK: ULONG = 0x1;
+pub const GDI_HANDLE_UNIQUE_SHIFT: ULONG = 24;
+pub const GDI_HANDLE_UNIQUE_BITS: ULONG = 8;
+pub const GDI_HANDLE_UNIQUE_MASK: ULONG = 0xff;
+#[inline]
+pub const fn GDI_HANDLE_INDEX(Handle: ULONG) -> ULONG {
+    Handle & GDI_HANDLE_INDEX_MASK
+}
+#[inline]
+pub const fn GDI_HANDLE_TYPE(Handle: ULONG) -> ULONG {
+    Handle >> GDI_HANDLE_TYPE_SHIFT & GDI_HANDLE_TYPE_MASK
+}
+#[inline]
+pub const fn GDI_HANDLE_ALTTYPE(Handle: ULONG) -> ULONG {
+    Handle >> GDI_HANDLE_ALTTYPE_SHIFT & GDI_HANDLE_ALTTYPE_MASK
+}
+#[inline]
+pub const fn GDI_HANDLE_STOCK(Handle: ULONG) -> ULONG {
+    Handle >> GDI_HANDLE_STOCK_SHIFT & GDI_HANDLE_STOCK_MASK
+}
+#[inline]
+pub const fn GDI_MAKE_HANDLE(Index: ULONG, Unique: ULONG) -> ULONG {
+    Unique << GDI_HANDLE_INDEX_BITS | Index
+}
+pub const GDI_DEF_TYPE: ULONG = 0;
+pub const GDI_DC_TYPE: ULONG = 1;
+pub const GDI_DD_DIRECTDRAW_TYPE: ULONG = 2;
+pub const GDI_DD_SURFACE_TYPE: ULONG = 3;
+pub const GDI_RGN_TYPE: ULONG = 4;
+pub const GDI_SURF_TYPE: ULONG = 5;
+pub const GDI_CLIENTOBJ_TYPE: ULONG = 6;
+pub const GDI_PATH_TYPE: ULONG = 7;
+pub const GDI_PAL_TYPE: ULONG = 8;
+pub const GDI_ICMLCS_TYPE: ULONG = 9;
+pub const GDI_LFONT_TYPE: ULONG = 10;
+pub const GDI_RFONT_TYPE: ULONG = 11;
+pub const GDI_PFE_TYPE: ULONG = 12;
+pub const GDI_PFT_TYPE: ULONG = 13;
+pub const GDI_ICMCXF_TYPE: ULONG = 14;
+pub const GDI_ICMDLL_TYPE: ULONG = 15;
+pub const GDI_BRUSH_TYPE: ULONG = 16;
+pub const GDI_PFF_TYPE: ULONG = 17;
+pub const GDI_CACHE_TYPE: ULONG = 18;
+pub const GDI_SPACE_TYPE: ULONG = 19;
+pub const GDI_DBRUSH_TYPE: ULONG = 20;
+pub const GDI_META_TYPE: ULONG = 21;
+pub const GDI_EFSTATE_TYPE: ULONG = 22;
+pub const GDI_BMFD_TYPE: ULONG = 23;
+pub const GDI_VTFD_TYPE: ULONG = 24;
+pub const GDI_TTFD_TYPE: ULONG = 25;
+pub const GDI_RC_TYPE: ULONG = 26;
+pub const GDI_TEMP_TYPE: ULONG = 27;
+pub const GDI_DRVOBJ_TYPE: ULONG = 28;
+pub const GDI_DCIOBJ_TYPE: ULONG = 29;
+pub const GDI_SPOOL_TYPE: ULONG = 30;
+#[inline]
+pub const fn GDI_CLIENT_TYPE_FROM_HANDLE(Handle: ULONG) -> ULONG {
+    Handle & (GDI_HANDLE_ALTTYPE_MASK << GDI_HANDLE_ALTTYPE_SHIFT | GDI_HANDLE_TYPE_MASK
+        << GDI_HANDLE_TYPE_SHIFT)
+}
+#[inline]
+pub const fn GDI_CLIENT_TYPE_FROM_UNIQUE(Unique: ULONG) -> ULONG {
+    GDI_CLIENT_TYPE_FROM_HANDLE(Unique << 16)
+}
+pub const GDI_ALTTYPE_1: ULONG = 1 << GDI_HANDLE_ALTTYPE_SHIFT;
+pub const GDI_ALTTYPE_2: ULONG = 2 << GDI_HANDLE_ALTTYPE_SHIFT;
+pub const GDI_ALTTYPE_3: ULONG = 3 << GDI_HANDLE_ALTTYPE_SHIFT;
+pub const GDI_CLIENT_BITMAP_TYPE: ULONG = GDI_SURF_TYPE << GDI_HANDLE_TYPE_SHIFT;
+pub const GDI_CLIENT_BRUSH_TYPE: ULONG = GDI_BRUSH_TYPE << GDI_HANDLE_TYPE_SHIFT;
+pub const GDI_CLIENT_CLIENTOBJ_TYPE: ULONG = GDI_CLIENTOBJ_TYPE << GDI_HANDLE_TYPE_SHIFT;
+pub const GDI_CLIENT_DC_TYPE: ULONG = GDI_DC_TYPE << GDI_HANDLE_TYPE_SHIFT;
+pub const GDI_CLIENT_FONT_TYPE: ULONG = GDI_LFONT_TYPE << GDI_HANDLE_TYPE_SHIFT;
+pub const GDI_CLIENT_PALETTE_TYPE: ULONG = GDI_PAL_TYPE << GDI_HANDLE_TYPE_SHIFT;
+pub const GDI_CLIENT_REGION_TYPE: ULONG = GDI_RGN_TYPE << GDI_HANDLE_TYPE_SHIFT;
+pub const GDI_CLIENT_ALTDC_TYPE: ULONG = GDI_CLIENT_DC_TYPE | GDI_ALTTYPE_1;
+pub const GDI_CLIENT_DIBSECTION_TYPE: ULONG = GDI_CLIENT_BITMAP_TYPE | GDI_ALTTYPE_1;
+pub const GDI_CLIENT_EXTPEN_TYPE: ULONG = GDI_CLIENT_BRUSH_TYPE | GDI_ALTTYPE_2;
+pub const GDI_CLIENT_METADC16_TYPE: ULONG = GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_3;
+pub const GDI_CLIENT_METAFILE_TYPE: ULONG = GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_2;
+pub const GDI_CLIENT_METAFILE16_TYPE: ULONG = GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_1;
+pub const GDI_CLIENT_PEN_TYPE: ULONG = GDI_CLIENT_BRUSH_TYPE | GDI_ALTTYPE_1;
+UNION!{union GDI_HANDLE_ENTRY_u {
+    Object: PVOID,
+    NextFree: PVOID,
+}}
+STRUCT!{struct GDI_HANDLE_ENTRY_Owner_s {
+    ProcessId: USHORT,
+    Bitfields: USHORT,
+}}
+BITFIELD!{GDI_HANDLE_ENTRY_Owner_s Bitfields: USHORT [
+    Lock set_Lock[0..1],
+    Count set_Count[1..16],
+]}
+UNION!{union GDI_HANDLE_ENTRY_Owner {
+    s: GDI_HANDLE_ENTRY_Owner_s,
+    Value: ULONG,
+}}
+STRUCT!{struct GDI_HANDLE_ENTRY {
+    u: GDI_HANDLE_ENTRY_u,
+    Owner: GDI_HANDLE_ENTRY_Owner,
+    Unique: USHORT,
+    Type: UCHAR,
+    Flags: UCHAR,
+    UserPointer: PVOID,
+}}
+pub type PGDI_HANDLE_ENTRY = *mut GDI_HANDLE_ENTRY;
+STRUCT!{struct GDI_SHARED_MEMORY {
+    Handles: [GDI_HANDLE_ENTRY; GDI_MAX_HANDLE_COUNT],
+}}
+pub type PGDI_SHARED_MEMORY = *mut GDI_SHARED_MEMORY;

vendor/ntapi/src/ntkeapi.rs

@@ -0,0 +1,121 @@
+use winapi::shared::ntdef::{BOOLEAN, NTSTATUS, PVOID, ULONG};
+pub const LOW_PRIORITY: u32 = 0;
+pub const LOW_REALTIME_PRIORITY: u32 = 16;
+pub const HIGH_PRIORITY: u32 = 31;
+pub const MAXIMUM_PRIORITY: u32 = 32;
+ENUM!{enum KTHREAD_STATE {
+    Initialized = 0,
+    Ready = 1,
+    Running = 2,
+    Standby = 3,
+    Terminated = 4,
+    Waiting = 5,
+    Transition = 6,
+    DeferredReady = 7,
+    GateWaitObsolete = 8,
+    WaitingForProcessInSwap = 9,
+    MaximumThreadState = 10,
+}}
+pub type PKTHREAD_STATE = *mut KTHREAD_STATE;
+ENUM!{enum KHETERO_CPU_POLICY {
+    KHeteroCpuPolicyAll = 0,
+    KHeteroCpuPolicyLarge = 1,
+    KHeteroCpuPolicyLargeOrIdle = 2,
+    KHeteroCpuPolicySmall = 3,
+    KHeteroCpuPolicySmallOrIdle = 4,
+    KHeteroCpuPolicyDynamic = 5,
+    KHeteroCpuPolicyStaticMax = 6,
+    KHeteroCpuPolicyBiasedSmall = 7,
+    KHeteroCpuPolicyBiasedLarge = 8,
+    KHeteroCpuPolicyDefault = 9,
+    KHeteroCpuPolicyMax = 10,
+}}
+pub type PKHETERO_CPU_POLICY = *mut KHETERO_CPU_POLICY;
+ENUM!{enum KWAIT_REASON {
+    Executive = 0,
+    FreePage = 1,
+    PageIn = 2,
+    PoolAllocation = 3,
+    DelayExecution = 4,
+    Suspended = 5,
+    UserRequest = 6,
+    WrExecutive = 7,
+    WrFreePage = 8,
+    WrPageIn = 9,
+    WrPoolAllocation = 10,
+    WrDelayExecution = 11,
+    WrSuspended = 12,
+    WrUserRequest = 13,
+    WrEventPair = 14,
+    WrQueue = 15,
+    WrLpcReceive = 16,
+    WrLpcReply = 17,
+    WrVirtualMemory = 18,
+    WrPageOut = 19,
+    WrRendezvous = 20,
+    WrKeyedEvent = 21,
+    WrTerminated = 22,
+    WrProcessInSwap = 23,
+    WrCpuRateControl = 24,
+    WrCalloutStack = 25,
+    WrKernel = 26,
+    WrResource = 27,
+    WrPushLock = 28,
+    WrMutex = 29,
+    WrQuantumEnd = 30,
+    WrDispatchInt = 31,
+    WrPreempted = 32,
+    WrYieldExecution = 33,
+    WrFastMutex = 34,
+    WrGuardedMutex = 35,
+    WrRundown = 36,
+    WrAlertByThreadId = 37,
+    WrDeferredPreempt = 38,
+    MaximumWaitReason = 39,
+}}
+pub type PKWAIT_REASON = *mut KWAIT_REASON;
+ENUM!{enum KPROFILE_SOURCE {
+    ProfileTime = 0,
+    ProfileAlignmentFixup = 1,
+    ProfileTotalIssues = 2,
+    ProfilePipelineDry = 3,
+    ProfileLoadInstructions = 4,
+    ProfilePipelineFrozen = 5,
+    ProfileBranchInstructions = 6,
+    ProfileTotalNonissues = 7,
+    ProfileDcacheMisses = 8,
+    ProfileIcacheMisses = 9,
+    ProfileCacheMisses = 10,
+    ProfileBranchMispredictions = 11,
+    ProfileStoreInstructions = 12,
+    ProfileFpInstructions = 13,
+    ProfileIntegerInstructions = 14,
+    Profile2Issue = 15,
+    Profile3Issue = 16,
+    Profile4Issue = 17,
+    ProfileSpecialInstructions = 18,
+    ProfileTotalCycles = 19,
+    ProfileIcacheIssues = 20,
+    ProfileDcacheAccesses = 21,
+    ProfileMemoryBarrierCycles = 22,
+    ProfileLoadLinkedIssues = 23,
+    ProfileMaximum = 24,
+}}
+EXTERN!{extern "system" {
+    fn NtCallbackReturn(
+        OutputBuffer: PVOID,
+        OutputLength: ULONG,
+        Status: NTSTATUS,
+    ) -> NTSTATUS;
+    fn NtFlushProcessWriteBuffers();
+    fn NtQueryDebugFilterState(
+        ComponentId: ULONG,
+        Level: ULONG,
+    ) -> NTSTATUS;
+    fn NtSetDebugFilterState(
+        ComponentId: ULONG,
+        Level: ULONG,
+        State: BOOLEAN,
+    ) -> NTSTATUS;
+    fn NtYieldExecution() -> NTSTATUS;
+}}

vendor/ntapi/src/ntldr.rs

@@ -0,0 +1,661 @@
+use winapi::shared::basetsd::{LONG_PTR, PSIZE_T, SIZE_T, ULONG_PTR};
+use winapi::shared::ntdef::{
+    BOOLEAN, HANDLE, LARGE_INTEGER, LIST_ENTRY, LONG, LONGLONG, NTSTATUS, PANSI_STRING, PCSTR,
+    PCUNICODE_STRING, PCWSTR, PHANDLE, POBJECT_ATTRIBUTES, PSINGLE_LIST_ENTRY, PSTR, PULONG,
+    PUNICODE_STRING, PUSHORT, PVOID, PWSTR, RTL_BALANCED_NODE, SINGLE_LIST_ENTRY, UCHAR, ULONG,
+    UNICODE_STRING, USHORT,
+};
+use winapi::um::winnt::{
+    ACCESS_MASK, ACTIVATION_CONTEXT, IMAGE_RESOURCE_DIRECTORY_ENTRY, PCIMAGE_DELAYLOAD_DESCRIPTOR,
+    PIMAGE_BASE_RELOCATION, PIMAGE_IMPORT_DESCRIPTOR, PIMAGE_RESOURCE_DATA_ENTRY,
+    PIMAGE_RESOURCE_DIRECTORY, PIMAGE_RESOURCE_DIRECTORY_STRING, PIMAGE_THUNK_DATA,
+};
+FN!{stdcall PLDR_INIT_ROUTINE(
+    DllHandle: PVOID,
+    Reason: ULONG,
+    Context: PVOID,
+) -> BOOLEAN}
+STRUCT!{struct LDR_SERVICE_TAG_RECORD {
+    Next: *mut LDR_SERVICE_TAG_RECORD,
+    ServiceTag: ULONG,
+}}
+pub type PLDR_SERVICE_TAG_RECORD = *mut LDR_SERVICE_TAG_RECORD;
+STRUCT!{struct LDRP_CSLIST {
+    Tail: PSINGLE_LIST_ENTRY,
+}}
+pub type PLDRP_CSLIST = *mut LDRP_CSLIST;
+ENUM!{enum LDR_DDAG_STATE {
+    LdrModulesMerged = -5i32 as u32,
+    LdrModulesInitError = -4i32 as u32,
+    LdrModulesSnapError = -3i32 as u32,
+    LdrModulesUnloaded = -2i32 as u32,
+    LdrModulesUnloading = -1i32 as u32,
+    LdrModulesPlaceHolder = 0,
+    LdrModulesMapping = 1,
+    LdrModulesMapped = 2,
+    LdrModulesWaitingForDependencies = 3,
+    LdrModulesSnapping = 4,
+    LdrModulesSnapped = 5,
+    LdrModulesCondensed = 6,
+    LdrModulesReadyToInit = 7,
+    LdrModulesInitializing = 8,
+    LdrModulesReadyToRun = 9,
+}}
+UNION!{union LDR_DDAG_NODE_u {
+    Dependencies: LDRP_CSLIST,
+    RemovalLink: SINGLE_LIST_ENTRY,
+}}
+STRUCT!{struct LDR_DDAG_NODE {
+    Modules: LIST_ENTRY,
+    ServiceTagList: PLDR_SERVICE_TAG_RECORD,
+    LoadCount: ULONG,
+    LoadWhileUnloadingCount: ULONG,
+    LowestLink: ULONG,
+    u: LDR_DDAG_NODE_u,
+    IncomingDependencies: LDRP_CSLIST,
+    State: LDR_DDAG_STATE,
+    CondenseLink: SINGLE_LIST_ENTRY,
+    PreorderNumber: ULONG,
+}}
+pub type PLDR_DDAG_NODE = *mut LDR_DDAG_NODE;
+STRUCT!{struct LDR_DEPENDENCY_RECORD {
+    DependencyLink: SINGLE_LIST_ENTRY,
+    DependencyNode: PLDR_DDAG_NODE,
+    IncomingDependencyLink: SINGLE_LIST_ENTRY,
+    IncomingDependencyNode: PLDR_DDAG_NODE,
+}}
+pub type PLDR_DEPENDENCY_RECORD = *mut LDR_DEPENDENCY_RECORD;
+ENUM!{enum LDR_DLL_LOAD_REASON {
+    LoadReasonStaticDependency = 0,
+    LoadReasonStaticForwarderDependency = 1,
+    LoadReasonDynamicForwarderDependency = 2,
+    LoadReasonDelayloadDependency = 3,
+    LoadReasonDynamicLoad = 4,
+    LoadReasonAsImageLoad = 5,
+    LoadReasonAsDataLoad = 6,
+    LoadReasonEnclavePrimary = 7,
+    LoadReasonEnclaveDependency = 8,
+    LoadReasonUnknown = -1i32 as u32,
+}}
+pub type PLDR_DLL_LOAD_REASON = *mut LDR_DLL_LOAD_REASON;
+pub const LDRP_PACKAGED_BINARY: ULONG = 0x00000001;
+pub const LDRP_STATIC_LINK: ULONG = 0x00000002;
+pub const LDRP_IMAGE_DLL: ULONG = 0x00000004;
+pub const LDRP_LOAD_IN_PROGRESS: ULONG = 0x00001000;
+pub const LDRP_UNLOAD_IN_PROGRESS: ULONG = 0x00002000;
+pub const LDRP_ENTRY_PROCESSED: ULONG = 0x00004000;
+pub const LDRP_ENTRY_INSERTED: ULONG = 0x00008000;
+pub const LDRP_CURRENT_LOAD: ULONG = 0x00010000;
+pub const LDRP_FAILED_BUILTIN_LOAD: ULONG = 0x00020000;
+pub const LDRP_DONT_CALL_FOR_THREADS: ULONG = 0x00040000;
+pub const LDRP_PROCESS_ATTACH_CALLED: ULONG = 0x00080000;
+pub const LDRP_DEBUG_SYMBOLS_LOADED: ULONG = 0x00100000;
+pub const LDRP_IMAGE_NOT_AT_BASE: ULONG = 0x00200000;
+pub const LDRP_COR_IMAGE: ULONG = 0x00400000;
+pub const LDRP_DONT_RELOCATE: ULONG = 0x00800000;
+pub const LDRP_SYSTEM_MAPPED: ULONG = 0x01000000;
+pub const LDRP_IMAGE_VERIFYING: ULONG = 0x02000000;
+pub const LDRP_DRIVER_DEPENDENT_DLL: ULONG = 0x04000000;
+pub const LDRP_ENTRY_NATIVE: ULONG = 0x08000000;
+pub const LDRP_REDIRECTED: ULONG = 0x10000000;
+pub const LDRP_NON_PAGED_DEBUG_INFO: ULONG = 0x20000000;
+pub const LDRP_MM_LOADED: ULONG = 0x40000000;
+pub const LDRP_COMPAT_DATABASE_PROCESSED: ULONG = 0x80000000;
+STRUCT!{struct LDRP_LOAD_CONTEXT {
+    BaseDllName: UNICODE_STRING,
+    somestruct: PVOID,
+    Flags: ULONG,
+    pstatus: *mut NTSTATUS,
+    ParentEntry: *mut LDR_DATA_TABLE_ENTRY,
+    Entry: *mut LDR_DATA_TABLE_ENTRY,
+    WorkQueueListEntry: LIST_ENTRY,
+    ReplacedEntry: *mut LDR_DATA_TABLE_ENTRY,
+    pvImports: *mut *mut LDR_DATA_TABLE_ENTRY,
+    ImportDllCount: ULONG,
+    TaskCount: LONG,
+    pvIAT: PVOID,
+    SizeOfIAT: ULONG,
+    CurrentDll: ULONG,
+    piid: PIMAGE_IMPORT_DESCRIPTOR,
+    OriginalIATProtect: ULONG,
+    GuardCFCheckFunctionPointer: PVOID,
+    pGuardCFCheckFunctionPointer: *mut PVOID,
+}}
+UNION!{union LDR_DATA_TABLE_ENTRY_u1 {
+    InInitializationOrderLinks: LIST_ENTRY,
+    InProgressLinks: LIST_ENTRY,
+}}
+UNION!{union LDR_DATA_TABLE_ENTRY_u2 {
+    FlagGroup: [UCHAR; 4],
+    Flags: ULONG,
+}}
+STRUCT!{struct LDR_DATA_TABLE_ENTRY {
+    InLoadOrderLinks: LIST_ENTRY,
+    InMemoryOrderLinks: LIST_ENTRY,
+    u1: LDR_DATA_TABLE_ENTRY_u1,
+    DllBase: PVOID,
+    EntryPoint: PLDR_INIT_ROUTINE,
+    SizeOfImage: ULONG,
+    FullDllName: UNICODE_STRING,
+    BaseDllName: UNICODE_STRING,
+    u2: LDR_DATA_TABLE_ENTRY_u2,
+    ObsoleteLoadCount: USHORT,
+    TlsIndex: USHORT,
+    HashLinks: LIST_ENTRY,
+    TimeDateStamp: ULONG,
+    EntryPointActivationContext: *mut ACTIVATION_CONTEXT,
+    Lock: PVOID,
+    DdagNode: PLDR_DDAG_NODE,
+    NodeModuleLink: LIST_ENTRY,
+    LoadContext: *mut LDRP_LOAD_CONTEXT,
+    ParentDllBase: PVOID,
+    SwitchBackContext: PVOID,
+    BaseAddressIndexNode: RTL_BALANCED_NODE,
+    MappingInfoIndexNode: RTL_BALANCED_NODE,
+    OriginalBase: ULONG_PTR,
+    LoadTime: LARGE_INTEGER,
+    BaseNameHashValue: ULONG,
+    LoadReason: LDR_DLL_LOAD_REASON,
+    ImplicitPathOptions: ULONG,
+    ReferenceCount: ULONG,
+    DependentLoadFlags: ULONG,
+    SigningLevel: UCHAR,
+}}
+BITFIELD!{unsafe LDR_DATA_TABLE_ENTRY_u2 Flags: ULONG [
+    PackagedBinary set_PackagedBinary[0..1],
+    MarkedForRemoval set_MarkedForRemoval[1..2],
+    ImageDll set_ImageDll[2..3],
+    LoadNotificationsSent set_LoadNotificationsSent[3..4],
+    TelemetryEntryProcessed set_TelemetryEntryProcessed[4..5],
+    ProcessStaticImport set_ProcessStaticImport[5..6],
+    InLegacyLists set_InLegacyLists[6..7],
+    InIndexes set_InIndexes[7..8],
+    ShimDll set_ShimDll[8..9],
+    InExceptionTable set_InExceptionTable[9..10],
+    ReservedFlags1 set_ReservedFlags1[10..12],
+    LoadInProgress set_LoadInProgress[12..13],
+    LoadConfigProcessed set_LoadConfigProcessed[13..14],
+    EntryProcessed set_EntryProcessed[14..15],
+    ProtectDelayLoad set_ProtectDelayLoad[15..16],
+    ReservedFlags3 set_ReservedFlags3[16..18],
+    DontCallForThreads set_DontCallForThreads[18..19],
+    ProcessAttachCalled set_ProcessAttachCalled[19..20],
+    ProcessAttachFailed set_ProcessAttachFailed[20..21],
+    CorDeferredValidate set_CorDeferredValidate[21..22],
+    CorImage set_CorImage[22..23],
+    DontRelocate set_DontRelocate[23..24],
+    CorILOnly set_CorILOnly[24..25],
+    ReservedFlags5 set_ReservedFlags5[25..28],
+    Redirected set_Redirected[28..29],
+    ReservedFlags6 set_ReservedFlags6[29..31],
+    CompatDatabaseProcessed set_CompatDatabaseProcessed[31..32],
+]}
+pub type PLDR_DATA_TABLE_ENTRY = *mut LDR_DATA_TABLE_ENTRY;
+#[inline]
+pub const fn LDR_IS_DATAFILE(DllHandle: ULONG_PTR) -> bool {
+    DllHandle & 1 != 0
+}
+#[inline]
+pub const fn LDR_IS_IMAGEMAPPING(DllHandle: ULONG_PTR) -> bool {
+    DllHandle & 2 != 0
+}
+#[inline]
+pub const fn LDR_IS_RESOURCE(DllHandle: ULONG_PTR) -> bool {
+    LDR_IS_IMAGEMAPPING(DllHandle) || LDR_IS_DATAFILE(DllHandle)
+}
+EXTERN!{extern "system" {
+    fn LdrLoadDll(
+        DllPath: PWSTR,
+        DllCharacteristics: PULONG,
+        DllName: PUNICODE_STRING,
+        DllHandle: *mut PVOID,
+    ) -> NTSTATUS;
+    fn LdrUnloadDll(
+        DllHandle: PVOID,
+    ) -> NTSTATUS;
+    fn LdrGetDllHandle(
+        DllPath: PWSTR,
+        DllCharacteristics: PULONG,
+        DllName: PUNICODE_STRING,
+        DllHandle: *mut PVOID,
+    ) -> NTSTATUS;
+}}
+pub const LDR_GET_DLL_HANDLE_EX_UNCHANGED_REFCOUNT: ULONG = 0x00000001;
+pub const LDR_GET_DLL_HANDLE_EX_PIN: ULONG = 0x00000002;
+EXTERN!{extern "system" {
+    fn LdrGetDllHandleEx(
+        Flags: ULONG,
+        DllPath: PWSTR,
+        DllCharacteristics: PULONG,
+        DllName: PUNICODE_STRING,
+        DllHandle: *mut PVOID,
+    ) -> NTSTATUS;
+    fn LdrGetDllHandleByMapping(
+        BaseAddress: PVOID,
+        DllHandle: *mut PVOID,
+    ) -> NTSTATUS;
+    fn LdrGetDllHandleByName(
+        BaseDllName: PUNICODE_STRING,
+        FullDllName: PUNICODE_STRING,
+        DllHandle: *mut PVOID,
+    ) -> NTSTATUS;
+    fn LdrGetDllFullName(
+        DllHandle: PVOID,
+        FullDllName: PUNICODE_STRING,
+    ) -> NTSTATUS;
+    fn LdrGetDllDirectory(
+        DllDirectory: PUNICODE_STRING,
+    ) -> NTSTATUS;
+    fn LdrSetDllDirectory(
+        DllDirectory: PUNICODE_STRING,
+    ) -> NTSTATUS;
+}}
+pub const LDR_ADDREF_DLL_PIN: ULONG = 0x00000001;
+EXTERN!{extern "system" {
+    fn LdrAddRefDll(
+        Flags: ULONG,
+        DllHandle: PVOID,
+    ) -> NTSTATUS;
+    fn LdrGetProcedureAddress(
+        DllHandle: PVOID,
+        ProcedureName: PANSI_STRING,
+        ProcedureNumber: ULONG,
+        ProcedureAddress: *mut PVOID,
+    ) -> NTSTATUS;
+}}
+pub const LDR_GET_PROCEDURE_ADDRESS_DONT_RECORD_FORWARDER: ULONG = 0x00000001;
+EXTERN!{extern "system" {
+    fn LdrGetProcedureAddressEx(
+        DllHandle: PVOID,
+        ProcedureName: PANSI_STRING,
+        ProcedureNumber: ULONG,
+        ProcedureAddress: *mut PVOID,
+        Flags: ULONG,
+    ) -> NTSTATUS;
+    fn LdrGetKnownDllSectionHandle(
+        DllName: PCWSTR,
+        KnownDlls32: BOOLEAN,
+        Section: PHANDLE,
+    ) -> NTSTATUS;
+    fn LdrGetProcedureAddressForCaller(
+        DllHandle: PVOID,
+        ProcedureName: PANSI_STRING,
+        ProcedureNumber: ULONG,
+        ProcedureAddress: *mut PVOID,
+        Flags: ULONG,
+        Callback: *mut PVOID,
+    ) -> NTSTATUS;
+}}
+pub const LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS: ULONG = 0x00000001;
+pub const LDR_LOCK_LOADER_LOCK_FLAG_TRY_ONLY: ULONG = 0x00000002;
+pub const LDR_LOCK_LOADER_LOCK_DISPOSITION_INVALID: ULONG = 0;
+pub const LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_ACQUIRED: ULONG = 1;
+pub const LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_NOT_ACQUIRED: ULONG = 2;
+EXTERN!{extern "system" {
+    fn LdrLockLoaderLock(
+        Flags: ULONG,
+        Disposition: *mut ULONG,
+        Cookie: *mut PVOID,
+    ) -> NTSTATUS;
+}}
+pub const LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS: ULONG = 0x00000001;
+EXTERN!{extern "system" {
+    fn LdrUnlockLoaderLock(
+        Flags: ULONG,
+        Cookie: PVOID,
+    ) -> NTSTATUS;
+    fn LdrRelocateImage(
+        NewBase: PVOID,
+        LoaderName: PSTR,
+        Success: NTSTATUS,
+        Conflict: NTSTATUS,
+        Invalid: NTSTATUS,
+    ) -> NTSTATUS;
+    fn LdrRelocateImageWithBias(
+        NewBase: PVOID,
+        Bias: LONGLONG,
+        LoaderName: PSTR,
+        Success: NTSTATUS,
+        Conflict: NTSTATUS,
+        Invalid: NTSTATUS,
+    ) -> NTSTATUS;
+    fn LdrProcessRelocationBlock(
+        VA: ULONG_PTR,
+        SizeOfBlock: ULONG,
+        NextOffset: PUSHORT,
+        Diff: LONG_PTR,
+    ) -> PIMAGE_BASE_RELOCATION;
+    fn LdrVerifyMappedImageMatchesChecksum(
+        BaseAddress: PVOID,
+        NumberOfBytes: SIZE_T,
+        FileLength: ULONG,
+    ) -> BOOLEAN;
+}}
+FN!{stdcall PLDR_IMPORT_MODULE_CALLBACK(
+    Parameter: PVOID,
+    ModuleName: PSTR,
+) -> ()}
+EXTERN!{extern "system" {
+    fn LdrVerifyImageMatchesChecksum(
+        ImageFileHandle: HANDLE,
+        ImportCallbackRoutine: PLDR_IMPORT_MODULE_CALLBACK,
+        ImportCallbackParameter: PVOID,
+        ImageCharacteristics: PUSHORT,
+    ) -> NTSTATUS;
+}}
+STRUCT!{struct LDR_IMPORT_CALLBACK_INFO {
+    ImportCallbackRoutine: PLDR_IMPORT_MODULE_CALLBACK,
+    ImportCallbackParameter: PVOID,
+}}
+pub type PLDR_IMPORT_CALLBACK_INFO = *mut LDR_IMPORT_CALLBACK_INFO;
+STRUCT!{struct LDR_SECTION_INFO {
+    SectionHandle: HANDLE,
+    DesiredAccess: ACCESS_MASK,
+    ObjA: POBJECT_ATTRIBUTES,
+    SectionPageProtection: ULONG,
+    AllocationAttributes: ULONG,
+}}
+pub type PLDR_SECTION_INFO = *mut LDR_SECTION_INFO;
+STRUCT!{struct LDR_VERIFY_IMAGE_INFO {
+    Size: ULONG,
+    Flags: ULONG,
+    CallbackInfo: LDR_IMPORT_CALLBACK_INFO,
+    SectionInfo: LDR_SECTION_INFO,
+    ImageCharacteristics: USHORT,
+}}
+pub type PLDR_VERIFY_IMAGE_INFO = *mut LDR_VERIFY_IMAGE_INFO;
+EXTERN!{extern "system" {
+    fn LdrVerifyImageMatchesChecksumEx(
+        ImageFileHandle: HANDLE,
+        VerifyInfo: PLDR_VERIFY_IMAGE_INFO,
+    ) -> NTSTATUS;
+    fn LdrQueryModuleServiceTags(
+        DllHandle: PVOID,
+        ServiceTagBuffer: PULONG,
+        BufferSize: PULONG,
+    ) -> NTSTATUS;
+}}
+pub const LDR_DLL_NOTIFICATION_REASON_LOADED: ULONG = 1;
+pub const LDR_DLL_NOTIFICATION_REASON_UNLOADED: ULONG = 2;
+STRUCT!{struct LDR_DLL_LOADED_NOTIFICATION_DATA {
+    Flags: ULONG,
+    FullDllName: PUNICODE_STRING,
+    BaseDllName: PUNICODE_STRING,
+    DllBase: PVOID,
+    SizeOfImage: ULONG,
+}}
+pub type PLDR_DLL_LOADED_NOTIFICATION_DATA = *mut LDR_DLL_LOADED_NOTIFICATION_DATA;
+STRUCT!{struct LDR_DLL_UNLOADED_NOTIFICATION_DATA {
+    Flags: ULONG,
+    FullDllName: PCUNICODE_STRING,
+    BaseDllName: PCUNICODE_STRING,
+    DllBase: PVOID,
+    SizeOfImage: ULONG,
+}}
+pub type PLDR_DLL_UNLOADED_NOTIFICATION_DATA = *mut LDR_DLL_UNLOADED_NOTIFICATION_DATA;
+UNION!{union LDR_DLL_NOTIFICATION_DATA {
+    Loaded: LDR_DLL_LOADED_NOTIFICATION_DATA,
+    Unloaded: LDR_DLL_UNLOADED_NOTIFICATION_DATA,
+}}
+pub type PLDR_DLL_NOTIFICATION_DATA = *mut LDR_DLL_NOTIFICATION_DATA;
+FN!{stdcall PLDR_DLL_NOTIFICATION_FUNCTION(
+    NotificationReason: ULONG,
+    NotificationData: PLDR_DLL_NOTIFICATION_DATA,
+    Context: PVOID,
+) -> ()}
+EXTERN!{extern "system" {
+    fn LdrRegisterDllNotification(
+        Flags: ULONG,
+        NotificationFunction: PLDR_DLL_NOTIFICATION_FUNCTION,
+        Context: PVOID,
+        Cookie: *mut PVOID,
+    ) -> NTSTATUS;
+    fn LdrUnregisterDllNotification(
+        Cookie: PVOID,
+    ) -> NTSTATUS;
+}}
+STRUCT!{struct PS_MITIGATION_OPTIONS_MAP {
+    Map: [ULONG_PTR; 2],
+}}
+pub type PPS_MITIGATION_OPTIONS_MAP = *mut PS_MITIGATION_OPTIONS_MAP;
+STRUCT!{struct PS_MITIGATION_AUDIT_OPTIONS_MAP {
+    Map: [ULONG_PTR; 2],
+}}
+pub type PPS_MITIGATION_AUDIT_OPTIONS_MAP = *mut PS_MITIGATION_AUDIT_OPTIONS_MAP;
+STRUCT!{struct PS_SYSTEM_DLL_INIT_BLOCK {
+    Size: ULONG,
+    SystemDllWowRelocation: ULONG_PTR,
+    SystemDllNativeRelocation: ULONG_PTR,
+    Wow64SharedInformation: [ULONG_PTR; 16],
+    RngData: ULONG,
+    Flags: ULONG,
+    MitigationOptionsMap: PS_MITIGATION_OPTIONS_MAP,
+    CfgBitMap: ULONG_PTR,
+    CfgBitMapSize: ULONG_PTR,
+    Wow64CfgBitMap: ULONG_PTR,
+    Wow64CfgBitMapSize: ULONG_PTR,
+    MitigationAuditOptionsMap: PS_MITIGATION_AUDIT_OPTIONS_MAP,
+}}
+BITFIELD!{PS_SYSTEM_DLL_INIT_BLOCK Flags: ULONG [
+    CfgOverride set_CfgOverride[0..1],
+    Reserved set_Reserved[1..32],
+]}
+pub type PPS_SYSTEM_DLL_INIT_BLOCK = *mut PS_SYSTEM_DLL_INIT_BLOCK;
+EXTERN!{extern "system" {
+    fn LdrSystemDllInitBlock() -> PPS_SYSTEM_DLL_INIT_BLOCK;
+    fn LdrAddLoadAsDataTable(
+        Module: PVOID,
+        FilePath: PWSTR,
+        Size: SIZE_T,
+        Handle: HANDLE,
+    ) -> NTSTATUS;
+    fn LdrRemoveLoadAsDataTable(
+        InitModule: PVOID,
+        BaseModule: *mut PVOID,
+        Size: PSIZE_T,
+        Flags: ULONG,
+    ) -> NTSTATUS;
+    fn LdrGetFileNameFromLoadAsDataTable(
+        Module: PVOID,
+        pFileNamePrt: *mut PVOID,
+    ) -> NTSTATUS;
+    fn LdrDisableThreadCalloutsForDll(
+        DllImageBase: PVOID,
+    ) -> NTSTATUS;
+    fn LdrAccessResource(
+        DllHandle: PVOID,
+        ResourceDataEntry: PIMAGE_RESOURCE_DATA_ENTRY,
+        ResourceBuffer: *mut PVOID,
+        ResourceLength: *mut ULONG,
+    ) -> NTSTATUS;
+}}
+STRUCT!{struct LDR_RESOURCE_INFO {
+    Type: ULONG_PTR,
+    Name: ULONG_PTR,
+    Language: ULONG_PTR,
+}}
+pub type PLDR_RESOURCE_INFO = *mut LDR_RESOURCE_INFO;
+pub const RESOURCE_TYPE_LEVEL: ULONG = 0;
+pub const RESOURCE_NAME_LEVEL: ULONG = 1;
+pub const RESOURCE_LANGUAGE_LEVEL: ULONG = 2;
+pub const RESOURCE_DATA_LEVEL: ULONG = 3;
+EXTERN!{extern "system" {
+    fn LdrFindResource_U(
+        DllHandle: PVOID,
+        ResourceInfo: PLDR_RESOURCE_INFO,
+        Level: ULONG,
+        ResourceDataEntry: *mut PIMAGE_RESOURCE_DATA_ENTRY,
+    ) -> NTSTATUS;
+    fn LdrFindResourceDirectory_U(
+        DllHandle: PVOID,
+        ResourceInfo: PLDR_RESOURCE_INFO,
+        Level: ULONG,
+        ResourceDirectory: *mut PIMAGE_RESOURCE_DIRECTORY,
+    ) -> NTSTATUS;
+}}
+STRUCT!{struct LDR_ENUM_RESOURCE_ENTRY_Path_s {
+    Id: USHORT,
+    NameIsPresent: USHORT,
+}}
+UNION!{union LDR_ENUM_RESOURCE_ENTRY_Path {
+    NameOrId: ULONG_PTR,
+    Name: PIMAGE_RESOURCE_DIRECTORY_STRING,
+    s: LDR_ENUM_RESOURCE_ENTRY_Path_s,
+}}
+STRUCT!{struct LDR_ENUM_RESOURCE_ENTRY {
+    Path: [LDR_ENUM_RESOURCE_ENTRY_Path; 3],
+    Data: PVOID,
+    Size: ULONG,
+    Reserved: ULONG,
+}}
+pub type PLDR_ENUM_RESOURCE_ENTRY = *mut LDR_ENUM_RESOURCE_ENTRY;
+#[inline]
+pub unsafe fn NAME_FROM_RESOURCE_ENTRY(
+    RootDirectory: PIMAGE_RESOURCE_DIRECTORY,
+    Entry: &IMAGE_RESOURCE_DIRECTORY_ENTRY,
+) -> usize {
+    if Entry.u.s().NameIsString() != 0 {
+        return RootDirectory as usize + Entry.u.s().NameOffset() as usize;
+    }
+    *Entry.u.Id() as usize
+}
+EXTERN!{extern "system" {
+    fn LdrEnumResources(
+        DllHandle: PVOID,
+        ResourceInfo: PLDR_RESOURCE_INFO,
+        Level: ULONG,
+        ResourceCount: *mut ULONG,
+        Resources: PLDR_ENUM_RESOURCE_ENTRY,
+    ) -> NTSTATUS;
+    fn LdrFindEntryForAddress(
+        DllHandle: PVOID,
+        Entry: *mut PLDR_DATA_TABLE_ENTRY,
+    ) -> NTSTATUS;
+}}
+STRUCT!{struct RTL_PROCESS_MODULE_INFORMATION {
+    Section: HANDLE,
+    MappedBase: PVOID,
+    ImageBase: PVOID,
+    ImageSize: ULONG,
+    Flags: ULONG,
+    LoadOrderIndex: USHORT,
+    InitOrderIndex: USHORT,
+    LoadCount: USHORT,
+    OffsetToFileName: USHORT,
+    FullPathName: [UCHAR; 256],
+}}
+pub type PRTL_PROCESS_MODULE_INFORMATION = *mut RTL_PROCESS_MODULE_INFORMATION;
+STRUCT!{struct RTL_PROCESS_MODULES {
+    NumberOfModules: ULONG,
+    Modules: [RTL_PROCESS_MODULE_INFORMATION; 1],
+}}
+pub type PRTL_PROCESS_MODULES = *mut RTL_PROCESS_MODULES;
+STRUCT!{struct RTL_PROCESS_MODULE_INFORMATION_EX {
+    NextOffset: USHORT,
+    BaseInfo: RTL_PROCESS_MODULE_INFORMATION,
+    ImageChecksum: ULONG,
+    TimeDateStamp: ULONG,
+    DefaultBase: PVOID,
+}}
+pub type PRTL_PROCESS_MODULE_INFORMATION_EX = *mut RTL_PROCESS_MODULE_INFORMATION_EX;
+EXTERN!{extern "system" {
+    fn LdrQueryProcessModuleInformation(
+        ModuleInformation: PRTL_PROCESS_MODULES,
+        Size: ULONG,
+        ReturnedSize: PULONG,
+    ) -> NTSTATUS;
+}}
+FN!{stdcall PLDR_ENUM_CALLBACK(
+    ModuleInformation: PLDR_DATA_TABLE_ENTRY,
+    Parameter: PVOID,
+    Stop: *mut BOOLEAN,
+) -> ()}
+EXTERN!{extern "system" {
+    fn LdrEnumerateLoadedModules(
+        ReservedFlag: BOOLEAN,
+        EnumProc: PLDR_ENUM_CALLBACK,
+        Context: PVOID,
+    ) -> NTSTATUS;
+    fn LdrOpenImageFileOptionsKey(
+        SubKey: PUNICODE_STRING,
+        Wow64: BOOLEAN,
+        NewKeyHandle: PHANDLE,
+    ) -> NTSTATUS;
+    fn LdrQueryImageFileKeyOption(
+        KeyHandle: HANDLE,
+        ValueName: PCWSTR,
+        Type: ULONG,
+        Buffer: PVOID,
+        BufferSize: ULONG,
+        ReturnedLength: PULONG,
+    ) -> NTSTATUS;
+    fn LdrQueryImageFileExecutionOptions(
+        SubKey: PUNICODE_STRING,
+        ValueName: PCWSTR,
+        ValueSize: ULONG,
+        Buffer: PVOID,
+        BufferSize: ULONG,
+        ReturnedLength: PULONG,
+    ) -> NTSTATUS;
+    fn LdrQueryImageFileExecutionOptionsEx(
+        SubKey: PUNICODE_STRING,
+        ValueName: PCWSTR,
+        Type: ULONG,
+        Buffer: PVOID,
+        BufferSize: ULONG,
+        ReturnedLength: PULONG,
+        Wow64: BOOLEAN,
+    ) -> NTSTATUS;
+}}
+UNION!{union DELAYLOAD_PROC_DESCRIPTOR_Description {
+    Name: PCSTR,
+    Ordinal: ULONG,
+}}
+STRUCT!{struct DELAYLOAD_PROC_DESCRIPTOR {
+    ImportDescribedByName: ULONG,
+    Description: DELAYLOAD_PROC_DESCRIPTOR_Description,
+}}
+pub type PDELAYLOAD_PROC_DESCRIPTOR = *mut DELAYLOAD_PROC_DESCRIPTOR;
+STRUCT!{struct DELAYLOAD_INFO {
+    Size: ULONG,
+    DelayloadDescriptor: PCIMAGE_DELAYLOAD_DESCRIPTOR,
+    ThunkAddress: PIMAGE_THUNK_DATA,
+    TargetDllName: PCSTR,
+    TargetApiDescriptor: DELAYLOAD_PROC_DESCRIPTOR,
+    TargetModuleBase: PVOID,
+    Unused: PVOID,
+    LastError: ULONG,
+}}
+pub type PDELAYLOAD_INFO = *mut DELAYLOAD_INFO;
+FN!{stdcall PDELAYLOAD_FAILURE_DLL_CALLBACK(
+    NotificationReason: ULONG,
+    DelayloadInfo: PDELAYLOAD_INFO,
+) -> PVOID}
+FN!{stdcall PDELAYLOAD_FAILURE_SYSTEM_ROUTINE(
+    DllName: PCSTR,
+    ProcName: PCSTR,
+) -> PVOID}
+EXTERN!{extern "system" {
+    fn LdrResolveDelayLoadedAPI(
+        ParentModuleBase: PVOID,
+        DelayloadDescriptor: PCIMAGE_DELAYLOAD_DESCRIPTOR,
+        FailureDllHook: PDELAYLOAD_FAILURE_DLL_CALLBACK,
+        FailureSystemHook: PDELAYLOAD_FAILURE_SYSTEM_ROUTINE,
+        ThunkAddress: PIMAGE_THUNK_DATA,
+        Flags: ULONG,
+    ) -> PVOID;
+    fn LdrResolveDelayLoadsFromDll(
+        ParentBase: PVOID,
+        TargetDllName: PCSTR,
+        Flags: ULONG,
+    ) -> NTSTATUS;
+    fn LdrSetDefaultDllDirectories(
+        DirectoryFlags: ULONG,
+    ) -> NTSTATUS;
+    fn LdrShutdownProcess() -> NTSTATUS;
+    fn LdrShutdownThread() -> NTSTATUS;
+    fn LdrSetImplicitPathOptions(
+        ImplicitPathOptions: ULONG,
+    ) -> NTSTATUS;
+    fn LdrControlFlowGuardEnforced() -> BOOLEAN;
+}}

vendor/ntapi/src/ntlpcapi.rs

@@ -0,0 +1,692 @@
+use core::mem::size_of;
+use crate::ntapi_base::{CLIENT_ID, CLIENT_ID64};
+use winapi::ctypes::c_double;
+use winapi::shared::basetsd::{PSIZE_T, SIZE_T, ULONG64, ULONG_PTR};
+use winapi::shared::ntdef::{
+    BOOLEAN, CSHORT, HANDLE, LARGE_INTEGER, NTSTATUS, OBJ_CASE_INSENSITIVE, PHANDLE,
+    PLARGE_INTEGER, POBJECT_ATTRIBUTES, PULONG, PUNICODE_STRING, PVOID, ULONG, ULONGLONG,
+    UNICODE_STRING,
+};
+use winapi::um::winnt::{
+    ACCESS_MASK, PSECURITY_DESCRIPTOR, PSECURITY_QUALITY_OF_SERVICE, PSID, RTL_SRWLOCK,
+    SECURITY_QUALITY_OF_SERVICE, STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE,
+};
+pub const PORT_CONNECT: u32 = 0x0001;
+pub const PORT_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1;
+STRUCT!{struct PORT_MESSAGE_u1_s {
+    DataLength: CSHORT,
+    TotalLength: CSHORT,
+}}
+STRUCT!{struct PORT_MESSAGE_u2_s {
+    Type: CSHORT,
+    DataInfoOffset: CSHORT,
+}}
+UNION!{union PORT_MESSAGE_u1 {
+    s: PORT_MESSAGE_u1_s,
+    Length: ULONG,
+}}
+UNION!{union PORT_MESSAGE_u2 {
+    s: PORT_MESSAGE_u2_s,
+    ZeroInit: ULONG,
+}}
+UNION!{union PORT_MESSAGE_u3 {
+    ClientId: CLIENT_ID,
+    DoNotUseThisField: c_double,
+}}
+UNION!{union PORT_MESSAGE_u4 {
+    ClientViewSize: SIZE_T,
+    CallbackId: ULONG,
+}}
+STRUCT!{struct PORT_MESSAGE {
+    u1: PORT_MESSAGE_u1,
+    u2: PORT_MESSAGE_u2,
+    u3: PORT_MESSAGE_u3,
+    MessageId: ULONG,
+    u4: PORT_MESSAGE_u4,
+}}
+pub type PPORT_MESSAGE = *mut PORT_MESSAGE;
+STRUCT!{struct PORT_DATA_ENTRY {
+    Base: PVOID,
+    Size: ULONG,
+}}
+pub type PPORT_DATA_ENTRY = *mut PORT_DATA_ENTRY;
+STRUCT!{struct PORT_DATA_INFORMATION {
+    CountDataEntries: ULONG,
+    DataEntries: [PORT_DATA_ENTRY; 1],
+}}
+pub type PPORT_DATA_INFORMATION = *mut PORT_DATA_INFORMATION;
+pub const LPC_REQUEST: ULONG = 1;
+pub const LPC_REPLY: ULONG = 2;
+pub const LPC_DATAGRAM: ULONG = 3;
+pub const LPC_LOST_REPLY: ULONG = 4;
+pub const LPC_PORT_CLOSED: ULONG = 5;
+pub const LPC_CLIENT_DIED: ULONG = 6;
+pub const LPC_EXCEPTION: ULONG = 7;
+pub const LPC_DEBUG_EVENT: ULONG = 8;
+pub const LPC_ERROR_EVENT: ULONG = 9;
+pub const LPC_CONNECTION_REQUEST: ULONG = 10;
+pub const LPC_KERNELMODE_MESSAGE: CSHORT = 0x8000;
+pub const LPC_NO_IMPERSONATE: CSHORT = 0x4000;
+pub const PORT_VALID_OBJECT_ATTRIBUTES: u32 = OBJ_CASE_INSENSITIVE;
+#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
+pub const PORT_MAXIMUM_MESSAGE_LENGTH: u32 = 512;
+#[cfg(target_arch = "x86")]
+pub const PORT_MAXIMUM_MESSAGE_LENGTH: u32 = 256;
+pub const LPC_MAX_CONNECTION_INFO_SIZE: u32 = 16 * size_of::<ULONG_PTR>() as u32;
+pub const PORT_TOTAL_MAXIMUM_MESSAGE_LENGTH: u32 = (PORT_MAXIMUM_MESSAGE_LENGTH
+    + size_of::<PORT_MESSAGE>() as u32
+    + LPC_MAX_CONNECTION_INFO_SIZE
+    + 0xf) & !0xf;
+STRUCT!{struct LPC_CLIENT_DIED_MSG {
+    PortMsg: PORT_MESSAGE,
+    CreateTime: LARGE_INTEGER,
+}}
+pub type PLPC_CLIENT_DIED_MSG = *mut LPC_CLIENT_DIED_MSG;
+STRUCT!{struct PORT_VIEW {
+    Length: ULONG,
+    SectionHandle: HANDLE,
+    SectionOffset: ULONG,
+    ViewSize: SIZE_T,
+    ViewBase: PVOID,
+    ViewRemoteBase: PVOID,
+}}
+pub type PPORT_VIEW = *mut PORT_VIEW;
+STRUCT!{struct REMOTE_PORT_VIEW {
+    Length: ULONG,
+    ViewSize: SIZE_T,
+    ViewBase: PVOID,
+}}
+pub type PREMOTE_PORT_VIEW = *mut REMOTE_PORT_VIEW;
+STRUCT!{struct PORT_MESSAGE64_u1_s {
+    DataLength: CSHORT,
+    TotalLength: CSHORT,
+}}
+STRUCT!{struct PORT_MESSAGE64_u2_s {
+    Type: CSHORT,
+    DataInfoOffset: CSHORT,
+}}
+UNION!{union PORT_MESSAGE64_u1 {
+    s: PORT_MESSAGE64_u1_s,
+    Length: ULONG,
+}}
+UNION!{union PORT_MESSAGE64_u2 {
+    s: PORT_MESSAGE64_u2_s,
+    ZeroInit: ULONG,
+}}
+UNION!{union PORT_MESSAGE64_u3 {
+    ClientId: CLIENT_ID64,
+    DoNotUseThisField: c_double,
+}}
+UNION!{union PORT_MESSAGE64_u4 {
+    ClientViewSize: ULONGLONG,
+    CallbackId: ULONG,
+}}
+STRUCT!{struct PORT_MESSAGE64 {
+    u1: PORT_MESSAGE64_u1,
+    u2: PORT_MESSAGE64_u2,
+    u3: PORT_MESSAGE64_u3,
+    MessageId: ULONG,
+    u4: PORT_MESSAGE64_u4,
+}}
+pub type PPORT_MESSAGE64 = *mut PORT_MESSAGE64;
+STRUCT!{struct LPC_CLIENT_DIED_MSG64 {
+    PortMsg: PORT_MESSAGE64,
+    CreateTime: LARGE_INTEGER,
+}}
+pub type PLPC_CLIENT_DIED_MSG64 = *mut LPC_CLIENT_DIED_MSG64;
+STRUCT!{struct PORT_VIEW64 {
+    Length: ULONG,
+    SectionHandle: ULONGLONG,
+    SectionOffset: ULONG,
+    ViewSize: ULONGLONG,
+    ViewBase: ULONGLONG,
+    ViewRemoteBase: ULONGLONG,
+}}
+pub type PPORT_VIEW64 = *mut PORT_VIEW64;
+STRUCT!{struct REMOTE_PORT_VIEW64 {
+    Length: ULONG,
+    ViewSize: ULONGLONG,
+    ViewBase: ULONGLONG,
+}}
+pub type PREMOTE_PORT_VIEW64 = *mut REMOTE_PORT_VIEW64;
+EXTERN!{extern "system" {
+    fn NtCreatePort(
+        PortHandle: PHANDLE,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        MaxConnectionInfoLength: ULONG,
+        MaxMessageLength: ULONG,
+        MaxPoolUsage: ULONG,
+    ) -> NTSTATUS;
+    fn NtCreateWaitablePort(
+        PortHandle: PHANDLE,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        MaxConnectionInfoLength: ULONG,
+        MaxMessageLength: ULONG,
+        MaxPoolUsage: ULONG,
+    ) -> NTSTATUS;
+    fn NtConnectPort(
+        PortHandle: PHANDLE,
+        PortName: PUNICODE_STRING,
+        SecurityQos: PSECURITY_QUALITY_OF_SERVICE,
+        ClientView: PPORT_VIEW,
+        ServerView: PREMOTE_PORT_VIEW,
+        MaxMessageLength: PULONG,
+        ConnectionInformation: PVOID,
+        ConnectionInformationLength: PULONG,
+    ) -> NTSTATUS;
+    fn NtSecureConnectPort(
+        PortHandle: PHANDLE,
+        PortName: PUNICODE_STRING,
+        SecurityQos: PSECURITY_QUALITY_OF_SERVICE,
+        ClientView: PPORT_VIEW,
+        RequiredServerSid: PSID,
+        ServerView: PREMOTE_PORT_VIEW,
+        MaxMessageLength: PULONG,
+        ConnectionInformation: PVOID,
+        ConnectionInformationLength: PULONG,
+    ) -> NTSTATUS;
+    fn NtListenPort(
+        PortHandle: HANDLE,
+        ConnectionRequest: PPORT_MESSAGE,
+    ) -> NTSTATUS;
+    fn NtAcceptConnectPort(
+        PortHandle: PHANDLE,
+        PortContext: PVOID,
+        ConnectionRequest: PPORT_MESSAGE,
+        AcceptConnection: BOOLEAN,
+        ServerView: PPORT_VIEW,
+        ClientView: PREMOTE_PORT_VIEW,
+    ) -> NTSTATUS;
+    fn NtCompleteConnectPort(
+        PortHandle: HANDLE,
+    ) -> NTSTATUS;
+    fn NtRequestPort(
+        PortHandle: HANDLE,
+        RequestMessage: PPORT_MESSAGE,
+    ) -> NTSTATUS;
+    fn NtRequestWaitReplyPort(
+        PortHandle: HANDLE,
+        RequestMessage: PPORT_MESSAGE,
+        ReplyMessage: PPORT_MESSAGE,
+    ) -> NTSTATUS;
+    fn NtReplyPort(
+        PortHandle: HANDLE,
+        ReplyMessage: PPORT_MESSAGE,
+    ) -> NTSTATUS;
+    fn NtReplyWaitReplyPort(
+        PortHandle: HANDLE,
+        ReplyMessage: PPORT_MESSAGE,
+    ) -> NTSTATUS;
+    fn NtReplyWaitReceivePort(
+        PortHandle: HANDLE,
+        PortContext: *mut PVOID,
+        ReplyMessage: PPORT_MESSAGE,
+        ReceiveMessage: PPORT_MESSAGE,
+    ) -> NTSTATUS;
+    fn NtReplyWaitReceivePortEx(
+        PortHandle: HANDLE,
+        PortContext: *mut PVOID,
+        ReplyMessage: PPORT_MESSAGE,
+        ReceiveMessage: PPORT_MESSAGE,
+        Timeout: PLARGE_INTEGER,
+    ) -> NTSTATUS;
+    fn NtImpersonateClientOfPort(
+        PortHandle: HANDLE,
+        Message: PPORT_MESSAGE,
+    ) -> NTSTATUS;
+    fn NtReadRequestData(
+        PortHandle: HANDLE,
+        Message: PPORT_MESSAGE,
+        DataEntryIndex: ULONG,
+        Buffer: PVOID,
+        BufferSize: SIZE_T,
+        NumberOfBytesRead: PSIZE_T,
+    ) -> NTSTATUS;
+    fn NtWriteRequestData(
+        PortHandle: HANDLE,
+        Message: PPORT_MESSAGE,
+        DataEntryIndex: ULONG,
+        Buffer: PVOID,
+        BufferSize: SIZE_T,
+        NumberOfBytesWritten: PSIZE_T,
+    ) -> NTSTATUS;
+}}
+ENUM!{enum PORT_INFORMATION_CLASS {
+    PortBasicInformation = 0,
+    PortDumpInformation = 1,
+}}
+EXTERN!{extern "system" {
+    fn NtQueryInformationPort(
+        PortHandle: HANDLE,
+        PortInformationClass: PORT_INFORMATION_CLASS,
+        PortInformation: PVOID,
+        Length: ULONG,
+        ReturnLength: PULONG,
+    ) -> NTSTATUS;
+}}
+pub type PALPC_HANDLE = *mut HANDLE;
+pub type ALPC_HANDLE = HANDLE;
+pub const ALPC_PORFLG_ALLOW_LPC_REQUESTS: ULONG = 0x20000;
+pub const ALPC_PORFLG_WAITABLE_PORT: ULONG = 0x40000;
+pub const ALPC_PORFLG_SYSTEM_PROCESS: ULONG = 0x100000;
+#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
+STRUCT!{struct ALPC_PORT_ATTRIBUTES {
+    Flags: ULONG,
+    SecurityQos: SECURITY_QUALITY_OF_SERVICE,
+    MaxMessageLength: SIZE_T,
+    MemoryBandwidth: SIZE_T,
+    MaxPoolUsage: SIZE_T,
+    MaxSectionSize: SIZE_T,
+    MaxViewSize: SIZE_T,
+    MaxTotalSectionSize: SIZE_T,
+    DupObjectTypes: ULONG,
+    Reserved: ULONG,
+}}
+#[cfg(target_arch = "x86")]
+STRUCT!{struct ALPC_PORT_ATTRIBUTES {
+    Flags: ULONG,
+    SecurityQos: SECURITY_QUALITY_OF_SERVICE,
+    MaxMessageLength: SIZE_T,
+    MemoryBandwidth: SIZE_T,
+    MaxPoolUsage: SIZE_T,
+    MaxSectionSize: SIZE_T,
+    MaxViewSize: SIZE_T,
+    MaxTotalSectionSize: SIZE_T,
+    DupObjectTypes: ULONG,
+}}
+pub type PALPC_PORT_ATTRIBUTES = *mut ALPC_PORT_ATTRIBUTES;
+pub const ALPC_MESSAGE_SECURITY_ATTRIBUTE: ULONG = 0x80000000;
+pub const ALPC_MESSAGE_VIEW_ATTRIBUTE: ULONG = 0x40000000;
+pub const ALPC_MESSAGE_CONTEXT_ATTRIBUTE: ULONG = 0x20000000;
+pub const ALPC_MESSAGE_HANDLE_ATTRIBUTE: ULONG = 0x10000000;
+STRUCT!{struct ALPC_MESSAGE_ATTRIBUTES {
+    AllocatedAttributes: ULONG,
+    ValidAttributes: ULONG,
+}}
+pub type PALPC_MESSAGE_ATTRIBUTES = *mut ALPC_MESSAGE_ATTRIBUTES;
+STRUCT!{struct ALPC_COMPLETION_LIST_STATE {
+    Value: ULONG64,
+}}
+BITFIELD!{ALPC_COMPLETION_LIST_STATE Value: ULONG64 [
+    Head set_Head[0..24],
+    Tail set_Tail[24..48],
+    ActiveThreadCount set_ActiveThreadCount[48..64],
+]}
+pub type PALPC_COMPLETION_LIST_STATE = *mut ALPC_COMPLETION_LIST_STATE;
+pub const ALPC_COMPLETION_LIST_BUFFER_GRANULARITY_MASK: ULONG = 0x3f;
+STRUCT!{#[repr(align(128))] struct ALPC_COMPLETION_LIST_HEADER {
+    StartMagic: ULONG64,
+    TotalSize: ULONG,
+    ListOffset: ULONG,
+    ListSize: ULONG,
+    BitmapOffset: ULONG,
+    BitmapSize: ULONG,
+    DataOffset: ULONG,
+    DataSize: ULONG,
+    AttributeFlags: ULONG,
+    AttributeSize: ULONG,
+    __padding0: [u64; 10],
+    State: ALPC_COMPLETION_LIST_STATE,
+    LastMessageId: ULONG,
+    LastCallbackId: ULONG,
+    __padding1: [u32; 28],
+    PostCount: ULONG,
+    __padding2: [u32; 31],
+    ReturnCount: ULONG,
+    __padding3: [u32; 31],
+    LogSequenceNumber: ULONG,
+    __padding4: [u64; 15],
+    UserLock: RTL_SRWLOCK,
+    EndMagic: ULONG64,
+    __padding5: [u64; 14],
+}}
+pub type PALPC_COMPLETION_LIST_HEADER = *mut ALPC_COMPLETION_LIST_HEADER;
+STRUCT!{struct ALPC_CONTEXT_ATTR {
+    PortContext: PVOID,
+    MessageContext: PVOID,
+    Sequence: ULONG,
+    MessageId: ULONG,
+    CallbackId: ULONG,
+}}
+pub type PALPC_CONTEXT_ATTR = *mut ALPC_CONTEXT_ATTR;
+pub const ALPC_HANDLEFLG_DUPLICATE_SAME_ACCESS: ULONG = 0x10000;
+pub const ALPC_HANDLEFLG_DUPLICATE_SAME_ATTRIBUTES: ULONG = 0x20000;
+pub const ALPC_HANDLEFLG_DUPLICATE_INHERIT: ULONG = 0x80000;
+STRUCT!{struct ALPC_HANDLE_ATTR32 {
+    Flags: ULONG,
+    Reserved0: ULONG,
+    SameAccess: ULONG,
+    SameAttributes: ULONG,
+    Indirect: ULONG,
+    Inherit: ULONG,
+    Reserved1: ULONG,
+    Handle: ULONG,
+    ObjectType: ULONG,
+    DesiredAccess: ULONG,
+    GrantedAccess: ULONG,
+}}
+pub type PALPC_HANDLE_ATTR32 = *mut ALPC_HANDLE_ATTR32;
+STRUCT!{struct ALPC_HANDLE_ATTR {
+    Flags: ULONG,
+    Reserved0: ULONG,
+    SameAccess: ULONG,
+    SameAttributes: ULONG,
+    Indirect: ULONG,
+    Inherit: ULONG,
+    Reserved1: ULONG,
+    Handle: HANDLE,
+    HandleAttrArray: PALPC_HANDLE_ATTR32,
+    ObjectType: ULONG,
+    HandleCount: ULONG,
+    DesiredAccess: ACCESS_MASK,
+    GrantedAccess: ACCESS_MASK,
+}}
+pub type PALPC_HANDLE_ATTR = *mut ALPC_HANDLE_ATTR;
+pub const ALPC_SECFLG_CREATE_HANDLE: ULONG = 0x20000;
+STRUCT!{struct ALPC_SECURITY_ATTR {
+    Flags: ULONG,
+    QoS: PSECURITY_QUALITY_OF_SERVICE,
+    ContextHandle: ALPC_HANDLE,
+}}
+pub type PALPC_SECURITY_ATTR = *mut ALPC_SECURITY_ATTR;
+pub const ALPC_VIEWFLG_NOT_SECURE: ULONG = 0x40000;
+STRUCT!{struct ALPC_DATA_VIEW_ATTR {
+    Flags: ULONG,
+    SectionHandle: ALPC_HANDLE,
+    ViewBase: PVOID,
+    ViewSize: SIZE_T,
+}}
+pub type PALPC_DATA_VIEW_ATTR = *mut ALPC_DATA_VIEW_ATTR;
+ENUM!{enum ALPC_PORT_INFORMATION_CLASS {
+    AlpcBasicInformation = 0,
+    AlpcPortInformation = 1,
+    AlpcAssociateCompletionPortInformation = 2,
+    AlpcConnectedSIDInformation = 3,
+    AlpcServerInformation = 4,
+    AlpcMessageZoneInformation = 5,
+    AlpcRegisterCompletionListInformation = 6,
+    AlpcUnregisterCompletionListInformation = 7,
+    AlpcAdjustCompletionListConcurrencyCountInformation = 8,
+    AlpcRegisterCallbackInformation = 9,
+    AlpcCompletionListRundownInformation = 10,
+    AlpcWaitForPortReferences = 11,
+}}
+STRUCT!{struct ALPC_BASIC_INFORMATION {
+    Flags: ULONG,
+    SequenceNo: ULONG,
+    PortContext: PVOID,
+}}
+pub type PALPC_BASIC_INFORMATION = *mut ALPC_BASIC_INFORMATION;
+STRUCT!{struct ALPC_PORT_ASSOCIATE_COMPLETION_PORT {
+    CompletionKey: PVOID,
+    CompletionPort: HANDLE,
+}}
+pub type PALPC_PORT_ASSOCIATE_COMPLETION_PORT = *mut ALPC_PORT_ASSOCIATE_COMPLETION_PORT;
+STRUCT!{struct ALPC_SERVER_INFORMATION_Out {
+    ThreadBlocked: BOOLEAN,
+    ConnectedProcessId: HANDLE,
+    ConnectionPortName: UNICODE_STRING,
+}}
+UNION!{union ALPC_SERVER_INFORMATION {
+    ThreadHandle: HANDLE,
+    Out: ALPC_SERVER_INFORMATION_Out,
+}}
+pub type PALPC_SERVER_INFORMATION = *mut ALPC_SERVER_INFORMATION;
+STRUCT!{struct ALPC_PORT_MESSAGE_ZONE_INFORMATION {
+    Buffer: PVOID,
+    Size: ULONG,
+}}
+pub type PALPC_PORT_MESSAGE_ZONE_INFORMATION = *mut ALPC_PORT_MESSAGE_ZONE_INFORMATION;
+STRUCT!{struct ALPC_PORT_COMPLETION_LIST_INFORMATION {
+    Buffer: PVOID,
+    Size: ULONG,
+    ConcurrencyCount: ULONG,
+    AttributeFlags: ULONG,
+}}
+pub type PALPC_PORT_COMPLETION_LIST_INFORMATION = *mut ALPC_PORT_COMPLETION_LIST_INFORMATION;
+ENUM!{enum ALPC_MESSAGE_INFORMATION_CLASS {
+    AlpcMessageSidInformation = 0,
+    AlpcMessageTokenModifiedIdInformation = 1,
+    AlpcMessageDirectStatusInformation = 2,
+    AlpcMessageHandleInformation = 3,
+    MaxAlpcMessageInfoClass = 4,
+}}
+pub type PALPC_MESSAGE_INFORMATION_CLASS = *mut ALPC_MESSAGE_INFORMATION_CLASS;
+STRUCT!{struct ALPC_MESSAGE_HANDLE_INFORMATION {
+    Index: ULONG,
+    Flags: ULONG,
+    Handle: ULONG,
+    ObjectType: ULONG,
+    GrantedAccess: ACCESS_MASK,
+}}
+pub type PALPC_MESSAGE_HANDLE_INFORMATION = *mut ALPC_MESSAGE_HANDLE_INFORMATION;
+EXTERN!{extern "system" {
+    fn NtAlpcCreatePort(
+        PortHandle: PHANDLE,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        PortAttributes: PALPC_PORT_ATTRIBUTES,
+    ) -> NTSTATUS;
+    fn NtAlpcDisconnectPort(
+        PortHandle: HANDLE,
+        Flags: ULONG,
+    ) -> NTSTATUS;
+    fn NtAlpcQueryInformation(
+        PortHandle: HANDLE,
+        PortInformationClass: ALPC_PORT_INFORMATION_CLASS,
+        PortInformation: PVOID,
+        Length: ULONG,
+        ReturnLength: PULONG,
+    ) -> NTSTATUS;
+    fn NtAlpcSetInformation(
+        PortHandle: HANDLE,
+        PortInformationClass: ALPC_PORT_INFORMATION_CLASS,
+        PortInformation: PVOID,
+        Length: ULONG,
+    ) -> NTSTATUS;
+    fn NtAlpcCreatePortSection(
+        PortHandle: HANDLE,
+        Flags: ULONG,
+        SectionHandle: HANDLE,
+        SectionSize: SIZE_T,
+        AlpcSectionHandle: PALPC_HANDLE,
+        ActualSectionSize: PSIZE_T,
+    ) -> NTSTATUS;
+    fn NtAlpcDeletePortSection(
+        PortHandle: HANDLE,
+        Flags: ULONG,
+        SectionHandle: ALPC_HANDLE,
+    ) -> NTSTATUS;
+    fn NtAlpcCreateResourceReserve(
+        PortHandle: HANDLE,
+        Flags: ULONG,
+        MessageSize: SIZE_T,
+        ResourceId: PALPC_HANDLE,
+    ) -> NTSTATUS;
+    fn NtAlpcDeleteResourceReserve(
+        PortHandle: HANDLE,
+        Flags: ULONG,
+        ResourceId: ALPC_HANDLE,
+    ) -> NTSTATUS;
+    fn NtAlpcCreateSectionView(
+        PortHandle: HANDLE,
+        Flags: ULONG,
+        ViewAttributes: PALPC_DATA_VIEW_ATTR,
+    ) -> NTSTATUS;
+    fn NtAlpcDeleteSectionView(
+        PortHandle: HANDLE,
+        Flags: ULONG,
+        ViewBase: PVOID,
+    ) -> NTSTATUS;
+    fn NtAlpcCreateSecurityContext(
+        PortHandle: HANDLE,
+        Flags: ULONG,
+        SecurityAttribute: PALPC_SECURITY_ATTR,
+    ) -> NTSTATUS;
+    fn NtAlpcDeleteSecurityContext(
+        PortHandle: HANDLE,
+        Flags: ULONG,
+        ContextHandle: ALPC_HANDLE,
+    ) -> NTSTATUS;
+    fn NtAlpcRevokeSecurityContext(
+        PortHandle: HANDLE,
+        Flags: ULONG,
+        ContextHandle: ALPC_HANDLE,
+    ) -> NTSTATUS;
+    fn NtAlpcQueryInformationMessage(
+        PortHandle: HANDLE,
+        PortMessage: PPORT_MESSAGE,
+        MessageInformationClass: ALPC_MESSAGE_INFORMATION_CLASS,
+        MessageInformation: PVOID,
+        Length: ULONG,
+        ReturnLength: PULONG,
+    ) -> NTSTATUS;
+}}
+pub const ALPC_MSGFLG_REPLY_MESSAGE: ULONG = 0x1;
+pub const ALPC_MSGFLG_LPC_MODE: ULONG = 0x2;
+pub const ALPC_MSGFLG_RELEASE_MESSAGE: ULONG = 0x10000;
+pub const ALPC_MSGFLG_SYNC_REQUEST: ULONG = 0x20000;
+pub const ALPC_MSGFLG_WAIT_USER_MODE: ULONG = 0x100000;
+pub const ALPC_MSGFLG_WAIT_ALERTABLE: ULONG = 0x200000;
+pub const ALPC_MSGFLG_WOW64_CALL: ULONG = 0x80000000;
+EXTERN!{extern "system" {
+    fn NtAlpcConnectPort(
+        PortHandle: PHANDLE,
+        PortName: PUNICODE_STRING,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        PortAttributes: PALPC_PORT_ATTRIBUTES,
+        Flags: ULONG,
+        RequiredServerSid: PSID,
+        ConnectionMessage: PPORT_MESSAGE,
+        BufferLength: PULONG,
+        OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+        InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+        Timeout: PLARGE_INTEGER,
+    ) -> NTSTATUS;
+    fn NtAlpcConnectPortEx(
+        PortHandle: PHANDLE,
+        ConnectionPortObjectAttributes: POBJECT_ATTRIBUTES,
+        ClientPortObjectAttributes: POBJECT_ATTRIBUTES,
+        PortAttributes: PALPC_PORT_ATTRIBUTES,
+        Flags: ULONG,
+        ServerSecurityRequirements: PSECURITY_DESCRIPTOR,
+        ConnectionMessage: PPORT_MESSAGE,
+        BufferLength: PSIZE_T,
+        OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+        InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+        Timeout: PLARGE_INTEGER,
+    ) -> NTSTATUS;
+    fn NtAlpcAcceptConnectPort(
+        PortHandle: PHANDLE,
+        ConnectionPortHandle: HANDLE,
+        Flags: ULONG,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        PortAttributes: PALPC_PORT_ATTRIBUTES,
+        PortContext: PVOID,
+        ConnectionRequest: PPORT_MESSAGE,
+        ConnectionMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+        AcceptConnection: BOOLEAN,
+    ) -> NTSTATUS;
+    fn NtAlpcSendWaitReceivePort(
+        PortHandle: HANDLE,
+        Flags: ULONG,
+        SendMessageA: PPORT_MESSAGE,
+        SendMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+        ReceiveMessage: PPORT_MESSAGE,
+        BufferLength: PSIZE_T,
+        ReceiveMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+        Timeout: PLARGE_INTEGER,
+    ) -> NTSTATUS;
+}}
+pub const ALPC_CANCELFLG_TRY_CANCEL: ULONG = 0x1;
+pub const ALPC_CANCELFLG_NO_CONTEXT_CHECK: ULONG = 0x8;
+pub const ALPC_CANCELFLGP_FLUSH: ULONG = 0x10000;
+EXTERN!{extern "system" {
+    fn NtAlpcCancelMessage(
+        PortHandle: HANDLE,
+        Flags: ULONG,
+        MessageContext: PALPC_CONTEXT_ATTR,
+    ) -> NTSTATUS;
+    fn NtAlpcImpersonateClientOfPort(
+        PortHandle: HANDLE,
+        Message: PPORT_MESSAGE,
+        Flags: PVOID,
+    ) -> NTSTATUS;
+    fn NtAlpcImpersonateClientContainerOfPort(
+        PortHandle: HANDLE,
+        Message: PPORT_MESSAGE,
+        Flags: ULONG,
+    ) -> NTSTATUS;
+    fn NtAlpcOpenSenderProcess(
+        ProcessHandle: PHANDLE,
+        PortHandle: HANDLE,
+        PortMessage: PPORT_MESSAGE,
+        Flags: ULONG,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+    ) -> NTSTATUS;
+    fn NtAlpcOpenSenderThread(
+        ThreadHandle: PHANDLE,
+        PortHandle: HANDLE,
+        PortMessage: PPORT_MESSAGE,
+        Flags: ULONG,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+    ) -> NTSTATUS;
+    fn AlpcMaxAllowedMessageLength() -> ULONG;
+    fn AlpcGetHeaderSize(
+        Flags: ULONG,
+    ) -> ULONG;
+    fn AlpcInitializeMessageAttribute(
+        AttributeFlags: ULONG,
+        Buffer: PALPC_MESSAGE_ATTRIBUTES,
+        BufferSize: ULONG,
+        RequiredBufferSize: PULONG,
+    ) -> NTSTATUS;
+    fn AlpcGetMessageAttribute(
+        Buffer: PALPC_MESSAGE_ATTRIBUTES,
+        AttributeFlag: ULONG,
+    ) -> PVOID;
+    fn AlpcRegisterCompletionList(
+        PortHandle: HANDLE,
+        Buffer: PALPC_COMPLETION_LIST_HEADER,
+        Size: ULONG,
+        ConcurrencyCount: ULONG,
+        AttributeFlags: ULONG,
+    ) -> NTSTATUS;
+    fn AlpcUnregisterCompletionList(
+        PortHandle: HANDLE,
+    ) -> NTSTATUS;
+    fn AlpcRundownCompletionList(
+        PortHandle: HANDLE,
+    ) -> NTSTATUS;
+    fn AlpcAdjustCompletionListConcurrencyCount(
+        PortHandle: HANDLE,
+        ConcurrencyCount: ULONG,
+    ) -> NTSTATUS;
+    fn AlpcRegisterCompletionListWorkerThread(
+        CompletionList: PVOID,
+    ) -> BOOLEAN;
+    fn AlpcUnregisterCompletionListWorkerThread(
+        CompletionList: PVOID,
+    ) -> BOOLEAN;
+    fn AlpcGetCompletionListLastMessageInformation(
+        CompletionList: PVOID,
+        LastMessageId: PULONG,
+        LastCallbackId: PULONG,
+    );
+    fn AlpcGetOutstandingCompletionListMessageCount(
+        CompletionList: PVOID,
+    ) -> ULONG;
+    fn AlpcGetMessageFromCompletionList(
+        CompletionList: PVOID,
+        MessageAttributes: *mut PALPC_MESSAGE_ATTRIBUTES,
+    ) -> PPORT_MESSAGE;
+    fn AlpcFreeCompletionListMessage(
+        CompletionList: PVOID,
+        Message: PPORT_MESSAGE,
+    );
+    fn AlpcGetCompletionListMessageAttributes(
+        CompletionList: PVOID,
+        Message: PPORT_MESSAGE,
+    ) -> PALPC_MESSAGE_ATTRIBUTES;
+}}

vendor/ntapi/src/ntmisc.rs

@@ -0,0 +1,42 @@
+use winapi::shared::ntdef::{HANDLE, NTSTATUS, PULONG, PVOID, ULONG};
+use winapi::um::winnt::STANDARD_RIGHTS_ALL;
+pub const FLT_PORT_CONNECT: u32 = 0x0001;
+pub const FLT_PORT_ALL_ACCESS: u32 = FLT_PORT_CONNECT | STANDARD_RIGHTS_ALL;
+ENUM!{enum VDMSERVICECLASS {
+    VdmStartExecution = 0,
+    VdmQueueInterrupt = 1,
+    VdmDelayInterrupt = 2,
+    VdmInitialize = 3,
+    VdmFeatures = 4,
+    VdmSetInt21Handler = 5,
+    VdmQueryDir = 6,
+    VdmPrinterDirectIoOpen = 7,
+    VdmPrinterDirectIoClose = 8,
+    VdmPrinterInitialize = 9,
+    VdmSetLdtEntries = 10,
+    VdmSetProcessLdtInfo = 11,
+    VdmAdlibEmulation = 12,
+    VdmPMCliControl = 13,
+    VdmQueryVdmProcess = 14,
+}}
+pub type PVDMSERVICECLASS = *mut VDMSERVICECLASS;
+EXTERN!{extern "system" {
+    fn NtVdmControl(
+        Service: VDMSERVICECLASS,
+        ServiceData: PVOID,
+    ) -> NTSTATUS;
+    fn NtTraceEvent(
+        TraceHandle: HANDLE,
+        Flags: ULONG,
+        FieldSize: ULONG,
+        Fields: PVOID,
+    ) -> NTSTATUS;
+    fn NtTraceControl(
+        FunctionCode: ULONG,
+        InBuffer: PVOID,
+        InBufferLen: ULONG,
+        OutBuffer: PVOID,
+        OutBufferLen: ULONG,
+        ReturnLength: PULONG,
+    ) -> NTSTATUS;
+}}

vendor/ntapi/src/ntmmapi.rs

@@ -0,0 +1,630 @@
+use crate::winapi_local::um::winnt::PMEM_EXTENDED_PARAMETER;
+use winapi::shared::basetsd::{PSIZE_T, PULONG_PTR, SIZE_T, ULONG_PTR};
+use winapi::shared::ntdef::{
+    BOOLEAN, HANDLE, LARGE_INTEGER, NTSTATUS, PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES, PULONG,
+    PUNICODE_STRING, PVOID, UCHAR, ULONG, ULONGLONG, UNICODE_STRING, USHORT,
+};
+use winapi::um::winnt::{
+    ACCESS_MASK, PCFG_CALL_TARGET_INFO, STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE,
+};
+ENUM!{enum MEMORY_INFORMATION_CLASS {
+    MemoryBasicInformation = 0,
+    MemoryWorkingSetInformation = 1,
+    MemoryMappedFilenameInformation = 2,
+    MemoryRegionInformation = 3,
+    MemoryWorkingSetExInformation = 4,
+    MemorySharedCommitInformation = 5,
+    MemoryImageInformation = 6,
+    MemoryRegionInformationEx = 7,
+    MemoryPrivilegedBasicInformation = 8,
+    MemoryEnclaveImageInformation = 9,
+    MemoryBasicInformationCapped = 10,
+}}
+STRUCT!{struct MEMORY_WORKING_SET_BLOCK {
+    Bitfields: ULONG_PTR,
+}}
+#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
+BITFIELD!{MEMORY_WORKING_SET_BLOCK Bitfields: ULONG_PTR [
+    Protection set_Protection[0..5],
+    ShareCount set_ShareCount[5..8],
+    Shared set_Shared[8..9],
+    Node set_Node[9..12],
+    VirtualPage set_VirtualPage[12..64],
+]}
+#[cfg(target_arch = "x86")]
+BITFIELD!{MEMORY_WORKING_SET_BLOCK Bitfields: ULONG_PTR [
+    Protection set_Protection[0..5],
+    ShareCount set_ShareCount[5..8],
+    Shared set_Shared[8..9],
+    Node set_Node[9..12],
+    VirtualPage set_VirtualPage[12..32],
+]}
+pub type PMEMORY_WORKING_SET_BLOCK = *mut MEMORY_WORKING_SET_BLOCK;
+STRUCT!{struct MEMORY_WORKING_SET_INFORMATION {
+    NumberOfEntries: ULONG_PTR,
+    WorkingSetInfo: [MEMORY_WORKING_SET_BLOCK; 1],
+}}
+pub type PMEMORY_WORKING_SET_INFORMATION = *mut MEMORY_WORKING_SET_INFORMATION;
+STRUCT!{struct MEMORY_REGION_INFORMATION {
+    AllocationBase: PVOID,
+    AllocationProtect: ULONG,
+    RegionType: ULONG,
+    RegionSize: SIZE_T,
+    CommitSize: SIZE_T,
+}}
+BITFIELD!{MEMORY_REGION_INFORMATION RegionType: ULONG [
+    Private set_Private[0..1],
+    MappedDataFile set_MappedDataFile[1..2],
+    MappedImage set_MappedImage[2..3],
+    MappedPageFile set_MappedPageFile[3..4],
+    MappedPhysical set_MappedPhysical[4..5],
+    DirectMapped set_DirectMapped[5..6],
+    SoftwareEnclave set_SoftwareEnclave[6..7],
+    PageSize64K set_PageSize64K[7..8],
+    PlaceholderReservation set_PlaceholderReservation[8..9],
+    Reserved set_Reserved[9..32],
+]}
+pub type PMEMORY_REGION_INFORMATION = *mut MEMORY_REGION_INFORMATION;
+ENUM!{enum MEMORY_WORKING_SET_EX_LOCATION {
+    MemoryLocationInvalid = 0,
+    MemoryLocationResident = 1,
+    MemoryLocationPagefile = 2,
+    MemoryLocationReserved = 3,
+}}
+UNION!{union MEMORY_WORKING_SET_EX_BLOCK_u {
+    Bitfields: ULONG_PTR,
+    Invalid: ULONG_PTR,
+}}
+STRUCT!{struct MEMORY_WORKING_SET_EX_BLOCK {
+    u: MEMORY_WORKING_SET_EX_BLOCK_u,
+}}
+#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
+BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Bitfields: ULONG_PTR [
+    Valid set_Valid[0..1],
+    ShareCount set_ShareCount[1..4],
+    Win32Protection set_Win32Protection[4..15],
+    Shared set_Shared[15..16],
+    Node set_Node[16..22],
+    Locked set_Locked[22..23],
+    LargePage set_LargePage[23..24],
+    Priority set_Priority[24..27],
+    Reserved set_Reserved[27..30],
+    SharedOriginal set_SharedOriginal[30..31],
+    Bad set_Bad[31..32],
+    ReservedUlong set_ReservedUlong[32..64],
+]}
+#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
+BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Invalid: ULONG_PTR [
+    Invalid_Valid set_Invalid_Valid[0..1],
+    Invalid_Reserved0 set_Invalid_Reserved0[1..15],
+    Invalid_Shared set_Invalid_Shared[15..16],
+    Invalid_Reserved1 set_Invalid_Reserved1[16..21],
+    Invalid_PageTable set_Invalid_PageTable[21..22],
+    Invalid_Location set_Invalid_Location[22..24],
+    Invalid_Priority set_Invalid_Priority[24..27],
+    Invalid_ModifiedList set_Invalid_ModifiedList[27..28],
+    Invalid_Reserved2 set_Invalid_Reserved2[28..30],
+    Invalid_SharedOriginal set_Invalid_SharedOriginal[30..31],
+    Invalid_Bad set_Invalid_Bad[31..32],
+    Invalid_ReservedUlong set_Invalid_ReservedUlong[32..64],
+]}
+#[cfg(target_arch = "x86")]
+BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Bitfields: ULONG_PTR [
+    Valid set_Valid[0..1],
+    ShareCount set_ShareCount[1..4],
+    Win32Protection set_Win32Protection[4..15],
+    Shared set_Shared[15..16],
+    Node set_Node[16..22],
+    Locked set_Locked[22..23],
+    LargePage set_LargePage[23..24],
+    Priority set_Priority[24..27],
+    Reserved set_Reserved[27..30],
+    SharedOriginal set_SharedOriginal[30..31],
+    Bad set_Bad[31..32],
+]}
+#[cfg(target_arch = "x86")]
+BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Invalid: ULONG_PTR [
+    Invalid_Valid set_Invalid_Valid[0..1],
+    Invalid_Reserved0 set_Invalid_Reserved0[1..15],
+    Invalid_Shared set_Invalid_Shared[15..16],
+    Invalid_Reserved1 set_Invalid_Reserved1[16..21],
+    Invalid_PageTable set_Invalid_PageTable[21..22],
+    Invalid_Location set_Invalid_Location[22..24],
+    Invalid_Priority set_Invalid_Priority[24..27],
+    Invalid_ModifiedList set_Invalid_ModifiedList[27..28],
+    Invalid_Reserved2 set_Invalid_Reserved2[28..30],
+    Invalid_SharedOriginal set_Invalid_SharedOriginal[30..31],
+    Invalid_Bad set_Invalid_Bad[31..32],
+]}
+pub type PMEMORY_WORKING_SET_EX_BLOCK = *mut MEMORY_WORKING_SET_EX_BLOCK;
+STRUCT!{struct MEMORY_WORKING_SET_EX_INFORMATION {
+    VirtualAddress: PVOID,
+    VirtualAttributes: MEMORY_WORKING_SET_EX_BLOCK,
+}}
+pub type PMEMORY_WORKING_SET_EX_INFORMATION = *mut MEMORY_WORKING_SET_EX_INFORMATION;
+STRUCT!{struct MEMORY_SHARED_COMMIT_INFORMATION {
+    CommitSize: SIZE_T,
+}}
+pub type PMEMORY_SHARED_COMMIT_INFORMATION = *mut MEMORY_SHARED_COMMIT_INFORMATION;
+STRUCT!{struct MEMORY_IMAGE_INFORMATION {
+    ImageBase: PVOID,
+    SizeOfImage: SIZE_T,
+    ImageFlags: ULONG,
+}}
+BITFIELD!{MEMORY_IMAGE_INFORMATION ImageFlags: ULONG [
+    ImagePartialMap set_ImagePartialMap[0..1],
+    ImageNotExecutable set_ImageNotExecutable[1..2],
+    ImageSigningLevel set_ImageSigningLevel[2..6],
+    Reserved set_Reserved[6..32],
+]}
+pub type PMEMORY_IMAGE_INFORMATION = *mut MEMORY_IMAGE_INFORMATION;
+STRUCT!{struct MEMORY_ENCLAVE_IMAGE_INFORMATION {
+    ImageInfo: MEMORY_IMAGE_INFORMATION,
+    UniqueID: [UCHAR; 32],
+    AuthorID: [UCHAR; 32],
+}}
+pub type PMEMORY_ENCLAVE_IMAGE_INFORMATION = *mut MEMORY_ENCLAVE_IMAGE_INFORMATION;
+pub const MMPFNLIST_ZERO: u32 = 0;
+pub const MMPFNLIST_FREE: u32 = 1;
+pub const MMPFNLIST_STANDBY: u32 = 2;
+pub const MMPFNLIST_MODIFIED: u32 = 3;
+pub const MMPFNLIST_MODIFIEDNOWRITE: u32 = 4;
+pub const MMPFNLIST_BAD: u32 = 5;
+pub const MMPFNLIST_ACTIVE: u32 = 6;
+pub const MMPFNLIST_TRANSITION: u32 = 7;
+pub const MMPFNUSE_PROCESSPRIVATE: u32 = 0;
+pub const MMPFNUSE_FILE: u32 = 1;
+pub const MMPFNUSE_PAGEFILEMAPPED: u32 = 2;
+pub const MMPFNUSE_PAGETABLE: u32 = 3;
+pub const MMPFNUSE_PAGEDPOOL: u32 = 4;
+pub const MMPFNUSE_NONPAGEDPOOL: u32 = 5;
+pub const MMPFNUSE_SYSTEMPTE: u32 = 6;
+pub const MMPFNUSE_SESSIONPRIVATE: u32 = 7;
+pub const MMPFNUSE_METAFILE: u32 = 8;
+pub const MMPFNUSE_AWEPAGE: u32 = 9;
+pub const MMPFNUSE_DRIVERLOCKPAGE: u32 = 10;
+pub const MMPFNUSE_KERNELSTACK: u32 = 11;
+STRUCT!{struct MEMORY_FRAME_INFORMATION {
+    Bitfields: ULONGLONG,
+}}
+BITFIELD!{MEMORY_FRAME_INFORMATION Bitfields: ULONGLONG [
+    UseDescription set_UseDescription[0..4],
+    ListDescription set_ListDescription[4..7],
+    Reserved0 set_Reserved0[7..8],
+    Pinned set_Pinned[8..9],
+    DontUse set_DontUse[9..57],
+    Priority set_Priority[57..60],
+    Reserved set_Reserved[60..64],
+]}
+STRUCT!{struct FILEOFFSET_INFORMATION {
+    Bitfields: ULONGLONG,
+}}
+BITFIELD!{FILEOFFSET_INFORMATION Bitfields: ULONGLONG [
+    DontUse set_DontUse[0..9],
+    Offset set_Offset[9..57],
+    Reserved set_Reserved[57..64],
+]}
+STRUCT!{struct PAGEDIR_INFORMATION {
+    Bitfields: ULONGLONG,
+}}
+BITFIELD!{PAGEDIR_INFORMATION Bitfields: ULONGLONG [
+    DontUse set_DontUse[0..9],
+    PageDirectoryBase set_PageDirectoryBase[9..57],
+    Reserved set_Reserved[57..64],
+]}
+STRUCT!{struct UNIQUE_PROCESS_INFORMATION {
+    Bitfields: ULONGLONG,
+}}
+BITFIELD!{UNIQUE_PROCESS_INFORMATION Bitfields: ULONGLONG [
+    DontUse set_DontUse[0..9],
+    UniqueProcessKey set_UniqueProcessKey[9..57],
+    Reserved set_Reserved[57..64],
+]}
+pub type PUNIQUE_PROCESS_INFORMATION = *mut UNIQUE_PROCESS_INFORMATION;
+UNION!{union MMPFN_IDENTITY_u1 {
+    e1: MEMORY_FRAME_INFORMATION,
+    e2: FILEOFFSET_INFORMATION,
+    e3: PAGEDIR_INFORMATION,
+    e4: UNIQUE_PROCESS_INFORMATION,
+}}
+UNION!{union MMPFN_IDENTITY_u2 {
+    e1: ULONG_PTR,
+    e2_CombinedPage: ULONG_PTR,
+    FileObject: ULONG_PTR,
+    UniqueFileObjectKey: ULONG_PTR,
+    ProtoPteAddress: ULONG_PTR,
+    VirtualAddress: ULONG_PTR,
+}}
+STRUCT!{struct MMPFN_IDENTITY {
+    u1: MMPFN_IDENTITY_u1,
+    PageFrameIndex: ULONG_PTR,
+    u2: MMPFN_IDENTITY_u2,
+}}
+BITFIELD!{unsafe MMPFN_IDENTITY_u2 e1: ULONG_PTR [
+    Image set_Image[0..1],
+    Mismatch set_Mismatch[1..2],
+]}
+pub type PMMPFN_IDENTITY = *mut MMPFN_IDENTITY;
+STRUCT!{struct MMPFN_MEMSNAP_INFORMATION {
+    InitialPageFrameIndex: ULONG_PTR,
+    Count: ULONG_PTR,
+}}
+pub type PMMPFN_MEMSNAP_INFORMATION = *mut MMPFN_MEMSNAP_INFORMATION;
+ENUM!{enum SECTION_INFORMATION_CLASS {
+    SectionBasicInformation = 0,
+    SectionImageInformation = 1,
+    SectionRelocationInformation = 2,
+    SectionOriginalBaseInformation = 3,
+    SectionInternalImageInformation = 4,
+    MaxSectionInfoClass = 5,
+}}
+STRUCT!{struct SECTION_BASIC_INFORMATION {
+    BaseAddress: PVOID,
+    AllocationAttributes: ULONG,
+    MaximumSize: LARGE_INTEGER,
+}}
+pub type PSECTION_BASIC_INFORMATION = *mut SECTION_BASIC_INFORMATION;
+STRUCT!{struct SECTION_IMAGE_INFORMATION_u1_s {
+    SubSystemMinorVersion: USHORT,
+    SubSystemMajorVersion: USHORT,
+}}
+UNION!{union SECTION_IMAGE_INFORMATION_u1 {
+    s: SECTION_IMAGE_INFORMATION_u1_s,
+    SubSystemVersion: ULONG,
+}}
+STRUCT!{struct SECTION_IMAGE_INFORMATION_u2_s {
+    MajorOperatingSystemVersion: USHORT,
+    MinorOperatingSystemVersion: USHORT,
+}}
+UNION!{union SECTION_IMAGE_INFORMATION_u2 {
+    s: SECTION_IMAGE_INFORMATION_u2_s,
+    OperatingSystemVersion: ULONG,
+}}
+STRUCT!{struct SECTION_IMAGE_INFORMATION {
+    TransferAddress: PVOID,
+    ZeroBits: ULONG,
+    MaximumStackSize: SIZE_T,
+    CommittedStackSize: SIZE_T,
+    SubSystemType: ULONG,
+    u1: SECTION_IMAGE_INFORMATION_u1,
+    u2: SECTION_IMAGE_INFORMATION_u2,
+    ImageCharacteristics: USHORT,
+    DllCharacteristics: USHORT,
+    Machine: USHORT,
+    ImageContainsCode: BOOLEAN,
+    ImageFlags: UCHAR,
+    LoaderFlags: ULONG,
+    ImageFileSize: ULONG,
+    CheckSum: ULONG,
+}}
+BITFIELD!{SECTION_IMAGE_INFORMATION ImageFlags: UCHAR [
+    ComPlusNativeReady set_ComPlusNativeReady[0..1],
+    ComPlusILOnly set_ComPlusILOnly[1..2],
+    ImageDynamicallyRelocated set_ImageDynamicallyRelocated[2..3],
+    ImageMappedFlat set_ImageMappedFlat[3..4],
+    BaseBelow4gb set_BaseBelow4gb[4..5],
+    ComPlusPrefer32bit set_ComPlusPrefer32bit[5..6],
+    Reserved set_Reserved[6..8],
+]}
+pub type PSECTION_IMAGE_INFORMATION = *mut SECTION_IMAGE_INFORMATION;
+STRUCT!{struct SECTION_INTERNAL_IMAGE_INFORMATION {
+    SectionInformation: SECTION_IMAGE_INFORMATION,
+    ExtendedFlags: ULONG,
+}}
+BITFIELD!{SECTION_INTERNAL_IMAGE_INFORMATION ExtendedFlags: ULONG [
+    ImageExportSuppressionEnabled set_ImageExportSuppressionEnabled[0..1],
+    Reserved set_Reserved[1..32],
+]}
+pub type PSECTION_INTERNAL_IMAGE_INFORMATION = *mut SECTION_INTERNAL_IMAGE_INFORMATION;
+ENUM!{enum SECTION_INHERIT {
+    ViewShare = 1,
+    ViewUnmap = 2,
+}}
+pub const SEC_BASED: u32 = 0x200000;
+pub const SEC_NO_CHANGE: u32 = 0x400000;
+pub const SEC_GLOBAL: u32 = 0x20000000;
+pub const MEM_EXECUTE_OPTION_DISABLE: u32 = 0x1;
+pub const MEM_EXECUTE_OPTION_ENABLE: u32 = 0x2;
+pub const MEM_EXECUTE_OPTION_DISABLE_THUNK_EMULATION: u32 = 0x4;
+pub const MEM_EXECUTE_OPTION_PERMANENT: u32 = 0x8;
+pub const MEM_EXECUTE_OPTION_EXECUTE_DISPATCH_ENABLE: u32 = 0x10;
+pub const MEM_EXECUTE_OPTION_IMAGE_DISPATCH_ENABLE: u32 = 0x20;
+pub const MEM_EXECUTE_OPTION_VALID_FLAGS: u32 = 0x3f;
+EXTERN!{extern "system" {
+    fn NtAllocateVirtualMemory(
+        ProcessHandle: HANDLE,
+        BaseAddress: *mut PVOID,
+        ZeroBits: ULONG_PTR,
+        RegionSize: PSIZE_T,
+        AllocationType: ULONG,
+        Protect: ULONG,
+    ) -> NTSTATUS;
+    fn NtFreeVirtualMemory(
+        ProcessHandle: HANDLE,
+        BaseAddress: *mut PVOID,
+        RegionSize: PSIZE_T,
+        FreeType: ULONG,
+    ) -> NTSTATUS;
+    fn NtReadVirtualMemory(
+        ProcessHandle: HANDLE,
+        BaseAddress: PVOID,
+        Buffer: PVOID,
+        BufferSize: SIZE_T,
+        NumberOfBytesRead: PSIZE_T,
+    ) -> NTSTATUS;
+    fn NtWriteVirtualMemory(
+        ProcessHandle: HANDLE,
+        BaseAddress: PVOID,
+        Buffer: PVOID,
+        BufferSize: SIZE_T,
+        NumberOfBytesWritten: PSIZE_T,
+    ) -> NTSTATUS;
+    fn NtProtectVirtualMemory(
+        ProcessHandle: HANDLE,
+        BaseAddress: *mut PVOID,
+        RegionSize: PSIZE_T,
+        NewProtect: ULONG,
+        OldProtect: PULONG,
+    ) -> NTSTATUS;
+    fn NtQueryVirtualMemory(
+        ProcessHandle: HANDLE,
+        BaseAddress: PVOID,
+        MemoryInformationClass: MEMORY_INFORMATION_CLASS,
+        MemoryInformation: PVOID,
+        MemoryInformationLength: SIZE_T,
+        ReturnLength: PSIZE_T,
+    ) -> NTSTATUS;
+}}
+ENUM!{enum VIRTUAL_MEMORY_INFORMATION_CLASS {
+    VmPrefetchInformation = 0,
+    VmPagePriorityInformation = 1,
+    VmCfgCallTargetInformation = 2,
+    VmPageDirtyStateInformation = 3,
+}}
+STRUCT!{struct MEMORY_RANGE_ENTRY {
+    VirtualAddress: PVOID,
+    NumberOfBytes: SIZE_T,
+}}
+pub type PMEMORY_RANGE_ENTRY = *mut MEMORY_RANGE_ENTRY;
+STRUCT!{struct CFG_CALL_TARGET_LIST_INFORMATION {
+    NumberOfEntries: ULONG,
+    Reserved: ULONG,
+    NumberOfEntriesProcessed: PULONG,
+    CallTargetInfo: PCFG_CALL_TARGET_INFO,
+    Section: PVOID,
+    FileOffset: ULONGLONG,
+}}
+pub type PCFG_CALL_TARGET_LIST_INFORMATION = *mut CFG_CALL_TARGET_LIST_INFORMATION;
+EXTERN!{extern "system" {
+    fn NtSetInformationVirtualMemory(
+        ProcessHandle: HANDLE,
+        VmInformationClass: VIRTUAL_MEMORY_INFORMATION_CLASS,
+        NumberOfEntries: ULONG_PTR,
+        VirtualAddresses: PMEMORY_RANGE_ENTRY,
+        VmInformation: PVOID,
+        VmInformationLength: ULONG,
+    ) -> NTSTATUS;
+    fn NtLockVirtualMemory(
+        ProcessHandle: HANDLE,
+        BaseAddress: *mut PVOID,
+        RegionSize: PSIZE_T,
+        MapType: ULONG,
+    ) -> NTSTATUS;
+    fn NtUnlockVirtualMemory(
+        ProcessHandle: HANDLE,
+        BaseAddress: *mut PVOID,
+        RegionSize: PSIZE_T,
+        MapType: ULONG,
+    ) -> NTSTATUS;
+    fn NtCreateSection(
+        SectionHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        MaximumSize: PLARGE_INTEGER,
+        SectionPageProtection: ULONG,
+        AllocationAttributes: ULONG,
+        FileHandle: HANDLE,
+    ) -> NTSTATUS;
+    fn NtCreateSectionEx(
+        SectionHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        MaximumSize: PLARGE_INTEGER,
+        SectionPageProtection: ULONG,
+        AllocationAttributes: ULONG,
+        FileHandle: HANDLE,
+        ExtendedParameters: PMEM_EXTENDED_PARAMETER,
+        ExtendedParameterCount: ULONG,
+    ) -> NTSTATUS;
+    fn NtOpenSection(
+        SectionHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+    ) -> NTSTATUS;
+    fn NtMapViewOfSection(
+        SectionHandle: HANDLE,
+        ProcessHandle: HANDLE,
+        BaseAddress: *mut PVOID,
+        ZeroBits: ULONG_PTR,
+        CommitSize: SIZE_T,
+        SectionOffset: PLARGE_INTEGER,
+        ViewSize: PSIZE_T,
+        InheritDisposition: SECTION_INHERIT,
+        AllocationType: ULONG,
+        Win32Protect: ULONG,
+    ) -> NTSTATUS;
+    fn NtUnmapViewOfSection(
+        ProcessHandle: HANDLE,
+        BaseAddress: PVOID,
+    ) -> NTSTATUS;
+    fn NtUnmapViewOfSectionEx(
+        ProcessHandle: HANDLE,
+        BaseAddress: PVOID,
+        Flags: ULONG,
+    ) -> NTSTATUS;
+    fn NtExtendSection(
+        SectionHandle: HANDLE,
+        NewSectionSize: PLARGE_INTEGER,
+    ) -> NTSTATUS;
+    fn NtQuerySection(
+        SectionHandle: HANDLE,
+        SectionInformationClass: SECTION_INFORMATION_CLASS,
+        SectionInformation: PVOID,
+        SectionInformationLength: SIZE_T,
+        ReturnLength: PSIZE_T,
+    ) -> NTSTATUS;
+    fn NtAreMappedFilesTheSame(
+        File1MappedAsAnImage: PVOID,
+        File2MappedAsFile: PVOID,
+    ) -> NTSTATUS;
+}}
+pub const MEMORY_PARTITION_QUERY_ACCESS: u32 = 0x0001;
+pub const MEMORY_PARTITION_MODIFY_ACCESS: u32 = 0x0002;
+pub const MEMORY_PARTITION_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE
+    | MEMORY_PARTITION_QUERY_ACCESS | MEMORY_PARTITION_MODIFY_ACCESS;
+ENUM!{enum MEMORY_PARTITION_INFORMATION_CLASS {
+    SystemMemoryPartitionInformation = 0,
+    SystemMemoryPartitionMoveMemory = 1,
+    SystemMemoryPartitionAddPagefile = 2,
+    SystemMemoryPartitionCombineMemory = 3,
+    SystemMemoryPartitionInitialAddMemory = 4,
+    SystemMemoryPartitionGetMemoryEvents = 5,
+    SystemMemoryPartitionMax = 6,
+}}
+STRUCT!{struct MEMORY_PARTITION_CONFIGURATION_INFORMATION {
+    Flags: ULONG,
+    NumaNode: ULONG,
+    Channel: ULONG,
+    NumberOfNumaNodes: ULONG,
+    ResidentAvailablePages: ULONG_PTR,
+    CommittedPages: ULONG_PTR,
+    CommitLimit: ULONG_PTR,
+    PeakCommitment: ULONG_PTR,
+    TotalNumberOfPages: ULONG_PTR,
+    AvailablePages: ULONG_PTR,
+    ZeroPages: ULONG_PTR,
+    FreePages: ULONG_PTR,
+    StandbyPages: ULONG_PTR,
+    StandbyPageCountByPriority: [ULONG_PTR; 8],
+    RepurposedPagesByPriority: [ULONG_PTR; 8],
+    MaximumCommitLimit: ULONG_PTR,
+    DonatedPagesToPartitions: ULONG_PTR,
+    PartitionId: ULONG,
+}}
+pub type PMEMORY_PARTITION_CONFIGURATION_INFORMATION =
+    *mut MEMORY_PARTITION_CONFIGURATION_INFORMATION;
+STRUCT!{struct MEMORY_PARTITION_TRANSFER_INFORMATION {
+    NumberOfPages: ULONG_PTR,
+    NumaNode: ULONG,
+    Flags: ULONG,
+}}
+pub type PMEMORY_PARTITION_TRANSFER_INFORMATION = *mut MEMORY_PARTITION_TRANSFER_INFORMATION;
+STRUCT!{struct MEMORY_PARTITION_PAGEFILE_INFORMATION {
+    PageFileName: UNICODE_STRING,
+    MinimumSize: LARGE_INTEGER,
+    MaximumSize: LARGE_INTEGER,
+    Flags: ULONG,
+}}
+pub type PMEMORY_PARTITION_PAGEFILE_INFORMATION = *mut MEMORY_PARTITION_PAGEFILE_INFORMATION;
+STRUCT!{struct MEMORY_PARTITION_PAGE_COMBINE_INFORMATION {
+    StopHandle: HANDLE,
+    Flags: ULONG,
+    TotalNumberOfPages: ULONG_PTR,
+}}
+pub type PMEMORY_PARTITION_PAGE_COMBINE_INFORMATION =
+    *mut MEMORY_PARTITION_PAGE_COMBINE_INFORMATION;
+STRUCT!{struct MEMORY_PARTITION_PAGE_RANGE {
+    StartPage: ULONG_PTR,
+    NumberOfPages: ULONG_PTR,
+}}
+pub type PMEMORY_PARTITION_PAGE_RANGE = *mut MEMORY_PARTITION_PAGE_RANGE;
+STRUCT!{struct MEMORY_PARTITION_INITIAL_ADD_INFORMATION {
+    Flags: ULONG,
+    NumberOfRanges: ULONG,
+    NumberOfPagesAdded: ULONG_PTR,
+    PartitionRanges: [MEMORY_PARTITION_PAGE_RANGE; 1],
+}}
+pub type PMEMORY_PARTITION_INITIAL_ADD_INFORMATION = *mut MEMORY_PARTITION_INITIAL_ADD_INFORMATION;
+STRUCT!{struct MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION {
+    Flags: ULONG,
+    HandleAttributes: ULONG,
+    DesiredAccess: ULONG,
+    LowCommitCondition: HANDLE,
+    HighCommitCondition: HANDLE,
+    MaximumCommitCondition: HANDLE,
+}}
+BITFIELD!{MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION Flags: ULONG [
+    CommitEvents set_CommitEvents[0..1],
+    Spare set_Spare[1..32],
+]}
+pub type PMEMORY_PARTITION_MEMORY_EVENTS_INFORMATION =
+    *mut MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION;
+EXTERN!{extern "system" {
+    fn NtCreatePartition(
+        PartitionHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        PreferredNode: ULONG,
+    ) -> NTSTATUS;
+    fn NtOpenPartition(
+        PartitionHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+    ) -> NTSTATUS;
+    fn NtManagePartition(
+        PartitionInformationClass: MEMORY_PARTITION_INFORMATION_CLASS,
+        PartitionInformation: PVOID,
+        PartitionInformationLength: ULONG,
+    ) -> NTSTATUS;
+    fn NtMapUserPhysicalPages(
+        VirtualAddress: PVOID,
+        NumberOfPages: ULONG_PTR,
+        UserPfnArray: PULONG_PTR,
+    ) -> NTSTATUS;
+    fn NtMapUserPhysicalPagesScatter(
+        VirtualAddresses: *mut PVOID,
+        NumberOfPages: ULONG_PTR,
+        UserPfnArray: PULONG_PTR,
+    ) -> NTSTATUS;
+    fn NtAllocateUserPhysicalPages(
+        ProcessHandle: HANDLE,
+        NumberOfPages: PULONG_PTR,
+        UserPfnArray: PULONG_PTR,
+    ) -> NTSTATUS;
+    fn NtFreeUserPhysicalPages(
+        ProcessHandle: HANDLE,
+        NumberOfPages: PULONG_PTR,
+        UserPfnArray: PULONG_PTR,
+    ) -> NTSTATUS;
+    fn NtOpenSession(
+        SessionHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+    ) -> NTSTATUS;
+    fn NtGetWriteWatch(
+        ProcessHandle: HANDLE,
+        Flags: ULONG,
+        BaseAddress: PVOID,
+        RegionSize: SIZE_T,
+        UserAddressArray: *mut PVOID,
+        EntriesInUserAddressArray: PULONG_PTR,
+        Granularity: PULONG,
+    ) -> NTSTATUS;
+    fn NtResetWriteWatch(
+        ProcessHandle: HANDLE,
+        BaseAddress: PVOID,
+        RegionSize: SIZE_T,
+    ) -> NTSTATUS;
+    fn NtCreatePagingFile(
+        PageFileName: PUNICODE_STRING,
+        MinimumSize: PLARGE_INTEGER,
+        MaximumSize: PLARGE_INTEGER,
+        Priority: ULONG,
+    ) -> NTSTATUS;
+    fn NtFlushInstructionCache(
+        ProcessHandle: HANDLE,
+        BaseAddress: PVOID,
+        Length: SIZE_T,
+    ) -> NTSTATUS;
+    fn NtFlushWriteBuffer() -> NTSTATUS;
+}}

vendor/ntapi/src/ntnls.rs

@@ -0,0 +1,29 @@
+use winapi::shared::ntdef::{BOOLEAN, PUSHORT, PVOID, UCHAR, USHORT};
+pub const MAXIMUM_LEADBYTES: usize = 12;
+STRUCT!{struct CPTABLEINFO {
+    CodePage: USHORT,
+    MaximumCharacterSize: USHORT,
+    DefaultChar: USHORT,
+    UniDefaultChar: USHORT,
+    TransDefaultChar: USHORT,
+    TransUniDefaultChar: USHORT,
+    DBCSCodePage: USHORT,
+    LeadByte: [UCHAR; MAXIMUM_LEADBYTES],
+    MultiByteTable: PUSHORT,
+    WideCharTable: PVOID,
+    DBCSRanges: PUSHORT,
+    DBCSOffsets: PUSHORT,
+}}
+pub type PCPTABLEINFO = *mut CPTABLEINFO;
+STRUCT!{struct NLSTABLEINFO {
+    OemTableInfo: CPTABLEINFO,
+    AnsiTableInfo: CPTABLEINFO,
+    UpperCaseTable: PUSHORT,
+    LowerCaseTable: PUSHORT,
+}}
+pub type PNLSTABLEINFO = *mut NLSTABLEINFO;
+EXTERN!{extern "C" {
+    static mut NlsAnsiCodePage: USHORT;
+    static mut NlsMbCodePageTag: BOOLEAN;
+    static mut NlsMbOemCodePageTag: BOOLEAN;
+}}

vendor/ntapi/src/ntobapi.rs

@@ -0,0 +1,226 @@
+use winapi::shared::ntdef::{
+    BOOLEAN, CHAR, HANDLE, LARGE_INTEGER, LONG, NTSTATUS, PHANDLE, PLARGE_INTEGER,
+    POBJECT_ATTRIBUTES, PULONG, PUNICODE_STRING, PVOID, UCHAR, ULONG, UNICODE_STRING, WAIT_TYPE,
+};
+use winapi::um::winnt::{
+    ACCESS_MASK, GENERIC_MAPPING, PSECURITY_DESCRIPTOR, SECURITY_INFORMATION,
+    STANDARD_RIGHTS_REQUIRED,
+};
+pub const OBJECT_TYPE_CREATE: u32 = 0x0001;
+pub const OBJECT_TYPE_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | 0x1;
+pub const DIRECTORY_QUERY: u32 = 0x0001;
+pub const DIRECTORY_TRAVERSE: u32 = 0x0002;
+pub const DIRECTORY_CREATE_OBJECT: u32 = 0x0004;
+pub const DIRECTORY_CREATE_SUBDIRECTORY: u32 = 0x0008;
+pub const DIRECTORY_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | 0xf;
+pub const SYMBOLIC_LINK_QUERY: u32 = 0x0001;
+pub const SYMBOLIC_LINK_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | 0x1;
+pub const OBJ_PROTECT_CLOSE: u32 = 0x00000001;
+pub const OBJ_INHERIT: u32 = 0x00000002;
+pub const OBJ_AUDIT_OBJECT_CLOSE: u32 = 0x00000004;
+ENUM!{enum OBJECT_INFORMATION_CLASS {
+    ObjectBasicInformation = 0,
+    ObjectNameInformation = 1,
+    ObjectTypeInformation = 2,
+    ObjectTypesInformation = 3,
+    ObjectHandleFlagInformation = 4,
+    ObjectSessionInformation = 5,
+    ObjectSessionObjectInformation = 6,
+    MaxObjectInfoClass = 7,
+}}
+STRUCT!{struct OBJECT_BASIC_INFORMATION {
+    Attributes: ULONG,
+    GrantedAccess: ACCESS_MASK,
+    HandleCount: ULONG,
+    PointerCount: ULONG,
+    PagedPoolCharge: ULONG,
+    NonPagedPoolCharge: ULONG,
+    Reserved: [ULONG; 3],
+    NameInfoSize: ULONG,
+    TypeInfoSize: ULONG,
+    SecurityDescriptorSize: ULONG,
+    CreationTime: LARGE_INTEGER,
+}}
+pub type POBJECT_BASIC_INFORMATION = *mut OBJECT_BASIC_INFORMATION;
+STRUCT!{struct OBJECT_NAME_INFORMATION {
+    Name: UNICODE_STRING,
+}}
+pub type POBJECT_NAME_INFORMATION = *mut OBJECT_NAME_INFORMATION;
+STRUCT!{struct OBJECT_TYPE_INFORMATION {
+    TypeName: UNICODE_STRING,
+    TotalNumberOfObjects: ULONG,
+    TotalNumberOfHandles: ULONG,
+    TotalPagedPoolUsage: ULONG,
+    TotalNonPagedPoolUsage: ULONG,
+    TotalNamePoolUsage: ULONG,
+    TotalHandleTableUsage: ULONG,
+    HighWaterNumberOfObjects: ULONG,
+    HighWaterNumberOfHandles: ULONG,
+    HighWaterPagedPoolUsage: ULONG,
+    HighWaterNonPagedPoolUsage: ULONG,
+    HighWaterNamePoolUsage: ULONG,
+    HighWaterHandleTableUsage: ULONG,
+    InvalidAttributes: ULONG,
+    GenericMapping: GENERIC_MAPPING,
+    ValidAccessMask: ULONG,
+    SecurityRequired: BOOLEAN,
+    MaintainHandleCount: BOOLEAN,
+    TypeIndex: UCHAR,
+    ReservedByte: CHAR,
+    PoolType: ULONG,
+    DefaultPagedPoolCharge: ULONG,
+    DefaultNonPagedPoolCharge: ULONG,
+}}
+pub type POBJECT_TYPE_INFORMATION = *mut OBJECT_TYPE_INFORMATION;
+STRUCT!{struct OBJECT_TYPES_INFORMATION {
+    NumberOfTypes: ULONG,
+}}
+pub type POBJECT_TYPES_INFORMATION = *mut OBJECT_TYPES_INFORMATION;
+STRUCT!{struct OBJECT_HANDLE_FLAG_INFORMATION {
+    Inherit: BOOLEAN,
+    ProtectFromClose: BOOLEAN,
+}}
+pub type POBJECT_HANDLE_FLAG_INFORMATION = *mut OBJECT_HANDLE_FLAG_INFORMATION;
+EXTERN!{extern "system" {
+    fn NtQueryObject(
+        Handle: HANDLE,
+        ObjectInformationClass: OBJECT_INFORMATION_CLASS,
+        ObjectInformation: PVOID,
+        ObjectInformationLength: ULONG,
+        ReturnLength: PULONG,
+    ) -> NTSTATUS;
+    fn NtSetInformationObject(
+        Handle: HANDLE,
+        ObjectInformationClass: OBJECT_INFORMATION_CLASS,
+        ObjectInformation: PVOID,
+        ObjectInformationLength: ULONG,
+    ) -> NTSTATUS;
+}}
+pub const DUPLICATE_CLOSE_SOURCE: u32 = 0x00000001;
+pub const DUPLICATE_SAME_ACCESS: u32 = 0x00000002;
+pub const DUPLICATE_SAME_ATTRIBUTES: u32 = 0x00000004;
+EXTERN!{extern "system" {
+    fn NtDuplicateObject(
+        SourceProcessHandle: HANDLE,
+        SourceHandle: HANDLE,
+        TargetProcessHandle: HANDLE,
+        TargetHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        HandleAttributes: ULONG,
+        Options: ULONG,
+    ) -> NTSTATUS;
+    fn NtMakeTemporaryObject(
+        Handle: HANDLE,
+    ) -> NTSTATUS;
+    fn NtMakePermanentObject(
+        Handle: HANDLE,
+    ) -> NTSTATUS;
+    fn NtSignalAndWaitForSingleObject(
+        SignalHandle: HANDLE,
+        WaitHandle: HANDLE,
+        Alertable: BOOLEAN,
+        Timeout: PLARGE_INTEGER,
+    ) -> NTSTATUS;
+    fn NtWaitForSingleObject(
+        Handle: HANDLE,
+        Alertable: BOOLEAN,
+        Timeout: PLARGE_INTEGER,
+    ) -> NTSTATUS;
+    fn NtWaitForMultipleObjects(
+        Count: ULONG,
+        Handles: *mut HANDLE,
+        WaitType: WAIT_TYPE,
+        Alertable: BOOLEAN,
+        Timeout: PLARGE_INTEGER,
+    ) -> NTSTATUS;
+    fn NtWaitForMultipleObjects32(
+        Count: ULONG,
+        Handles: *mut LONG,
+        WaitType: WAIT_TYPE,
+        Alertable: BOOLEAN,
+        Timeout: PLARGE_INTEGER,
+    ) -> NTSTATUS;
+    fn NtSetSecurityObject(
+        Handle: HANDLE,
+        SecurityInformation: SECURITY_INFORMATION,
+        SecurityDescriptor: PSECURITY_DESCRIPTOR,
+    ) -> NTSTATUS;
+    fn NtQuerySecurityObject(
+        Handle: HANDLE,
+        SecurityInformation: SECURITY_INFORMATION,
+        SecurityDescriptor: PSECURITY_DESCRIPTOR,
+        Length: ULONG,
+        LengthNeeded: PULONG,
+    ) -> NTSTATUS;
+    fn NtClose(
+        Handle: HANDLE,
+    ) -> NTSTATUS;
+    fn NtCompareObjects(
+        FirstObjectHandle: HANDLE,
+        SecondObjectHandle: HANDLE,
+    ) -> NTSTATUS;
+    fn NtCreateDirectoryObject(
+        DirectoryHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+    ) -> NTSTATUS;
+    fn NtCreateDirectoryObjectEx(
+        DirectoryHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        ShadowDirectoryHandle: HANDLE,
+        Flags: ULONG,
+    ) -> NTSTATUS;
+    fn NtOpenDirectoryObject(
+        DirectoryHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+    ) -> NTSTATUS;
+}}
+STRUCT!{struct OBJECT_DIRECTORY_INFORMATION {
+    Name: UNICODE_STRING,
+    TypeName: UNICODE_STRING,
+}}
+pub type POBJECT_DIRECTORY_INFORMATION = *mut OBJECT_DIRECTORY_INFORMATION;
+EXTERN!{extern "system" {
+    fn NtQueryDirectoryObject(
+        DirectoryHandle: HANDLE,
+        Buffer: PVOID,
+        Length: ULONG,
+        ReturnSingleEntry: BOOLEAN,
+        RestartScan: BOOLEAN,
+        Context: PULONG,
+        ReturnLength: PULONG,
+    ) -> NTSTATUS;
+    fn NtCreatePrivateNamespace(
+        NamespaceHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        BoundaryDescriptor: PVOID,
+    ) -> NTSTATUS;
+    fn NtOpenPrivateNamespace(
+        NamespaceHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        BoundaryDescriptor: PVOID,
+    ) -> NTSTATUS;
+    fn NtDeletePrivateNamespace(
+        NamespaceHandle: HANDLE,
+    ) -> NTSTATUS;
+    fn NtCreateSymbolicLinkObject(
+        LinkHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        LinkTarget: PUNICODE_STRING,
+    ) -> NTSTATUS;
+    fn NtOpenSymbolicLinkObject(
+        LinkHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+    ) -> NTSTATUS;
+    fn NtQuerySymbolicLinkObject(
+        LinkHandle: HANDLE,
+        LinkTarget: PUNICODE_STRING,
+        ReturnedLength: PULONG,
+    ) -> NTSTATUS;
+}}

vendor/ntapi/src/ntpebteb.rs

@@ -0,0 +1,431 @@
+use core::mem::size_of;
+use crate::ntapi_base::CLIENT_ID;
+use crate::ntpsapi::{GDI_HANDLE_BUFFER, PPEB_LDR_DATA};
+use crate::ntrtl::PRTL_USER_PROCESS_PARAMETERS;
+use winapi::shared::basetsd::{SIZE_T, ULONG_PTR};
+use winapi::shared::guiddef::GUID;
+use winapi::shared::ntdef::{
+    BOOLEAN, CHAR, HANDLE, LCID, LIST_ENTRY, LONG, NTSTATUS, PROCESSOR_NUMBER, PSTR, PVOID, UCHAR,
+    ULARGE_INTEGER, ULONG, ULONGLONG, UNICODE_STRING, USHORT, WCHAR,
+};
+use winapi::um::winnt::{
+    ACTIVATION_CONTEXT, FLS_MAXIMUM_AVAILABLE, NT_TIB, PRTL_CRITICAL_SECTION, PSLIST_HEADER,
+};
+STRUCT!{struct RTL_ACTIVATION_CONTEXT_STACK_FRAME {
+    Previous: PRTL_ACTIVATION_CONTEXT_STACK_FRAME,
+    ActivationContext: *mut ACTIVATION_CONTEXT,
+    Flags: ULONG,
+}}
+pub type PRTL_ACTIVATION_CONTEXT_STACK_FRAME = *mut RTL_ACTIVATION_CONTEXT_STACK_FRAME;
+STRUCT!{struct ACTIVATION_CONTEXT_STACK {
+    ActiveFrame: *mut RTL_ACTIVATION_CONTEXT_STACK_FRAME,
+    FrameListCache: LIST_ENTRY,
+    Flags: ULONG,
+    NextCookieSequenceNumber: ULONG,
+    StackId: ULONG,
+}}
+pub type PACTIVATION_CONTEXT_STACK = *mut ACTIVATION_CONTEXT_STACK;
+STRUCT!{struct API_SET_NAMESPACE {
+    Version: ULONG,
+    Size: ULONG,
+    Flags: ULONG,
+    Count: ULONG,
+    EntryOffset: ULONG,
+    HashOffset: ULONG,
+    HashFactor: ULONG,
+}}
+pub type PAPI_SET_NAMESPACE = *mut API_SET_NAMESPACE;
+STRUCT!{struct API_SET_HASH_ENTRY {
+    Hash: ULONG,
+    Index: ULONG,
+}}
+pub type PAPI_SET_HASH_ENTRY = *mut API_SET_HASH_ENTRY;
+STRUCT!{struct API_SET_NAMESPACE_ENTRY {
+    Flags: ULONG,
+    NameOffset: ULONG,
+    NameLength: ULONG,
+    HashedLength: ULONG,
+    ValueOffset: ULONG,
+    ValueCount: ULONG,
+}}
+pub type PAPI_SET_NAMESPACE_ENTRY = *mut API_SET_NAMESPACE_ENTRY;
+STRUCT!{struct API_SET_VALUE_ENTRY {
+    Flags: ULONG,
+    NameOffset: ULONG,
+    NameLength: ULONG,
+    ValueOffset: ULONG,
+    ValueLength: ULONG,
+}}
+pub type PAPI_SET_VALUE_ENTRY = *mut API_SET_VALUE_ENTRY;
+UNION!{union PEB_u {
+    KernelCallbackTable: PVOID,
+    UserSharedInfoPtr: PVOID,
+}}
+#[repr(C)]
+pub struct LEAP_SECOND_DATA([u8; 0]); //fixme
+STRUCT!{struct PEB {
+    InheritedAddressSpace: BOOLEAN,
+    ReadImageFileExecOptions: BOOLEAN,
+    BeingDebugged: BOOLEAN,
+    BitField: BOOLEAN,
+    Mutant: HANDLE,
+    ImageBaseAddress: PVOID,
+    Ldr: PPEB_LDR_DATA,
+    ProcessParameters: PRTL_USER_PROCESS_PARAMETERS,
+    SubSystemData: PVOID,
+    ProcessHeap: PVOID,
+    FastPebLock: PRTL_CRITICAL_SECTION,
+    IFEOKey: PVOID,
+    AtlThunkSListPtr: PSLIST_HEADER,
+    CrossProcessFlags: ULONG,
+    u: PEB_u,
+    SystemReserved: [ULONG; 1],
+    AtlThunkSListPtr32: ULONG,
+    ApiSetMap: PAPI_SET_NAMESPACE,
+    TlsExpansionCounter: ULONG,
+    TlsBitmap: PVOID,
+    TlsBitmapBits: [ULONG; 2],
+    ReadOnlySharedMemoryBase: PVOID,
+    SharedData: PVOID,
+    ReadOnlyStaticServerData: *mut PVOID,
+    AnsiCodePageData: PVOID,
+    OemCodePageData: PVOID,
+    UnicodeCaseTableData: PVOID,
+    NumberOfProcessors: ULONG,
+    NtGlobalFlag: ULONG,
+    CriticalSectionTimeout: ULARGE_INTEGER,
+    HeapSegmentReserve: SIZE_T,
+    HeapSegmentCommit: SIZE_T,
+    HeapDeCommitTotalFreeThreshold: SIZE_T,
+    HeapDeCommitFreeBlockThreshold: SIZE_T,
+    NumberOfHeaps: ULONG,
+    MaximumNumberOfHeaps: ULONG,
+    ProcessHeaps: *mut PVOID,
+    GdiSharedHandleTable: PVOID,
+    ProcessStarterHelper: PVOID,
+    GdiDCAttributeList: ULONG,
+    LoaderLock: PRTL_CRITICAL_SECTION,
+    OSMajorVersion: ULONG,
+    OSMinorVersion: ULONG,
+    OSBuildNumber: USHORT,
+    OSCSDVersion: USHORT,
+    OSPlatformId: ULONG,
+    ImageSubsystem: ULONG,
+    ImageSubsystemMajorVersion: ULONG,
+    ImageSubsystemMinorVersion: ULONG,
+    ActiveProcessAffinityMask: ULONG_PTR,
+    GdiHandleBuffer: GDI_HANDLE_BUFFER,
+    PostProcessInitRoutine: PVOID,
+    TlsExpansionBitmap: PVOID,
+    TlsExpansionBitmapBits: [ULONG; 32],
+    SessionId: ULONG,
+    AppCompatFlags: ULARGE_INTEGER,
+    AppCompatFlagsUser: ULARGE_INTEGER,
+    pShimData: PVOID,
+    AppCompatInfo: PVOID,
+    CSDVersion: UNICODE_STRING,
+    ActivationContextData: PVOID,
+    ProcessAssemblyStorageMap: PVOID,
+    SystemDefaultActivationContextData: PVOID,
+    SystemAssemblyStorageMap: PVOID,
+    MinimumStackCommit: SIZE_T,
+    FlsCallback: *mut PVOID,
+    FlsListHead: LIST_ENTRY,
+    FlsBitmap: PVOID,
+    FlsBitmapBits: [ULONG; FLS_MAXIMUM_AVAILABLE as usize / (size_of::<ULONG>() * 8)],
+    FlsHighIndex: ULONG,
+    WerRegistrationData: PVOID,
+    WerShipAssertPtr: PVOID,
+    pUnused: PVOID,
+    pImageHeaderHash: PVOID,
+    TracingFlags: ULONG,
+    CsrServerReadOnlySharedMemoryBase: ULONGLONG,
+    TppWorkerpListLock: PRTL_CRITICAL_SECTION,
+    TppWorkerpList: LIST_ENTRY,
+    WaitOnAddressHashTable: [PVOID; 128],
+    TelemetryCoverageHeader: PVOID,
+    CloudFileFlags: ULONG,
+    CloudFileDiagFlags: ULONG,
+    PlaceholderCompatibilityMode: CHAR,
+    PlaceholderCompatibilityModeReserved: [CHAR; 7],
+    LeapSecondData: *mut LEAP_SECOND_DATA,
+    LeapSecondFlags: ULONG,
+    NtGlobalFlag2: ULONG,
+}}
+BITFIELD!{PEB BitField: BOOLEAN [
+    ImageUsesLargePages set_ImageUsesLargePages[0..1],
+    IsProtectedProcess set_IsProtectedProcess[1..2],
+    IsImageDynamicallyRelocated set_IsImageDynamicallyRelocated[2..3],
+    SkipPatchingUser32Forwarders set_SkipPatchingUser32Forwarders[3..4],
+    IsPackagedProcess set_IsPackagedProcess[4..5],
+    IsAppContainer set_IsAppContainer[5..6],
+    IsProtectedProcessLight set_IsProtectedProcessLight[6..7],
+    IsLongPathAwareProcess set_IsLongPathAwareProcess[7..8],
+]}
+BITFIELD!{PEB CrossProcessFlags: ULONG [
+    ProcessInJob set_ProcessInJob[0..1],
+    ProcessInitializing set_ProcessInitializing[1..2],
+    ProcessUsingVEH set_ProcessUsingVEH[2..3],
+    ProcessUsingVCH set_ProcessUsingVCH[3..4],
+    ProcessUsingFTH set_ProcessUsingFTH[4..5],
+    ProcessPreviouslyThrottled set_ProcessPreviouslyThrottled[5..6],
+    ProcessCurrentlyThrottled set_ProcessCurrentlyThrottled[6..7],
+    ProcessImagesHotPatched set_ProcessImagesHotPatched[7..8],
+    ReservedBits0 set_ReservedBits0[8..32],
+]}
+BITFIELD!{PEB TracingFlags: ULONG [
+    HeapTracingEnabled set_HeapTracingEnabled[0..1],
+    CritSecTracingEnabled set_CritSecTracingEnabled[1..2],
+    LibLoaderTracingEnabled set_LibLoaderTracingEnabled[2..3],
+    SpareTracingBits set_SpareTracingBits[3..32],
+]}
+BITFIELD!{PEB LeapSecondFlags: ULONG [
+    SixtySecondEnabled set_SixtySecondEnabled[0..1],
+    Reserved set_Reserved[1..32],
+]}
+pub type PPEB = *mut PEB;
+pub const GDI_BATCH_BUFFER_SIZE: usize = 310;
+STRUCT!{struct GDI_TEB_BATCH {
+    Offset: ULONG,
+    HDC: ULONG_PTR,
+    Buffer: [ULONG; GDI_BATCH_BUFFER_SIZE],
+}}
+pub type PGDI_TEB_BATCH = *mut GDI_TEB_BATCH;
+STRUCT!{struct TEB_ACTIVE_FRAME_CONTEXT {
+    Flags: ULONG,
+    FrameName: PSTR,
+}}
+pub type PTEB_ACTIVE_FRAME_CONTEXT = *mut TEB_ACTIVE_FRAME_CONTEXT;
+STRUCT!{struct TEB_ACTIVE_FRAME {
+    Flags: ULONG,
+    Previous: *mut TEB_ACTIVE_FRAME,
+    Context: PTEB_ACTIVE_FRAME_CONTEXT,
+}}
+pub type PTEB_ACTIVE_FRAME = *mut TEB_ACTIVE_FRAME;
+STRUCT!{struct TEB_u_s {
+    ReservedPad0: UCHAR,
+    ReservedPad1: UCHAR,
+    ReservedPad2: UCHAR,
+    IdealProcessor: UCHAR,
+}}
+UNION!{union TEB_u {
+    CurrentIdealProcessor: PROCESSOR_NUMBER,
+    IdealProcessorValue: ULONG,
+    s: TEB_u_s,
+}}
+#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
+STRUCT!{struct TEB {
+    NtTib: NT_TIB,
+    EnvironmentPointer: PVOID,
+    ClientId: CLIENT_ID,
+    ActiveRpcHandle: PVOID,
+    ThreadLocalStoragePointer: PVOID,
+    ProcessEnvironmentBlock: PPEB,
+    LastErrorValue: ULONG,
+    CountOfOwnedCriticalSections: ULONG,
+    CsrClientThread: PVOID,
+    Win32ThreadInfo: PVOID,
+    User32Reserved: [ULONG; 26],
+    UserReserved: [ULONG; 5],
+    WOW32Reserved: PVOID,
+    CurrentLocale: LCID,
+    FpSoftwareStatusRegister: ULONG,
+    ReservedForDebuggerInstrumentation: [PVOID; 16],
+    SystemReserved1: [PVOID; 30],
+    PlaceholderCompatibilityMode: CHAR,
+    PlaceholderReserved: [CHAR; 11],
+    ProxiedProcessId: ULONG,
+    ActivationStack: ACTIVATION_CONTEXT_STACK,
+    WorkingOnBehalfTicket: [UCHAR; 8],
+    ExceptionCode: NTSTATUS,
+    ActivationContextStackPointer: PACTIVATION_CONTEXT_STACK,
+    InstrumentationCallbackSp: ULONG_PTR,
+    InstrumentationCallbackPreviousPc: ULONG_PTR,
+    InstrumentationCallbackPreviousSp: ULONG_PTR,
+    TxFsContext: ULONG,
+    InstrumentationCallbackDisabled: BOOLEAN,
+    GdiTebBatch: GDI_TEB_BATCH,
+    RealClientId: CLIENT_ID,
+    GdiCachedProcessHandle: HANDLE,
+    GdiClientPID: ULONG,
+    GdiClientTID: ULONG,
+    GdiThreadLocalInfo: PVOID,
+    Win32ClientInfo: [ULONG_PTR; 62],
+    glDispatchTable: [PVOID; 233],
+    glReserved1: [ULONG_PTR; 29],
+    glReserved2: PVOID,
+    glSectionInfo: PVOID,
+    glSection: PVOID,
+    glTable: PVOID,
+    glCurrentRC: PVOID,
+    glContext: PVOID,
+    LastStatusValue: NTSTATUS,
+    StaticUnicodeString: UNICODE_STRING,
+    StaticUnicodeBuffer: [WCHAR; 261],
+    DeallocationStack: PVOID,
+    TlsSlots: [PVOID; 64],
+    TlsLinks: LIST_ENTRY,
+    Vdm: PVOID,
+    ReservedForNtRpc: PVOID,
+    DbgSsReserved: [PVOID; 2],
+    HardErrorMode: ULONG,
+    Instrumentation: [PVOID; 11],
+    ActivityId: GUID,
+    SubProcessTag: PVOID,
+    PerflibData: PVOID,
+    EtwTraceData: PVOID,
+    WinSockData: PVOID,
+    GdiBatchCount: ULONG,
+    u: TEB_u,
+    GuaranteedStackBytes: ULONG,
+    ReservedForPerf: PVOID,
+    ReservedForOle: PVOID,
+    WaitingOnLoaderLock: ULONG,
+    SavedPriorityState: PVOID,
+    ReservedForCodeCoverage: ULONG_PTR,
+    ThreadPoolData: PVOID,
+    TlsExpansionSlots: *mut PVOID,
+    DeallocationBStore: PVOID,
+    BStoreLimit: PVOID,
+    MuiGeneration: ULONG,
+    IsImpersonating: ULONG,
+    NlsCache: PVOID,
+    pShimData: PVOID,
+    HeapVirtualAffinity: USHORT,
+    LowFragHeapDataSlot: USHORT,
+    CurrentTransactionHandle: HANDLE,
+    ActiveFrame: PTEB_ACTIVE_FRAME,
+    FlsData: PVOID,
+    PreferredLanguages: PVOID,
+    UserPrefLanguages: PVOID,
+    MergedPrefLanguages: PVOID,
+    MuiImpersonation: ULONG,
+    CrossTebFlags: USHORT,
+    SameTebFlags: USHORT,
+    TxnScopeEnterCallback: PVOID,
+    TxnScopeExitCallback: PVOID,
+    TxnScopeContext: PVOID,
+    LockCount: ULONG,
+    WowTebOffset: LONG,
+    ResourceRetValue: PVOID,
+    ReservedForWdf: PVOID,
+    ReservedForCrt: ULONGLONG,
+    EffectiveContainerId: GUID,
+}}
+#[cfg(target_arch = "x86")]
+STRUCT!{struct TEB {
+    NtTib: NT_TIB,
+    EnvironmentPointer: PVOID,
+    ClientId: CLIENT_ID,
+    ActiveRpcHandle: PVOID,
+    ThreadLocalStoragePointer: PVOID,
+    ProcessEnvironmentBlock: PPEB,
+    LastErrorValue: ULONG,
+    CountOfOwnedCriticalSections: ULONG,
+    CsrClientThread: PVOID,
+    Win32ThreadInfo: PVOID,
+    User32Reserved: [ULONG; 26],
+    UserReserved: [ULONG; 5],
+    WOW32Reserved: PVOID,
+    CurrentLocale: LCID,
+    FpSoftwareStatusRegister: ULONG,
+    ReservedForDebuggerInstrumentation: [PVOID; 16],
+    SystemReserved1: [PVOID; 26],
+    PlaceholderCompatibilityMode: CHAR,
+    PlaceholderReserved: [CHAR; 11],
+    ProxiedProcessId: ULONG,
+    ActivationStack: ACTIVATION_CONTEXT_STACK,
+    WorkingOnBehalfTicket: [UCHAR; 8],
+    ExceptionCode: NTSTATUS,
+    ActivationContextStackPointer: PACTIVATION_CONTEXT_STACK,
+    InstrumentationCallbackSp: ULONG_PTR,
+    InstrumentationCallbackPreviousPc: ULONG_PTR,
+    InstrumentationCallbackPreviousSp: ULONG_PTR,
+    InstrumentationCallbackDisabled: BOOLEAN,
+    SpareBytes: [UCHAR; 23],
+    TxFsContext: ULONG,
+    GdiTebBatch: GDI_TEB_BATCH,
+    RealClientId: CLIENT_ID,
+    GdiCachedProcessHandle: HANDLE,
+    GdiClientPID: ULONG,
+    GdiClientTID: ULONG,
+    GdiThreadLocalInfo: PVOID,
+    Win32ClientInfo: [ULONG_PTR; 62],
+    glDispatchTable: [PVOID; 233],
+    glReserved1: [ULONG_PTR; 29],
+    glReserved2: PVOID,
+    glSectionInfo: PVOID,
+    glSection: PVOID,
+    glTable: PVOID,
+    glCurrentRC: PVOID,
+    glContext: PVOID,
+    LastStatusValue: NTSTATUS,
+    StaticUnicodeString: UNICODE_STRING,
+    StaticUnicodeBuffer: [WCHAR; 261],
+    DeallocationStack: PVOID,
+    TlsSlots: [PVOID; 64],
+    TlsLinks: LIST_ENTRY,
+    Vdm: PVOID,
+    ReservedForNtRpc: PVOID,
+    DbgSsReserved: [PVOID; 2],
+    HardErrorMode: ULONG,
+    Instrumentation: [PVOID; 9],
+    ActivityId: GUID,
+    SubProcessTag: PVOID,
+    PerflibData: PVOID,
+    EtwTraceData: PVOID,
+    WinSockData: PVOID,
+    GdiBatchCount: ULONG,
+    u: TEB_u,
+    GuaranteedStackBytes: ULONG,
+    ReservedForPerf: PVOID,
+    ReservedForOle: PVOID,
+    WaitingOnLoaderLock: ULONG,
+    SavedPriorityState: PVOID,
+    ReservedForCodeCoverage: ULONG_PTR,
+    ThreadPoolData: PVOID,
+    TlsExpansionSlots: *mut PVOID,
+    MuiGeneration: ULONG,
+    IsImpersonating: ULONG,
+    NlsCache: PVOID,
+    pShimData: PVOID,
+    HeapVirtualAffinity: USHORT,
+    LowFragHeapDataSlot: USHORT,
+    CurrentTransactionHandle: HANDLE,
+    ActiveFrame: PTEB_ACTIVE_FRAME,
+    FlsData: PVOID,
+    PreferredLanguages: PVOID,
+    UserPrefLanguages: PVOID,
+    MergedPrefLanguages: PVOID,
+    MuiImpersonation: ULONG,
+    CrossTebFlags: USHORT,
+    SameTebFlags: USHORT,
+    TxnScopeEnterCallback: PVOID,
+    TxnScopeExitCallback: PVOID,
+    TxnScopeContext: PVOID,
+    LockCount: ULONG,
+    WowTebOffset: LONG,
+    ResourceRetValue: PVOID,
+    ReservedForWdf: PVOID,
+    ReservedForCrt: ULONGLONG,
+    EffectiveContainerId: GUID,
+}}
+BITFIELD!{TEB SameTebFlags: USHORT [
+    SafeThunkCall set_SafeThunkCall[0..1],
+    InDebugPrint set_InDebugPrint[1..2],
+    HasFiberData set_HasFiberData[2..3],
+    SkipThreadAttach set_SkipThreadAttach[3..4],
+    WerInShipAssertCode set_WerInShipAssertCode[4..5],
+    RanProcessInit set_RanProcessInit[5..6],
+    ClonedThread set_ClonedThread[6..7],
+    SuppressDebugMsg set_SuppressDebugMsg[7..8],
+    DisableUserStackWalk set_DisableUserStackWalk[8..9],
+    RtlExceptionAttached set_RtlExceptionAttached[9..10],
+    InitialThread set_InitialThread[10..11],
+    SessionAware set_SessionAware[11..12],
+    LoadOwner set_LoadOwner[12..13],
+    LoaderWorker set_LoaderWorker[13..14],
+    SkipLoaderInit set_SkipLoaderInit[14..15],
+    SpareSameTebBits set_SpareSameTebBits[15..16],
+]}
+pub type PTEB = *mut TEB;

vendor/ntapi/src/ntpfapi.rs

@@ -0,0 +1,219 @@
+use crate::ntexapi::SYSTEM_MEMORY_LIST_INFORMATION;
+use crate::ntmmapi::MMPFN_IDENTITY;
+use winapi::shared::basetsd::{SIZE_T, ULONG_PTR};
+use winapi::shared::ntdef::{CHAR, LONGLONG, PVOID, ULONG, ULONGLONG, WCHAR};
+ENUM!{enum PF_BOOT_PHASE_ID {
+    PfKernelInitPhase = 0,
+    PfBootDriverInitPhase = 90,
+    PfSystemDriverInitPhase = 120,
+    PfSessionManagerInitPhase = 150,
+    PfSMRegistryInitPhase = 180,
+    PfVideoInitPhase = 210,
+    PfPostVideoInitPhase = 240,
+    PfBootAcceptedRegistryInitPhase = 270,
+    PfUserShellReadyPhase = 300,
+    PfMaxBootPhaseId = 900,
+}}
+ENUM!{enum PF_ENABLE_STATUS {
+    PfSvNotSpecified = 0,
+    PfSvEnabled = 1,
+    PfSvDisabled = 2,
+    PfSvMaxEnableStatus = 3,
+}}
+STRUCT!{struct PF_TRACE_LIMITS {
+    MaxNumPages: ULONG,
+    MaxNumSections: ULONG,
+    TimerPeriod: LONGLONG,
+}}
+pub type PPF_TRACE_LIMITS = *mut PF_TRACE_LIMITS;
+STRUCT!{struct PF_SYSTEM_PREFETCH_PARAMETERS {
+    EnableStatus: [PF_ENABLE_STATUS; 2],
+    TraceLimits: [PF_TRACE_LIMITS; 2],
+    MaxNumActiveTraces: ULONG,
+    MaxNumSavedTraces: ULONG,
+    RootDirPath: [WCHAR; 32],
+    HostingApplicationList: [WCHAR; 128],
+}}
+pub type PPF_SYSTEM_PREFETCH_PARAMETERS = *mut PF_SYSTEM_PREFETCH_PARAMETERS;
+pub const PF_BOOT_CONTROL_VERSION: u32 = 1;
+STRUCT!{struct PF_BOOT_CONTROL {
+    Version: ULONG,
+    DisableBootPrefetching: ULONG,
+}}
+pub type PPF_BOOT_CONTROL = *mut PF_BOOT_CONTROL;
+ENUM!{enum PREFETCHER_INFORMATION_CLASS {
+    PrefetcherRetrieveTrace = 1,
+    PrefetcherSystemParameters = 2,
+    PrefetcherBootPhase = 3,
+    PrefetcherRetrieveBootLoaderTrace = 4,
+    PrefetcherBootControl = 5,
+}}
+pub const PREFETCHER_INFORMATION_VERSION: ULONG = 23;
+pub const PREFETCHER_INFORMATION_MAGIC: ULONG = 0x6b756843;
+STRUCT!{struct PREFETCHER_INFORMATION {
+    Version: ULONG,
+    Magic: ULONG,
+    PrefetcherInformationClass: PREFETCHER_INFORMATION_CLASS,
+    PrefetcherInformation: PVOID,
+    PrefetcherInformationLength: ULONG,
+}}
+pub type PPREFETCHER_INFORMATION = *mut PREFETCHER_INFORMATION;
+STRUCT!{struct PF_SYSTEM_SUPERFETCH_PARAMETERS {
+    EnabledComponents: ULONG,
+    BootID: ULONG,
+    SavedSectInfoTracesMax: ULONG,
+    SavedPageAccessTracesMax: ULONG,
+    ScenarioPrefetchTimeoutStandby: ULONG,
+    ScenarioPrefetchTimeoutHibernate: ULONG,
+}}
+pub type PPF_SYSTEM_SUPERFETCH_PARAMETERS = *mut PF_SYSTEM_SUPERFETCH_PARAMETERS;
+pub const PF_PFN_PRIO_REQUEST_VERSION: u32 = 1;
+pub const PF_PFN_PRIO_REQUEST_QUERY_MEMORY_LIST: u32 = 0x1;
+pub const PF_PFN_PRIO_REQUEST_VALID_FLAGS: u32 = 0x1;
+STRUCT!{struct PF_PFN_PRIO_REQUEST {
+    Version: ULONG,
+    RequestFlags: ULONG,
+    PfnCount: ULONG_PTR,
+    MemInfo: SYSTEM_MEMORY_LIST_INFORMATION,
+    PageData: [MMPFN_IDENTITY; 256],
+}}
+pub type PPF_PFN_PRIO_REQUEST = *mut PF_PFN_PRIO_REQUEST;
+ENUM!{enum PFS_PRIVATE_PAGE_SOURCE_TYPE {
+    PfsPrivateSourceKernel = 0,
+    PfsPrivateSourceSession = 1,
+    PfsPrivateSourceProcess = 2,
+    PfsPrivateSourceMax = 3,
+}}
+UNION!{union PFS_PRIVATE_PAGE_SOURCE_u {
+    SessionId: ULONG,
+    ProcessId: ULONG,
+}}
+STRUCT!{struct PFS_PRIVATE_PAGE_SOURCE {
+    Type: PFS_PRIVATE_PAGE_SOURCE_TYPE,
+    u: PFS_PRIVATE_PAGE_SOURCE_u,
+    ImagePathHash: ULONG,
+    UniqueProcessHash: ULONG_PTR,
+}}
+UNION!{union PF_PRIVSOURCE_INFO_u {
+    WsSwapPages: ULONG_PTR,
+    SessionPagedPoolPages: ULONG_PTR,
+    StoreSizePages: ULONG_PTR,
+}}
+pub type PPFS_PRIVATE_PAGE_SOURCE = *mut PFS_PRIVATE_PAGE_SOURCE;
+STRUCT!{struct PF_PRIVSOURCE_INFO {
+    DbInfo: PFS_PRIVATE_PAGE_SOURCE,
+    EProcess: PVOID,
+    WsPrivatePages: SIZE_T,
+    TotalPrivatePages: SIZE_T,
+    SessionID: ULONG,
+    ImageName: [CHAR; 16],
+    u: PF_PRIVSOURCE_INFO_u,
+    WsTotalPages: ULONG_PTR,
+    DeepFreezeTimeMs: ULONG,
+    BitFields: ULONG,
+}}
+BITFIELD!{PF_PRIVSOURCE_INFO BitFields: ULONG [
+    ModernApp set_ModernApp[0..1],
+    DeepFrozen set_DeepFrozen[1..2],
+    Foreground set_Foreground[2..3],
+    PerProcessStore set_PerProcessStore[3..4],
+    Spare set_Spare[4..32],
+]}
+pub type PPF_PRIVSOURCE_INFO = *mut PF_PRIVSOURCE_INFO;
+pub const PF_PRIVSOURCE_QUERY_REQUEST_VERSION: u32 = 3;
+STRUCT!{struct PF_PRIVSOURCE_QUERY_REQUEST {
+    Version: ULONG,
+    Flags: ULONG,
+    InfoCount: ULONG,
+    InfoArray: [PF_PRIVSOURCE_INFO; 1],
+}}
+pub type PPF_PRIVSOURCE_QUERY_REQUEST = *mut PF_PRIVSOURCE_QUERY_REQUEST;
+ENUM!{enum PF_PHASED_SCENARIO_TYPE {
+    PfScenarioTypeNone = 0,
+    PfScenarioTypeStandby = 1,
+    PfScenarioTypeHibernate = 2,
+    PfScenarioTypeFUS = 3,
+    PfScenarioTypeMax = 4,
+}}
+pub const PF_SCENARIO_PHASE_INFO_VERSION: u32 = 4;
+STRUCT!{struct PF_SCENARIO_PHASE_INFO {
+    Version: ULONG,
+    ScenType: PF_PHASED_SCENARIO_TYPE,
+    PhaseId: ULONG,
+    SequenceNumber: ULONG,
+    Flags: ULONG,
+    FUSUserId: ULONG,
+}}
+pub type PPF_SCENARIO_PHASE_INFO = *mut PF_SCENARIO_PHASE_INFO;
+STRUCT!{struct PF_MEMORY_LIST_NODE {
+    Bitfields: ULONGLONG,
+    StandbyLowPageCount: ULONGLONG,
+    StandbyMediumPageCount: ULONGLONG,
+    StandbyHighPageCount: ULONGLONG,
+    FreePageCount: ULONGLONG,
+    ModifiedPageCount: ULONGLONG,
+}}
+BITFIELD!{PF_MEMORY_LIST_NODE Bitfields: ULONGLONG [
+    Node set_Node[0..8],
+    Spare set_Spare[8..64],
+]}
+pub type PPF_MEMORY_LIST_NODE = *mut PF_MEMORY_LIST_NODE;
+pub const PF_MEMORY_LIST_INFO_VERSION: u32 = 1;
+STRUCT!{struct PF_MEMORY_LIST_INFO {
+    Version: ULONG,
+    Size: ULONG,
+    NodeCount: ULONG,
+    Nodes: [PF_MEMORY_LIST_NODE; 1],
+}}
+pub type PPF_MEMORY_LIST_INFO = *mut PF_MEMORY_LIST_INFO;
+STRUCT!{struct PF_PHYSICAL_MEMORY_RANGE {
+    BasePfn: ULONG_PTR,
+    PageCount: ULONG_PTR,
+}}
+pub type PPF_PHYSICAL_MEMORY_RANGE = *mut PF_PHYSICAL_MEMORY_RANGE;
+pub const PF_PHYSICAL_MEMORY_RANGE_INFO_VERSION: u32 = 1;
+STRUCT!{struct PF_PHYSICAL_MEMORY_RANGE_INFO {
+    Version: ULONG,
+    RangeCount: ULONG,
+    Ranges: [PF_PHYSICAL_MEMORY_RANGE; 1],
+}}
+pub type PPF_PHYSICAL_MEMORY_RANGE_INFO = *mut PF_PHYSICAL_MEMORY_RANGE_INFO;
+pub const PF_REPURPOSED_BY_PREFETCH_INFO_VERSION: u32 = 1;
+STRUCT!{struct PF_REPURPOSED_BY_PREFETCH_INFO {
+    Version: ULONG,
+    RepurposedByPrefetch: ULONG,
+}}
+pub type PPF_REPURPOSED_BY_PREFETCH_INFO = *mut PF_REPURPOSED_BY_PREFETCH_INFO;
+ENUM!{enum SUPERFETCH_INFORMATION_CLASS {
+    SuperfetchRetrieveTrace = 1,
+    SuperfetchSystemParameters = 2,
+    SuperfetchLogEvent = 3,
+    SuperfetchGenerateTrace = 4,
+    SuperfetchPrefetch = 5,
+    SuperfetchPfnQuery = 6,
+    SuperfetchPfnSetPriority = 7,
+    SuperfetchPrivSourceQuery = 8,
+    SuperfetchSequenceNumberQuery = 9,
+    SuperfetchScenarioPhase = 10,
+    SuperfetchWorkerPriority = 11,
+    SuperfetchScenarioQuery = 12,
+    SuperfetchScenarioPrefetch = 13,
+    SuperfetchRobustnessControl = 14,
+    SuperfetchTimeControl = 15,
+    SuperfetchMemoryListQuery = 16,
+    SuperfetchMemoryRangesQuery = 17,
+    SuperfetchTracingControl = 18,
+    SuperfetchTrimWhileAgingControl = 19,
+    SuperfetchRepurposedByPrefetch = 20,
+    SuperfetchInformationMax = 21,
+}}
+pub const SUPERFETCH_INFORMATION_VERSION: ULONG = 45;
+pub const SUPERFETCH_INFORMATION_MAGIC: ULONG = 0x6b756843;
+STRUCT!{struct SUPERFETCH_INFORMATION {
+    Version: ULONG,
+    Magic: ULONG,
+    InfoClass: SUPERFETCH_INFORMATION_CLASS,
+    Data: PVOID,
+    Length: ULONG,
+}}
+pub type PSUPERFETCH_INFORMATION = *mut SUPERFETCH_INFORMATION;

vendor/ntapi/src/ntpnpapi.rs

@@ -0,0 +1,118 @@
+use winapi::shared::cfg::PNP_VETO_TYPE;
+use winapi::shared::guiddef::GUID;
+use winapi::shared::ntdef::{HANDLE, NTSTATUS, PULONG, PUNICODE_STRING, PVOID, ULONG, WCHAR};
+ENUM!{enum PLUGPLAY_EVENT_CATEGORY {
+    HardwareProfileChangeEvent = 0,
+    TargetDeviceChangeEvent = 1,
+    DeviceClassChangeEvent = 2,
+    CustomDeviceEvent = 3,
+    DeviceInstallEvent = 4,
+    DeviceArrivalEvent = 5,
+    PowerEvent = 6,
+    VetoEvent = 7,
+    BlockedDriverEvent = 8,
+    InvalidIDEvent = 9,
+    MaxPlugEventCategory = 10,
+}}
+pub type PPLUGPLAY_EVENT_CATEGORY = *mut PLUGPLAY_EVENT_CATEGORY;
+STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_DeviceClass {
+    ClassGuid: GUID,
+    SymbolicLinkName: [WCHAR; 1],
+}}
+STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_TargetDevice {
+    DeviceIds: [WCHAR; 1],
+}}
+STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_InstallDevice {
+    DeviceId: [WCHAR; 1],
+}}
+STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_CustomNotification {
+    NotificationStructure: PVOID,
+    DeviceIds: [WCHAR; 1],
+}}
+STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_ProfileNotification {
+    Notification: PVOID,
+}}
+STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_PowerNotification {
+    NotificationCode: ULONG,
+    NotificationData: ULONG,
+}}
+STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_VetoNotification {
+    VetoType: PNP_VETO_TYPE,
+    DeviceIdVetoNameBuffer: [WCHAR; 1],
+}}
+STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_BlockedDriverNotification {
+    BlockedDriverGuid: GUID,
+}}
+STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_InvalidIDNotification {
+    ParentId: [WCHAR; 1],
+}}
+UNION!{union PLUGPLAY_EVENT_BLOCK_u {
+    DeviceClass: PLUGPLAY_EVENT_BLOCK_u_DeviceClass,
+    TargetDevice: PLUGPLAY_EVENT_BLOCK_u_TargetDevice,
+    InstallDevice: PLUGPLAY_EVENT_BLOCK_u_InstallDevice,
+    CustomNotification: PLUGPLAY_EVENT_BLOCK_u_CustomNotification,
+    ProfileNotification: PLUGPLAY_EVENT_BLOCK_u_ProfileNotification,
+    PowerNotification: PLUGPLAY_EVENT_BLOCK_u_PowerNotification,
+    VetoNotification: PLUGPLAY_EVENT_BLOCK_u_VetoNotification,
+    BlockedDriverNotification: PLUGPLAY_EVENT_BLOCK_u_BlockedDriverNotification,
+    InvalidIDNotification: PLUGPLAY_EVENT_BLOCK_u_InvalidIDNotification,
+}}
+STRUCT!{struct PLUGPLAY_EVENT_BLOCK {
+    EventGuid: GUID,
+    EventCategory: PLUGPLAY_EVENT_CATEGORY,
+    Result: PULONG,
+    Flags: ULONG,
+    TotalSize: ULONG,
+    DeviceObject: PVOID,
+    u: PLUGPLAY_EVENT_BLOCK_u,
+}}
+pub type PPLUGPLAY_EVENT_BLOCK = *mut PLUGPLAY_EVENT_BLOCK;
+ENUM!{enum PLUGPLAY_CONTROL_CLASS {
+    PlugPlayControlEnumerateDevice = 0,
+    PlugPlayControlRegisterNewDevice = 1,
+    PlugPlayControlDeregisterDevice = 2,
+    PlugPlayControlInitializeDevice = 3,
+    PlugPlayControlStartDevice = 4,
+    PlugPlayControlUnlockDevice = 5,
+    PlugPlayControlQueryAndRemoveDevice = 6,
+    PlugPlayControlUserResponse = 7,
+    PlugPlayControlGenerateLegacyDevice = 8,
+    PlugPlayControlGetInterfaceDeviceList = 9,
+    PlugPlayControlProperty = 10,
+    PlugPlayControlDeviceClassAssociation = 11,
+    PlugPlayControlGetRelatedDevice = 12,
+    PlugPlayControlGetInterfaceDeviceAlias = 13,
+    PlugPlayControlDeviceStatus = 14,
+    PlugPlayControlGetDeviceDepth = 15,
+    PlugPlayControlQueryDeviceRelations = 16,
+    PlugPlayControlTargetDeviceRelation = 17,
+    PlugPlayControlQueryConflictList = 18,
+    PlugPlayControlRetrieveDock = 19,
+    PlugPlayControlResetDevice = 20,
+    PlugPlayControlHaltDevice = 21,
+    PlugPlayControlGetBlockedDriverList = 22,
+    PlugPlayControlGetDeviceInterfaceEnabled = 23,
+    MaxPlugPlayControl = 24,
+}}
+pub type PPLUGPLAY_CONTROL_CLASS = *mut PLUGPLAY_CONTROL_CLASS;
+EXTERN!{extern "system" {
+    fn NtGetPlugPlayEvent(
+        EventHandle: HANDLE,
+        Context: PVOID,
+        EventBlock: PPLUGPLAY_EVENT_BLOCK,
+        EventBufferSize: ULONG,
+    ) -> NTSTATUS;
+    fn NtPlugPlayControl(
+        PnPControlClass: PLUGPLAY_CONTROL_CLASS,
+        PnPControlData: PVOID,
+        PnPControlDataLength: ULONG,
+    ) -> NTSTATUS;
+    fn NtSerializeBoot() -> NTSTATUS;
+    fn NtEnableLastKnownGood() -> NTSTATUS;
+    fn NtDisableLastKnownGood() -> NTSTATUS;
+    fn NtReplacePartitionUnit(
+        TargetInstancePath: PUNICODE_STRING,
+        SpareInstancePath: PUNICODE_STRING,
+        Flags: ULONG,
+    ) -> NTSTATUS;
+}}

vendor/ntapi/src/ntpoapi.rs

@@ -0,0 +1,134 @@
+use winapi::shared::ntdef::{
+    BOOLEAN, HANDLE, LONG, NTSTATUS, PLONG, PUNICODE_STRING, PVOID, UCHAR, ULONG, UNICODE_STRING,
+    USHORT,
+};
+use winapi::um::winnt::{
+    DEVICE_POWER_STATE, EXECUTION_STATE, LATENCY_TIME, PDEVICE_POWER_STATE, PEXECUTION_STATE,
+    POWER_ACTION, POWER_INFORMATION_LEVEL, SYSTEM_POWER_STATE,
+};
+UNION!{union POWER_STATE {
+    SystemState: SYSTEM_POWER_STATE,
+    DeviceState: DEVICE_POWER_STATE,
+}}
+pub type PPOWER_STATE = *mut POWER_STATE;
+ENUM!{enum POWER_STATE_TYPE {
+    SystemPowerState = 0,
+    DevicePowerState = 1,
+}}
+pub type PPOWER_STATE_TYPE = *mut POWER_STATE_TYPE;
+STRUCT!{struct SYSTEM_POWER_STATE_CONTEXT {
+    ContextAsUlong: ULONG,
+}}
+BITFIELD!{SYSTEM_POWER_STATE_CONTEXT ContextAsUlong: ULONG [
+    Reserved1 set_Reserved1[0..8],
+    TargetSystemState set_TargetSystemState[8..12],
+    EffectiveSystemState set_EffectiveSystemState[12..16],
+    CurrentSystemState set_CurrentSystemState[16..20],
+    IgnoreHibernationPath set_IgnoreHibernationPath[20..21],
+    PseudoTransition set_PseudoTransition[21..22],
+    Reserved2 set_Reserved2[22..32],
+]}
+pub type PSYSTEM_POWER_STATE_CONTEXT = *mut SYSTEM_POWER_STATE_CONTEXT;
+STRUCT!{struct COUNTED_REASON_CONTEXT_u_s {
+    ResourceFileName: UNICODE_STRING,
+    ResourceReasonId: USHORT,
+    StringCount: ULONG,
+    ReasonStrings: PUNICODE_STRING,
+}}
+UNION!{union COUNTED_REASON_CONTEXT_u {
+    s: COUNTED_REASON_CONTEXT_u_s,
+    SimpleString: UNICODE_STRING,
+}}
+STRUCT!{struct COUNTED_REASON_CONTEXT {
+    Version: ULONG,
+    Flags: ULONG,
+    u: COUNTED_REASON_CONTEXT_u,
+}}
+pub type PCOUNTED_REASON_CONTEXT = *mut COUNTED_REASON_CONTEXT;
+ENUM!{enum POWER_STATE_HANDLER_TYPE {
+    PowerStateSleeping1 = 0,
+    PowerStateSleeping2 = 1,
+    PowerStateSleeping3 = 2,
+    PowerStateSleeping4 = 3,
+    PowerStateShutdownOff = 4,
+    PowerStateShutdownReset = 5,
+    PowerStateSleeping4Firmware = 6,
+    PowerStateMaximum = 7,
+}}
+pub type PPOWER_STATE_HANDLER_TYPE = *mut POWER_STATE_HANDLER_TYPE;
+FN!{stdcall PENTER_STATE_SYSTEM_HANDLER(
+    SystemContext: PVOID,
+) -> NTSTATUS}
+FN!{stdcall PENTER_STATE_HANDLER(
+    Context: PVOID,
+    SystemHandler: PENTER_STATE_SYSTEM_HANDLER,
+    SystemContext: PVOID,
+    NumberProcessors: LONG,
+    Number: PLONG,
+) -> NTSTATUS}
+STRUCT!{struct POWER_STATE_HANDLER {
+    Type: POWER_STATE_HANDLER_TYPE,
+    RtcWake: BOOLEAN,
+    Spare: [UCHAR; 3],
+    Handler: PENTER_STATE_HANDLER,
+    Context: PVOID,
+}}
+pub type PPOWER_STATE_HANDLER = *mut POWER_STATE_HANDLER;
+FN!{stdcall PENTER_STATE_NOTIFY_HANDLER(
+    State: POWER_STATE_HANDLER_TYPE,
+    Context: PVOID,
+    Entering: BOOLEAN,
+) -> NTSTATUS}
+STRUCT!{struct POWER_STATE_NOTIFY_HANDLER {
+    Handler: PENTER_STATE_NOTIFY_HANDLER,
+    Context: PVOID,
+}}
+pub type PPOWER_STATE_NOTIFY_HANDLER = *mut POWER_STATE_NOTIFY_HANDLER;
+STRUCT!{struct PROCESSOR_POWER_INFORMATION {
+    Number: ULONG,
+    MaxMhz: ULONG,
+    CurrentMhz: ULONG,
+    MhzLimit: ULONG,
+    MaxIdleState: ULONG,
+    CurrentIdleState: ULONG,
+}}
+pub type PPROCESSOR_POWER_INFORMATION = *mut PROCESSOR_POWER_INFORMATION;
+STRUCT!{struct SYSTEM_POWER_INFORMATION {
+    MaxIdlenessAllowed: ULONG,
+    Idleness: ULONG,
+    TimeRemaining: ULONG,
+    CoolingMode: UCHAR,
+}}
+pub type PSYSTEM_POWER_INFORMATION = *mut SYSTEM_POWER_INFORMATION;
+EXTERN!{extern "system" {
+    fn NtPowerInformation(
+        InformationLevel: POWER_INFORMATION_LEVEL,
+        InputBuffer: PVOID,
+        InputBufferLength: ULONG,
+        OutputBuffer: PVOID,
+        OutputBufferLength: ULONG,
+    ) -> NTSTATUS;
+    fn NtSetThreadExecutionState(
+        NewFlags: EXECUTION_STATE,
+        PreviousFlags: PEXECUTION_STATE,
+    ) -> NTSTATUS;
+    fn NtRequestWakeupLatency(
+        latency: LATENCY_TIME,
+    ) -> NTSTATUS;
+    fn NtInitiatePowerAction(
+        SystemAction: POWER_ACTION,
+        LightestSystemState: SYSTEM_POWER_STATE,
+        Flags: ULONG,
+        Asynchronous: BOOLEAN,
+    ) -> NTSTATUS;
+    fn NtSetSystemPowerState(
+        SystemAction: POWER_ACTION,
+        LightestSystemState: SYSTEM_POWER_STATE,
+        Flags: ULONG,
+    ) -> NTSTATUS;
+    fn NtGetDevicePowerState(
+        Device: HANDLE,
+        State: PDEVICE_POWER_STATE,
+    ) -> NTSTATUS;
+    fn NtIsSystemResumeAutomatic() -> BOOLEAN;
+}}

vendor/ntapi/src/ntregapi.rs

@@ -0,0 +1,450 @@
+use crate::ntioapi::{PIO_APC_ROUTINE, PIO_STATUS_BLOCK};
+use winapi::shared::ntdef::{
+    BOOLEAN, HANDLE, LARGE_INTEGER, NTSTATUS, OBJECT_ATTRIBUTES, PHANDLE, POBJECT_ATTRIBUTES,
+    PULONG, PUNICODE_STRING, PVOID, UCHAR, ULONG, UNICODE_STRING, USHORT, WCHAR,
+};
+use winapi::um::winnt::ACCESS_MASK;
+pub const REG_INIT_BOOT_SM: USHORT = 0x0000;
+pub const REG_INIT_BOOT_SETUP: USHORT = 0x0001;
+pub const REG_INIT_BOOT_ACCEPTED_BASE: USHORT = 0x0002;
+pub const REG_INIT_BOOT_ACCEPTED_MAX: USHORT = REG_INIT_BOOT_ACCEPTED_BASE;
+pub const REG_MAX_KEY_VALUE_NAME_LENGTH: u32 = 32767;
+pub const REG_MAX_KEY_NAME_LENGTH: u32 = 512;
+ENUM!{enum KEY_INFORMATION_CLASS {
+    KeyBasicInformation = 0,
+    KeyNodeInformation = 1,
+    KeyFullInformation = 2,
+    KeyNameInformation = 3,
+    KeyCachedInformation = 4,
+    KeyFlagsInformation = 5,
+    KeyVirtualizationInformation = 6,
+    KeyHandleTagsInformation = 7,
+    KeyTrustInformation = 8,
+    KeyLayerInformation = 9,
+    MaxKeyInfoClass = 10,
+}}
+STRUCT!{struct KEY_BASIC_INFORMATION {
+    LastWriteTime: LARGE_INTEGER,
+    TitleIndex: ULONG,
+    NameLength: ULONG,
+    Name: [WCHAR; 1],
+}}
+pub type PKEY_BASIC_INFORMATION = *mut KEY_BASIC_INFORMATION;
+STRUCT!{struct KEY_NODE_INFORMATION {
+    LastWriteTime: LARGE_INTEGER,
+    TitleIndex: ULONG,
+    ClassOffset: ULONG,
+    ClassLength: ULONG,
+    NameLength: ULONG,
+    Name: [WCHAR; 1],
+}}
+pub type PKEY_NODE_INFORMATION = *mut KEY_NODE_INFORMATION;
+STRUCT!{struct KEY_FULL_INFORMATION {
+    LastWriteTime: LARGE_INTEGER,
+    TitleIndex: ULONG,
+    ClassOffset: ULONG,
+    ClassLength: ULONG,
+    SubKeys: ULONG,
+    MaxNameLen: ULONG,
+    MaxClassLen: ULONG,
+    Values: ULONG,
+    MaxValueNameLen: ULONG,
+    MaxValueDataLen: ULONG,
+    Class: [WCHAR; 1],
+}}
+pub type PKEY_FULL_INFORMATION = *mut KEY_FULL_INFORMATION;
+STRUCT!{struct KEY_NAME_INFORMATION {
+    NameLength: ULONG,
+    Name: [WCHAR; 1],
+}}
+pub type PKEY_NAME_INFORMATION = *mut KEY_NAME_INFORMATION;
+STRUCT!{struct KEY_CACHED_INFORMATION {
+    LastWriteTime: LARGE_INTEGER,
+    TitleIndex: ULONG,
+    SubKeys: ULONG,
+    MaxNameLen: ULONG,
+    Values: ULONG,
+    MaxValueNameLen: ULONG,
+    MaxValueDataLen: ULONG,
+    NameLength: ULONG,
+    Name: [WCHAR; 1],
+}}
+pub type PKEY_CACHED_INFORMATION = *mut KEY_CACHED_INFORMATION;
+STRUCT!{struct KEY_FLAGS_INFORMATION {
+    UserFlags: ULONG,
+}}
+pub type PKEY_FLAGS_INFORMATION = *mut KEY_FLAGS_INFORMATION;
+STRUCT!{struct KEY_VIRTUALIZATION_INFORMATION {
+    Bitfields: ULONG,
+}}
+BITFIELD!{KEY_VIRTUALIZATION_INFORMATION Bitfields: ULONG [
+    VirtualizationCandidate set_VirtualizationCandidate[0..1],
+    VirtualizationEnabled set_VirtualizationEnabled[1..2],
+    VirtualTarget set_VirtualTarget[2..3],
+    VirtualStore set_VirtualStore[3..4],
+    VirtualSource set_VirtualSource[4..5],
+    Reserved set_Reserved[5..32],
+]}
+pub type PKEY_VIRTUALIZATION_INFORMATION = *mut KEY_VIRTUALIZATION_INFORMATION;
+STRUCT!{struct KEY_TRUST_INFORMATION {
+    Bitfields: ULONG,
+}}
+BITFIELD!{KEY_TRUST_INFORMATION Bitfields: ULONG [
+    TrustedKey set_TrustedKey[0..1],
+    Reserved set_Reserved[1..32],
+]}
+pub type PKEY_TRUST_INFORMATION = *mut KEY_TRUST_INFORMATION;
+STRUCT!{struct KEY_LAYER_INFORMATION {
+    IsTombstone: ULONG,
+    IsSupersedeLocal: ULONG,
+    IsSupersedeTree: ULONG,
+    ClassIsInherited: ULONG,
+    Reserved: ULONG,
+}}
+pub type PKEY_LAYER_INFORMATION = *mut KEY_LAYER_INFORMATION;
+ENUM!{enum KEY_SET_INFORMATION_CLASS {
+    KeyWriteTimeInformation = 0,
+    KeyWow64FlagsInformation = 1,
+    KeyControlFlagsInformation = 2,
+    KeySetVirtualizationInformation = 3,
+    KeySetDebugInformation = 4,
+    KeySetHandleTagsInformation = 5,
+    KeySetLayerInformation = 6,
+    MaxKeySetInfoClass = 7,
+}}
+STRUCT!{struct KEY_WRITE_TIME_INFORMATION {
+    LastWriteTime: LARGE_INTEGER,
+}}
+pub type PKEY_WRITE_TIME_INFORMATION = *mut KEY_WRITE_TIME_INFORMATION;
+STRUCT!{struct KEY_WOW64_FLAGS_INFORMATION {
+    UserFlags: ULONG,
+}}
+pub type PKEY_WOW64_FLAGS_INFORMATION = *mut KEY_WOW64_FLAGS_INFORMATION;
+STRUCT!{struct KEY_HANDLE_TAGS_INFORMATION {
+    HandleTags: ULONG,
+}}
+pub type PKEY_HANDLE_TAGS_INFORMATION = *mut KEY_HANDLE_TAGS_INFORMATION;
+STRUCT!{struct KEY_SET_LAYER_INFORMATION {
+    Bitfields: ULONG,
+}}
+BITFIELD!{KEY_SET_LAYER_INFORMATION Bitfields: ULONG [
+    IsTombstone set_IsTombstone[0..1],
+    IsSupersedeLocal set_IsSupersedeLocal[1..2],
+    IsSupersedeTree set_IsSupersedeTree[2..3],
+    ClassIsInherited set_ClassIsInherited[3..4],
+    Reserved set_Reserved[4..32],
+]}
+pub type PKEY_SET_LAYER_INFORMATION = *mut KEY_SET_LAYER_INFORMATION;
+STRUCT!{struct KEY_CONTROL_FLAGS_INFORMATION {
+    ControlFlags: ULONG,
+}}
+pub type PKEY_CONTROL_FLAGS_INFORMATION = *mut KEY_CONTROL_FLAGS_INFORMATION;
+STRUCT!{struct KEY_SET_VIRTUALIZATION_INFORMATION {
+    HandleTags: ULONG,
+}}
+BITFIELD!{KEY_SET_VIRTUALIZATION_INFORMATION HandleTags: ULONG [
+    VirtualTarget set_VirtualTarget[0..1],
+    VirtualStore set_VirtualStore[1..2],
+    VirtualSource set_VirtualSource[2..3],
+    Reserved set_Reserved[3..32],
+]}
+pub type PKEY_SET_VIRTUALIZATION_INFORMATION = *mut KEY_SET_VIRTUALIZATION_INFORMATION;
+ENUM!{enum KEY_VALUE_INFORMATION_CLASS {
+    KeyValueBasicInformation = 0,
+    KeyValueFullInformation = 1,
+    KeyValuePartialInformation = 2,
+    KeyValueFullInformationAlign64 = 3,
+    KeyValuePartialInformationAlign64 = 4,
+    KeyValueLayerInformation = 5,
+    MaxKeyValueInfoClass = 6,
+}}
+STRUCT!{struct KEY_VALUE_BASIC_INFORMATION {
+    TitleIndex: ULONG,
+    Type: ULONG,
+    NameLength: ULONG,
+    Name: [WCHAR; 1],
+}}
+pub type PKEY_VALUE_BASIC_INFORMATION = *mut KEY_VALUE_BASIC_INFORMATION;
+STRUCT!{struct KEY_VALUE_FULL_INFORMATION {
+    TitleIndex: ULONG,
+    Type: ULONG,
+    DataOffset: ULONG,
+    DataLength: ULONG,
+    NameLength: ULONG,
+    Name: [WCHAR; 1],
+}}
+pub type PKEY_VALUE_FULL_INFORMATION = *mut KEY_VALUE_FULL_INFORMATION;
+STRUCT!{struct KEY_VALUE_PARTIAL_INFORMATION {
+    TitleIndex: ULONG,
+    Type: ULONG,
+    DataLength: ULONG,
+    Data: [UCHAR; 1],
+}}
+pub type PKEY_VALUE_PARTIAL_INFORMATION = *mut KEY_VALUE_PARTIAL_INFORMATION;
+STRUCT!{struct KEY_VALUE_PARTIAL_INFORMATION_ALIGN64 {
+    Type: ULONG,
+    DataLength: ULONG,
+    Data: [UCHAR; 1],
+}}
+pub type PKEY_VALUE_PARTIAL_INFORMATION_ALIGN64 = *mut KEY_VALUE_PARTIAL_INFORMATION_ALIGN64;
+STRUCT!{struct KEY_VALUE_LAYER_INFORMATION {
+    IsTombstone: ULONG,
+    Reserved: ULONG,
+}}
+pub type PKEY_VALUE_LAYER_INFORMATION = *mut KEY_VALUE_LAYER_INFORMATION;
+STRUCT!{struct KEY_VALUE_ENTRY {
+    ValueName: PUNICODE_STRING,
+    DataLength: ULONG,
+    DataOffset: ULONG,
+    Type: ULONG,
+}}
+pub type PKEY_VALUE_ENTRY = *mut KEY_VALUE_ENTRY;
+ENUM!{enum REG_ACTION {
+    KeyAdded = 0,
+    KeyRemoved = 1,
+    KeyModified = 2,
+}}
+STRUCT!{struct REG_NOTIFY_INFORMATION {
+    NextEntryOffset: ULONG,
+    Action: REG_ACTION,
+    KeyLength: ULONG,
+    Key: [WCHAR; 1],
+}}
+pub type PREG_NOTIFY_INFORMATION = *mut REG_NOTIFY_INFORMATION;
+STRUCT!{struct KEY_PID_ARRAY {
+    PID: HANDLE,
+    KeyName: UNICODE_STRING,
+}}
+pub type PKEY_PID_ARRAY = *mut KEY_PID_ARRAY;
+STRUCT!{struct KEY_OPEN_SUBKEYS_INFORMATION {
+    Count: ULONG,
+    KeyArray: [KEY_PID_ARRAY; 1],
+}}
+pub type PKEY_OPEN_SUBKEYS_INFORMATION = *mut KEY_OPEN_SUBKEYS_INFORMATION;
+EXTERN!{extern "system" {
+    fn NtCreateKey(
+        KeyHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        TitleIndex: ULONG,
+        Class: PUNICODE_STRING,
+        CreateOptions: ULONG,
+        Disposition: PULONG,
+    ) -> NTSTATUS;
+    fn NtCreateKeyTransacted(
+        KeyHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        TitleIndex: ULONG,
+        Class: PUNICODE_STRING,
+        CreateOptions: ULONG,
+        TransactionHandle: HANDLE,
+        Disposition: PULONG,
+    ) -> NTSTATUS;
+    fn NtOpenKey(
+        KeyHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+    ) -> NTSTATUS;
+    fn NtOpenKeyTransacted(
+        KeyHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        TransactionHandle: HANDLE,
+    ) -> NTSTATUS;
+    fn NtOpenKeyEx(
+        KeyHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        OpenOptions: ULONG,
+    ) -> NTSTATUS;
+    fn NtOpenKeyTransactedEx(
+        KeyHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        OpenOptions: ULONG,
+        TransactionHandle: HANDLE,
+    ) -> NTSTATUS;
+    fn NtDeleteKey(
+        KeyHandle: HANDLE,
+    ) -> NTSTATUS;
+    fn NtRenameKey(
+        KeyHandle: HANDLE,
+        NewName: PUNICODE_STRING,
+    ) -> NTSTATUS;
+    fn NtDeleteValueKey(
+        KeyHandle: HANDLE,
+        ValueName: PUNICODE_STRING,
+    ) -> NTSTATUS;
+    fn NtQueryKey(
+        KeyHandle: HANDLE,
+        KeyInformationClass: KEY_INFORMATION_CLASS,
+        KeyInformation: PVOID,
+        Length: ULONG,
+        ResultLength: PULONG,
+    ) -> NTSTATUS;
+    fn NtSetInformationKey(
+        KeyHandle: HANDLE,
+        KeySetInformationClass: KEY_SET_INFORMATION_CLASS,
+        KeySetInformation: PVOID,
+        KeySetInformationLength: ULONG,
+    ) -> NTSTATUS;
+    fn NtQueryValueKey(
+        KeyHandle: HANDLE,
+        ValueName: PUNICODE_STRING,
+        KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS,
+        KeyValueInformation: PVOID,
+        Length: ULONG,
+        ResultLength: PULONG,
+    ) -> NTSTATUS;
+    fn NtSetValueKey(
+        KeyHandle: HANDLE,
+        ValueName: PUNICODE_STRING,
+        TitleIndex: ULONG,
+        Type: ULONG,
+        Data: PVOID,
+        DataSize: ULONG,
+    ) -> NTSTATUS;
+    fn NtQueryMultipleValueKey(
+        KeyHandle: HANDLE,
+        ValueEntries: PKEY_VALUE_ENTRY,
+        EntryCount: ULONG,
+        ValueBuffer: PVOID,
+        BufferLength: PULONG,
+        RequiredBufferLength: PULONG,
+    ) -> NTSTATUS;
+    fn NtEnumerateKey(
+        KeyHandle: HANDLE,
+        Index: ULONG,
+        KeyInformationClass: KEY_INFORMATION_CLASS,
+        KeyInformation: PVOID,
+        Length: ULONG,
+        ResultLength: PULONG,
+    ) -> NTSTATUS;
+    fn NtEnumerateValueKey(
+        KeyHandle: HANDLE,
+        Index: ULONG,
+        KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS,
+        KeyValueInformation: PVOID,
+        Length: ULONG,
+        ResultLength: PULONG,
+    ) -> NTSTATUS;
+    fn NtFlushKey(
+        KeyHandle: HANDLE,
+    ) -> NTSTATUS;
+    fn NtCompactKeys(
+        Count: ULONG,
+        KeyArray: *mut HANDLE,
+    ) -> NTSTATUS;
+    fn NtCompressKey(
+        Key: HANDLE,
+    ) -> NTSTATUS;
+    fn NtLoadKey(
+        TargetKey: POBJECT_ATTRIBUTES,
+        SourceFile: POBJECT_ATTRIBUTES,
+    ) -> NTSTATUS;
+    fn NtLoadKey2(
+        TargetKey: POBJECT_ATTRIBUTES,
+        SourceFile: POBJECT_ATTRIBUTES,
+        Flags: ULONG,
+    ) -> NTSTATUS;
+    fn NtLoadKeyEx(
+        TargetKey: POBJECT_ATTRIBUTES,
+        SourceFile: POBJECT_ATTRIBUTES,
+        Flags: ULONG,
+        TrustClassKey: HANDLE,
+        Event: HANDLE,
+        DesiredAccess: ACCESS_MASK,
+        RootHandle: PHANDLE,
+        IoStatus: PIO_STATUS_BLOCK,
+    ) -> NTSTATUS;
+    fn NtReplaceKey(
+        NewFile: POBJECT_ATTRIBUTES,
+        TargetHandle: HANDLE,
+        OldFile: POBJECT_ATTRIBUTES,
+    ) -> NTSTATUS;
+    fn NtSaveKey(
+        KeyHandle: HANDLE,
+        FileHandle: HANDLE,
+    ) -> NTSTATUS;
+    fn NtSaveKeyEx(
+        KeyHandle: HANDLE,
+        FileHandle: HANDLE,
+        Format: ULONG,
+    ) -> NTSTATUS;
+    fn NtSaveMergedKeys(
+        HighPrecedenceKeyHandle: HANDLE,
+        LowPrecedenceKeyHandle: HANDLE,
+        FileHandle: HANDLE,
+    ) -> NTSTATUS;
+    fn NtRestoreKey(
+        KeyHandle: HANDLE,
+        FileHandle: HANDLE,
+        Flags: ULONG,
+    ) -> NTSTATUS;
+    fn NtUnloadKey(
+        TargetKey: POBJECT_ATTRIBUTES,
+    ) -> NTSTATUS;
+}}
+pub const REG_FORCE_UNLOAD: ULONG = 1;
+pub const REG_UNLOAD_LEGAL_FLAGS: ULONG = REG_FORCE_UNLOAD;
+EXTERN!{extern "system" {
+    fn NtUnloadKey2(
+        TargetKey: POBJECT_ATTRIBUTES,
+        Flags: ULONG,
+    ) -> NTSTATUS;
+    fn NtUnloadKeyEx(
+        TargetKey: POBJECT_ATTRIBUTES,
+        Event: HANDLE,
+    ) -> NTSTATUS;
+    fn NtNotifyChangeKey(
+        KeyHandle: HANDLE,
+        Event: HANDLE,
+        ApcRoutine: PIO_APC_ROUTINE,
+        ApcContext: PVOID,
+        IoStatusBlock: PIO_STATUS_BLOCK,
+        CompletionFilter: ULONG,
+        WatchTree: BOOLEAN,
+        Buffer: PVOID,
+        BufferSize: ULONG,
+        Asynchronous: BOOLEAN,
+    ) -> NTSTATUS;
+    fn NtNotifyChangeMultipleKeys(
+        MasterKeyHandle: HANDLE,
+        Count: ULONG,
+        SubordinateObjects: *mut OBJECT_ATTRIBUTES,
+        Event: HANDLE,
+        ApcRoutine: PIO_APC_ROUTINE,
+        ApcContext: PVOID,
+        IoStatusBlock: PIO_STATUS_BLOCK,
+        CompletionFilter: ULONG,
+        WatchTree: BOOLEAN,
+        Buffer: PVOID,
+        BufferSize: ULONG,
+        Asynchronous: BOOLEAN,
+    ) -> NTSTATUS;
+    fn NtQueryOpenSubKeys(
+        TargetKey: POBJECT_ATTRIBUTES,
+        HandleCount: PULONG,
+    ) -> NTSTATUS;
+    fn NtQueryOpenSubKeysEx(
+        TargetKey: POBJECT_ATTRIBUTES,
+        BufferLength: ULONG,
+        Buffer: PVOID,
+        RequiredSize: PULONG,
+    ) -> NTSTATUS;
+    fn NtInitializeRegistry(
+        BootCondition: USHORT,
+    ) -> NTSTATUS;
+    fn NtLockRegistryKey(
+        KeyHandle: HANDLE,
+    ) -> NTSTATUS;
+    fn NtLockProductActivationKeys(
+        pPrivateVer: *mut ULONG,
+        pSafeMode: *mut ULONG,
+    ) -> NTSTATUS;
+    fn NtFreezeRegistry(
+        TimeOutInSeconds: ULONG,
+    ) -> NTSTATUS;
+    fn NtThawRegistry() -> NTSTATUS;
+}}

vendor/ntapi/src/ntseapi.rs

@@ -0,0 +1,439 @@
+use winapi::shared::basetsd::{PLONG64, PULONG64, ULONG64};
+use winapi::shared::ntdef::{
+    BOOLEAN, HANDLE, LONG, NTSTATUS, PBOOLEAN, PHANDLE, PLARGE_INTEGER, PLUID, PNTSTATUS,
+    POBJECT_ATTRIBUTES, PUCHAR, PULONG, PUNICODE_STRING, PVOID, ULONG, UNICODE_STRING, USHORT,
+};
+use winapi::um::winnt::{
+    ACCESS_MASK, AUDIT_EVENT_TYPE, PACCESS_MASK, PGENERIC_MAPPING, POBJECT_TYPE_LIST,
+    PPRIVILEGE_SET, PSECURITY_DESCRIPTOR, PSE_SIGNING_LEVEL, PSID, PSID_AND_ATTRIBUTES,
+    PTOKEN_DEFAULT_DACL, PTOKEN_GROUPS, PTOKEN_MANDATORY_POLICY, PTOKEN_OWNER,
+    PTOKEN_PRIMARY_GROUP, PTOKEN_PRIVILEGES, PTOKEN_SOURCE, PTOKEN_USER, SE_SIGNING_LEVEL,
+    TOKEN_INFORMATION_CLASS, TOKEN_TYPE,
+};
+pub const SE_MIN_WELL_KNOWN_PRIVILEGE: LONG = 2;
+pub const SE_CREATE_TOKEN_PRIVILEGE: LONG = 2;
+pub const SE_ASSIGNPRIMARYTOKEN_PRIVILEGE: LONG = 3;
+pub const SE_LOCK_MEMORY_PRIVILEGE: LONG = 4;
+pub const SE_INCREASE_QUOTA_PRIVILEGE: LONG = 5;
+pub const SE_MACHINE_ACCOUNT_PRIVILEGE: LONG = 6;
+pub const SE_TCB_PRIVILEGE: LONG = 7;
+pub const SE_SECURITY_PRIVILEGE: LONG = 8;
+pub const SE_TAKE_OWNERSHIP_PRIVILEGE: LONG = 9;
+pub const SE_LOAD_DRIVER_PRIVILEGE: LONG = 10;
+pub const SE_SYSTEM_PROFILE_PRIVILEGE: LONG = 11;
+pub const SE_SYSTEMTIME_PRIVILEGE: LONG = 12;
+pub const SE_PROF_SINGLE_PROCESS_PRIVILEGE: LONG = 13;
+pub const SE_INC_BASE_PRIORITY_PRIVILEGE: LONG = 14;
+pub const SE_CREATE_PAGEFILE_PRIVILEGE: LONG = 15;
+pub const SE_CREATE_PERMANENT_PRIVILEGE: LONG = 16;
+pub const SE_BACKUP_PRIVILEGE: LONG = 17;
+pub const SE_RESTORE_PRIVILEGE: LONG = 18;
+pub const SE_SHUTDOWN_PRIVILEGE: LONG = 19;
+pub const SE_DEBUG_PRIVILEGE: LONG = 20;
+pub const SE_AUDIT_PRIVILEGE: LONG = 21;
+pub const SE_SYSTEM_ENVIRONMENT_PRIVILEGE: LONG = 22;
+pub const SE_CHANGE_NOTIFY_PRIVILEGE: LONG = 23;
+pub const SE_REMOTE_SHUTDOWN_PRIVILEGE: LONG = 24;
+pub const SE_UNDOCK_PRIVILEGE: LONG = 25;
+pub const SE_SYNC_AGENT_PRIVILEGE: LONG = 26;
+pub const SE_ENABLE_DELEGATION_PRIVILEGE: LONG = 27;
+pub const SE_MANAGE_VOLUME_PRIVILEGE: LONG = 28;
+pub const SE_IMPERSONATE_PRIVILEGE: LONG = 29;
+pub const SE_CREATE_GLOBAL_PRIVILEGE: LONG = 30;
+pub const SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE: LONG = 31;
+pub const SE_RELABEL_PRIVILEGE: LONG = 32;
+pub const SE_INC_WORKING_SET_PRIVILEGE: LONG = 33;
+pub const SE_TIME_ZONE_PRIVILEGE: LONG = 34;
+pub const SE_CREATE_SYMBOLIC_LINK_PRIVILEGE: LONG = 35;
+pub const SE_DELEGATE_SESSION_USER_IMPERSONATE_PRIVILEGE: LONG = 36;
+pub const SE_MAX_WELL_KNOWN_PRIVILEGE: LONG = SE_DELEGATE_SESSION_USER_IMPERSONATE_PRIVILEGE;
+pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_INVALID: USHORT = 0x00;
+pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_INT64: USHORT = 0x01;
+pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_UINT64: USHORT = 0x02;
+pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_STRING: USHORT = 0x03;
+pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_FQBN: USHORT = 0x04;
+pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_SID: USHORT = 0x05;
+pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_BOOLEAN: USHORT = 0x06;
+pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING: USHORT = 0x10;
+pub const TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE: USHORT = 0x0001;
+pub const TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE: USHORT = 0x0002;
+pub const TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY: USHORT = 0x0004;
+pub const TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT: USHORT = 0x0008;
+pub const TOKEN_SECURITY_ATTRIBUTE_DISABLED: USHORT = 0x0010;
+pub const TOKEN_SECURITY_ATTRIBUTE_MANDATORY: USHORT = 0x0020;
+pub const TOKEN_SECURITY_ATTRIBUTE_COMPARE_IGNORE: USHORT = 0x0040;
+pub const TOKEN_SECURITY_ATTRIBUTE_VALID_FLAGS: USHORT = TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE
+    | TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE | TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY
+    | TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT | TOKEN_SECURITY_ATTRIBUTE_DISABLED
+    | TOKEN_SECURITY_ATTRIBUTE_MANDATORY;
+pub const TOKEN_SECURITY_ATTRIBUTE_CUSTOM_FLAGS: u32 = 0xffff0000;
+STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE {
+    Version: ULONG64,
+    Name: UNICODE_STRING,
+}}
+pub type PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE = *mut TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE;
+STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE {
+    pValue: PVOID,
+    ValueLength: ULONG,
+}}
+pub type PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE =
+    *mut TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE;
+UNION!{union TOKEN_SECURITY_ATTRIBUTE_V1_Values {
+    pInt64: PLONG64,
+    pUint64: PULONG64,
+    pString: PUNICODE_STRING,
+    pFqbn: PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE,
+    pOctetString: PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE,
+}}
+STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_V1 {
+    Name: UNICODE_STRING,
+    ValueType: USHORT,
+    Reserved: USHORT,
+    Flags: ULONG,
+    ValueCount: ULONG,
+    Values: TOKEN_SECURITY_ATTRIBUTE_V1_Values,
+}}
+pub type PTOKEN_SECURITY_ATTRIBUTE_V1 = *mut TOKEN_SECURITY_ATTRIBUTE_V1;
+pub const TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1: USHORT = 1;
+pub const TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION: USHORT =
+    TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1;
+STRUCT!{struct TOKEN_SECURITY_ATTRIBUTES_INFORMATION {
+    Version: USHORT,
+    Reserved: USHORT,
+    AttributeCount: ULONG,
+    pAttributeV1: PTOKEN_SECURITY_ATTRIBUTE_V1,
+}}
+pub type PTOKEN_SECURITY_ATTRIBUTES_INFORMATION = *mut TOKEN_SECURITY_ATTRIBUTES_INFORMATION;
+STRUCT!{struct TOKEN_PROCESS_TRUST_LEVEL {
+    TrustLevelSid: PSID,
+}}
+pub type PTOKEN_PROCESS_TRUST_LEVEL = *mut TOKEN_PROCESS_TRUST_LEVEL;
+EXTERN!{extern "system" {
+    fn NtCreateToken(
+        TokenHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        TokenType: TOKEN_TYPE,
+        AuthenticationId: PLUID,
+        ExpirationTime: PLARGE_INTEGER,
+        User: PTOKEN_USER,
+        Groups: PTOKEN_GROUPS,
+        Privileges: PTOKEN_PRIVILEGES,
+        Owner: PTOKEN_OWNER,
+        PrimaryGroup: PTOKEN_PRIMARY_GROUP,
+        DefaultDacl: PTOKEN_DEFAULT_DACL,
+        TokenSource: PTOKEN_SOURCE,
+    ) -> NTSTATUS;
+    fn NtCreateLowBoxToken(
+        TokenHandle: PHANDLE,
+        ExistingTokenHandle: HANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        PackageSid: PSID,
+        CapabilityCount: ULONG,
+        Capabilities: PSID_AND_ATTRIBUTES,
+        HandleCount: ULONG,
+        Handles: *mut HANDLE,
+    ) -> NTSTATUS;
+    fn NtCreateTokenEx(
+        TokenHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        TokenType: TOKEN_TYPE,
+        AuthenticationId: PLUID,
+        ExpirationTime: PLARGE_INTEGER,
+        User: PTOKEN_USER,
+        Groups: PTOKEN_GROUPS,
+        Privileges: PTOKEN_PRIVILEGES,
+        UserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+        DeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+        DeviceGroups: PTOKEN_GROUPS,
+        TokenMandatoryPolicy: PTOKEN_MANDATORY_POLICY,
+        Owner: PTOKEN_OWNER,
+        PrimaryGroup: PTOKEN_PRIMARY_GROUP,
+        DefaultDacl: PTOKEN_DEFAULT_DACL,
+        TokenSource: PTOKEN_SOURCE,
+    ) -> NTSTATUS;
+    fn NtOpenProcessToken(
+        ProcessHandle: HANDLE,
+        DesiredAccess: ACCESS_MASK,
+        TokenHandle: PHANDLE,
+    ) -> NTSTATUS;
+    fn NtOpenProcessTokenEx(
+        ProcessHandle: HANDLE,
+        DesiredAccess: ACCESS_MASK,
+        HandleAttributes: ULONG,
+        TokenHandle: PHANDLE,
+    ) -> NTSTATUS;
+    fn NtOpenThreadToken(
+        ThreadHandle: HANDLE,
+        DesiredAccess: ACCESS_MASK,
+        OpenAsSelf: BOOLEAN,
+        TokenHandle: PHANDLE,
+    ) -> NTSTATUS;
+    fn NtOpenThreadTokenEx(
+        ThreadHandle: HANDLE,
+        DesiredAccess: ACCESS_MASK,
+        OpenAsSelf: BOOLEAN,
+        HandleAttributes: ULONG,
+        TokenHandle: PHANDLE,
+    ) -> NTSTATUS;
+    fn NtDuplicateToken(
+        ExistingTokenHandle: HANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        EffectiveOnly: BOOLEAN,
+        TokenType: TOKEN_TYPE,
+        NewTokenHandle: PHANDLE,
+    ) -> NTSTATUS;
+    fn NtQueryInformationToken(
+        TokenHandle: HANDLE,
+        TokenInformationClass: TOKEN_INFORMATION_CLASS,
+        TokenInformation: PVOID,
+        TokenInformationLength: ULONG,
+        ReturnLength: PULONG,
+    ) -> NTSTATUS;
+    fn NtSetInformationToken(
+        TokenHandle: HANDLE,
+        TokenInformationClass: TOKEN_INFORMATION_CLASS,
+        TokenInformation: PVOID,
+        TokenInformationLength: ULONG,
+    ) -> NTSTATUS;
+    fn NtAdjustPrivilegesToken(
+        TokenHandle: HANDLE,
+        DisableAllPrivileges: BOOLEAN,
+        NewState: PTOKEN_PRIVILEGES,
+        BufferLength: ULONG,
+        PreviousState: PTOKEN_PRIVILEGES,
+        ReturnLength: PULONG,
+    ) -> NTSTATUS;
+    fn NtAdjustGroupsToken(
+        TokenHandle: HANDLE,
+        ResetToDefault: BOOLEAN,
+        NewState: PTOKEN_GROUPS,
+        BufferLength: ULONG,
+        PreviousState: PTOKEN_GROUPS,
+        ReturnLength: PULONG,
+    ) -> NTSTATUS;
+    fn NtAdjustTokenClaimsAndDeviceGroups(
+        TokenHandle: HANDLE,
+        UserResetToDefault: BOOLEAN,
+        DeviceResetToDefault: BOOLEAN,
+        DeviceGroupsResetToDefault: BOOLEAN,
+        NewUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+        NewDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+        NewDeviceGroupsState: PTOKEN_GROUPS,
+        UserBufferLength: ULONG,
+        PreviousUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+        DeviceBufferLength: ULONG,
+        PreviousDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+        DeviceGroupsBufferLength: ULONG,
+        PreviousDeviceGroups: PTOKEN_GROUPS,
+        UserReturnLength: PULONG,
+        DeviceReturnLength: PULONG,
+        DeviceGroupsReturnBufferLength: PULONG,
+    ) -> NTSTATUS;
+    fn NtFilterToken(
+        ExistingTokenHandle: HANDLE,
+        Flags: ULONG,
+        SidsToDisable: PTOKEN_GROUPS,
+        PrivilegesToDelete: PTOKEN_PRIVILEGES,
+        RestrictedSids: PTOKEN_GROUPS,
+        NewTokenHandle: PHANDLE,
+    ) -> NTSTATUS;
+    fn NtFilterTokenEx(
+        ExistingTokenHandle: HANDLE,
+        Flags: ULONG,
+        SidsToDisable: PTOKEN_GROUPS,
+        PrivilegesToDelete: PTOKEN_PRIVILEGES,
+        RestrictedSids: PTOKEN_GROUPS,
+        DisableUserClaimsCount: ULONG,
+        UserClaimsToDisable: PUNICODE_STRING,
+        DisableDeviceClaimsCount: ULONG,
+        DeviceClaimsToDisable: PUNICODE_STRING,
+        DeviceGroupsToDisable: PTOKEN_GROUPS,
+        RestrictedUserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+        RestrictedDeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+        RestrictedDeviceGroups: PTOKEN_GROUPS,
+        NewTokenHandle: PHANDLE,
+    ) -> NTSTATUS;
+    fn NtCompareTokens(
+        FirstTokenHandle: HANDLE,
+        SecondTokenHandle: HANDLE,
+        Equal: PBOOLEAN,
+    ) -> NTSTATUS;
+    fn NtPrivilegeCheck(
+        ClientToken: HANDLE,
+        RequiredPrivileges: PPRIVILEGE_SET,
+        Result: PBOOLEAN,
+    ) -> NTSTATUS;
+    fn NtImpersonateAnonymousToken(
+        ThreadHandle: HANDLE,
+    ) -> NTSTATUS;
+    fn NtQuerySecurityAttributesToken(
+        TokenHandle: HANDLE,
+        Attributes: PUNICODE_STRING,
+        NumberOfAttributes: ULONG,
+        Buffer: PVOID,
+        Length: ULONG,
+        ReturnLength: PULONG,
+    ) -> NTSTATUS;
+    fn NtAccessCheck(
+        SecurityDescriptor: PSECURITY_DESCRIPTOR,
+        ClientToken: HANDLE,
+        DesiredAccess: ACCESS_MASK,
+        GenericMapping: PGENERIC_MAPPING,
+        PrivilegeSet: PPRIVILEGE_SET,
+        PrivilegeSetLength: PULONG,
+        GrantedAccess: PACCESS_MASK,
+        AccessStatus: PNTSTATUS,
+    ) -> NTSTATUS;
+    fn NtAccessCheckByType(
+        SecurityDescriptor: PSECURITY_DESCRIPTOR,
+        PrincipalSelfSid: PSID,
+        ClientToken: HANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectTypeList: POBJECT_TYPE_LIST,
+        ObjectTypeListLength: ULONG,
+        GenericMapping: PGENERIC_MAPPING,
+        PrivilegeSet: PPRIVILEGE_SET,
+        PrivilegeSetLength: PULONG,
+        GrantedAccess: PACCESS_MASK,
+        AccessStatus: PNTSTATUS,
+    ) -> NTSTATUS;
+    fn NtAccessCheckByTypeResultList(
+        SecurityDescriptor: PSECURITY_DESCRIPTOR,
+        PrincipalSelfSid: PSID,
+        ClientToken: HANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectTypeList: POBJECT_TYPE_LIST,
+        ObjectTypeListLength: ULONG,
+        GenericMapping: PGENERIC_MAPPING,
+        PrivilegeSet: PPRIVILEGE_SET,
+        PrivilegeSetLength: PULONG,
+        GrantedAccess: PACCESS_MASK,
+        AccessStatus: PNTSTATUS,
+    ) -> NTSTATUS;
+    fn NtSetCachedSigningLevel(
+        Flags: ULONG,
+        InputSigningLevel: SE_SIGNING_LEVEL,
+        SourceFiles: PHANDLE,
+        SourceFileCount: ULONG,
+        TargetFile: HANDLE,
+    ) -> NTSTATUS;
+    fn NtGetCachedSigningLevel(
+        File: HANDLE,
+        Flags: PULONG,
+        SigningLevel: PSE_SIGNING_LEVEL,
+        Thumbprint: PUCHAR,
+        ThumbprintSize: PULONG,
+        ThumbprintAlgorithm: PULONG,
+    ) -> NTSTATUS;
+    fn NtAccessCheckAndAuditAlarm(
+        SubsystemName: PUNICODE_STRING,
+        HandleId: PVOID,
+        ObjectTypeName: PUNICODE_STRING,
+        ObjectName: PUNICODE_STRING,
+        SecurityDescriptor: PSECURITY_DESCRIPTOR,
+        DesiredAccess: ACCESS_MASK,
+        GenericMapping: PGENERIC_MAPPING,
+        ObjectCreation: BOOLEAN,
+        GrantedAccess: PACCESS_MASK,
+        AccessStatus: PNTSTATUS,
+        GenerateOnClose: PBOOLEAN,
+    ) -> NTSTATUS;
+    fn NtAccessCheckByTypeAndAuditAlarm(
+        SubsystemName: PUNICODE_STRING,
+        HandleId: PVOID,
+        ObjectTypeName: PUNICODE_STRING,
+        ObjectName: PUNICODE_STRING,
+        SecurityDescriptor: PSECURITY_DESCRIPTOR,
+        PrincipalSelfSid: PSID,
+        DesiredAccess: ACCESS_MASK,
+        AuditType: AUDIT_EVENT_TYPE,
+        Flags: ULONG,
+        ObjectTypeList: POBJECT_TYPE_LIST,
+        ObjectTypeListLength: ULONG,
+        GenericMapping: PGENERIC_MAPPING,
+        ObjectCreation: BOOLEAN,
+        GrantedAccess: PACCESS_MASK,
+        AccessStatus: PNTSTATUS,
+        GenerateOnClose: PBOOLEAN,
+    ) -> NTSTATUS;
+    fn NtAccessCheckByTypeResultListAndAuditAlarm(
+        SubsystemName: PUNICODE_STRING,
+        HandleId: PVOID,
+        ObjectTypeName: PUNICODE_STRING,
+        ObjectName: PUNICODE_STRING,
+        SecurityDescriptor: PSECURITY_DESCRIPTOR,
+        PrincipalSelfSid: PSID,
+        DesiredAccess: ACCESS_MASK,
+        AuditType: AUDIT_EVENT_TYPE,
+        Flags: ULONG,
+        ObjectTypeList: POBJECT_TYPE_LIST,
+        ObjectTypeListLength: ULONG,
+        GenericMapping: PGENERIC_MAPPING,
+        ObjectCreation: BOOLEAN,
+        GrantedAccess: PACCESS_MASK,
+        AccessStatus: PNTSTATUS,
+        GenerateOnClose: PBOOLEAN,
+    ) -> NTSTATUS;
+    fn NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
+        SubsystemName: PUNICODE_STRING,
+        HandleId: PVOID,
+        ClientToken: HANDLE,
+        ObjectTypeName: PUNICODE_STRING,
+        ObjectName: PUNICODE_STRING,
+        SecurityDescriptor: PSECURITY_DESCRIPTOR,
+        PrincipalSelfSid: PSID,
+        DesiredAccess: ACCESS_MASK,
+        AuditType: AUDIT_EVENT_TYPE,
+        Flags: ULONG,
+        ObjectTypeList: POBJECT_TYPE_LIST,
+        ObjectTypeListLength: ULONG,
+        GenericMapping: PGENERIC_MAPPING,
+        ObjectCreation: BOOLEAN,
+        GrantedAccess: PACCESS_MASK,
+        AccessStatus: PNTSTATUS,
+        GenerateOnClose: PBOOLEAN,
+    ) -> NTSTATUS;
+    fn NtOpenObjectAuditAlarm(
+        SubsystemName: PUNICODE_STRING,
+        HandleId: PVOID,
+        ObjectTypeName: PUNICODE_STRING,
+        ObjectName: PUNICODE_STRING,
+        SecurityDescriptor: PSECURITY_DESCRIPTOR,
+        ClientToken: HANDLE,
+        DesiredAccess: ACCESS_MASK,
+        GrantedAccess: ACCESS_MASK,
+        Privileges: PPRIVILEGE_SET,
+        ObjectCreation: BOOLEAN,
+        AccessGranted: BOOLEAN,
+        GenerateOnClose: PBOOLEAN,
+    ) -> NTSTATUS;
+    fn NtPrivilegeObjectAuditAlarm(
+        SubsystemName: PUNICODE_STRING,
+        HandleId: PVOID,
+        ClientToken: HANDLE,
+        DesiredAccess: ACCESS_MASK,
+        Privileges: PPRIVILEGE_SET,
+        AccessGranted: BOOLEAN,
+    ) -> NTSTATUS;
+    fn NtCloseObjectAuditAlarm(
+        SubsystemName: PUNICODE_STRING,
+        HandleId: PVOID,
+        GenerateOnClose: BOOLEAN,
+    ) -> NTSTATUS;
+    fn NtDeleteObjectAuditAlarm(
+        SubsystemName: PUNICODE_STRING,
+        HandleId: PVOID,
+        GenerateOnClose: BOOLEAN,
+    ) -> NTSTATUS;
+    fn NtPrivilegedServiceAuditAlarm(
+        SubsystemName: PUNICODE_STRING,
+        ServiceName: PUNICODE_STRING,
+        ClientToken: HANDLE,
+        Privileges: PPRIVILEGE_SET,
+        AccessGranted: BOOLEAN,
+    ) -> NTSTATUS;
+}}

vendor/ntapi/src/ntsmss.rs

@@ -0,0 +1,15 @@
+use crate::ntlpcapi::PPORT_MESSAGE;
+use winapi::shared::minwindef::DWORD;
+use winapi::shared::ntdef::{HANDLE, NTSTATUS, PHANDLE, PUNICODE_STRING};
+EXTERN!{extern "system" {
+    fn RtlConnectToSm(
+        ApiPortName: PUNICODE_STRING,
+        ApiPortHandle: HANDLE,
+        ProcessImageType: DWORD,
+        SmssConnection: PHANDLE,
+    ) -> NTSTATUS;
+    fn RtlSendMsgToSm(
+        ApiPortHandle: HANDLE,
+        MessageData: PPORT_MESSAGE,
+    ) -> NTSTATUS;
+}}

vendor/ntapi/src/nttmapi.rs

@@ -0,0 +1,239 @@
+use winapi::shared::basetsd::ULONG_PTR;
+use winapi::shared::guiddef::LPGUID;
+use winapi::shared::ktmtypes::{NOTIFICATION_MASK, PCRM_PROTOCOL_ID, PTRANSACTION_NOTIFICATION};
+use winapi::shared::ntdef::{
+    BOOLEAN, HANDLE, NTSTATUS, PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES, PULONG,
+    PUNICODE_STRING, PVOID, ULONG,
+};
+use winapi::um::winnt::{
+    ACCESS_MASK, ENLISTMENT_INFORMATION_CLASS, KTMOBJECT_TYPE, PKTMOBJECT_CURSOR,
+    RESOURCEMANAGER_INFORMATION_CLASS, TRANSACTIONMANAGER_INFORMATION_CLASS,
+    TRANSACTION_INFORMATION_CLASS,
+};
+EXTERN!{extern "system" {
+    fn NtCreateTransactionManager(
+        TmHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        LogFileName: PUNICODE_STRING,
+        CreateOptions: ULONG,
+        CommitStrength: ULONG,
+    ) -> NTSTATUS;
+    fn NtOpenTransactionManager(
+        TmHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        LogFileName: PUNICODE_STRING,
+        TmIdentity: LPGUID,
+        OpenOptions: ULONG,
+    ) -> NTSTATUS;
+    fn NtRenameTransactionManager(
+        LogFileName: PUNICODE_STRING,
+        ExistingTransactionManagerGuid: LPGUID,
+    ) -> NTSTATUS;
+    fn NtRollforwardTransactionManager(
+        TransactionManagerHandle: HANDLE,
+        TmVirtualClock: PLARGE_INTEGER,
+    ) -> NTSTATUS;
+    fn NtRecoverTransactionManager(
+        TransactionManagerHandle: HANDLE,
+    ) -> NTSTATUS;
+    fn NtQueryInformationTransactionManager(
+        TransactionManagerHandle: HANDLE,
+        TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS,
+        TransactionManagerInformation: PVOID,
+        TransactionManagerInformationLength: ULONG,
+        ReturnLength: PULONG,
+    ) -> NTSTATUS;
+    fn NtSetInformationTransactionManager(
+        TmHandle: HANDLE,
+        TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS,
+        TransactionManagerInformation: PVOID,
+        TransactionManagerInformationLength: ULONG,
+    ) -> NTSTATUS;
+    fn NtEnumerateTransactionObject(
+        RootObjectHandle: HANDLE,
+        QueryType: KTMOBJECT_TYPE,
+        ObjectCursor: PKTMOBJECT_CURSOR,
+        ObjectCursorLength: ULONG,
+        ReturnLength: PULONG,
+    ) -> NTSTATUS;
+    fn NtCreateTransaction(
+        TransactionHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        Uow: LPGUID,
+        TmHandle: HANDLE,
+        CreateOptions: ULONG,
+        IsolationLevel: ULONG,
+        IsolationFlags: ULONG,
+        Timeout: PLARGE_INTEGER,
+        Description: PUNICODE_STRING,
+    ) -> NTSTATUS;
+    fn NtOpenTransaction(
+        TransactionHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        Uow: LPGUID,
+        TmHandle: HANDLE,
+    ) -> NTSTATUS;
+    fn NtQueryInformationTransaction(
+        TransactionHandle: HANDLE,
+        TransactionInformationClass: TRANSACTION_INFORMATION_CLASS,
+        TransactionInformation: PVOID,
+        TransactionInformationLength: ULONG,
+        ReturnLength: PULONG,
+    ) -> NTSTATUS;
+    fn NtSetInformationTransaction(
+        TransactionHandle: HANDLE,
+        TransactionInformationClass: TRANSACTION_INFORMATION_CLASS,
+        TransactionInformation: PVOID,
+        TransactionInformationLength: ULONG,
+    ) -> NTSTATUS;
+    fn NtCommitTransaction(
+        TransactionHandle: HANDLE,
+        Wait: BOOLEAN,
+    ) -> NTSTATUS;
+    fn NtRollbackTransaction(
+        TransactionHandle: HANDLE,
+        Wait: BOOLEAN,
+    ) -> NTSTATUS;
+    fn NtCreateEnlistment(
+        EnlistmentHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ResourceManagerHandle: HANDLE,
+        TransactionHandle: HANDLE,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        CreateOptions: ULONG,
+        NotificationMask: NOTIFICATION_MASK,
+        EnlistmentKey: PVOID,
+    ) -> NTSTATUS;
+    fn NtOpenEnlistment(
+        EnlistmentHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        ResourceManagerHandle: HANDLE,
+        EnlistmentGuid: LPGUID,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+    ) -> NTSTATUS;
+    fn NtQueryInformationEnlistment(
+        EnlistmentHandle: HANDLE,
+        EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS,
+        EnlistmentInformation: PVOID,
+        EnlistmentInformationLength: ULONG,
+        ReturnLength: PULONG,
+    ) -> NTSTATUS;
+    fn NtSetInformationEnlistment(
+        EnlistmentHandle: HANDLE,
+        EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS,
+        EnlistmentInformation: PVOID,
+        EnlistmentInformationLength: ULONG,
+    ) -> NTSTATUS;
+    fn NtRecoverEnlistment(
+        EnlistmentHandle: HANDLE,
+        EnlistmentKey: PVOID,
+    ) -> NTSTATUS;
+    fn NtPrePrepareEnlistment(
+        EnlistmentHandle: HANDLE,
+        TmVirtualClock: PLARGE_INTEGER,
+    ) -> NTSTATUS;
+    fn NtPrepareEnlistment(
+        EnlistmentHandle: HANDLE,
+        TmVirtualClock: PLARGE_INTEGER,
+    ) -> NTSTATUS;
+    fn NtCommitEnlistment(
+        EnlistmentHandle: HANDLE,
+        TmVirtualClock: PLARGE_INTEGER,
+    ) -> NTSTATUS;
+    fn NtRollbackEnlistment(
+        EnlistmentHandle: HANDLE,
+        TmVirtualClock: PLARGE_INTEGER,
+    ) -> NTSTATUS;
+    fn NtPrePrepareComplete(
+        EnlistmentHandle: HANDLE,
+        TmVirtualClock: PLARGE_INTEGER,
+    ) -> NTSTATUS;
+    fn NtPrepareComplete(
+        EnlistmentHandle: HANDLE,
+        TmVirtualClock: PLARGE_INTEGER,
+    ) -> NTSTATUS;
+    fn NtCommitComplete(
+        EnlistmentHandle: HANDLE,
+        TmVirtualClock: PLARGE_INTEGER,
+    ) -> NTSTATUS;
+    fn NtReadOnlyEnlistment(
+        EnlistmentHandle: HANDLE,
+        TmVirtualClock: PLARGE_INTEGER,
+    ) -> NTSTATUS;
+    fn NtRollbackComplete(
+        EnlistmentHandle: HANDLE,
+        TmVirtualClock: PLARGE_INTEGER,
+    ) -> NTSTATUS;
+    fn NtSinglePhaseReject(
+        EnlistmentHandle: HANDLE,
+        TmVirtualClock: PLARGE_INTEGER,
+    ) -> NTSTATUS;
+    fn NtCreateResourceManager(
+        ResourceManagerHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        TmHandle: HANDLE,
+        RmGuid: LPGUID,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+        CreateOptions: ULONG,
+        Description: PUNICODE_STRING,
+    ) -> NTSTATUS;
+    fn NtOpenResourceManager(
+        ResourceManagerHandle: PHANDLE,
+        DesiredAccess: ACCESS_MASK,
+        TmHandle: HANDLE,
+        ResourceManagerGuid: LPGUID,
+        ObjectAttributes: POBJECT_ATTRIBUTES,
+    ) -> NTSTATUS;
+    fn NtRecoverResourceManager(
+        ResourceManagerHandle: HANDLE,
+    ) -> NTSTATUS;
+    fn NtGetNotificationResourceManager(
+        ResourceManagerHandle: HANDLE,
+        TransactionNotification: PTRANSACTION_NOTIFICATION,
+        NotificationLength: ULONG,
+        Timeout: PLARGE_INTEGER,
+        ReturnLength: PULONG,
+        Asynchronous: ULONG,
+        AsynchronousContext: ULONG_PTR,
+    ) -> NTSTATUS;
+    fn NtQueryInformationResourceManager(
+        ResourceManagerHandle: HANDLE,
+        ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS,
+        ResourceManagerInformation: PVOID,
+        ResourceManagerInformationLength: ULONG,
+        ReturnLength: PULONG,
+    ) -> NTSTATUS;
+    fn NtSetInformationResourceManager(
+        ResourceManagerHandle: HANDLE,
+        ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS,
+        ResourceManagerInformation: PVOID,
+        ResourceManagerInformationLength: ULONG,
+    ) -> NTSTATUS;
+    fn NtRegisterProtocolAddressInformation(
+        ResourceManager: HANDLE,
+        ProtocolId: PCRM_PROTOCOL_ID,
+        ProtocolInformationSize: ULONG,
+        ProtocolInformation: PVOID,
+        CreateOptions: ULONG,
+    ) -> NTSTATUS;
+    fn NtPropagationComplete(
+        ResourceManagerHandle: HANDLE,
+        RequestCookie: ULONG,
+        BufferLength: ULONG,
+        Buffer: PVOID,
+    ) -> NTSTATUS;
+    fn NtPropagationFailed(
+        ResourceManagerHandle: HANDLE,
+        RequestCookie: ULONG,
+        PropStatus: NTSTATUS,
+    ) -> NTSTATUS;
+    fn NtFreezeTransactions(
+        FreezeTimeout: PLARGE_INTEGER,
+        ThawTimeout: PLARGE_INTEGER,
+    ) -> NTSTATUS;
+    fn NtThawTransactions() -> NTSTATUS;
+}}

vendor/ntapi/src/nttp.rs

@@ -0,0 +1,207 @@
+use crate::ntioapi::PIO_STATUS_BLOCK;
+use winapi::shared::ntdef::{HANDLE, LOGICAL, LONG, NTSTATUS, PLARGE_INTEGER, PVOID};
+use winapi::um::winnt::{
+    PRTL_CRITICAL_SECTION, PTP_CALLBACK_ENVIRON, PTP_CALLBACK_INSTANCE, PTP_CLEANUP_GROUP, PTP_IO,
+    PTP_POOL, PTP_POOL_STACK_INFORMATION, PTP_SIMPLE_CALLBACK, PTP_TIMER, PTP_TIMER_CALLBACK,
+    PTP_WAIT, PTP_WAIT_CALLBACK, PTP_WORK, PTP_WORK_CALLBACK,
+};
+#[repr(C)]
+pub struct TP_ALPC([u8; 0]);
+pub type PTP_ALPC = *mut TP_ALPC;
+FN!{stdcall PTP_ALPC_CALLBACK(
+    Instance: PTP_CALLBACK_INSTANCE,
+    Context: PVOID,
+    Alpc: PTP_ALPC,
+) -> ()}
+FN!{stdcall PTP_ALPC_CALLBACK_EX(
+    Instanc: PTP_CALLBACK_INSTANCE,
+    Contex: PVOID,
+    Alp: PTP_ALPC,
+    ApcContext: PVOID,
+) -> ()}
+EXTERN!{extern "system" {
+    fn TpAllocPool(
+        PoolReturn: *mut PTP_POOL,
+        Reserved: PVOID,
+    ) -> NTSTATUS;
+    fn TpReleasePool(
+        Pool: PTP_POOL,
+    );
+    fn TpSetPoolMaxThreads(
+        Pool: PTP_POOL,
+        MaxThreads: LONG,
+    );
+    fn TpSetPoolMinThreads(
+        Pool: PTP_POOL,
+        MinThreads: LONG,
+    ) -> NTSTATUS;
+    fn TpQueryPoolStackInformation(
+        Pool: PTP_POOL,
+        PoolStackInformation: PTP_POOL_STACK_INFORMATION,
+    ) -> NTSTATUS;
+    fn TpSetPoolStackInformation(
+        Pool: PTP_POOL,
+        PoolStackInformation: PTP_POOL_STACK_INFORMATION,
+    ) -> NTSTATUS;
+    fn TpAllocCleanupGroup(
+        CleanupGroupReturn: *mut PTP_CLEANUP_GROUP,
+    ) -> NTSTATUS;
+    fn TpReleaseCleanupGroup(
+        CleanupGroup: PTP_CLEANUP_GROUP,
+    );
+    fn TpReleaseCleanupGroupMembers(
+        CleanupGroup: PTP_CLEANUP_GROUP,
+        CancelPendingCallbacks: LOGICAL,
+        CleanupParameter: PVOID,
+    );
+    fn TpCallbackSetEventOnCompletion(
+        Instance: PTP_CALLBACK_INSTANCE,
+        Event: HANDLE,
+    );
+    fn TpCallbackReleaseSemaphoreOnCompletion(
+        Instance: PTP_CALLBACK_INSTANCE,
+        Semaphore: HANDLE,
+        ReleaseCount: LONG,
+    );
+    fn TpCallbackReleaseMutexOnCompletion(
+        Instance: PTP_CALLBACK_INSTANCE,
+        Mutex: HANDLE,
+    );
+    fn TpCallbackLeaveCriticalSectionOnCompletion(
+        Instance: PTP_CALLBACK_INSTANCE,
+        CriticalSection: PRTL_CRITICAL_SECTION,
+    );
+    fn TpCallbackUnloadDllOnCompletion(
+        Instance: PTP_CALLBACK_INSTANCE,
+        DllHandle: PVOID,
+    );
+    fn TpCallbackMayRunLong(
+        Instance: PTP_CALLBACK_INSTANCE,
+    ) -> NTSTATUS;
+    fn TpDisassociateCallback(
+        Instance: PTP_CALLBACK_INSTANCE,
+    );
+    fn TpSimpleTryPost(
+        Callback: PTP_SIMPLE_CALLBACK,
+        Context: PVOID,
+        CallbackEnviron: PTP_CALLBACK_ENVIRON,
+    ) -> NTSTATUS;
+    fn TpAllocWork(
+        WorkReturn: *mut PTP_WORK,
+        Callback: PTP_WORK_CALLBACK,
+        Context: PVOID,
+        CallbackEnviron: PTP_CALLBACK_ENVIRON,
+    ) -> NTSTATUS;
+    fn TpReleaseWork(
+        Work: PTP_WORK,
+    );
+    fn TpPostWork(
+        Work: PTP_WORK,
+    );
+    fn TpWaitForWork(
+        Work: PTP_WORK,
+        CancelPendingCallbacks: LOGICAL,
+    );
+    fn TpAllocTimer(
+        Timer: *mut PTP_TIMER,
+        Callback: PTP_TIMER_CALLBACK,
+        Context: PVOID,
+        CallbackEnviron: PTP_CALLBACK_ENVIRON,
+    ) -> NTSTATUS;
+    fn TpReleaseTimer(
+        Timer: PTP_TIMER,
+    );
+    fn TpSetTimer(
+        Timer: PTP_TIMER,
+        DueTime: PLARGE_INTEGER,
+        Period: LONG,
+        WindowLength: LONG,
+    );
+    fn TpIsTimerSet(
+        Timer: PTP_TIMER,
+    ) -> LOGICAL;
+    fn TpWaitForTimer(
+        Timer: PTP_TIMER,
+        CancelPendingCallbacks: LOGICAL,
+    );
+    fn TpAllocWait(
+        WaitReturn: *mut PTP_WAIT,
+        Callback: PTP_WAIT_CALLBACK,
+        Context: PVOID,
+        CallbackEnviron: PTP_CALLBACK_ENVIRON,
+    ) -> NTSTATUS;
+    fn TpReleaseWait(
+        Wait: PTP_WAIT,
+    );
+    fn TpSetWait(
+        Wait: PTP_WAIT,
+        Handle: HANDLE,
+        Timeout: PLARGE_INTEGER,
+    );
+    fn TpWaitForWait(
+        Wait: PTP_WAIT,
+        CancelPendingCallbacks: LOGICAL,
+    );
+}}
+FN!{stdcall PTP_IO_CALLBACK(
+    Instance: PTP_CALLBACK_INSTANCE,
+    Context: PVOID,
+    ApcContext: PVOID,
+    IoSB: PIO_STATUS_BLOCK,
+    Io: PTP_IO,
+) -> ()}
+EXTERN!{extern "system" {
+    fn TpAllocIoCompletion(
+        IoReturn: *mut PTP_IO,
+        File: HANDLE,
+        Callback: PTP_IO_CALLBACK,
+        Context: PVOID,
+        CallbackEnviron: PTP_CALLBACK_ENVIRON,
+    ) -> NTSTATUS;
+    fn TpReleaseIoCompletion(
+        Io: PTP_IO,
+    );
+    fn TpStartAsyncIoOperation(
+        Io: PTP_IO,
+    );
+    fn TpCancelAsyncIoOperation(
+        Io: PTP_IO,
+    );
+    fn TpWaitForIoCompletion(
+        Io: PTP_IO,
+        CancelPendingCallbacks: LOGICAL,
+    );
+    fn TpAllocAlpcCompletion(
+        AlpcReturn: *mut PTP_ALPC,
+        AlpcPort: HANDLE,
+        Callback: PTP_ALPC_CALLBACK,
+        Context: PVOID,
+        CallbackEnviron: PTP_CALLBACK_ENVIRON,
+    ) -> NTSTATUS;
+    fn TpAllocAlpcCompletionEx(
+        AlpcReturn: *mut PTP_ALPC,
+        AlpcPort: HANDLE,
+        Callback: PTP_ALPC_CALLBACK_EX,
+        Context: PVOID,
+        CallbackEnviron: PTP_CALLBACK_ENVIRON,
+    ) -> NTSTATUS;
+    fn TpReleaseAlpcCompletion(
+        Alpc: PTP_ALPC,
+    );
+    fn TpWaitForAlpcCompletion(
+        Alpc: PTP_ALPC,
+    );
+}}
+ENUM!{enum TP_TRACE_TYPE {
+    TpTraceThreadPriority = 1,
+    TpTraceThreadAffinity = 2,
+    MaxTpTraceType = 3,
+}}
+EXTERN!{extern "system" {
+    fn TpCaptureCaller(
+        Type: TP_TRACE_TYPE,
+    );
+    fn TpCheckTerminateWorker(
+        Thread: HANDLE,
+    );
+}}

vendor/ntapi/src/ntwow64.rs

@@ -0,0 +1,476 @@
+use core::mem::size_of;
+use crate::ntapi_base::CLIENT_ID32;
+use crate::ntldr::{LDR_DDAG_STATE, LDR_DLL_LOAD_REASON};
+use crate::ntpsapi::GDI_HANDLE_BUFFER32;
+use crate::ntrtl::RTL_MAX_DRIVE_LETTERS;
+use crate::string::{UTF16Const, UTF8Const};
+use winapi::shared::guiddef::GUID;
+use winapi::shared::ntdef::{
+    BOOLEAN, CHAR, LARGE_INTEGER, LCID, LIST_ENTRY32, LONG, NTSTATUS, PROCESSOR_NUMBER,
+    SINGLE_LIST_ENTRY32, STRING32, UCHAR, ULARGE_INTEGER, ULONG, ULONGLONG, UNICODE_STRING,
+    UNICODE_STRING32, USHORT, WCHAR,
+};
+use winapi::um::winnt::{FLS_MAXIMUM_AVAILABLE, NT_TIB32};
+pub const WOW64_SYSTEM_DIRECTORY: UTF8Const = UTF8Const("SysWOW64\0");
+/// "SysWOW64"
+pub const WOW64_SYSTEM_DIRECTORY_U: UTF16Const = UTF16Const(&[
+    0x0053, 0x0079, 0x0073, 0x0057, 0x004F, 0x0057, 0x0036, 0x0034, 0u16,
+]);
+pub const WOW64_X86_TAG: UTF8Const = UTF8Const(" (x86)\0");
+/// " (x86)"
+pub const WOW64_X86_TAG_U: UTF16Const = UTF16Const(&[
+    0x0020, 0x0028, 0x0078, 0x0038, 0x0036, 0x0029, 0u16,
+]);
+ENUM!{enum WOW64_SHARED_INFORMATION {
+    SharedNtdll32LdrInitializeThunk = 0,
+    SharedNtdll32KiUserExceptionDispatcher = 1,
+    SharedNtdll32KiUserApcDispatcher = 2,
+    SharedNtdll32KiUserCallbackDispatcher = 3,
+    SharedNtdll32ExpInterlockedPopEntrySListFault = 4,
+    SharedNtdll32ExpInterlockedPopEntrySListResume = 5,
+    SharedNtdll32ExpInterlockedPopEntrySListEnd = 6,
+    SharedNtdll32RtlUserThreadStart = 7,
+    SharedNtdll32pQueryProcessDebugInformationRemote = 8,
+    SharedNtdll32BaseAddress = 9,
+    SharedNtdll32LdrSystemDllInitBlock = 10,
+    Wow64SharedPageEntriesCount = 11,
+}}
+STRUCT!{struct RTL_BALANCED_NODE32_u_s {
+    Left: ULONG, // WOW64_POINTER
+    Right: ULONG, // WOW64_POINTER
+}}
+UNION!{union RTL_BALANCED_NODE32_u {
+    Children: [ULONG; 2], // WOW64_POINTER
+    s: RTL_BALANCED_NODE32_u_s,
+}}
+STRUCT!{struct RTL_BALANCED_NODE32 {
+    u: RTL_BALANCED_NODE32_u,
+    ParentValue: ULONG,
+}}
+pub type PRTL_BALANCED_NODE32 = *mut RTL_BALANCED_NODE32;
+STRUCT!{struct RTL_RB_TREE32 {
+    Root: ULONG, // WOW64_POINTER
+    Min: ULONG, // WOW64_POINTER
+}}
+pub type PRTL_RB_TREE32 = *mut RTL_RB_TREE32;
+STRUCT!{struct PEB_LDR_DATA32 {
+    Length: ULONG,
+    Initialized: BOOLEAN,
+    SsHandle: ULONG,
+    InLoadOrderModuleList: LIST_ENTRY32,
+    InMemoryOrderModuleList: LIST_ENTRY32,
+    InInitializationOrderModuleList: LIST_ENTRY32,
+    EntryInProgress: ULONG,
+    ShutdownInProgress: BOOLEAN,
+    ShutdownThreadId: ULONG,
+}}
+pub type PPEB_LDR_DATA32 = *mut PEB_LDR_DATA32;
+STRUCT!{struct LDR_SERVICE_TAG_RECORD32 {
+    Next: ULONG,
+    ServiceTag: ULONG,
+}}
+pub type PLDR_SERVICE_TAG_RECORD32 = *mut LDR_SERVICE_TAG_RECORD32;
+STRUCT!{struct LDRP_CSLIST32 {
+    Tail: ULONG, // WOW64_POINTER
+}}
+pub type PLDRP_CSLIST32 = *mut LDRP_CSLIST32;
+UNION!{union LDR_DDAG_NODE32_u {
+    Dependencies: LDRP_CSLIST32,
+    RemovalLink: SINGLE_LIST_ENTRY32,
+}}
+STRUCT!{struct LDR_DDAG_NODE32 {
+    Modules: LIST_ENTRY32,
+    ServiceTagList: ULONG, // WOW64_POINTER
+    LoadCount: ULONG,
+    LoadWhileUnloadingCount: ULONG,
+    LowestLink: ULONG,
+    u: LDR_DDAG_NODE32_u,
+    IncomingDependencies: LDRP_CSLIST32,
+    State: LDR_DDAG_STATE,
+    CondenseLink: SINGLE_LIST_ENTRY32,
+    PreorderNumber: ULONG,
+}}
+pub type PLDR_DDAG_NODE32 = *mut LDR_DDAG_NODE32;
+pub const LDR_DATA_TABLE_ENTRY_SIZE_WINXP_32: usize = 80;
+pub const LDR_DATA_TABLE_ENTRY_SIZE_WIN7_32: usize = 144;
+pub const LDR_DATA_TABLE_ENTRY_SIZE_WIN8_32: usize = 152;
+UNION!{union LDR_DATA_TABLE_ENTRY32_u1 {
+    InInitializationOrderLinks: LIST_ENTRY32,
+    InProgressLinks: LIST_ENTRY32,
+}}
+UNION!{union LDR_DATA_TABLE_ENTRY32_u2 {
+    FlagGroup: [UCHAR; 4],
+    Flags: ULONG,
+}}
+STRUCT!{struct LDR_DATA_TABLE_ENTRY32 {
+    InLoadOrderLinks: LIST_ENTRY32,
+    InMemoryOrderLinks: LIST_ENTRY32,
+    u1: LDR_DATA_TABLE_ENTRY32_u1,
+    DllBase: ULONG, // WOW64_POINTER
+    EntryPoint: ULONG, // WOW64_POINTER
+    SizeOfImage: ULONG,
+    FullDllName: UNICODE_STRING32,
+    BaseDllName: UNICODE_STRING32,
+    u2: LDR_DATA_TABLE_ENTRY32_u2,
+    ObsoleteLoadCount: USHORT,
+    TlsIndex: USHORT,
+    HashLinks: LIST_ENTRY32,
+    TimeDateStamp: ULONG,
+    EntryPointActivationContext: ULONG, // WOW64_POINTER
+    Lock: ULONG, // WOW64_POINTER
+    DdagNode: ULONG, // WOW64_POINTER
+    NodeModuleLink: LIST_ENTRY32,
+    LoadContext: ULONG, // WOW64_POINTER
+    ParentDllBase: ULONG, // WOW64_POINTER
+    SwitchBackContext: ULONG, // WOW64_POINTER
+    BaseAddressIndexNode: RTL_BALANCED_NODE32,
+    MappingInfoIndexNode: RTL_BALANCED_NODE32,
+    OriginalBase: ULONG,
+    LoadTime: LARGE_INTEGER,
+    BaseNameHashValue: ULONG,
+    LoadReason: LDR_DLL_LOAD_REASON,
+    ImplicitPathOptions: ULONG,
+    ReferenceCount: ULONG,
+    DependentLoadFlags: ULONG,
+    SigningLevel: UCHAR,
+}}
+BITFIELD!{unsafe LDR_DATA_TABLE_ENTRY32_u2 Flags: ULONG [
+    PackagedBinary set_PackagedBinary[0..1],
+    MarkedForRemoval set_MarkedForRemoval[1..2],
+    ImageDll set_ImageDll[2..3],
+    LoadNotificationsSent set_LoadNotificationsSent[3..4],
+    TelemetryEntryProcessed set_TelemetryEntryProcessed[4..5],
+    ProcessStaticImport set_ProcessStaticImport[5..6],
+    InLegacyLists set_InLegacyLists[6..7],
+    InIndexes set_InIndexes[7..8],
+    ShimDll set_ShimDll[8..9],
+    InExceptionTable set_InExceptionTable[9..10],
+    ReservedFlags1 set_ReservedFlags1[10..12],
+    LoadInProgress set_LoadInProgress[12..13],
+    LoadConfigProcessed set_LoadConfigProcessed[13..14],
+    EntryProcessed set_EntryProcessed[14..15],
+    ProtectDelayLoad set_ProtectDelayLoad[15..16],
+    ReservedFlags3 set_ReservedFlags3[16..18],
+    DontCallForThreads set_DontCallForThreads[18..19],
+    ProcessAttachCalled set_ProcessAttachCalled[19..20],
+    ProcessAttachFailed set_ProcessAttachFailed[20..21],
+    CorDeferredValidate set_CorDeferredValidate[21..22],
+    CorImage set_CorImage[22..23],
+    DontRelocate set_DontRelocate[23..24],
+    CorILOnly set_CorILOnly[24..25],
+    ReservedFlags5 set_ReservedFlags5[25..28],
+    Redirected set_Redirected[28..29],
+    ReservedFlags6 set_ReservedFlags6[29..31],
+    CompatDatabaseProcessed set_CompatDatabaseProcessed[31..32],
+]}
+pub type PLDR_DATA_TABLE_ENTRY32 = *mut LDR_DATA_TABLE_ENTRY32;
+STRUCT!{struct CURDIR32 {
+    DosPath: UNICODE_STRING32,
+    Handle: ULONG, // WOW64_POINTER
+}}
+pub type PCURDIR32 = *mut CURDIR32;
+STRUCT!{struct RTL_DRIVE_LETTER_CURDIR32 {
+    Flags: USHORT,
+    Length: USHORT,
+    TimeStamp: ULONG,
+    DosPath: STRING32,
+}}
+pub type PRTL_DRIVE_LETTER_CURDIR32 = *mut RTL_DRIVE_LETTER_CURDIR32;
+STRUCT!{struct RTL_USER_PROCESS_PARAMETERS32 {
+    MaximumLength: ULONG,
+    Length: ULONG,
+    Flags: ULONG,
+    DebugFlags: ULONG,
+    ConsoleHandle: ULONG, // WOW64_POINTER
+    ConsoleFlags: ULONG,
+    StandardInput: ULONG, // WOW64_POINTER
+    StandardOutput: ULONG, // WOW64_POINTER
+    StandardError: ULONG, // WOW64_POINTER
+    CurrentDirectory: CURDIR32,
+    DllPath: UNICODE_STRING32,
+    ImagePathName: UNICODE_STRING32,
+    CommandLine: UNICODE_STRING32,
+    Environment: ULONG, // WOW64_POINTER
+    StartingX: ULONG,
+    StartingY: ULONG,
+    CountX: ULONG,
+    CountY: ULONG,
+    CountCharsX: ULONG,
+    CountCharsY: ULONG,
+    FillAttribute: ULONG,
+    WindowFlags: ULONG,
+    ShowWindowFlags: ULONG,
+    WindowTitle: UNICODE_STRING32,
+    DesktopInfo: UNICODE_STRING32,
+    ShellInfo: UNICODE_STRING32,
+    RuntimeData: UNICODE_STRING32,
+    CurrentDirectories: [RTL_DRIVE_LETTER_CURDIR32; RTL_MAX_DRIVE_LETTERS],
+    EnvironmentSize: ULONG,
+    EnvironmentVersion: ULONG,
+    PackageDependencyData: ULONG, // WOW64_POINTER
+    ProcessGroupId: ULONG,
+    LoaderThreads: ULONG,
+}}
+pub type PRTL_USER_PROCESS_PARAMETERS32 = *mut RTL_USER_PROCESS_PARAMETERS32;
+UNION!{union PEB32_u {
+    KernelCallbackTable: ULONG, // WOW64_POINTER
+    UserSharedInfoPtr: ULONG, // WOW64_POINTER
+}}
+STRUCT!{struct PEB32 {
+    InheritedAddressSpace: BOOLEAN,
+    ReadImageFileExecOptions: BOOLEAN,
+    BeingDebugged: BOOLEAN,
+    BitField: BOOLEAN,
+    Mutant: ULONG, // WOW64_POINTER
+    ImageBaseAddress: ULONG, // WOW64_POINTER
+    Ldr: ULONG, // WOW64_POINTER
+    ProcessParameters: ULONG, // WOW64_POINTER
+    SubSystemData: ULONG, // WOW64_POINTER
+    ProcessHeap: ULONG, // WOW64_POINTER
+    FastPebLock: ULONG, // WOW64_POINTER
+    AtlThunkSListPtr: ULONG, // WOW64_POINTER
+    IFEOKey: ULONG, // WOW64_POINTER
+    CrossProcessFlags: ULONG,
+    u: PEB32_u,
+    SystemReserved: [ULONG; 1],
+    AtlThunkSListPtr32: ULONG,
+    ApiSetMap: ULONG, // WOW64_POINTER
+    TlsExpansionCounter: ULONG,
+    TlsBitmap: ULONG, // WOW64_POINTER
+    TlsBitmapBits: [ULONG; 2],
+    ReadOnlySharedMemoryBase: ULONG, // WOW64_POINTER
+    HotpatchInformation: ULONG, // WOW64_POINTER
+    ReadOnlyStaticServerData: ULONG, // WOW64_POINTER
+    AnsiCodePageData: ULONG, // WOW64_POINTER
+    OemCodePageData: ULONG, // WOW64_POINTER
+    UnicodeCaseTableData: ULONG, // WOW64_POINTER
+    NumberOfProcessors: ULONG,
+    NtGlobalFlag: ULONG,
+    CriticalSectionTimeout: LARGE_INTEGER,
+    HeapSegmentReserve: ULONG,
+    HeapSegmentCommit: ULONG,
+    HeapDeCommitTotalFreeThreshold: ULONG,
+    HeapDeCommitFreeBlockThreshold: ULONG,
+    NumberOfHeaps: ULONG,
+    MaximumNumberOfHeaps: ULONG,
+    ProcessHeaps: ULONG, // WOW64_POINTER
+    GdiSharedHandleTable: ULONG, // WOW64_POINTER
+    ProcessStarterHelper: ULONG, // WOW64_POINTER
+    GdiDCAttributeList: ULONG,
+    LoaderLock: ULONG, // WOW64_POINTER
+    OSMajorVersion: ULONG,
+    OSMinorVersion: ULONG,
+    OSBuildNumber: USHORT,
+    OSCSDVersion: USHORT,
+    OSPlatformId: ULONG,
+    ImageSubsystem: ULONG,
+    ImageSubsystemMajorVersion: ULONG,
+    ImageSubsystemMinorVersion: ULONG,
+    ActiveProcessAffinityMask: ULONG,
+    GdiHandleBuffer: GDI_HANDLE_BUFFER32,
+    PostProcessInitRoutine: ULONG, // WOW64_POINTER
+    TlsExpansionBitmap: ULONG, // WOW64_POINTER
+    TlsExpansionBitmapBits: [ULONG; 32],
+    SessionId: ULONG,
+    AppCompatFlags: ULARGE_INTEGER,
+    AppCompatFlagsUser: ULARGE_INTEGER,
+    pShimData: ULONG, // WOW64_POINTER
+    AppCompatInfo: ULONG, // WOW64_POINTER
+    CSDVersion: UNICODE_STRING32,
+    ActivationContextData: ULONG, // WOW64_POINTER
+    ProcessAssemblyStorageMap: ULONG, // WOW64_POINTER
+    SystemDefaultActivationContextData: ULONG, // WOW64_POINTER
+    SystemAssemblyStorageMap: ULONG, // WOW64_POINTER
+    MinimumStackCommit: ULONG,
+    FlsCallback: ULONG, // WOW64_POINTER
+    FlsListHead: LIST_ENTRY32,
+    FlsBitmap: ULONG, // WOW64_POINTER
+    FlsBitmapBits: [ULONG; FLS_MAXIMUM_AVAILABLE as usize / (size_of::<ULONG>() * 8)],
+    FlsHighIndex: ULONG,
+    WerRegistrationData: ULONG, // WOW64_POINTER
+    WerShipAssertPtr: ULONG, // WOW64_POINTER
+    pContextData: ULONG, // WOW64_POINTER
+    pImageHeaderHash: ULONG, // WOW64_POINTER
+    TracingFlags: ULONG,
+    CsrServerReadOnlySharedMemoryBase: ULONGLONG,
+    TppWorkerpListLock: ULONG, // WOW64_POINTER
+    TppWorkerpList: LIST_ENTRY32,
+    WaitOnAddressHashTable: [ULONG; 128], // WOW64_POINTER
+    TelemetryCoverageHeader: ULONG, // WOW64_POINTER
+    CloudFileFlags: ULONG,
+    CloudFileDiagFlags: ULONG,
+    PlaceholderCompatibilityMode: CHAR,
+    PlaceholderCompatibilityModeReserved: [CHAR; 7],
+}}
+BITFIELD!{PEB32 BitField: BOOLEAN [
+    ImageUsesLargePages set_ImageUsesLargePages[0..1],
+    IsProtectedProcess set_IsProtectedProcess[1..2],
+    IsImageDynamicallyRelocated set_IsImageDynamicallyRelocated[2..3],
+    SkipPatchingUser32Forwarders set_SkipPatchingUser32Forwarders[3..4],
+    IsPackagedProcess set_IsPackagedProcess[4..5],
+    IsAppContainer set_IsAppContainer[5..6],
+    IsProtectedProcessLight set_IsProtectedProcessLight[6..7],
+    IsLongPathAwareProcess set_IsLongPathAwareProcess[7..8],
+]}
+BITFIELD!{PEB32 CrossProcessFlags: ULONG [
+    ProcessInJob set_ProcessInJob[0..1],
+    ProcessInitializing set_ProcessInitializing[1..2],
+    ProcessUsingVEH set_ProcessUsingVEH[2..3],
+    ProcessUsingVCH set_ProcessUsingVCH[3..4],
+    ProcessUsingFTH set_ProcessUsingFTH[4..5],
+    ReservedBits0 set_ReservedBits0[5..32],
+]}
+BITFIELD!{PEB32 TracingFlags: ULONG [
+    HeapTracingEnabled set_HeapTracingEnabled[0..1],
+    CritSecTracingEnabled set_CritSecTracingEnabled[1..2],
+    LibLoaderTracingEnabled set_LibLoaderTracingEnabled[2..3],
+    SpareTracingBits set_SpareTracingBits[3..32],
+]}
+pub type PPEB32 = *mut PEB32;
+pub const GDI_BATCH_BUFFER_SIZE: usize = 310;
+STRUCT!{struct GDI_TEB_BATCH32 {
+    Offset: ULONG,
+    HDC: ULONG,
+    Buffer: [ULONG; GDI_BATCH_BUFFER_SIZE],
+}}
+pub type PGDI_TEB_BATCH32 = *mut GDI_TEB_BATCH32;
+STRUCT!{struct TEB32_u_s {
+    ReservedPad0: UCHAR,
+    ReservedPad1: UCHAR,
+    ReservedPad2: UCHAR,
+    IdealProcessor: UCHAR,
+}}
+UNION!{union TEB32_u {
+    CurrentIdealProcessor: PROCESSOR_NUMBER,
+    IdealProcessorValue: ULONG,
+    s: TEB32_u_s,
+}}
+STRUCT!{struct TEB32 {
+    NtTib: NT_TIB32,
+    EnvironmentPointer: ULONG, // WOW64_POINTER
+    ClientId: CLIENT_ID32,
+    ActiveRpcHandle: ULONG, // WOW64_POINTER
+    ThreadLocalStoragePointer: ULONG, // WOW64_POINTER
+    ProcessEnvironmentBlock: ULONG, // WOW64_POINTER
+    LastErrorValue: ULONG,
+    CountOfOwnedCriticalSections: ULONG,
+    CsrClientThread: ULONG, // WOW64_POINTER
+    Win32ThreadInfo: ULONG, // WOW64_POINTER
+    User32Reserved: [ULONG; 26],
+    UserReserved: [ULONG; 5],
+    WOW32Reserved: ULONG, // WOW64_POINTER
+    CurrentLocale: LCID,
+    FpSoftwareStatusRegister: ULONG,
+    ReservedForDebuggerInstrumentation: [ULONG; 16], // WOW64_POINTER
+    SystemReserved1: [ULONG; 36], // WOW64_POINTER
+    WorkingOnBehalfTicket: [UCHAR; 8],
+    ExceptionCode: NTSTATUS,
+    ActivationContextStackPointer: ULONG, // WOW64_POINTER
+    InstrumentationCallbackSp: ULONG,
+    InstrumentationCallbackPreviousPc: ULONG,
+    InstrumentationCallbackPreviousSp: ULONG,
+    InstrumentationCallbackDisabled: BOOLEAN,
+    SpareBytes: [UCHAR; 23],
+    TxFsContext: ULONG,
+    GdiTebBatch: GDI_TEB_BATCH32,
+    RealClientId: CLIENT_ID32,
+    GdiCachedProcessHandle: ULONG, // WOW64_POINTER
+    GdiClientPID: ULONG,
+    GdiClientTID: ULONG,
+    GdiThreadLocalInfo: ULONG, // WOW64_POINTER
+    Win32ClientInfo: [ULONG; 62],
+    glDispatchTable: [ULONG; 233], // WOW64_POINTER
+    glReserved1: [ULONG; 29], // WOW64_POINTER
+    glReserved2: ULONG, // WOW64_POINTER
+    glSectionInfo: ULONG, // WOW64_POINTER
+    glSection: ULONG, // WOW64_POINTER
+    glTable: ULONG, // WOW64_POINTER
+    glCurrentRC: ULONG, // WOW64_POINTER
+    glContext: ULONG, // WOW64_POINTER
+    LastStatusValue: NTSTATUS,
+    StaticUnicodeString: UNICODE_STRING32,
+    StaticUnicodeBuffer: [WCHAR; 261],
+    DeallocationStack: ULONG, // WOW64_POINTER
+    TlsSlots: [ULONG; 64], // WOW64_POINTER
+    TlsLinks: LIST_ENTRY32,
+    Vdm: ULONG, // WOW64_POINTER
+    ReservedForNtRpc: ULONG, // WOW64_POINTER
+    DbgSsReserved: [ULONG; 2], // WOW64_POINTER
+    HardErrorMode: ULONG,
+    Instrumentation: [ULONG; 9], // WOW64_POINTER
+    ActivityId: GUID,
+    SubProcessTag: ULONG, // WOW64_POINTER
+    PerflibData: ULONG, // WOW64_POINTER
+    EtwTraceData: ULONG, // WOW64_POINTER
+    WinSockData: ULONG, // WOW64_POINTER
+    GdiBatchCount: ULONG,
+    u: TEB32_u,
+    GuaranteedStackBytes: ULONG,
+    ReservedForPerf: ULONG, // WOW64_POINTER
+    ReservedForOle: ULONG, // WOW64_POINTER
+    WaitingOnLoaderLock: ULONG,
+    SavedPriorityState: ULONG, // WOW64_POINTER
+    ReservedForCodeCoverage: ULONG,
+    ThreadPoolData: ULONG, // WOW64_POINTER
+    TlsExpansionSlots: ULONG, // WOW64_POINTER
+    MuiGeneration: ULONG,
+    IsImpersonating: ULONG,
+    NlsCache: ULONG, // WOW64_POINTER
+    pShimData: ULONG, // WOW64_POINTER
+    HeapVirtualAffinity: USHORT,
+    LowFragHeapDataSlot: USHORT,
+    CurrentTransactionHandle: ULONG, // WOW64_POINTER
+    ActiveFrame: ULONG, // WOW64_POINTER
+    FlsData: ULONG, // WOW64_POINTER
+    PreferredLanguages: ULONG, // WOW64_POINTER
+    UserPrefLanguages: ULONG, // WOW64_POINTER
+    MergedPrefLanguages: ULONG, // WOW64_POINTER
+    MuiImpersonation: ULONG,
+    CrossTebFlags: USHORT,
+    SameTebFlags: USHORT,
+    TxnScopeEnterCallback: ULONG, // WOW64_POINTER
+    TxnScopeExitCallback: ULONG, // WOW64_POINTER
+    TxnScopeContext: ULONG, // WOW64_POINTER
+    LockCount: ULONG,
+    WowTebOffset: LONG,
+    ResourceRetValue: ULONG, // WOW64_POINTER
+    ReservedForWdf: ULONG, // WOW64_POINTER
+    ReservedForCrt: ULONGLONG,
+    EffectiveContainerId: GUID,
+}}
+BITFIELD!{TEB32 SameTebFlags: USHORT [
+    SafeThunkCall set_SafeThunkCall[0..1],
+    InDebugPrint set_InDebugPrint[1..2],
+    HasFiberData set_HasFiberData[2..3],
+    SkipThreadAttach set_SkipThreadAttach[3..4],
+    WerInShipAssertCode set_WerInShipAssertCode[4..5],
+    RanProcessInit set_RanProcessInit[5..6],
+    ClonedThread set_ClonedThread[6..7],
+    SuppressDebugMsg set_SuppressDebugMsg[7..8],
+    DisableUserStackWalk set_DisableUserStackWalk[8..9],
+    RtlExceptionAttached set_RtlExceptionAttached[9..10],
+    InitialThread set_InitialThread[10..11],
+    SessionAware set_SessionAware[11..12],
+    LoadOwner set_LoadOwner[12..13],
+    LoaderWorker set_LoaderWorker[13..14],
+    SpareSameTebBits set_SpareSameTebBits[14..16],
+]}
+pub type PTEB32 = *mut TEB32;
+#[inline]
+pub fn UStr32ToUStr(
+    Destination: &mut UNICODE_STRING,
+    Source: &UNICODE_STRING32,
+) {
+    Destination.Length = Source.Length;
+    Destination.MaximumLength = Source.MaximumLength;
+    Destination.Buffer = Source.Buffer as *mut u16;
+}
+#[inline]
+pub fn UStrToUStr32(
+    Destination: &mut UNICODE_STRING32,
+    Source: &UNICODE_STRING,
+) {
+    Destination.Length = Source.Length;
+    Destination.MaximumLength = Source.MaximumLength;
+    Destination.Buffer = Source.Buffer as u32;
+}

vendor/ntapi/src/ntxcapi.rs

@@ -0,0 +1,29 @@
+use winapi::shared::ntdef::{BOOLEAN, NTSTATUS, PSTR, PVOID, ULONG};
+use winapi::um::winnt::{PCONTEXT, PEXCEPTION_RECORD};
+EXTERN!{extern "system" {
+    fn RtlDispatchException(
+        ExceptionRecord: PEXCEPTION_RECORD,
+        ContextRecord: PCONTEXT,
+    ) -> BOOLEAN;
+    fn RtlRaiseStatus(
+        Status: NTSTATUS,
+    );
+    fn RtlRaiseException(
+        ExceptionRecord: PEXCEPTION_RECORD,
+    );
+    fn NtContinue(
+        ContextRecord: PCONTEXT,
+        TestAlert: BOOLEAN,
+    ) -> NTSTATUS;
+    fn NtRaiseException(
+        ExceptionRecord: PEXCEPTION_RECORD,
+        ContextRecord: PCONTEXT,
+        FirstChance: BOOLEAN,
+    ) -> NTSTATUS;
+    fn RtlAssert(
+        VoidFailedAssertion: PVOID,
+        VoidFileName: PVOID,
+        LineNumber: ULONG,
+        MutableMessage: PSTR,
+    );
+}}

vendor/ntapi/src/string.rs

@@ -0,0 +1,58 @@
+/// A wrapper over UTF16 string constants.
+pub struct UTF16Const(pub &'static [u16]);
+impl UTF16Const {
+    #[inline]
+    pub fn as_ptr(&self) -> *const u16 {
+        self.0.as_ptr()
+    }
+    #[inline]
+    pub fn as_mut_ptr(&self) -> *mut u16 {
+        self.0.as_ptr() as *mut u16
+    }
+    #[inline]
+    pub fn len(&self) -> usize {
+        self.0.len() - 1
+    }
+}
+impl AsRef<[u16]> for UTF16Const {
+    #[inline]
+    fn as_ref(&self) -> &[u16] {
+        &self.0[..self.len()]
+    }
+}
+impl Copy for UTF16Const {}
+impl Clone for UTF16Const {
+    #[inline]
+    fn clone(&self) -> UTF16Const { *self }
+}
+/// A wrapper over UTF8 string constants.
+pub struct UTF8Const(pub &'static str);
+impl UTF8Const {
+    #[inline]
+    pub fn as_ptr(&self) -> *const i8 {
+        self.0.as_ptr() as *const i8
+    }
+    #[inline]
+    pub fn as_mut_ptr(&self) -> *mut i8 {
+        self.0.as_ptr() as *mut i8
+    }
+    #[inline]
+    pub fn len(&self) -> usize {
+        self.0.len() - 1
+    }
+    #[inline]
+    pub fn as_str(&self) -> &str {
+        &self.0[..self.len()]
+    }
+}
+impl AsRef<str> for UTF8Const {
+    #[inline]
+    fn as_ref(&self) -> &str {
+        &self.0[..self.len()]
+    }
+}
+impl Copy for UTF8Const {}
+impl Clone for UTF8Const {
+    #[inline]
+    fn clone(&self) -> UTF8Const { *self }
+}

vendor/ntapi/src/subprocesstag.rs

@@ -0,0 +1,77 @@
+use winapi::shared::minwindef::DWORD;
+use winapi::shared::ntdef::{LPCWSTR, LPWSTR, PVOID};
+ENUM!{enum TAG_INFO_LEVEL {
+    eTagInfoLevelNameFromTag = 1,
+    eTagInfoLevelNamesReferencingModule = 2,
+    eTagInfoLevelNameTagMapping = 3,
+    eTagInfoLevelMax = 4,
+}}
+ENUM!{enum TAG_TYPE {
+    eTagTypeService = 1,
+    eTagTypeMax = 2,
+}}
+STRUCT!{struct TAG_INFO_NAME_FROM_TAG_IN_PARAMS {
+    dwPid: DWORD,
+    dwTag: DWORD,
+}}
+pub type PTAG_INFO_NAME_FROM_TAG_IN_PARAMS = *mut TAG_INFO_NAME_FROM_TAG_IN_PARAMS;
+STRUCT!{struct TAG_INFO_NAME_FROM_TAG_OUT_PARAMS {
+    eTagType: DWORD,
+    pszName: LPWSTR,
+}}
+pub type PTAG_INFO_NAME_FROM_TAG_OUT_PARAMS = *mut TAG_INFO_NAME_FROM_TAG_OUT_PARAMS;
+STRUCT!{struct TAG_INFO_NAME_FROM_TAG {
+    InParams: TAG_INFO_NAME_FROM_TAG_IN_PARAMS,
+    OutParams: TAG_INFO_NAME_FROM_TAG_OUT_PARAMS,
+}}
+pub type PTAG_INFO_NAME_FROM_TAG = *mut TAG_INFO_NAME_FROM_TAG;
+STRUCT!{struct TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS {
+    dwPid: DWORD,
+    pszModule: LPWSTR,
+}}
+pub type PTAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS =
+    *mut TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS;
+STRUCT!{struct TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS {
+    eTagType: DWORD,
+    pmszNames: LPWSTR,
+}}
+pub type PTAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS =
+    *mut TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS;
+STRUCT!{struct TAG_INFO_NAMES_REFERENCING_MODULE {
+    InParams: TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS,
+    OutParams: TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS,
+}}
+pub type PTAG_INFO_NAMES_REFERENCING_MODULE = *mut TAG_INFO_NAMES_REFERENCING_MODULE;
+STRUCT!{struct TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS {
+    dwPid: DWORD,
+}}
+pub type PTAG_INFO_NAME_TAG_MAPPING_IN_PARAMS = *mut TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS;
+STRUCT!{struct TAG_INFO_NAME_TAG_MAPPING_ELEMENT {
+    eTagType: DWORD,
+    dwTag: DWORD,
+    pszName: LPWSTR,
+    pszGroupName: LPWSTR,
+}}
+pub type PTAG_INFO_NAME_TAG_MAPPING_ELEMENT = *mut TAG_INFO_NAME_TAG_MAPPING_ELEMENT;
+STRUCT!{struct TAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS {
+    cElements: DWORD,
+    pNameTagMappingElements: PTAG_INFO_NAME_TAG_MAPPING_ELEMENT,
+}}
+pub type PTAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS = *mut TAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS;
+STRUCT!{struct TAG_INFO_NAME_TAG_MAPPING {
+    InParams: TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS,
+    pOutParams: PTAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS,
+}}
+pub type PTAG_INFO_NAME_TAG_MAPPING = *mut TAG_INFO_NAME_TAG_MAPPING;
+EXTERN!{extern "system" {
+    fn I_QueryTagInformation(
+        pszMachineName: LPCWSTR,
+        eInfoLevel: TAG_INFO_LEVEL,
+        pTagInfo: PVOID,
+    ) -> DWORD;
+}}
+FN!{stdcall PQUERY_TAG_INFORMATION(
+    pszMachineName: LPCWSTR,
+    eInfoLevel: TAG_INFO_LEVEL,
+    pTagInfo: PVOID,
+) -> DWORD}

vendor/ntapi/src/winapi_local.rs

@@ -0,0 +1 @@
+pub mod um;

vendor/ntapi/src/winapi_local/um.rs

@@ -0,0 +1,2 @@
+pub(crate) mod winioctl;
+pub mod winnt;

vendor/ntapi/src/winapi_local/um/winioctl.rs

@@ -0,0 +1,4 @@
+#[inline]
+pub(crate) const fn CTL_CODE(DeviceType: u32, Function: u32, Method: u32, Access: u32) -> u32 {
+    (DeviceType << 16) | (Access << 14) | (Function << 2) | Method
+}

vendor/ntapi/src/winapi_local/um/winnt.rs

@@ -0,0 +1,71 @@
+use winapi::shared::basetsd::{DWORD64, SIZE_T, ULONG64};
+use winapi::shared::minwindef::DWORD;
+use winapi::um::winnt::{HANDLE, PVOID};
+#[doc(hidden)]
+#[inline]
+pub const fn UInt32x32To64(a: u32, b: u32) -> u64 {
+    a as u64 * b as u64
+}
+#[cfg(not(target_arch = "aarch64"))]
+IFDEF!{
+use core::arch::asm;
+use crate::ntpebteb::TEB;
+#[inline]
+pub unsafe fn __readfsdword(Offset: DWORD) -> DWORD {
+    let out: u32;
+    asm!(
+        "mov {:e}, fs:[{:e}]",
+        lateout(reg) out,
+        in(reg) Offset,
+        options(nostack, pure, readonly),
+    );
+    out
+}
+#[inline]
+#[cfg(target_pointer_width = "64")]
+pub unsafe fn __readgsqword(Offset: DWORD) -> DWORD64 {
+    let out: u64;
+    asm!(
+        "mov {}, gs:[{:e}]",
+        lateout(reg) out,
+        in(reg) Offset,
+        options(nostack, pure, readonly),
+    );
+    out
+}
+#[inline] #[allow(unused_unsafe)]
+pub unsafe fn NtCurrentTeb() -> *mut TEB {
+    use winapi::um::winnt::NT_TIB;
+    let teb_offset = FIELD_OFFSET!(NT_TIB, _Self) as u32;
+    #[cfg(target_arch = "x86_64")] {
+        __readgsqword(teb_offset) as *mut TEB
+    }
+    #[cfg(target_arch = "x86")] {
+        __readfsdword(teb_offset) as *mut TEB
+    }
+}
+}
+ENUM!{enum MEM_EXTENDED_PARAMETER_TYPE {
+    MemExtendedParameterInvalidType = 0,
+    MemExtendedParameterAddressRequirements = 1,
+    MemExtendedParameterNumaNode = 2,
+    MemExtendedParameterPartitionHandle = 3,
+    MemExtendedParameterMax = 4,
+}}
+pub type PMEM_EXTENDED_PARAMETER_TYPE = *mut MEM_EXTENDED_PARAMETER_TYPE;
+UNION!{union MEM_EXTENDED_PARAMETER_u {
+    ULong64: DWORD64,
+    Pointer: PVOID,
+    Size: SIZE_T,
+    Handle: HANDLE,
+    ULong: DWORD,
+}}
+STRUCT!{struct MEM_EXTENDED_PARAMETER {
+    BitFields: ULONG64,
+    u: MEM_EXTENDED_PARAMETER_u,
+}}
+BITFIELD!{MEM_EXTENDED_PARAMETER BitFields: ULONG64 [
+    Type set_Type[0..8],
+    Reserved set_Reserved[8..64],
+]}
+pub type PMEM_EXTENDED_PARAMETER = *mut MEM_EXTENDED_PARAMETER;

vendor/ntapi/src/winsta.rs

@@ -0,0 +1,848 @@
+use core::ptr::null_mut;
+use crate::ntrtl::RTL_TIME_ZONE_INFORMATION;
+use winapi::shared::basetsd::SIZE_T;
+use winapi::shared::minwindef::{BYTE, DWORD, FILETIME};
+use winapi::shared::ntdef::{
+    BOOLEAN, CHAR, HANDLE, LARGE_INTEGER, LONG, PULONG, PVOID, PWSTR, UCHAR, ULONG, UNICODE_STRING,
+    USHORT, WCHAR,
+};
+use winapi::shared::windef::HWND;
+use winapi::um::winnt::{PSID, STANDARD_RIGHTS_REQUIRED};
+pub const WINSTATION_QUERY: u32 = 0x00000001;
+pub const WINSTATION_SET: u32 = 0x00000002;
+pub const WINSTATION_RESET: u32 = 0x00000004;
+pub const WINSTATION_VIRTUAL: u32 = 0x00000008;
+pub const WINSTATION_SHADOW: u32 = 0x00000010;
+pub const WINSTATION_LOGON: u32 = 0x00000020;
+pub const WINSTATION_LOGOFF: u32 = 0x00000040;
+pub const WINSTATION_MSG: u32 = 0x00000080;
+pub const WINSTATION_CONNECT: u32 = 0x00000100;
+pub const WINSTATION_DISCONNECT: u32 = 0x00000200;
+pub const WINSTATION_GUEST_ACCESS: u32 = WINSTATION_LOGON;
+pub const WINSTATION_CURRENT_GUEST_ACCESS: u32 = WINSTATION_VIRTUAL | WINSTATION_LOGOFF;
+pub const WINSTATION_USER_ACCESS: u32 =
+    WINSTATION_GUEST_ACCESS | WINSTATION_QUERY | WINSTATION_CONNECT;
+pub const WINSTATION_CURRENT_USER_ACCESS: u32 = WINSTATION_SET | WINSTATION_RESET
+    | WINSTATION_VIRTUAL | WINSTATION_LOGOFF | WINSTATION_DISCONNECT;
+pub const WINSTATION_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | WINSTATION_QUERY | WINSTATION_SET
+    | WINSTATION_RESET | WINSTATION_VIRTUAL | WINSTATION_SHADOW | WINSTATION_LOGON | WINSTATION_MSG
+    | WINSTATION_CONNECT | WINSTATION_DISCONNECT;
+pub const WDPREFIX_LENGTH: usize = 12;
+pub const CALLBACK_LENGTH: usize = 50;
+pub const DLLNAME_LENGTH: usize = 32;
+pub const CDNAME_LENGTH: usize = 32;
+pub const WDNAME_LENGTH: usize = 32;
+pub const PDNAME_LENGTH: usize = 32;
+pub const DEVICENAME_LENGTH: usize = 128;
+pub const MODEMNAME_LENGTH: usize = DEVICENAME_LENGTH;
+pub const STACK_ADDRESS_LENGTH: usize = 128;
+pub const MAX_BR_NAME: usize = 65;
+pub const DIRECTORY_LENGTH: usize = 256;
+pub const INITIALPROGRAM_LENGTH: usize = 256;
+pub const USERNAME_LENGTH: usize = 20;
+pub const DOMAIN_LENGTH: usize = 17;
+pub const PASSWORD_LENGTH: usize = 14;
+pub const NASISPECIFICNAME_LENGTH: usize = 14;
+pub const NASIUSERNAME_LENGTH: usize = 47;
+pub const NASIPASSWORD_LENGTH: usize = 24;
+pub const NASISESSIONNAME_LENGTH: usize = 16;
+pub const NASIFILESERVER_LENGTH: usize = 47;
+pub const CLIENTDATANAME_LENGTH: usize = 7;
+pub const CLIENTNAME_LENGTH: usize = 20;
+pub const CLIENTADDRESS_LENGTH: usize = 30;
+pub const IMEFILENAME_LENGTH: usize = 32;
+pub const CLIENTLICENSE_LENGTH: usize = 32;
+pub const CLIENTMODEM_LENGTH: usize = 40;
+pub const CLIENT_PRODUCT_ID_LENGTH: usize = 32;
+pub const MAX_COUNTER_EXTENSIONS: u32 = 2;
+pub const WINSTATIONNAME_LENGTH: usize = 32;
+pub const TERMSRV_TOTAL_SESSIONS: u32 = 1;
+pub const TERMSRV_DISC_SESSIONS: u32 = 2;
+pub const TERMSRV_RECON_SESSIONS: u32 = 3;
+pub const TERMSRV_CURRENT_ACTIVE_SESSIONS: u32 = 4;
+pub const TERMSRV_CURRENT_DISC_SESSIONS: u32 = 5;
+pub const TERMSRV_PENDING_SESSIONS: u32 = 6;
+pub const TERMSRV_SUCC_TOTAL_LOGONS: u32 = 7;
+pub const TERMSRV_SUCC_LOCAL_LOGONS: u32 = 8;
+pub const TERMSRV_SUCC_REMOTE_LOGONS: u32 = 9;
+pub const TERMSRV_SUCC_SESSION0_LOGONS: u32 = 10;
+pub const TERMSRV_CURRENT_TERMINATING_SESSIONS: u32 = 11;
+pub const TERMSRV_CURRENT_LOGGEDON_SESSIONS: u32 = 12;
+pub type PTS_TIME_ZONE_INFORMATION = *mut RTL_TIME_ZONE_INFORMATION;
+pub type TS_TIME_ZONE_INFORMATION = RTL_TIME_ZONE_INFORMATION;
+pub type WINSTATIONNAME = [WCHAR; WINSTATIONNAME_LENGTH + 1];
+STRUCT!{struct VARDATA_WIRE {
+    Size: USHORT,
+    Offset: USHORT,
+}}
+pub type PVARDATA_WIRE = *mut VARDATA_WIRE;
+ENUM!{enum WINSTATIONSTATECLASS {
+    State_Active = 0,
+    State_Connected = 1,
+    State_ConnectQuery = 2,
+    State_Shadow = 3,
+    State_Disconnected = 4,
+    State_Idle = 5,
+    State_Listen = 6,
+    State_Reset = 7,
+    State_Down = 8,
+    State_Init = 9,
+}}
+UNION!{union SESSIONIDW_u {
+    SessionId: ULONG,
+    LogonId: ULONG,
+}}
+STRUCT!{struct SESSIONIDW {
+    u: SESSIONIDW_u,
+    WinStationName: WINSTATIONNAME,
+    State: WINSTATIONSTATECLASS,
+}}
+pub type PSESSIONIDW = *mut SESSIONIDW;
+ENUM!{enum WINSTATIONINFOCLASS {
+    WinStationCreateData = 0,
+    WinStationConfiguration = 1,
+    WinStationPdParams = 2,
+    WinStationWd = 3,
+    WinStationPd = 4,
+    WinStationPrinter = 5,
+    WinStationClient = 6,
+    WinStationModules = 7,
+    WinStationInformation = 8,
+    WinStationTrace = 9,
+    WinStationBeep = 10,
+    WinStationEncryptionOff = 11,
+    WinStationEncryptionPerm = 12,
+    WinStationNtSecurity = 13,
+    WinStationUserToken = 14,
+    WinStationUnused1 = 15,
+    WinStationVideoData = 16,
+    WinStationInitialProgram = 17,
+    WinStationCd = 18,
+    WinStationSystemTrace = 19,
+    WinStationVirtualData = 20,
+    WinStationClientData = 21,
+    WinStationSecureDesktopEnter = 22,
+    WinStationSecureDesktopExit = 23,
+    WinStationLoadBalanceSessionTarget = 24,
+    WinStationLoadIndicator = 25,
+    WinStationShadowInfo = 26,
+    WinStationDigProductId = 27,
+    WinStationLockedState = 28,
+    WinStationRemoteAddress = 29,
+    WinStationIdleTime = 30,
+    WinStationLastReconnectType = 31,
+    WinStationDisallowAutoReconnect = 32,
+    WinStationMprNotifyInfo = 33,
+    WinStationExecSrvSystemPipe = 34,
+    WinStationSmartCardAutoLogon = 35,
+    WinStationIsAdminLoggedOn = 36,
+    WinStationReconnectedFromId = 37,
+    WinStationEffectsPolicy = 38,
+    WinStationType = 39,
+    WinStationInformationEx = 40,
+    WinStationValidationInfo = 41,
+}}
+STRUCT!{struct WINSTATIONCREATE {
+    Bitfields: ULONG,
+    MaxInstanceCount: ULONG,
+}}
+BITFIELD!{WINSTATIONCREATE Bitfields: ULONG [
+    fEnableWinStation set_fEnableWinStation[0..1],
+]}
+pub type PWINSTATIONCREATE = *mut WINSTATIONCREATE;
+STRUCT!{struct WINSTACONFIGWIRE {
+    Comment: [WCHAR; 61],
+    OEMId: [CHAR; 4],
+    UserConfig: VARDATA_WIRE,
+    NewFields: VARDATA_WIRE,
+}}
+pub type PWINSTACONFIGWIRE = *mut WINSTACONFIGWIRE;
+ENUM!{enum CALLBACKCLASS {
+    Callback_Disable = 0,
+    Callback_Roving = 1,
+    Callback_Fixed = 2,
+}}
+ENUM!{enum SHADOWCLASS {
+    Shadow_Disable = 0,
+    Shadow_EnableInputNotify = 1,
+    Shadow_EnableInputNoNotify = 2,
+    Shadow_EnableNoInputNotify = 3,
+    Shadow_EnableNoInputNoNotify = 4,
+}}
+STRUCT!{struct USERCONFIG {
+    Bitfields: ULONG,
+    Bitfields2: ULONG,
+    UserName: [WCHAR; USERNAME_LENGTH + 1],
+    Domain: [WCHAR; DOMAIN_LENGTH + 1],
+    Password: [WCHAR; PASSWORD_LENGTH + 1],
+    WorkDirectory: [WCHAR; DIRECTORY_LENGTH + 1],
+    InitialProgram: [WCHAR; INITIALPROGRAM_LENGTH + 1],
+    CallbackNumber: [WCHAR; CALLBACK_LENGTH + 1],
+    Callback: CALLBACKCLASS,
+    Shadow: SHADOWCLASS,
+    MaxConnectionTime: ULONG,
+    MaxDisconnectionTime: ULONG,
+    MaxIdleTime: ULONG,
+    KeyboardLayout: ULONG,
+    MinEncryptionLevel: BYTE,
+    NWLogonServer: [WCHAR; NASIFILESERVER_LENGTH + 1],
+    PublishedName: [WCHAR; MAX_BR_NAME],
+    WFProfilePath: [WCHAR; DIRECTORY_LENGTH + 1],
+    WFHomeDir: [WCHAR; DIRECTORY_LENGTH + 1],
+    WFHomeDirDrive: [WCHAR; 4],
+}}
+BITFIELD!{USERCONFIG Bitfields: ULONG [
+    fInheritAutoLogon set_fInheritAutoLogon[0..1],
+    fInheritResetBroken set_fInheritResetBroken[1..2],
+    fInheritReconnectSame set_fInheritReconnectSame[2..3],
+    fInheritInitialProgram set_fInheritInitialProgram[3..4],
+    fInheritCallback set_fInheritCallback[4..5],
+    fInheritCallbackNumber set_fInheritCallbackNumber[5..6],
+    fInheritShadow set_fInheritShadow[6..7],
+    fInheritMaxSessionTime set_fInheritMaxSessionTime[7..8],
+    fInheritMaxDisconnectionTime set_fInheritMaxDisconnectionTime[8..9],
+    fInheritMaxIdleTime set_fInheritMaxIdleTime[9..10],
+    fInheritAutoClient set_fInheritAutoClient[10..11],
+    fInheritSecurity set_fInheritSecurity[11..12],
+    fPromptForPassword set_fPromptForPassword[12..13],
+    fResetBroken set_fResetBroken[13..14],
+    fReconnectSame set_fReconnectSame[14..15],
+    fLogonDisabled set_fLogonDisabled[15..16],
+    fWallPaperDisabled set_fWallPaperDisabled[16..17],
+    fAutoClientDrives set_fAutoClientDrives[17..18],
+    fAutoClientLpts set_fAutoClientLpts[18..19],
+    fForceClientLptDef set_fForceClientLptDef[19..20],
+    fRequireEncryption set_fRequireEncryption[20..21],
+    fDisableEncryption set_fDisableEncryption[21..22],
+    fUnused1 set_fUnused1[22..23],
+    fHomeDirectoryMapRoot set_fHomeDirectoryMapRoot[23..24],
+    fUseDefaultGina set_fUseDefaultGina[24..25],
+    fCursorBlinkDisabled set_fCursorBlinkDisabled[25..26],
+    fPublishedApp set_fPublishedApp[26..27],
+    fHideTitleBar set_fHideTitleBar[27..28],
+    fMaximize set_fMaximize[28..29],
+    fDisableCpm set_fDisableCpm[29..30],
+    fDisableCdm set_fDisableCdm[30..31],
+    fDisableCcm set_fDisableCcm[31..32],
+]}
+BITFIELD!{USERCONFIG Bitfields2: ULONG [
+    fDisableLPT set_fDisableLPT[0..1],
+    fDisableClip set_fDisableClip[1..2],
+    fDisableExe set_fDisableExe[2..3],
+    fDisableCam set_fDisableCam[3..4],
+    fDisableAutoReconnect set_fDisableAutoReconnect[4..5],
+    ColorDepth set_ColorDepth[5..6],
+    fInheritColorDepth set_fInheritColorDepth[6..7],
+    fErrorInvalidProfile set_fErrorInvalidProfile[7..8],
+    fPasswordIsScPin set_fPasswordIsScPin[8..9],
+    fDisablePNPRedir set_fDisablePNPRedir[9..10],
+]}
+pub type PUSERCONFIG = *mut USERCONFIG;
+ENUM!{enum SDCLASS {
+    SdNone = 0,
+    SdConsole = 1,
+    SdNetwork = 2,
+    SdAsync = 3,
+    SdOemTransport = 4,
+}}
+pub type DEVICENAME = [WCHAR; DEVICENAME_LENGTH + 1];
+pub type MODEMNAME = [WCHAR; MODEMNAME_LENGTH + 1];
+pub type NASISPECIFICNAME = [WCHAR; NASISPECIFICNAME_LENGTH + 1];
+pub type NASIUSERNAME = [WCHAR; NASIUSERNAME_LENGTH + 1];
+pub type NASIPASSWORD = [WCHAR; NASIPASSWORD_LENGTH + 1];
+pub type NASISESIONNAME = [WCHAR; NASISESSIONNAME_LENGTH + 1];
+pub type NASIFILESERVER = [WCHAR; NASIFILESERVER_LENGTH + 1];
+pub type WDNAME = [WCHAR; WDNAME_LENGTH + 1];
+pub type WDPREFIX = [WCHAR; WDPREFIX_LENGTH + 1];
+pub type CDNAME = [WCHAR; CDNAME_LENGTH + 1];
+pub type DLLNAME = [WCHAR; DLLNAME_LENGTH + 1];
+pub type PDNAME = [WCHAR; PDNAME_LENGTH + 1];
+STRUCT!{struct NETWORKCONFIG {
+    LanAdapter: LONG,
+    NetworkName: DEVICENAME,
+    Flags: ULONG,
+}}
+pub type PNETWORKCONFIG = *mut NETWORKCONFIG;
+ENUM!{enum FLOWCONTROLCLASS {
+    FlowControl_None = 0,
+    FlowControl_Hardware = 1,
+    FlowControl_Software = 2,
+}}
+ENUM!{enum RECEIVEFLOWCONTROLCLASS {
+    ReceiveFlowControl_None = 0,
+    ReceiveFlowControl_RTS = 1,
+    ReceiveFlowControl_DTR = 2,
+}}
+ENUM!{enum TRANSMITFLOWCONTROLCLASS {
+    TransmitFlowControl_None = 0,
+    TransmitFlowControl_CTS = 1,
+    TransmitFlowControl_DSR = 2,
+}}
+ENUM!{enum ASYNCCONNECTCLASS {
+    Connect_CTS = 0,
+    Connect_DSR = 1,
+    Connect_RI = 2,
+    Connect_DCD = 3,
+    Connect_FirstChar = 4,
+    Connect_Perm = 5,
+}}
+STRUCT!{struct FLOWCONTROLCONFIG {
+    Bitfields: ULONG,
+    XonChar: CHAR,
+    XoffChar: CHAR,
+    Type: FLOWCONTROLCLASS,
+    HardwareReceive: RECEIVEFLOWCONTROLCLASS,
+    HardwareTransmit: TRANSMITFLOWCONTROLCLASS,
+}}
+BITFIELD!{FLOWCONTROLCONFIG Bitfields: ULONG [
+    fEnableSoftwareTx set_fEnableSoftwareTx[0..1],
+    fEnableSoftwareRx set_fEnableSoftwareRx[1..2],
+    fEnableDTR set_fEnableDTR[2..3],
+    fEnableRTS set_fEnableRTS[3..4],
+]}
+pub type PFLOWCONTROLCONFIG = *mut FLOWCONTROLCONFIG;
+STRUCT!{struct CONNECTCONFIG {
+    Type: ASYNCCONNECTCLASS,
+    Bitfields: ULONG,
+}}
+BITFIELD!{CONNECTCONFIG Bitfields: ULONG [
+    fEnableBreakDisconnect set_fEnableBreakDisconnect[0..1],
+]}
+pub type PCONNECTCONFIG = *mut CONNECTCONFIG;
+STRUCT!{struct ASYNCCONFIG {
+    DeviceName: DEVICENAME,
+    ModemName: MODEMNAME,
+    BaudRate: ULONG,
+    Parity: ULONG,
+    StopBits: ULONG,
+    ByteSize: ULONG,
+    Bitfields: ULONG,
+    FlowControl: FLOWCONTROLCONFIG,
+    Connect: CONNECTCONFIG,
+}}
+BITFIELD!{ASYNCCONFIG Bitfields: ULONG [
+    fEnableDsrSensitivity set_fEnableDsrSensitivity[0..1],
+    fConnectionDriver set_fConnectionDriver[1..2],
+]}
+pub type PASYNCCONFIG = *mut ASYNCCONFIG;
+STRUCT!{struct NASICONFIG {
+    SpecificName: NASISPECIFICNAME,
+    UserName: NASIUSERNAME,
+    PassWord: NASIPASSWORD,
+    SessionName: NASISESIONNAME,
+    FileServer: NASIFILESERVER,
+    GlobalSession: BOOLEAN,
+}}
+pub type PNASICONFIG = *mut NASICONFIG;
+STRUCT!{struct OEMTDCONFIG {
+    Adapter: LONG,
+    DeviceName: DEVICENAME,
+    Flags: ULONG,
+}}
+pub type POEMTDCONFIG = *mut OEMTDCONFIG;
+UNION!{union PDPARAMS_u {
+    Network: NETWORKCONFIG,
+    Async: ASYNCCONFIG,
+    Nasi: NASICONFIG,
+    OemTd: OEMTDCONFIG,
+}}
+STRUCT!{struct PDPARAMS {
+    SdClass: SDCLASS,
+    u: PDPARAMS_u,
+}}
+pub type PPDPARAMS = *mut PDPARAMS;
+STRUCT!{struct WDCONFIG {
+    WdName: WDNAME,
+    WdDLL: DLLNAME,
+    WsxDLL: DLLNAME,
+    WdFlag: ULONG,
+    WdInputBufferLength: ULONG,
+    CfgDLL: DLLNAME,
+    WdPrefix: WDPREFIX,
+}}
+pub type PWDCONFIG = *mut WDCONFIG;
+STRUCT!{struct PDCONFIG2 {
+    PdName: PDNAME,
+    SdClass: SDCLASS,
+    PdDLL: DLLNAME,
+    PdFlag: ULONG,
+    OutBufLength: ULONG,
+    OutBufCount: ULONG,
+    OutBufDelay: ULONG,
+    InteractiveDelay: ULONG,
+    PortNumber: ULONG,
+    KeepAliveTimeout: ULONG,
+}}
+pub type PPDCONFIG2 = *mut PDCONFIG2;
+STRUCT!{struct WINSTATIONCLIENT {
+    Bitfields: ULONG,
+    ClientName: [WCHAR; CLIENTNAME_LENGTH + 1],
+    Domain: [WCHAR; DOMAIN_LENGTH + 1],
+    UserName: [WCHAR; USERNAME_LENGTH + 1],
+    Password: [WCHAR; PASSWORD_LENGTH + 1],
+    WorkDirectory: [WCHAR; DIRECTORY_LENGTH + 1],
+    InitialProgram: [WCHAR; INITIALPROGRAM_LENGTH + 1],
+    SerialNumber: ULONG,
+    EncryptionLevel: BYTE,
+    ClientAddressFamily: ULONG,
+    ClientAddress: [WCHAR; CLIENTADDRESS_LENGTH + 1],
+    HRes: USHORT,
+    VRes: USHORT,
+    ColorDepth: USHORT,
+    ProtocolType: USHORT,
+    KeyboardLayout: ULONG,
+    KeyboardType: ULONG,
+    KeyboardSubType: ULONG,
+    KeyboardFunctionKey: ULONG,
+    ImeFileName: [WCHAR; IMEFILENAME_LENGTH + 1],
+    ClientDirectory: [WCHAR; DIRECTORY_LENGTH + 1],
+    ClientLicense: [WCHAR; CLIENTLICENSE_LENGTH + 1],
+    ClientModem: [WCHAR; CLIENTMODEM_LENGTH + 1],
+    ClientBuildNumber: ULONG,
+    ClientHardwareId: ULONG,
+    ClientProductId: USHORT,
+    OutBufCountHost: USHORT,
+    OutBufCountClient: USHORT,
+    OutBufLength: USHORT,
+    AudioDriverName: [WCHAR; 9],
+    ClientTimeZone: TS_TIME_ZONE_INFORMATION,
+    ClientSessionId: ULONG,
+    ClientDigProductId: [WCHAR; CLIENT_PRODUCT_ID_LENGTH],
+    PerformanceFlags: ULONG,
+    ActiveInputLocale: ULONG,
+}}
+BITFIELD!{WINSTATIONCLIENT Bitfields: ULONG [
+    fTextOnly set_fTextOnly[0..1],
+    fDisableCtrlAltDel set_fDisableCtrlAltDel[1..2],
+    fMouse set_fMouse[2..3],
+    fDoubleClickDetect set_fDoubleClickDetect[3..4],
+    fINetClient set_fINetClient[4..5],
+    fPromptForPassword set_fPromptForPassword[5..6],
+    fMaximizeShell set_fMaximizeShell[6..7],
+    fEnableWindowsKey set_fEnableWindowsKey[7..8],
+    fRemoteConsoleAudio set_fRemoteConsoleAudio[8..9],
+    fPasswordIsScPin set_fPasswordIsScPin[9..10],
+    fNoAudioPlayback set_fNoAudioPlayback[10..11],
+    fUsingSavedCreds set_fUsingSavedCreds[11..12],
+]}
+pub type PWINSTATIONCLIENT = *mut WINSTATIONCLIENT;
+STRUCT!{struct TSHARE_COUNTERS {
+    Reserved: ULONG,
+}}
+pub type PTSHARE_COUNTERS = *mut TSHARE_COUNTERS;
+UNION!{union PROTOCOLCOUNTERS_Specific {
+    TShareCounters: TSHARE_COUNTERS,
+    Reserved: [ULONG; 100],
+}}
+STRUCT!{struct PROTOCOLCOUNTERS {
+    WdBytes: ULONG,
+    WdFrames: ULONG,
+    WaitForOutBuf: ULONG,
+    Frames: ULONG,
+    Bytes: ULONG,
+    CompressedBytes: ULONG,
+    CompressFlushes: ULONG,
+    Errors: ULONG,
+    Timeouts: ULONG,
+    AsyncFramingError: ULONG,
+    AsyncOverrunError: ULONG,
+    AsyncOverflowError: ULONG,
+    AsyncParityError: ULONG,
+    TdErrors: ULONG,
+    ProtocolType: USHORT,
+    Length: USHORT,
+    Specific: PROTOCOLCOUNTERS_Specific,
+}}
+pub type PPROTOCOLCOUNTERS = *mut PROTOCOLCOUNTERS;
+STRUCT!{struct THINWIRECACHE {
+    CacheReads: ULONG,
+    CacheHits: ULONG,
+}}
+pub type PTHINWIRECACHE = *mut THINWIRECACHE;
+pub const MAX_THINWIRECACHE: usize = 4;
+STRUCT!{struct RESERVED_CACHE {
+    ThinWireCache: [THINWIRECACHE; MAX_THINWIRECACHE],
+}}
+pub type PRESERVED_CACHE = *mut RESERVED_CACHE;
+STRUCT!{struct TSHARE_CACHE {
+    Reserved: ULONG,
+}}
+pub type PTSHARE_CACHE = *mut TSHARE_CACHE;
+UNION!{union CACHE_STATISTICS_Specific {
+    ReservedCacheStats: RESERVED_CACHE,
+    TShareCacheStats: TSHARE_CACHE,
+    Reserved: [ULONG; 20],
+}}
+STRUCT!{struct CACHE_STATISTICS {
+    ProtocolType: USHORT,
+    Length: USHORT,
+    Specific: CACHE_STATISTICS_Specific,
+}}
+pub type PCACHE_STATISTICS = *mut CACHE_STATISTICS;
+STRUCT!{struct PROTOCOLSTATUS {
+    Output: PROTOCOLCOUNTERS,
+    Input: PROTOCOLCOUNTERS,
+    Cache: CACHE_STATISTICS,
+    AsyncSignal: ULONG,
+    AsyncSignalMask: ULONG,
+}}
+pub type PPROTOCOLSTATUS = *mut PROTOCOLSTATUS;
+STRUCT!{struct WINSTATIONINFORMATION {
+    ConnectState: WINSTATIONSTATECLASS,
+    WinStationName: WINSTATIONNAME,
+    LogonId: ULONG,
+    ConnectTime: LARGE_INTEGER,
+    DisconnectTime: LARGE_INTEGER,
+    LastInputTime: LARGE_INTEGER,
+    LogonTime: LARGE_INTEGER,
+    Status: PROTOCOLSTATUS,
+    Domain: [WCHAR; DOMAIN_LENGTH + 1],
+    UserName: [WCHAR; USERNAME_LENGTH + 1],
+    CurrentTime: LARGE_INTEGER,
+}}
+pub type PWINSTATIONINFORMATION = *mut WINSTATIONINFORMATION;
+STRUCT!{struct WINSTATIONUSERTOKEN {
+    ProcessId: HANDLE,
+    ThreadId: HANDLE,
+    UserToken: HANDLE,
+}}
+pub type PWINSTATIONUSERTOKEN = *mut WINSTATIONUSERTOKEN;
+STRUCT!{struct WINSTATIONVIDEODATA {
+    HResolution: USHORT,
+    VResolution: USHORT,
+    fColorDepth: USHORT,
+}}
+pub type PWINSTATIONVIDEODATA = *mut WINSTATIONVIDEODATA;
+ENUM!{enum CDCLASS {
+    CdNone = 0,
+    CdModem = 1,
+    CdClass_Maximum = 2,
+}}
+STRUCT!{struct CDCONFIG {
+    CdClass: CDCLASS,
+    CdName: CDNAME,
+    CdDLL: DLLNAME,
+    CdFlag: ULONG,
+}}
+pub type PCDCONFIG = *mut CDCONFIG;
+pub type CLIENTDATANAME = [CHAR; CLIENTDATANAME_LENGTH + 1];
+pub type PCLIENTDATANAME = *mut CHAR;
+STRUCT!{struct WINSTATIONCLIENTDATA {
+    DataName: CLIENTDATANAME,
+    fUnicodeData: BOOLEAN,
+}}
+pub type PWINSTATIONCLIENTDATA = *mut WINSTATIONCLIENTDATA;
+ENUM!{enum LOADFACTORTYPE {
+    ErrorConstraint = 0,
+    PagedPoolConstraint = 1,
+    NonPagedPoolConstraint = 2,
+    AvailablePagesConstraint = 3,
+    SystemPtesConstraint = 4,
+    CPUConstraint = 5,
+}}
+STRUCT!{struct WINSTATIONLOADINDICATORDATA {
+    RemainingSessionCapacity: ULONG,
+    LoadFactor: LOADFACTORTYPE,
+    TotalSessions: ULONG,
+    DisconnectedSessions: ULONG,
+    IdleCPU: LARGE_INTEGER,
+    TotalCPU: LARGE_INTEGER,
+    RawSessionCapacity: ULONG,
+    reserved: [ULONG; 9],
+}}
+pub type PWINSTATIONLOADINDICATORDATA = *mut WINSTATIONLOADINDICATORDATA;
+ENUM!{enum SHADOWSTATECLASS {
+    State_NoShadow = 0,
+    State_Shadowing = 1,
+    State_Shadowed = 2,
+}}
+STRUCT!{struct WINSTATIONSHADOW {
+    ShadowState: SHADOWSTATECLASS,
+    ShadowClass: SHADOWCLASS,
+    SessionId: ULONG,
+    ProtocolType: ULONG,
+}}
+pub type PWINSTATIONSHADOW = *mut WINSTATIONSHADOW;
+STRUCT!{struct WINSTATIONPRODID {
+    DigProductId: [WCHAR; CLIENT_PRODUCT_ID_LENGTH],
+    ClientDigProductId: [WCHAR; CLIENT_PRODUCT_ID_LENGTH],
+    OuterMostDigProductId: [WCHAR; CLIENT_PRODUCT_ID_LENGTH],
+    CurrentSessionId: ULONG,
+    ClientSessionId: ULONG,
+    OuterMostSessionId: ULONG,
+}}
+pub type PWINSTATIONPRODID = *mut WINSTATIONPRODID;
+STRUCT!{struct WINSTATIONREMOTEADDRESS_u_ipv4 {
+    sin_port: USHORT,
+    sin_addr: ULONG,
+    sin_zero: [UCHAR; 8],
+}}
+STRUCT!{struct WINSTATIONREMOTEADDRESS_u_ipv6 {
+    sin6_port: USHORT,
+    sin6_flowinfo: ULONG,
+    sin6_addr: [USHORT; 8],
+    sin6_scope_id: ULONG,
+}}
+UNION!{union WINSTATIONREMOTEADDRESS_u {
+    ipv4: WINSTATIONREMOTEADDRESS_u_ipv4,
+    ipv6: WINSTATIONREMOTEADDRESS_u_ipv6,
+}}
+STRUCT!{struct WINSTATIONREMOTEADDRESS {
+    sin_family: USHORT,
+    u: WINSTATIONREMOTEADDRESS_u,
+}}
+pub type PWINSTATIONREMOTEADDRESS = *mut WINSTATIONREMOTEADDRESS;
+STRUCT!{struct WINSTATIONINFORMATIONEX_LEVEL1 {
+    SessionId: ULONG,
+    SessionState: WINSTATIONSTATECLASS,
+    SessionFlags: LONG,
+    WinStationName: WINSTATIONNAME,
+    UserName: [WCHAR; USERNAME_LENGTH + 1],
+    DomainName: [WCHAR; DOMAIN_LENGTH + 1],
+    LogonTime: LARGE_INTEGER,
+    ConnectTime: LARGE_INTEGER,
+    DisconnectTime: LARGE_INTEGER,
+    LastInputTime: LARGE_INTEGER,
+    CurrentTime: LARGE_INTEGER,
+    ProtocolStatus: PROTOCOLSTATUS,
+}}
+pub type PWINSTATIONINFORMATIONEX_LEVEL1 = *mut WINSTATIONINFORMATIONEX_LEVEL1;
+STRUCT!{struct WINSTATIONINFORMATIONEX_LEVEL2 {
+    SessionId: ULONG,
+    SessionState: WINSTATIONSTATECLASS,
+    SessionFlags: LONG,
+    WinStationName: WINSTATIONNAME,
+    SamCompatibleUserName: [WCHAR; USERNAME_LENGTH + 1],
+    SamCompatibleDomainName: [WCHAR; DOMAIN_LENGTH + 1],
+    LogonTime: LARGE_INTEGER,
+    ConnectTime: LARGE_INTEGER,
+    DisconnectTime: LARGE_INTEGER,
+    LastInputTime: LARGE_INTEGER,
+    CurrentTime: LARGE_INTEGER,
+    ProtocolStatus: PROTOCOLSTATUS,
+    UserName: [WCHAR; 257],
+    DomainName: [WCHAR; 256],
+}}
+pub type PWINSTATIONINFORMATIONEX_LEVEL2 = *mut WINSTATIONINFORMATIONEX_LEVEL2;
+UNION!{union WINSTATIONINFORMATIONEX_LEVEL {
+    WinStationInfoExLevel1: WINSTATIONINFORMATIONEX_LEVEL1,
+    WinStationInfoExLevel2: WINSTATIONINFORMATIONEX_LEVEL2,
+}}
+pub type PWINSTATIONINFORMATIONEX_LEVEL = *mut WINSTATIONINFORMATIONEX_LEVEL;
+STRUCT!{struct WINSTATIONINFORMATIONEX {
+    Level: ULONG,
+    Data: WINSTATIONINFORMATIONEX_LEVEL,
+}}
+pub type PWINSTATIONINFORMATIONEX = *mut WINSTATIONINFORMATIONEX;
+pub const TS_PROCESS_INFO_MAGIC_NT4: u32 = 0x23495452;
+STRUCT!{struct TS_PROCESS_INFORMATION_NT4 {
+    MagicNumber: ULONG,
+    LogonId: ULONG,
+    ProcessSid: PVOID,
+    Pad: ULONG,
+}}
+pub type PTS_PROCESS_INFORMATION_NT4 = *mut TS_PROCESS_INFORMATION_NT4;
+pub const SIZEOF_TS4_SYSTEM_THREAD_INFORMATION: u32 = 64;
+pub const SIZEOF_TS4_SYSTEM_PROCESS_INFORMATION: u32 = 136;
+STRUCT!{struct TS_SYS_PROCESS_INFORMATION {
+    NextEntryOffset: ULONG,
+    NumberOfThreads: ULONG,
+    SpareLi1: LARGE_INTEGER,
+    SpareLi2: LARGE_INTEGER,
+    SpareLi3: LARGE_INTEGER,
+    CreateTime: LARGE_INTEGER,
+    UserTime: LARGE_INTEGER,
+    KernelTime: LARGE_INTEGER,
+    ImageName: UNICODE_STRING,
+    BasePriority: LONG,
+    UniqueProcessId: ULONG,
+    InheritedFromUniqueProcessId: ULONG,
+    HandleCount: ULONG,
+    SessionId: ULONG,
+    SpareUl3: ULONG,
+    PeakVirtualSize: SIZE_T,
+    VirtualSize: SIZE_T,
+    PageFaultCount: ULONG,
+    PeakWorkingSetSize: ULONG,
+    WorkingSetSize: ULONG,
+    QuotaPeakPagedPoolUsage: SIZE_T,
+    QuotaPagedPoolUsage: SIZE_T,
+    QuotaPeakNonPagedPoolUsage: SIZE_T,
+    QuotaNonPagedPoolUsage: SIZE_T,
+    PagefileUsage: SIZE_T,
+    PeakPagefileUsage: SIZE_T,
+    PrivatePageCount: SIZE_T,
+}}
+pub type PTS_SYS_PROCESS_INFORMATION = *mut TS_SYS_PROCESS_INFORMATION;
+STRUCT!{struct TS_ALL_PROCESSES_INFO {
+    pTsProcessInfo: PTS_SYS_PROCESS_INFORMATION,
+    SizeOfSid: ULONG,
+    pSid: PSID,
+}}
+pub type PTS_ALL_PROCESSES_INFO = *mut TS_ALL_PROCESSES_INFO;
+STRUCT!{struct TS_COUNTER_HEADER {
+    dwCounterID: DWORD,
+    bResult: BOOLEAN,
+}}
+pub type PTS_COUNTER_HEADER = *mut TS_COUNTER_HEADER;
+STRUCT!{struct TS_COUNTER {
+    CounterHead: TS_COUNTER_HEADER,
+    dwValue: DWORD,
+    StartTime: LARGE_INTEGER,
+}}
+pub type PTS_COUNTER = *mut TS_COUNTER;
+pub const WSD_LOGOFF: ULONG = 0x1;
+pub const WSD_SHUTDOWN: ULONG = 0x2;
+pub const WSD_REBOOT: ULONG = 0x4;
+pub const WSD_POWEROFF: ULONG = 0x8;
+pub const WEVENT_NONE: ULONG = 0x0;
+pub const WEVENT_CREATE: ULONG = 0x1;
+pub const WEVENT_DELETE: ULONG = 0x2;
+pub const WEVENT_RENAME: ULONG = 0x4;
+pub const WEVENT_CONNECT: ULONG = 0x8;
+pub const WEVENT_DISCONNECT: ULONG = 0x10;
+pub const WEVENT_LOGON: ULONG = 0x20;
+pub const WEVENT_LOGOFF: ULONG = 0x40;
+pub const WEVENT_STATECHANGE: ULONG = 0x80;
+pub const WEVENT_LICENSE: ULONG = 0x100;
+pub const WEVENT_ALL: ULONG = 0x7fffffff;
+pub const WEVENT_FLUSH: ULONG = 0x80000000;
+pub const KBDSHIFT: USHORT = 0x1;
+pub const KBDCTRL: USHORT = 0x2;
+pub const KBDALT: USHORT = 0x4;
+pub const WNOTIFY_ALL_SESSIONS: ULONG = 0x1;
+pub const LOGONID_CURRENT: i32 = -1;
+pub const SERVERNAME_CURRENT: PWSTR = null_mut();
+EXTERN!{extern "system" {
+    fn WinStationFreeMemory(
+        Buffer: PVOID,
+    ) -> BOOLEAN;
+    fn WinStationOpenServerW(
+        ServerName: PWSTR,
+    ) -> HANDLE;
+    fn WinStationCloseServer(
+        ServerHandle: HANDLE,
+    ) -> BOOLEAN;
+    fn WinStationServerPing(
+        ServerHandle: HANDLE,
+    ) -> BOOLEAN;
+    fn WinStationGetTermSrvCountersValue(
+        ServerHandle: HANDLE,
+        Count: ULONG,
+        Counters: PTS_COUNTER,
+    ) -> BOOLEAN;
+    fn WinStationShutdownSystem(
+        ServerHandle: HANDLE,
+        ShutdownFlags: ULONG,
+    ) -> BOOLEAN;
+    fn WinStationWaitSystemEvent(
+        ServerHandle: HANDLE,
+        EventMask: ULONG,
+        EventFlags: PULONG,
+    ) -> BOOLEAN;
+    fn WinStationRegisterConsoleNotification(
+        ServerHandle: HANDLE,
+        WindowHandle: HWND,
+        Flags: ULONG,
+    ) -> BOOLEAN;
+    fn WinStationUnRegisterConsoleNotification(
+        ServerHandle: HANDLE,
+        WindowHandle: HWND,
+    ) -> BOOLEAN;
+    fn WinStationEnumerateW(
+        ServerHandle: HANDLE,
+        SessionIds: *mut PSESSIONIDW,
+        Count: PULONG,
+    ) -> BOOLEAN;
+    fn WinStationQueryInformationW(
+        ServerHandle: HANDLE,
+        SessionId: ULONG,
+        WinStationInformationClass: WINSTATIONINFOCLASS,
+        pWinStationInformation: PVOID,
+        WinStationInformationLength: ULONG,
+        pReturnLength: PULONG,
+    ) -> BOOLEAN;
+    fn WinStationSetInformationW(
+        ServerHandle: HANDLE,
+        SessionId: ULONG,
+        WinStationInformationClass: WINSTATIONINFOCLASS,
+        pWinStationInformation: PVOID,
+        WinStationInformationLength: ULONG,
+    ) -> BOOLEAN;
+    fn WinStationNameFromLogonIdW(
+        ServerHandle: HANDLE,
+        SessionId: ULONG,
+        pWinStationName: PWSTR,
+    ) -> BOOLEAN;
+    fn WinStationSendMessageW(
+        ServerHandle: HANDLE,
+        SessionId: ULONG,
+        Title: PWSTR,
+        TitleLength: ULONG,
+        Message: PWSTR,
+        MessageLength: ULONG,
+        Style: ULONG,
+        Timeout: ULONG,
+        Response: PULONG,
+        DoNotWait: BOOLEAN,
+    ) -> BOOLEAN;
+    fn WinStationConnectW(
+        ServerHandle: HANDLE,
+        SessionId: ULONG,
+        TargetSessionId: ULONG,
+        pPassword: PWSTR,
+        bWait: BOOLEAN,
+    ) -> BOOLEAN;
+    fn WinStationDisconnect(
+        ServerHandle: HANDLE,
+        SessionId: ULONG,
+        bWait: BOOLEAN,
+    ) -> BOOLEAN;
+    fn WinStationReset(
+        ServerHandle: HANDLE,
+        SessionId: ULONG,
+        bWait: BOOLEAN,
+    ) -> BOOLEAN;
+    fn WinStationShadow(
+        ServerHandle: HANDLE,
+        TargetServerName: PWSTR,
+        TargetSessionId: ULONG,
+        HotKeyVk: UCHAR,
+        HotkeyModifiers: USHORT,
+    ) -> BOOLEAN;
+    fn WinStationShadowStop(
+        ServerHandle: HANDLE,
+        SessionId: ULONG,
+        bWait: BOOLEAN,
+    ) -> BOOLEAN;
+    fn WinStationEnumerateProcesses(
+        ServerHandle: HANDLE,
+        Processes: *mut PVOID,
+    ) -> BOOLEAN;
+    fn WinStationGetAllProcesses(
+        ServerHandle: HANDLE,
+        Level: ULONG,
+        NumberOfProcesses: PULONG,
+        Processes: *mut PTS_ALL_PROCESSES_INFO,
+    ) -> BOOLEAN;
+    fn WinStationFreeGAPMemory(
+        Level: ULONG,
+        Processes: PTS_ALL_PROCESSES_INFO,
+        NumberOfProcesses: ULONG,
+    ) -> BOOLEAN;
+    fn WinStationTerminateProcess(
+        ServerHandle: HANDLE,
+        ProcessId: ULONG,
+        ExitCode: ULONG,
+    ) -> BOOLEAN;
+    fn WinStationGetProcessSid(
+        ServerHandle: HANDLE,
+        ProcessId: ULONG,
+        ProcessStartTime: FILETIME,
+        pProcessUserSid: PVOID,
+        dwSidSize: PULONG,
+    ) -> BOOLEAN;
+    fn WinStationSwitchToServicesSession() -> BOOLEAN;
+    fn WinStationRevertFromServicesSession() -> BOOLEAN;
+    fn _WinStationWaitForConnect() -> BOOLEAN;
+}}