robert/another-boids-in-rust
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Vendor dependencies for 0.3.0 release

Browse Source
This commit is contained in:
Robert Garrett
2025-09-27 10:29:08 -05:00
parent 0c8d39d483
commit 82ab7f317b
26803 changed files with 16134934 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
vendor/ntapi/src/lib.rs vendored Normal file
View File

@@ -0,0 +1,51 @@
//! # Features
//! **`func-types`** -- Generate [types][fn_ptr] for external functions.<br/>
//! **`impl-default`** -- Implement [`Default`] for structs and unions.<br/>
//! **`user`** *(default)* -- Link to `ntdll`.<br/>
//! **`kernel`** -- Link to `ntoskrnl` on MSVC targets.<br/>
//!
//! [fn_ptr]: https://doc.rust-lang.org/reference/types.html#function-pointer-types
//! [`Default`]: https://doc.rust-lang.org/std/default/trait.Default.html#tymethod.default
#![cfg(all(windows, any(target_arch = "x86", target_arch = "x86_64", target_arch = "aarch64")))]
#![no_std]
#![deny(unused, unused_qualifications)]
#![warn(unused_attributes)]
#![allow(bad_style, deprecated, overflowing_literals, unused_macros, clippy::cast_lossless, clippy::cast_ptr_alignment, clippy::len_without_is_empty, clippy::trivially_copy_pass_by_ref, clippy::unreadable_literal)]
#[doc(hidden)]
pub extern crate core as _core;
#[macro_use]
#[doc(hidden)]
pub extern crate winapi;
#[macro_use]
mod macros;
pub mod ntapi_base;
pub mod ntdbg;
pub mod ntexapi;
pub mod ntgdi;
pub mod ntioapi;
pub mod ntkeapi;
pub mod ntldr;
pub mod ntlpcapi;
pub mod ntmisc;
pub mod ntmmapi;
pub mod ntnls;
pub mod ntobapi;
pub mod ntpebteb;
pub mod ntpfapi;
pub mod ntpnpapi;
pub mod ntpoapi;
pub mod ntpsapi;
pub mod ntregapi;
pub mod ntrtl;
pub mod ntsam;
pub mod ntseapi;
pub mod ntsmss;
pub mod nttmapi;
pub mod nttp;
pub mod ntwow64;
pub mod ntxcapi;
pub mod ntzwapi;
pub mod string;
pub mod subprocesstag;
pub mod winapi_local;
pub mod winsta;

102
vendor/ntapi/src/macros.rs vendored Normal file
View File

@@ -0,0 +1,102 @@
#[macro_export]
macro_rules! EXTERN {
(extern $c:tt {$(
fn $n:ident ($( $p:tt $(: $t:ty)?),* $(,)?) $(-> $r:ty)?;
)+}) => {
#[cfg_attr(all(target_env = "msvc", feature = "user"), link(name = "ntdll"))]
#[cfg_attr(all(target_env = "msvc", feature = "kernel"), link(name = "ntoskrnl"))]
extern $c {$(
pub fn $n(
$($p $(: $t)?),*
) $(-> $r)?;
)+}
$(
#[cfg(feature = "func-types")]
pub type $n = unsafe extern $c fn($($p $(: $t)?),*) $(-> $r)?;
)+
};
(extern $c:tt {$(
static mut $n:ident : $t:ty;
)+}) => {
#[cfg_attr(all(target_env = "msvc", feature = "user"), link(name = "ntdll"))]
extern $c {$(
pub static mut $n: $t;
)+}
};
}
#[macro_export]
#[doc(hidden)]
macro_rules! FIELD_OFFSET {
($_type:ty, $field:ident$(.$cfields:ident)*) => {{
let obj = core::mem::MaybeUninit::<$_type>::uninit();
let base = obj.as_ptr();
unsafe { core::ptr::addr_of!((*base).$field$(.$cfields)*) as usize - base as usize }
}};
}
macro_rules! BITFIELD {
($base:ident $field:ident: $fieldtype:ty [
$($thing:ident $set_thing:ident[$r:expr],)+
]) => {
impl $base {$(
#[inline]
pub const fn $thing(&self) -> $fieldtype {
const SIZE: usize = $crate::_core::mem::size_of::<$fieldtype>() * 8;
self.$field << (SIZE - $r.end) >> (SIZE - $r.end + $r.start)
}
#[inline]
pub fn $set_thing(&mut self, val: $fieldtype) {
const MASK: $fieldtype = ((1 << ($r.end - $r.start)) - 1) << $r.start;
self.$field &= !MASK;
self.$field |= (val << $r.start) & MASK;
}
)+}
};
(unsafe $base:ident $field:ident: $fieldtype:ty [
$($thing:ident $set_thing:ident[$r:expr],)+
]) => {
impl $base {$(
#[inline]
pub unsafe fn $thing(&self) -> $fieldtype {
const SIZE: usize = $crate::_core::mem::size_of::<$fieldtype>() * 8;
self.$field << (SIZE - $r.end) >> (SIZE - $r.end + $r.start)
}
#[inline]
pub unsafe fn $set_thing(&mut self, val: $fieldtype) {
const MASK: $fieldtype = ((1 << ($r.end - $r.start)) - 1) << $r.start;
self.$field &= !MASK;
self.$field |= (val << $r.start) & MASK;
}
)+}
};
}
macro_rules! UNION {
($(#[$attrs:meta])* union $name:ident {
$($variant:ident: $ftype:ty,)+
}) => (
#[repr(C)] $(#[$attrs])*
pub union $name {
$(pub $variant: $ftype,)+
}
impl Copy for $name {}
impl Clone for $name {
#[inline]
fn clone(&self) -> $name { *self }
}
#[cfg(feature = "impl-default")]
impl Default for $name {
#[inline]
fn default() -> $name { unsafe { $crate::_core::mem::zeroed() } }
}
);
}
macro_rules! FN {
(stdcall $func:ident($($p:ident: $t:ty,)*) -> $ret:ty) => (
pub type $func = Option<unsafe extern "system" fn($($p: $t,)*) -> $ret>;
);
(cdecl $func:ident($($p:ident: $t:ty,)*) -> $ret:ty) => (
pub type $func = Option<unsafe extern "C" fn($($p: $t,)*) -> $ret>;
);
}
macro_rules! IFDEF {
($($thing:item)*) => ($($thing)*)
}

40
vendor/ntapi/src/ntapi_base.rs vendored Normal file
View File

@@ -0,0 +1,40 @@
use winapi::shared::ntdef::{HANDLE, LONG, NTSTATUS, ULONG, ULONGLONG, USHORT};
use winapi::shared::ntstatus::FACILITY_NTWIN32;
pub type KPRIORITY = LONG;
pub type RTL_ATOM = USHORT;
pub type PRTL_ATOM = *mut RTL_ATOM;
pub const NT_FACILITY_MASK: ULONG = 0xfff;
pub const NT_FACILITY_SHIFT: ULONG = 16;
#[inline]
pub const fn NT_FACILITY(Status: NTSTATUS) -> ULONG {
(Status as u32) >> NT_FACILITY_SHIFT & NT_FACILITY_MASK
}
#[inline]
pub const fn NT_NTWIN32(Status: NTSTATUS) -> bool {
NT_FACILITY(Status) == FACILITY_NTWIN32 as u32
}
#[inline]
pub const fn WIN32_FROM_NTSTATUS(Status: NTSTATUS) -> ULONG {
(Status as u32) & 0xffff
}
STRUCT!{struct CLIENT_ID {
UniqueProcess: HANDLE,
UniqueThread: HANDLE,
}}
pub type PCLIENT_ID = *mut CLIENT_ID;
STRUCT!{struct CLIENT_ID32 {
UniqueProcess: ULONG,
UniqueThread: ULONG,
}}
pub type PCLIENT_ID32 = *mut CLIENT_ID32;
STRUCT!{struct CLIENT_ID64 {
UniqueProcess: ULONGLONG,
UniqueThread: ULONGLONG,
}}
pub type PCLIENT_ID64 = *mut CLIENT_ID64;
STRUCT!{struct KSYSTEM_TIME {
LowPart: ULONG,
High1Time: LONG,
High2Time: LONG,
}}
pub type PKSYSTEM_TIME = *mut KSYSTEM_TIME;

239
vendor/ntapi/src/ntdbg.rs vendored Normal file
View File

@@ -0,0 +1,239 @@
use crate::ntapi_base::{CLIENT_ID, PCLIENT_ID};
use winapi::shared::evntprov::EVENT_FILTER_DESCRIPTOR;
use winapi::shared::guiddef::LPCGUID;
use winapi::shared::ntdef::{
BOOLEAN, HANDLE, NTSTATUS, PCCH, PCH, PCSTR, PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES,
PULONG, PVOID, UCHAR, ULONG, ULONGLONG,
};
use winapi::um::minwinbase::LPDEBUG_EVENT;
use winapi::um::winnt::{ACCESS_MASK, EXCEPTION_RECORD, STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE};
use winapi::vc::vadefs::va_list;
EXTERN!{extern "system" {
fn DbgUserBreakPoint();
fn DbgBreakPoint();
fn DbgBreakPointWithStatus(
Status: ULONG,
);
}}
pub const DBG_STATUS_CONTROL_C: u32 = 1;
pub const DBG_STATUS_SYSRQ: u32 = 2;
pub const DBG_STATUS_BUGCHECK_FIRST: u32 = 3;
pub const DBG_STATUS_BUGCHECK_SECOND: u32 = 4;
pub const DBG_STATUS_FATAL: u32 = 5;
pub const DBG_STATUS_DEBUG_CONTROL: u32 = 6;
pub const DBG_STATUS_WORKER: u32 = 7;
EXTERN!{extern "C" {
fn DbgPrint(
Format: PCSTR,
...
) -> ULONG;
fn DbgPrintEx(
ComponentId: ULONG,
Level: ULONG,
Format: PCSTR,
...
) -> ULONG;
}}
EXTERN!{extern "system" {
fn vDbgPrintEx(
ComponentId: ULONG,
Level: ULONG,
Format: PCCH,
arglist: va_list,
) -> ULONG;
fn vDbgPrintExWithPrefix(
Prefix: PCH,
ComponentId: ULONG,
Level: ULONG,
Format: PCCH,
arglist: va_list,
) -> ULONG;
fn DbgQueryDebugFilterState(
ComponentId: ULONG,
Level: ULONG,
) -> NTSTATUS;
fn DbgSetDebugFilterState(
ComponentId: ULONG,
Level: ULONG,
State: BOOLEAN,
) -> NTSTATUS;
fn DbgPrompt(
Prompt: PCCH,
Response: PCH,
Length: ULONG,
) -> ULONG;
}}
STRUCT!{struct DBGKM_EXCEPTION {
ExceptionRecord: EXCEPTION_RECORD,
FirstChance: ULONG,
}}
pub type PDBGKM_EXCEPTION = *mut DBGKM_EXCEPTION;
STRUCT!{struct DBGKM_CREATE_THREAD {
SubSystemKey: ULONG,
StartAddress: PVOID,
}}
pub type PDBGKM_CREATE_THREAD = *mut DBGKM_CREATE_THREAD;
STRUCT!{struct DBGKM_CREATE_PROCESS {
SubSystemKey: ULONG,
FileHandle: HANDLE,
BaseOfImage: PVOID,
DebugInfoFileOffset: ULONG,
DebugInfoSize: ULONG,
InitialThread: DBGKM_CREATE_THREAD,
}}
pub type PDBGKM_CREATE_PROCESS = *mut DBGKM_CREATE_PROCESS;
STRUCT!{struct DBGKM_EXIT_THREAD {
ExitStatus: NTSTATUS,
}}
pub type PDBGKM_EXIT_THREAD = *mut DBGKM_EXIT_THREAD;
STRUCT!{struct DBGKM_EXIT_PROCESS {
ExitStatus: NTSTATUS,
}}
pub type PDBGKM_EXIT_PROCESS = *mut DBGKM_EXIT_PROCESS;
STRUCT!{struct DBGKM_LOAD_DLL {
FileHandle: HANDLE,
BaseOfDll: PVOID,
DebugInfoFileOffset: ULONG,
DebugInfoSize: ULONG,
NamePointer: PVOID,
}}
pub type PDBGKM_LOAD_DLL = *mut DBGKM_LOAD_DLL;
STRUCT!{struct DBGKM_UNLOAD_DLL {
BaseAddress: PVOID,
}}
pub type PDBGKM_UNLOAD_DLL = *mut DBGKM_UNLOAD_DLL;
ENUM!{enum DBG_STATE {
DbgIdle = 0,
DbgReplyPending = 1,
DbgCreateThreadStateChange = 2,
DbgCreateProcessStateChange = 3,
DbgExitThreadStateChange = 4,
DbgExitProcessStateChange = 5,
DbgExceptionStateChange = 6,
DbgBreakpointStateChange = 7,
DbgSingleStepStateChange = 8,
DbgLoadDllStateChange = 9,
DbgUnloadDllStateChange = 10,
}}
pub type PDBG_STATE = *mut DBG_STATE;
STRUCT!{struct DBGUI_CREATE_THREAD {
HandleToThread: HANDLE,
NewThread: DBGKM_CREATE_THREAD,
}}
pub type PDBGUI_CREATE_THREAD = *mut DBGUI_CREATE_THREAD;
STRUCT!{struct DBGUI_CREATE_PROCESS {
HandleToProcess: HANDLE,
HandleToThread: HANDLE,
NewProcess: DBGKM_CREATE_PROCESS,
}}
UNION!{union DBGUI_WAIT_STATE_CHANGE_StateInfo {
Exception: DBGKM_EXCEPTION,
CreateThread: DBGUI_CREATE_THREAD,
CreateProcessInfo: DBGUI_CREATE_PROCESS,
ExitThread: DBGKM_EXIT_THREAD,
ExitProcess: DBGKM_EXIT_PROCESS,
LoadDll: DBGKM_LOAD_DLL,
UnloadDll: DBGKM_UNLOAD_DLL,
}}
pub type PDBGUI_CREATE_PROCESS = *mut DBGUI_CREATE_PROCESS;
STRUCT!{struct DBGUI_WAIT_STATE_CHANGE {
NewState: DBG_STATE,
AppClientId: CLIENT_ID,
StateInfo: DBGUI_WAIT_STATE_CHANGE_StateInfo,
}}
pub type PDBGUI_WAIT_STATE_CHANGE = *mut DBGUI_WAIT_STATE_CHANGE;
pub const DEBUG_READ_EVENT: ULONG = 0x0001;
pub const DEBUG_PROCESS_ASSIGN: ULONG = 0x0002;
pub const DEBUG_SET_INFORMATION: ULONG = 0x0004;
pub const DEBUG_QUERY_INFORMATION: ULONG = 0x0008;
pub const DEBUG_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | DEBUG_READ_EVENT
| DEBUG_PROCESS_ASSIGN | DEBUG_SET_INFORMATION | DEBUG_QUERY_INFORMATION;
pub const DEBUG_KILL_ON_CLOSE: u32 = 0x1;
ENUM!{enum DEBUGOBJECTINFOCLASS {
DebugObjectUnusedInformation = 0,
DebugObjectKillProcessOnExitInformation = 1,
MaxDebugObjectInfoClass = 2,
}}
pub type PDEBUGOBJECTINFOCLASS = *mut DEBUGOBJECTINFOCLASS;
EXTERN!{extern "system" {
fn NtCreateDebugObject(
DebugObjectHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
Flags: ULONG,
) -> NTSTATUS;
fn NtDebugActiveProcess(
ProcessHandle: HANDLE,
DebugObjectHandle: HANDLE,
) -> NTSTATUS;
fn NtDebugContinue(
DebugObjectHandle: HANDLE,
ClientId: PCLIENT_ID,
ContinueStatus: NTSTATUS,
) -> NTSTATUS;
fn NtRemoveProcessDebug(
ProcessHandle: HANDLE,
DebugObjectHandle: HANDLE,
) -> NTSTATUS;
fn NtSetInformationDebugObject(
DebugObjectHandle: HANDLE,
DebugObjectInformationClass: DEBUGOBJECTINFOCLASS,
DebugInformation: PVOID,
DebugInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn NtWaitForDebugEvent(
DebugObjectHandle: HANDLE,
Alertable: BOOLEAN,
Timeout: PLARGE_INTEGER,
WaitStateChange: PVOID,
) -> NTSTATUS;
fn DbgUiConnectToDbg() -> NTSTATUS;
fn DbgUiGetThreadDebugObject() -> HANDLE;
fn DbgUiSetThreadDebugObject(
DebugObject: HANDLE,
);
fn DbgUiWaitStateChange(
StateChange: PDBGUI_WAIT_STATE_CHANGE,
Timeout: PLARGE_INTEGER,
) -> NTSTATUS;
fn DbgUiContinue(
AppClientId: PCLIENT_ID,
ContinueStatus: NTSTATUS,
) -> NTSTATUS;
fn DbgUiStopDebugging(
Process: HANDLE,
) -> NTSTATUS;
fn DbgUiDebugActiveProcess(
Process: HANDLE,
) -> NTSTATUS;
fn DbgUiRemoteBreakin(
Context: PVOID,
);
fn DbgUiIssueRemoteBreakin(
Process: HANDLE,
) -> NTSTATUS;
fn DbgUiConvertStateChangeStructure(
StateChange: PDBGUI_WAIT_STATE_CHANGE,
DebugEvent: LPDEBUG_EVENT,
) -> NTSTATUS;
}}
FN!{stdcall PENABLECALLBACK(
SourceId: LPCGUID,
IsEnabled: ULONG,
Level: UCHAR,
MatchAnyKeyword: ULONGLONG,
MatchAllKeyword: ULONGLONG,
FilterData: *mut EVENT_FILTER_DESCRIPTOR,
CallbackContext: PVOID,
) -> ()}
pub type REGHANDLE = ULONGLONG;
pub type PREGHANDLE = *mut ULONGLONG;
EXTERN!{extern "system" {
fn EtwEventRegister(
ProviderId: LPCGUID,
EnableCallback: PENABLECALLBACK,
CallbackContext: PVOID,
RegHandle: PREGHANDLE,
) -> NTSTATUS;
}}

3000
vendor/ntapi/src/ntexapi.rs vendored Normal file
View File

File diff suppressed because it is too large Load Diff

123
vendor/ntapi/src/ntgdi.rs vendored Normal file
View File

@@ -0,0 +1,123 @@
use winapi::shared::ntdef::{PVOID, UCHAR, ULONG, USHORT};
pub const GDI_MAX_HANDLE_COUNT: usize = 0x4000;
pub const GDI_HANDLE_INDEX_SHIFT: ULONG = 0;
pub const GDI_HANDLE_INDEX_BITS: ULONG = 16;
pub const GDI_HANDLE_INDEX_MASK: ULONG = 0xffff;
pub const GDI_HANDLE_TYPE_SHIFT: ULONG = 16;
pub const GDI_HANDLE_TYPE_BITS: ULONG = 5;
pub const GDI_HANDLE_TYPE_MASK: ULONG = 0x1f;
pub const GDI_HANDLE_ALTTYPE_SHIFT: ULONG = 21;
pub const GDI_HANDLE_ALTTYPE_BITS: ULONG = 2;
pub const GDI_HANDLE_ALTTYPE_MASK: ULONG = 0x3;
pub const GDI_HANDLE_STOCK_SHIFT: ULONG = 23;
pub const GDI_HANDLE_STOCK_BITS: ULONG = 1;
pub const GDI_HANDLE_STOCK_MASK: ULONG = 0x1;
pub const GDI_HANDLE_UNIQUE_SHIFT: ULONG = 24;
pub const GDI_HANDLE_UNIQUE_BITS: ULONG = 8;
pub const GDI_HANDLE_UNIQUE_MASK: ULONG = 0xff;
#[inline]
pub const fn GDI_HANDLE_INDEX(Handle: ULONG) -> ULONG {
Handle & GDI_HANDLE_INDEX_MASK
}
#[inline]
pub const fn GDI_HANDLE_TYPE(Handle: ULONG) -> ULONG {
Handle >> GDI_HANDLE_TYPE_SHIFT & GDI_HANDLE_TYPE_MASK
}
#[inline]
pub const fn GDI_HANDLE_ALTTYPE(Handle: ULONG) -> ULONG {
Handle >> GDI_HANDLE_ALTTYPE_SHIFT & GDI_HANDLE_ALTTYPE_MASK
}
#[inline]
pub const fn GDI_HANDLE_STOCK(Handle: ULONG) -> ULONG {
Handle >> GDI_HANDLE_STOCK_SHIFT & GDI_HANDLE_STOCK_MASK
}
#[inline]
pub const fn GDI_MAKE_HANDLE(Index: ULONG, Unique: ULONG) -> ULONG {
Unique << GDI_HANDLE_INDEX_BITS | Index
}
pub const GDI_DEF_TYPE: ULONG = 0;
pub const GDI_DC_TYPE: ULONG = 1;
pub const GDI_DD_DIRECTDRAW_TYPE: ULONG = 2;
pub const GDI_DD_SURFACE_TYPE: ULONG = 3;
pub const GDI_RGN_TYPE: ULONG = 4;
pub const GDI_SURF_TYPE: ULONG = 5;
pub const GDI_CLIENTOBJ_TYPE: ULONG = 6;
pub const GDI_PATH_TYPE: ULONG = 7;
pub const GDI_PAL_TYPE: ULONG = 8;
pub const GDI_ICMLCS_TYPE: ULONG = 9;
pub const GDI_LFONT_TYPE: ULONG = 10;
pub const GDI_RFONT_TYPE: ULONG = 11;
pub const GDI_PFE_TYPE: ULONG = 12;
pub const GDI_PFT_TYPE: ULONG = 13;
pub const GDI_ICMCXF_TYPE: ULONG = 14;
pub const GDI_ICMDLL_TYPE: ULONG = 15;
pub const GDI_BRUSH_TYPE: ULONG = 16;
pub const GDI_PFF_TYPE: ULONG = 17;
pub const GDI_CACHE_TYPE: ULONG = 18;
pub const GDI_SPACE_TYPE: ULONG = 19;
pub const GDI_DBRUSH_TYPE: ULONG = 20;
pub const GDI_META_TYPE: ULONG = 21;
pub const GDI_EFSTATE_TYPE: ULONG = 22;
pub const GDI_BMFD_TYPE: ULONG = 23;
pub const GDI_VTFD_TYPE: ULONG = 24;
pub const GDI_TTFD_TYPE: ULONG = 25;
pub const GDI_RC_TYPE: ULONG = 26;
pub const GDI_TEMP_TYPE: ULONG = 27;
pub const GDI_DRVOBJ_TYPE: ULONG = 28;
pub const GDI_DCIOBJ_TYPE: ULONG = 29;
pub const GDI_SPOOL_TYPE: ULONG = 30;
#[inline]
pub const fn GDI_CLIENT_TYPE_FROM_HANDLE(Handle: ULONG) -> ULONG {
Handle & (GDI_HANDLE_ALTTYPE_MASK << GDI_HANDLE_ALTTYPE_SHIFT | GDI_HANDLE_TYPE_MASK
<< GDI_HANDLE_TYPE_SHIFT)
}
#[inline]
pub const fn GDI_CLIENT_TYPE_FROM_UNIQUE(Unique: ULONG) -> ULONG {
GDI_CLIENT_TYPE_FROM_HANDLE(Unique << 16)
}
pub const GDI_ALTTYPE_1: ULONG = 1 << GDI_HANDLE_ALTTYPE_SHIFT;
pub const GDI_ALTTYPE_2: ULONG = 2 << GDI_HANDLE_ALTTYPE_SHIFT;
pub const GDI_ALTTYPE_3: ULONG = 3 << GDI_HANDLE_ALTTYPE_SHIFT;
pub const GDI_CLIENT_BITMAP_TYPE: ULONG = GDI_SURF_TYPE << GDI_HANDLE_TYPE_SHIFT;
pub const GDI_CLIENT_BRUSH_TYPE: ULONG = GDI_BRUSH_TYPE << GDI_HANDLE_TYPE_SHIFT;
pub const GDI_CLIENT_CLIENTOBJ_TYPE: ULONG = GDI_CLIENTOBJ_TYPE << GDI_HANDLE_TYPE_SHIFT;
pub const GDI_CLIENT_DC_TYPE: ULONG = GDI_DC_TYPE << GDI_HANDLE_TYPE_SHIFT;
pub const GDI_CLIENT_FONT_TYPE: ULONG = GDI_LFONT_TYPE << GDI_HANDLE_TYPE_SHIFT;
pub const GDI_CLIENT_PALETTE_TYPE: ULONG = GDI_PAL_TYPE << GDI_HANDLE_TYPE_SHIFT;
pub const GDI_CLIENT_REGION_TYPE: ULONG = GDI_RGN_TYPE << GDI_HANDLE_TYPE_SHIFT;
pub const GDI_CLIENT_ALTDC_TYPE: ULONG = GDI_CLIENT_DC_TYPE | GDI_ALTTYPE_1;
pub const GDI_CLIENT_DIBSECTION_TYPE: ULONG = GDI_CLIENT_BITMAP_TYPE | GDI_ALTTYPE_1;
pub const GDI_CLIENT_EXTPEN_TYPE: ULONG = GDI_CLIENT_BRUSH_TYPE | GDI_ALTTYPE_2;
pub const GDI_CLIENT_METADC16_TYPE: ULONG = GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_3;
pub const GDI_CLIENT_METAFILE_TYPE: ULONG = GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_2;
pub const GDI_CLIENT_METAFILE16_TYPE: ULONG = GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_1;
pub const GDI_CLIENT_PEN_TYPE: ULONG = GDI_CLIENT_BRUSH_TYPE | GDI_ALTTYPE_1;
UNION!{union GDI_HANDLE_ENTRY_u {
Object: PVOID,
NextFree: PVOID,
}}
STRUCT!{struct GDI_HANDLE_ENTRY_Owner_s {
ProcessId: USHORT,
Bitfields: USHORT,
}}
BITFIELD!{GDI_HANDLE_ENTRY_Owner_s Bitfields: USHORT [
Lock set_Lock[0..1],
Count set_Count[1..16],
]}
UNION!{union GDI_HANDLE_ENTRY_Owner {
s: GDI_HANDLE_ENTRY_Owner_s,
Value: ULONG,
}}
STRUCT!{struct GDI_HANDLE_ENTRY {
u: GDI_HANDLE_ENTRY_u,
Owner: GDI_HANDLE_ENTRY_Owner,
Unique: USHORT,
Type: UCHAR,
Flags: UCHAR,
UserPointer: PVOID,
}}
pub type PGDI_HANDLE_ENTRY = *mut GDI_HANDLE_ENTRY;
STRUCT!{struct GDI_SHARED_MEMORY {
Handles: [GDI_HANDLE_ENTRY; GDI_MAX_HANDLE_COUNT],
}}
pub type PGDI_SHARED_MEMORY = *mut GDI_SHARED_MEMORY;

1464
vendor/ntapi/src/ntioapi.rs vendored Normal file
View File

File diff suppressed because it is too large Load Diff

121
vendor/ntapi/src/ntkeapi.rs vendored Normal file
View File

@@ -0,0 +1,121 @@
use winapi::shared::ntdef::{BOOLEAN, NTSTATUS, PVOID, ULONG};
pub const LOW_PRIORITY: u32 = 0;
pub const LOW_REALTIME_PRIORITY: u32 = 16;
pub const HIGH_PRIORITY: u32 = 31;
pub const MAXIMUM_PRIORITY: u32 = 32;
ENUM!{enum KTHREAD_STATE {
Initialized = 0,
Ready = 1,
Running = 2,
Standby = 3,
Terminated = 4,
Waiting = 5,
Transition = 6,
DeferredReady = 7,
GateWaitObsolete = 8,
WaitingForProcessInSwap = 9,
MaximumThreadState = 10,
}}
pub type PKTHREAD_STATE = *mut KTHREAD_STATE;
ENUM!{enum KHETERO_CPU_POLICY {
KHeteroCpuPolicyAll = 0,
KHeteroCpuPolicyLarge = 1,
KHeteroCpuPolicyLargeOrIdle = 2,
KHeteroCpuPolicySmall = 3,
KHeteroCpuPolicySmallOrIdle = 4,
KHeteroCpuPolicyDynamic = 5,
KHeteroCpuPolicyStaticMax = 6,
KHeteroCpuPolicyBiasedSmall = 7,
KHeteroCpuPolicyBiasedLarge = 8,
KHeteroCpuPolicyDefault = 9,
KHeteroCpuPolicyMax = 10,
}}
pub type PKHETERO_CPU_POLICY = *mut KHETERO_CPU_POLICY;
ENUM!{enum KWAIT_REASON {
Executive = 0,
FreePage = 1,
PageIn = 2,
PoolAllocation = 3,
DelayExecution = 4,
Suspended = 5,
UserRequest = 6,
WrExecutive = 7,
WrFreePage = 8,
WrPageIn = 9,
WrPoolAllocation = 10,
WrDelayExecution = 11,
WrSuspended = 12,
WrUserRequest = 13,
WrEventPair = 14,
WrQueue = 15,
WrLpcReceive = 16,
WrLpcReply = 17,
WrVirtualMemory = 18,
WrPageOut = 19,
WrRendezvous = 20,
WrKeyedEvent = 21,
WrTerminated = 22,
WrProcessInSwap = 23,
WrCpuRateControl = 24,
WrCalloutStack = 25,
WrKernel = 26,
WrResource = 27,
WrPushLock = 28,
WrMutex = 29,
WrQuantumEnd = 30,
WrDispatchInt = 31,
WrPreempted = 32,
WrYieldExecution = 33,
WrFastMutex = 34,
WrGuardedMutex = 35,
WrRundown = 36,
WrAlertByThreadId = 37,
WrDeferredPreempt = 38,
MaximumWaitReason = 39,
}}
pub type PKWAIT_REASON = *mut KWAIT_REASON;
ENUM!{enum KPROFILE_SOURCE {
ProfileTime = 0,
ProfileAlignmentFixup = 1,
ProfileTotalIssues = 2,
ProfilePipelineDry = 3,
ProfileLoadInstructions = 4,
ProfilePipelineFrozen = 5,
ProfileBranchInstructions = 6,
ProfileTotalNonissues = 7,
ProfileDcacheMisses = 8,
ProfileIcacheMisses = 9,
ProfileCacheMisses = 10,
ProfileBranchMispredictions = 11,
ProfileStoreInstructions = 12,
ProfileFpInstructions = 13,
ProfileIntegerInstructions = 14,
Profile2Issue = 15,
Profile3Issue = 16,
Profile4Issue = 17,
ProfileSpecialInstructions = 18,
ProfileTotalCycles = 19,
ProfileIcacheIssues = 20,
ProfileDcacheAccesses = 21,
ProfileMemoryBarrierCycles = 22,
ProfileLoadLinkedIssues = 23,
ProfileMaximum = 24,
}}
EXTERN!{extern "system" {
fn NtCallbackReturn(
OutputBuffer: PVOID,
OutputLength: ULONG,
Status: NTSTATUS,
) -> NTSTATUS;
fn NtFlushProcessWriteBuffers();
fn NtQueryDebugFilterState(
ComponentId: ULONG,
Level: ULONG,
) -> NTSTATUS;
fn NtSetDebugFilterState(
ComponentId: ULONG,
Level: ULONG,
State: BOOLEAN,
) -> NTSTATUS;
fn NtYieldExecution() -> NTSTATUS;
}}

661
vendor/ntapi/src/ntldr.rs vendored Normal file
View File

@@ -0,0 +1,661 @@
use winapi::shared::basetsd::{LONG_PTR, PSIZE_T, SIZE_T, ULONG_PTR};
use winapi::shared::ntdef::{
BOOLEAN, HANDLE, LARGE_INTEGER, LIST_ENTRY, LONG, LONGLONG, NTSTATUS, PANSI_STRING, PCSTR,
PCUNICODE_STRING, PCWSTR, PHANDLE, POBJECT_ATTRIBUTES, PSINGLE_LIST_ENTRY, PSTR, PULONG,
PUNICODE_STRING, PUSHORT, PVOID, PWSTR, RTL_BALANCED_NODE, SINGLE_LIST_ENTRY, UCHAR, ULONG,
UNICODE_STRING, USHORT,
};
use winapi::um::winnt::{
ACCESS_MASK, ACTIVATION_CONTEXT, IMAGE_RESOURCE_DIRECTORY_ENTRY, PCIMAGE_DELAYLOAD_DESCRIPTOR,
PIMAGE_BASE_RELOCATION, PIMAGE_IMPORT_DESCRIPTOR, PIMAGE_RESOURCE_DATA_ENTRY,
PIMAGE_RESOURCE_DIRECTORY, PIMAGE_RESOURCE_DIRECTORY_STRING, PIMAGE_THUNK_DATA,
};
FN!{stdcall PLDR_INIT_ROUTINE(
DllHandle: PVOID,
Reason: ULONG,
Context: PVOID,
) -> BOOLEAN}
STRUCT!{struct LDR_SERVICE_TAG_RECORD {
Next: *mut LDR_SERVICE_TAG_RECORD,
ServiceTag: ULONG,
}}
pub type PLDR_SERVICE_TAG_RECORD = *mut LDR_SERVICE_TAG_RECORD;
STRUCT!{struct LDRP_CSLIST {
Tail: PSINGLE_LIST_ENTRY,
}}
pub type PLDRP_CSLIST = *mut LDRP_CSLIST;
ENUM!{enum LDR_DDAG_STATE {
LdrModulesMerged = -5i32 as u32,
LdrModulesInitError = -4i32 as u32,
LdrModulesSnapError = -3i32 as u32,
LdrModulesUnloaded = -2i32 as u32,
LdrModulesUnloading = -1i32 as u32,
LdrModulesPlaceHolder = 0,
LdrModulesMapping = 1,
LdrModulesMapped = 2,
LdrModulesWaitingForDependencies = 3,
LdrModulesSnapping = 4,
LdrModulesSnapped = 5,
LdrModulesCondensed = 6,
LdrModulesReadyToInit = 7,
LdrModulesInitializing = 8,
LdrModulesReadyToRun = 9,
}}
UNION!{union LDR_DDAG_NODE_u {
Dependencies: LDRP_CSLIST,
RemovalLink: SINGLE_LIST_ENTRY,
}}
STRUCT!{struct LDR_DDAG_NODE {
Modules: LIST_ENTRY,
ServiceTagList: PLDR_SERVICE_TAG_RECORD,
LoadCount: ULONG,
LoadWhileUnloadingCount: ULONG,
LowestLink: ULONG,
u: LDR_DDAG_NODE_u,
IncomingDependencies: LDRP_CSLIST,
State: LDR_DDAG_STATE,
CondenseLink: SINGLE_LIST_ENTRY,
PreorderNumber: ULONG,
}}
pub type PLDR_DDAG_NODE = *mut LDR_DDAG_NODE;
STRUCT!{struct LDR_DEPENDENCY_RECORD {
DependencyLink: SINGLE_LIST_ENTRY,
DependencyNode: PLDR_DDAG_NODE,
IncomingDependencyLink: SINGLE_LIST_ENTRY,
IncomingDependencyNode: PLDR_DDAG_NODE,
}}
pub type PLDR_DEPENDENCY_RECORD = *mut LDR_DEPENDENCY_RECORD;
ENUM!{enum LDR_DLL_LOAD_REASON {
LoadReasonStaticDependency = 0,
LoadReasonStaticForwarderDependency = 1,
LoadReasonDynamicForwarderDependency = 2,
LoadReasonDelayloadDependency = 3,
LoadReasonDynamicLoad = 4,
LoadReasonAsImageLoad = 5,
LoadReasonAsDataLoad = 6,
LoadReasonEnclavePrimary = 7,
LoadReasonEnclaveDependency = 8,
LoadReasonUnknown = -1i32 as u32,
}}
pub type PLDR_DLL_LOAD_REASON = *mut LDR_DLL_LOAD_REASON;
pub const LDRP_PACKAGED_BINARY: ULONG = 0x00000001;
pub const LDRP_STATIC_LINK: ULONG = 0x00000002;
pub const LDRP_IMAGE_DLL: ULONG = 0x00000004;
pub const LDRP_LOAD_IN_PROGRESS: ULONG = 0x00001000;
pub const LDRP_UNLOAD_IN_PROGRESS: ULONG = 0x00002000;
pub const LDRP_ENTRY_PROCESSED: ULONG = 0x00004000;
pub const LDRP_ENTRY_INSERTED: ULONG = 0x00008000;
pub const LDRP_CURRENT_LOAD: ULONG = 0x00010000;
pub const LDRP_FAILED_BUILTIN_LOAD: ULONG = 0x00020000;
pub const LDRP_DONT_CALL_FOR_THREADS: ULONG = 0x00040000;
pub const LDRP_PROCESS_ATTACH_CALLED: ULONG = 0x00080000;
pub const LDRP_DEBUG_SYMBOLS_LOADED: ULONG = 0x00100000;
pub const LDRP_IMAGE_NOT_AT_BASE: ULONG = 0x00200000;
pub const LDRP_COR_IMAGE: ULONG = 0x00400000;
pub const LDRP_DONT_RELOCATE: ULONG = 0x00800000;
pub const LDRP_SYSTEM_MAPPED: ULONG = 0x01000000;
pub const LDRP_IMAGE_VERIFYING: ULONG = 0x02000000;
pub const LDRP_DRIVER_DEPENDENT_DLL: ULONG = 0x04000000;
pub const LDRP_ENTRY_NATIVE: ULONG = 0x08000000;
pub const LDRP_REDIRECTED: ULONG = 0x10000000;
pub const LDRP_NON_PAGED_DEBUG_INFO: ULONG = 0x20000000;
pub const LDRP_MM_LOADED: ULONG = 0x40000000;
pub const LDRP_COMPAT_DATABASE_PROCESSED: ULONG = 0x80000000;
STRUCT!{struct LDRP_LOAD_CONTEXT {
BaseDllName: UNICODE_STRING,
somestruct: PVOID,
Flags: ULONG,
pstatus: *mut NTSTATUS,
ParentEntry: *mut LDR_DATA_TABLE_ENTRY,
Entry: *mut LDR_DATA_TABLE_ENTRY,
WorkQueueListEntry: LIST_ENTRY,
ReplacedEntry: *mut LDR_DATA_TABLE_ENTRY,
pvImports: *mut *mut LDR_DATA_TABLE_ENTRY,
ImportDllCount: ULONG,
TaskCount: LONG,
pvIAT: PVOID,
SizeOfIAT: ULONG,
CurrentDll: ULONG,
piid: PIMAGE_IMPORT_DESCRIPTOR,
OriginalIATProtect: ULONG,
GuardCFCheckFunctionPointer: PVOID,
pGuardCFCheckFunctionPointer: *mut PVOID,
}}
UNION!{union LDR_DATA_TABLE_ENTRY_u1 {
InInitializationOrderLinks: LIST_ENTRY,
InProgressLinks: LIST_ENTRY,
}}
UNION!{union LDR_DATA_TABLE_ENTRY_u2 {
FlagGroup: [UCHAR; 4],
Flags: ULONG,
}}
STRUCT!{struct LDR_DATA_TABLE_ENTRY {
InLoadOrderLinks: LIST_ENTRY,
InMemoryOrderLinks: LIST_ENTRY,
u1: LDR_DATA_TABLE_ENTRY_u1,
DllBase: PVOID,
EntryPoint: PLDR_INIT_ROUTINE,
SizeOfImage: ULONG,
FullDllName: UNICODE_STRING,
BaseDllName: UNICODE_STRING,
u2: LDR_DATA_TABLE_ENTRY_u2,
ObsoleteLoadCount: USHORT,
TlsIndex: USHORT,
HashLinks: LIST_ENTRY,
TimeDateStamp: ULONG,
EntryPointActivationContext: *mut ACTIVATION_CONTEXT,
Lock: PVOID,
DdagNode: PLDR_DDAG_NODE,
NodeModuleLink: LIST_ENTRY,
LoadContext: *mut LDRP_LOAD_CONTEXT,
ParentDllBase: PVOID,
SwitchBackContext: PVOID,
BaseAddressIndexNode: RTL_BALANCED_NODE,
MappingInfoIndexNode: RTL_BALANCED_NODE,
OriginalBase: ULONG_PTR,
LoadTime: LARGE_INTEGER,
BaseNameHashValue: ULONG,
LoadReason: LDR_DLL_LOAD_REASON,
ImplicitPathOptions: ULONG,
ReferenceCount: ULONG,
DependentLoadFlags: ULONG,
SigningLevel: UCHAR,
}}
BITFIELD!{unsafe LDR_DATA_TABLE_ENTRY_u2 Flags: ULONG [
PackagedBinary set_PackagedBinary[0..1],
MarkedForRemoval set_MarkedForRemoval[1..2],
ImageDll set_ImageDll[2..3],
LoadNotificationsSent set_LoadNotificationsSent[3..4],
TelemetryEntryProcessed set_TelemetryEntryProcessed[4..5],
ProcessStaticImport set_ProcessStaticImport[5..6],
InLegacyLists set_InLegacyLists[6..7],
InIndexes set_InIndexes[7..8],
ShimDll set_ShimDll[8..9],
InExceptionTable set_InExceptionTable[9..10],
ReservedFlags1 set_ReservedFlags1[10..12],
LoadInProgress set_LoadInProgress[12..13],
LoadConfigProcessed set_LoadConfigProcessed[13..14],
EntryProcessed set_EntryProcessed[14..15],
ProtectDelayLoad set_ProtectDelayLoad[15..16],
ReservedFlags3 set_ReservedFlags3[16..18],
DontCallForThreads set_DontCallForThreads[18..19],
ProcessAttachCalled set_ProcessAttachCalled[19..20],
ProcessAttachFailed set_ProcessAttachFailed[20..21],
CorDeferredValidate set_CorDeferredValidate[21..22],
CorImage set_CorImage[22..23],
DontRelocate set_DontRelocate[23..24],
CorILOnly set_CorILOnly[24..25],
ReservedFlags5 set_ReservedFlags5[25..28],
Redirected set_Redirected[28..29],
ReservedFlags6 set_ReservedFlags6[29..31],
CompatDatabaseProcessed set_CompatDatabaseProcessed[31..32],
]}
pub type PLDR_DATA_TABLE_ENTRY = *mut LDR_DATA_TABLE_ENTRY;
#[inline]
pub const fn LDR_IS_DATAFILE(DllHandle: ULONG_PTR) -> bool {
DllHandle & 1 != 0
}
#[inline]
pub const fn LDR_IS_IMAGEMAPPING(DllHandle: ULONG_PTR) -> bool {
DllHandle & 2 != 0
}
#[inline]
pub const fn LDR_IS_RESOURCE(DllHandle: ULONG_PTR) -> bool {
LDR_IS_IMAGEMAPPING(DllHandle) || LDR_IS_DATAFILE(DllHandle)
}
EXTERN!{extern "system" {
fn LdrLoadDll(
DllPath: PWSTR,
DllCharacteristics: PULONG,
DllName: PUNICODE_STRING,
DllHandle: *mut PVOID,
) -> NTSTATUS;
fn LdrUnloadDll(
DllHandle: PVOID,
) -> NTSTATUS;
fn LdrGetDllHandle(
DllPath: PWSTR,
DllCharacteristics: PULONG,
DllName: PUNICODE_STRING,
DllHandle: *mut PVOID,
) -> NTSTATUS;
}}
pub const LDR_GET_DLL_HANDLE_EX_UNCHANGED_REFCOUNT: ULONG = 0x00000001;
pub const LDR_GET_DLL_HANDLE_EX_PIN: ULONG = 0x00000002;
EXTERN!{extern "system" {
fn LdrGetDllHandleEx(
Flags: ULONG,
DllPath: PWSTR,
DllCharacteristics: PULONG,
DllName: PUNICODE_STRING,
DllHandle: *mut PVOID,
) -> NTSTATUS;
fn LdrGetDllHandleByMapping(
BaseAddress: PVOID,
DllHandle: *mut PVOID,
) -> NTSTATUS;
fn LdrGetDllHandleByName(
BaseDllName: PUNICODE_STRING,
FullDllName: PUNICODE_STRING,
DllHandle: *mut PVOID,
) -> NTSTATUS;
fn LdrGetDllFullName(
DllHandle: PVOID,
FullDllName: PUNICODE_STRING,
) -> NTSTATUS;
fn LdrGetDllDirectory(
DllDirectory: PUNICODE_STRING,
) -> NTSTATUS;
fn LdrSetDllDirectory(
DllDirectory: PUNICODE_STRING,
) -> NTSTATUS;
}}
pub const LDR_ADDREF_DLL_PIN: ULONG = 0x00000001;
EXTERN!{extern "system" {
fn LdrAddRefDll(
Flags: ULONG,
DllHandle: PVOID,
) -> NTSTATUS;
fn LdrGetProcedureAddress(
DllHandle: PVOID,
ProcedureName: PANSI_STRING,
ProcedureNumber: ULONG,
ProcedureAddress: *mut PVOID,
) -> NTSTATUS;
}}
pub const LDR_GET_PROCEDURE_ADDRESS_DONT_RECORD_FORWARDER: ULONG = 0x00000001;
EXTERN!{extern "system" {
fn LdrGetProcedureAddressEx(
DllHandle: PVOID,
ProcedureName: PANSI_STRING,
ProcedureNumber: ULONG,
ProcedureAddress: *mut PVOID,
Flags: ULONG,
) -> NTSTATUS;
fn LdrGetKnownDllSectionHandle(
DllName: PCWSTR,
KnownDlls32: BOOLEAN,
Section: PHANDLE,
) -> NTSTATUS;
fn LdrGetProcedureAddressForCaller(
DllHandle: PVOID,
ProcedureName: PANSI_STRING,
ProcedureNumber: ULONG,
ProcedureAddress: *mut PVOID,
Flags: ULONG,
Callback: *mut PVOID,
) -> NTSTATUS;
}}
pub const LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS: ULONG = 0x00000001;
pub const LDR_LOCK_LOADER_LOCK_FLAG_TRY_ONLY: ULONG = 0x00000002;
pub const LDR_LOCK_LOADER_LOCK_DISPOSITION_INVALID: ULONG = 0;
pub const LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_ACQUIRED: ULONG = 1;
pub const LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_NOT_ACQUIRED: ULONG = 2;
EXTERN!{extern "system" {
fn LdrLockLoaderLock(
Flags: ULONG,
Disposition: *mut ULONG,
Cookie: *mut PVOID,
) -> NTSTATUS;
}}
pub const LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS: ULONG = 0x00000001;
EXTERN!{extern "system" {
fn LdrUnlockLoaderLock(
Flags: ULONG,
Cookie: PVOID,
) -> NTSTATUS;
fn LdrRelocateImage(
NewBase: PVOID,
LoaderName: PSTR,
Success: NTSTATUS,
Conflict: NTSTATUS,
Invalid: NTSTATUS,
) -> NTSTATUS;
fn LdrRelocateImageWithBias(
NewBase: PVOID,
Bias: LONGLONG,
LoaderName: PSTR,
Success: NTSTATUS,
Conflict: NTSTATUS,
Invalid: NTSTATUS,
) -> NTSTATUS;
fn LdrProcessRelocationBlock(
VA: ULONG_PTR,
SizeOfBlock: ULONG,
NextOffset: PUSHORT,
Diff: LONG_PTR,
) -> PIMAGE_BASE_RELOCATION;
fn LdrVerifyMappedImageMatchesChecksum(
BaseAddress: PVOID,
NumberOfBytes: SIZE_T,
FileLength: ULONG,
) -> BOOLEAN;
}}
FN!{stdcall PLDR_IMPORT_MODULE_CALLBACK(
Parameter: PVOID,
ModuleName: PSTR,
) -> ()}
EXTERN!{extern "system" {
fn LdrVerifyImageMatchesChecksum(
ImageFileHandle: HANDLE,
ImportCallbackRoutine: PLDR_IMPORT_MODULE_CALLBACK,
ImportCallbackParameter: PVOID,
ImageCharacteristics: PUSHORT,
) -> NTSTATUS;
}}
STRUCT!{struct LDR_IMPORT_CALLBACK_INFO {
ImportCallbackRoutine: PLDR_IMPORT_MODULE_CALLBACK,
ImportCallbackParameter: PVOID,
}}
pub type PLDR_IMPORT_CALLBACK_INFO = *mut LDR_IMPORT_CALLBACK_INFO;
STRUCT!{struct LDR_SECTION_INFO {
SectionHandle: HANDLE,
DesiredAccess: ACCESS_MASK,
ObjA: POBJECT_ATTRIBUTES,
SectionPageProtection: ULONG,
AllocationAttributes: ULONG,
}}
pub type PLDR_SECTION_INFO = *mut LDR_SECTION_INFO;
STRUCT!{struct LDR_VERIFY_IMAGE_INFO {
Size: ULONG,
Flags: ULONG,
CallbackInfo: LDR_IMPORT_CALLBACK_INFO,
SectionInfo: LDR_SECTION_INFO,
ImageCharacteristics: USHORT,
}}
pub type PLDR_VERIFY_IMAGE_INFO = *mut LDR_VERIFY_IMAGE_INFO;
EXTERN!{extern "system" {
fn LdrVerifyImageMatchesChecksumEx(
ImageFileHandle: HANDLE,
VerifyInfo: PLDR_VERIFY_IMAGE_INFO,
) -> NTSTATUS;
fn LdrQueryModuleServiceTags(
DllHandle: PVOID,
ServiceTagBuffer: PULONG,
BufferSize: PULONG,
) -> NTSTATUS;
}}
pub const LDR_DLL_NOTIFICATION_REASON_LOADED: ULONG = 1;
pub const LDR_DLL_NOTIFICATION_REASON_UNLOADED: ULONG = 2;
STRUCT!{struct LDR_DLL_LOADED_NOTIFICATION_DATA {
Flags: ULONG,
FullDllName: PUNICODE_STRING,
BaseDllName: PUNICODE_STRING,
DllBase: PVOID,
SizeOfImage: ULONG,
}}
pub type PLDR_DLL_LOADED_NOTIFICATION_DATA = *mut LDR_DLL_LOADED_NOTIFICATION_DATA;
STRUCT!{struct LDR_DLL_UNLOADED_NOTIFICATION_DATA {
Flags: ULONG,
FullDllName: PCUNICODE_STRING,
BaseDllName: PCUNICODE_STRING,
DllBase: PVOID,
SizeOfImage: ULONG,
}}
pub type PLDR_DLL_UNLOADED_NOTIFICATION_DATA = *mut LDR_DLL_UNLOADED_NOTIFICATION_DATA;
UNION!{union LDR_DLL_NOTIFICATION_DATA {
Loaded: LDR_DLL_LOADED_NOTIFICATION_DATA,
Unloaded: LDR_DLL_UNLOADED_NOTIFICATION_DATA,
}}
pub type PLDR_DLL_NOTIFICATION_DATA = *mut LDR_DLL_NOTIFICATION_DATA;
FN!{stdcall PLDR_DLL_NOTIFICATION_FUNCTION(
NotificationReason: ULONG,
NotificationData: PLDR_DLL_NOTIFICATION_DATA,
Context: PVOID,
) -> ()}
EXTERN!{extern "system" {
fn LdrRegisterDllNotification(
Flags: ULONG,
NotificationFunction: PLDR_DLL_NOTIFICATION_FUNCTION,
Context: PVOID,
Cookie: *mut PVOID,
) -> NTSTATUS;
fn LdrUnregisterDllNotification(
Cookie: PVOID,
) -> NTSTATUS;
}}
STRUCT!{struct PS_MITIGATION_OPTIONS_MAP {
Map: [ULONG_PTR; 2],
}}
pub type PPS_MITIGATION_OPTIONS_MAP = *mut PS_MITIGATION_OPTIONS_MAP;
STRUCT!{struct PS_MITIGATION_AUDIT_OPTIONS_MAP {
Map: [ULONG_PTR; 2],
}}
pub type PPS_MITIGATION_AUDIT_OPTIONS_MAP = *mut PS_MITIGATION_AUDIT_OPTIONS_MAP;
STRUCT!{struct PS_SYSTEM_DLL_INIT_BLOCK {
Size: ULONG,
SystemDllWowRelocation: ULONG_PTR,
SystemDllNativeRelocation: ULONG_PTR,
Wow64SharedInformation: [ULONG_PTR; 16],
RngData: ULONG,
Flags: ULONG,
MitigationOptionsMap: PS_MITIGATION_OPTIONS_MAP,
CfgBitMap: ULONG_PTR,
CfgBitMapSize: ULONG_PTR,
Wow64CfgBitMap: ULONG_PTR,
Wow64CfgBitMapSize: ULONG_PTR,
MitigationAuditOptionsMap: PS_MITIGATION_AUDIT_OPTIONS_MAP,
}}
BITFIELD!{PS_SYSTEM_DLL_INIT_BLOCK Flags: ULONG [
CfgOverride set_CfgOverride[0..1],
Reserved set_Reserved[1..32],
]}
pub type PPS_SYSTEM_DLL_INIT_BLOCK = *mut PS_SYSTEM_DLL_INIT_BLOCK;
EXTERN!{extern "system" {
fn LdrSystemDllInitBlock() -> PPS_SYSTEM_DLL_INIT_BLOCK;
fn LdrAddLoadAsDataTable(
Module: PVOID,
FilePath: PWSTR,
Size: SIZE_T,
Handle: HANDLE,
) -> NTSTATUS;
fn LdrRemoveLoadAsDataTable(
InitModule: PVOID,
BaseModule: *mut PVOID,
Size: PSIZE_T,
Flags: ULONG,
) -> NTSTATUS;
fn LdrGetFileNameFromLoadAsDataTable(
Module: PVOID,
pFileNamePrt: *mut PVOID,
) -> NTSTATUS;
fn LdrDisableThreadCalloutsForDll(
DllImageBase: PVOID,
) -> NTSTATUS;
fn LdrAccessResource(
DllHandle: PVOID,
ResourceDataEntry: PIMAGE_RESOURCE_DATA_ENTRY,
ResourceBuffer: *mut PVOID,
ResourceLength: *mut ULONG,
) -> NTSTATUS;
}}
STRUCT!{struct LDR_RESOURCE_INFO {
Type: ULONG_PTR,
Name: ULONG_PTR,
Language: ULONG_PTR,
}}
pub type PLDR_RESOURCE_INFO = *mut LDR_RESOURCE_INFO;
pub const RESOURCE_TYPE_LEVEL: ULONG = 0;
pub const RESOURCE_NAME_LEVEL: ULONG = 1;
pub const RESOURCE_LANGUAGE_LEVEL: ULONG = 2;
pub const RESOURCE_DATA_LEVEL: ULONG = 3;
EXTERN!{extern "system" {
fn LdrFindResource_U(
DllHandle: PVOID,
ResourceInfo: PLDR_RESOURCE_INFO,
Level: ULONG,
ResourceDataEntry: *mut PIMAGE_RESOURCE_DATA_ENTRY,
) -> NTSTATUS;
fn LdrFindResourceDirectory_U(
DllHandle: PVOID,
ResourceInfo: PLDR_RESOURCE_INFO,
Level: ULONG,
ResourceDirectory: *mut PIMAGE_RESOURCE_DIRECTORY,
) -> NTSTATUS;
}}
STRUCT!{struct LDR_ENUM_RESOURCE_ENTRY_Path_s {
Id: USHORT,
NameIsPresent: USHORT,
}}
UNION!{union LDR_ENUM_RESOURCE_ENTRY_Path {
NameOrId: ULONG_PTR,
Name: PIMAGE_RESOURCE_DIRECTORY_STRING,
s: LDR_ENUM_RESOURCE_ENTRY_Path_s,
}}
STRUCT!{struct LDR_ENUM_RESOURCE_ENTRY {
Path: [LDR_ENUM_RESOURCE_ENTRY_Path; 3],
Data: PVOID,
Size: ULONG,
Reserved: ULONG,
}}
pub type PLDR_ENUM_RESOURCE_ENTRY = *mut LDR_ENUM_RESOURCE_ENTRY;
#[inline]
pub unsafe fn NAME_FROM_RESOURCE_ENTRY(
RootDirectory: PIMAGE_RESOURCE_DIRECTORY,
Entry: &IMAGE_RESOURCE_DIRECTORY_ENTRY,
) -> usize {
if Entry.u.s().NameIsString() != 0 {
return RootDirectory as usize + Entry.u.s().NameOffset() as usize;
}
*Entry.u.Id() as usize
}
EXTERN!{extern "system" {
fn LdrEnumResources(
DllHandle: PVOID,
ResourceInfo: PLDR_RESOURCE_INFO,
Level: ULONG,
ResourceCount: *mut ULONG,
Resources: PLDR_ENUM_RESOURCE_ENTRY,
) -> NTSTATUS;
fn LdrFindEntryForAddress(
DllHandle: PVOID,
Entry: *mut PLDR_DATA_TABLE_ENTRY,
) -> NTSTATUS;
}}
STRUCT!{struct RTL_PROCESS_MODULE_INFORMATION {
Section: HANDLE,
MappedBase: PVOID,
ImageBase: PVOID,
ImageSize: ULONG,
Flags: ULONG,
LoadOrderIndex: USHORT,
InitOrderIndex: USHORT,
LoadCount: USHORT,
OffsetToFileName: USHORT,
FullPathName: [UCHAR; 256],
}}
pub type PRTL_PROCESS_MODULE_INFORMATION = *mut RTL_PROCESS_MODULE_INFORMATION;
STRUCT!{struct RTL_PROCESS_MODULES {
NumberOfModules: ULONG,
Modules: [RTL_PROCESS_MODULE_INFORMATION; 1],
}}
pub type PRTL_PROCESS_MODULES = *mut RTL_PROCESS_MODULES;
STRUCT!{struct RTL_PROCESS_MODULE_INFORMATION_EX {
NextOffset: USHORT,
BaseInfo: RTL_PROCESS_MODULE_INFORMATION,
ImageChecksum: ULONG,
TimeDateStamp: ULONG,
DefaultBase: PVOID,
}}
pub type PRTL_PROCESS_MODULE_INFORMATION_EX = *mut RTL_PROCESS_MODULE_INFORMATION_EX;
EXTERN!{extern "system" {
fn LdrQueryProcessModuleInformation(
ModuleInformation: PRTL_PROCESS_MODULES,
Size: ULONG,
ReturnedSize: PULONG,
) -> NTSTATUS;
}}
FN!{stdcall PLDR_ENUM_CALLBACK(
ModuleInformation: PLDR_DATA_TABLE_ENTRY,
Parameter: PVOID,
Stop: *mut BOOLEAN,
) -> ()}
EXTERN!{extern "system" {
fn LdrEnumerateLoadedModules(
ReservedFlag: BOOLEAN,
EnumProc: PLDR_ENUM_CALLBACK,
Context: PVOID,
) -> NTSTATUS;
fn LdrOpenImageFileOptionsKey(
SubKey: PUNICODE_STRING,
Wow64: BOOLEAN,
NewKeyHandle: PHANDLE,
) -> NTSTATUS;
fn LdrQueryImageFileKeyOption(
KeyHandle: HANDLE,
ValueName: PCWSTR,
Type: ULONG,
Buffer: PVOID,
BufferSize: ULONG,
ReturnedLength: PULONG,
) -> NTSTATUS;
fn LdrQueryImageFileExecutionOptions(
SubKey: PUNICODE_STRING,
ValueName: PCWSTR,
ValueSize: ULONG,
Buffer: PVOID,
BufferSize: ULONG,
ReturnedLength: PULONG,
) -> NTSTATUS;
fn LdrQueryImageFileExecutionOptionsEx(
SubKey: PUNICODE_STRING,
ValueName: PCWSTR,
Type: ULONG,
Buffer: PVOID,
BufferSize: ULONG,
ReturnedLength: PULONG,
Wow64: BOOLEAN,
) -> NTSTATUS;
}}
UNION!{union DELAYLOAD_PROC_DESCRIPTOR_Description {
Name: PCSTR,
Ordinal: ULONG,
}}
STRUCT!{struct DELAYLOAD_PROC_DESCRIPTOR {
ImportDescribedByName: ULONG,
Description: DELAYLOAD_PROC_DESCRIPTOR_Description,
}}
pub type PDELAYLOAD_PROC_DESCRIPTOR = *mut DELAYLOAD_PROC_DESCRIPTOR;
STRUCT!{struct DELAYLOAD_INFO {
Size: ULONG,
DelayloadDescriptor: PCIMAGE_DELAYLOAD_DESCRIPTOR,
ThunkAddress: PIMAGE_THUNK_DATA,
TargetDllName: PCSTR,
TargetApiDescriptor: DELAYLOAD_PROC_DESCRIPTOR,
TargetModuleBase: PVOID,
Unused: PVOID,
LastError: ULONG,
}}
pub type PDELAYLOAD_INFO = *mut DELAYLOAD_INFO;
FN!{stdcall PDELAYLOAD_FAILURE_DLL_CALLBACK(
NotificationReason: ULONG,
DelayloadInfo: PDELAYLOAD_INFO,
) -> PVOID}
FN!{stdcall PDELAYLOAD_FAILURE_SYSTEM_ROUTINE(
DllName: PCSTR,
ProcName: PCSTR,
) -> PVOID}
EXTERN!{extern "system" {
fn LdrResolveDelayLoadedAPI(
ParentModuleBase: PVOID,
DelayloadDescriptor: PCIMAGE_DELAYLOAD_DESCRIPTOR,
FailureDllHook: PDELAYLOAD_FAILURE_DLL_CALLBACK,
FailureSystemHook: PDELAYLOAD_FAILURE_SYSTEM_ROUTINE,
ThunkAddress: PIMAGE_THUNK_DATA,
Flags: ULONG,
) -> PVOID;
fn LdrResolveDelayLoadsFromDll(
ParentBase: PVOID,
TargetDllName: PCSTR,
Flags: ULONG,
) -> NTSTATUS;
fn LdrSetDefaultDllDirectories(
DirectoryFlags: ULONG,
) -> NTSTATUS;
fn LdrShutdownProcess() -> NTSTATUS;
fn LdrShutdownThread() -> NTSTATUS;
fn LdrSetImplicitPathOptions(
ImplicitPathOptions: ULONG,
) -> NTSTATUS;
fn LdrControlFlowGuardEnforced() -> BOOLEAN;
}}

692
vendor/ntapi/src/ntlpcapi.rs vendored Normal file
View File

@@ -0,0 +1,692 @@
use core::mem::size_of;
use crate::ntapi_base::{CLIENT_ID, CLIENT_ID64};
use winapi::ctypes::c_double;
use winapi::shared::basetsd::{PSIZE_T, SIZE_T, ULONG64, ULONG_PTR};
use winapi::shared::ntdef::{
BOOLEAN, CSHORT, HANDLE, LARGE_INTEGER, NTSTATUS, OBJ_CASE_INSENSITIVE, PHANDLE,
PLARGE_INTEGER, POBJECT_ATTRIBUTES, PULONG, PUNICODE_STRING, PVOID, ULONG, ULONGLONG,
UNICODE_STRING,
};
use winapi::um::winnt::{
ACCESS_MASK, PSECURITY_DESCRIPTOR, PSECURITY_QUALITY_OF_SERVICE, PSID, RTL_SRWLOCK,
SECURITY_QUALITY_OF_SERVICE, STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE,
};
pub const PORT_CONNECT: u32 = 0x0001;
pub const PORT_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1;
STRUCT!{struct PORT_MESSAGE_u1_s {
DataLength: CSHORT,
TotalLength: CSHORT,
}}
STRUCT!{struct PORT_MESSAGE_u2_s {
Type: CSHORT,
DataInfoOffset: CSHORT,
}}
UNION!{union PORT_MESSAGE_u1 {
s: PORT_MESSAGE_u1_s,
Length: ULONG,
}}
UNION!{union PORT_MESSAGE_u2 {
s: PORT_MESSAGE_u2_s,
ZeroInit: ULONG,
}}
UNION!{union PORT_MESSAGE_u3 {
ClientId: CLIENT_ID,
DoNotUseThisField: c_double,
}}
UNION!{union PORT_MESSAGE_u4 {
ClientViewSize: SIZE_T,
CallbackId: ULONG,
}}
STRUCT!{struct PORT_MESSAGE {
u1: PORT_MESSAGE_u1,
u2: PORT_MESSAGE_u2,
u3: PORT_MESSAGE_u3,
MessageId: ULONG,
u4: PORT_MESSAGE_u4,
}}
pub type PPORT_MESSAGE = *mut PORT_MESSAGE;
STRUCT!{struct PORT_DATA_ENTRY {
Base: PVOID,
Size: ULONG,
}}
pub type PPORT_DATA_ENTRY = *mut PORT_DATA_ENTRY;
STRUCT!{struct PORT_DATA_INFORMATION {
CountDataEntries: ULONG,
DataEntries: [PORT_DATA_ENTRY; 1],
}}
pub type PPORT_DATA_INFORMATION = *mut PORT_DATA_INFORMATION;
pub const LPC_REQUEST: ULONG = 1;
pub const LPC_REPLY: ULONG = 2;
pub const LPC_DATAGRAM: ULONG = 3;
pub const LPC_LOST_REPLY: ULONG = 4;
pub const LPC_PORT_CLOSED: ULONG = 5;
pub const LPC_CLIENT_DIED: ULONG = 6;
pub const LPC_EXCEPTION: ULONG = 7;
pub const LPC_DEBUG_EVENT: ULONG = 8;
pub const LPC_ERROR_EVENT: ULONG = 9;
pub const LPC_CONNECTION_REQUEST: ULONG = 10;
pub const LPC_KERNELMODE_MESSAGE: CSHORT = 0x8000;
pub const LPC_NO_IMPERSONATE: CSHORT = 0x4000;
pub const PORT_VALID_OBJECT_ATTRIBUTES: u32 = OBJ_CASE_INSENSITIVE;
#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
pub const PORT_MAXIMUM_MESSAGE_LENGTH: u32 = 512;
#[cfg(target_arch = "x86")]
pub const PORT_MAXIMUM_MESSAGE_LENGTH: u32 = 256;
pub const LPC_MAX_CONNECTION_INFO_SIZE: u32 = 16 * size_of::<ULONG_PTR>() as u32;
pub const PORT_TOTAL_MAXIMUM_MESSAGE_LENGTH: u32 = (PORT_MAXIMUM_MESSAGE_LENGTH
+ size_of::<PORT_MESSAGE>() as u32
+ LPC_MAX_CONNECTION_INFO_SIZE
+ 0xf) & !0xf;
STRUCT!{struct LPC_CLIENT_DIED_MSG {
PortMsg: PORT_MESSAGE,
CreateTime: LARGE_INTEGER,
}}
pub type PLPC_CLIENT_DIED_MSG = *mut LPC_CLIENT_DIED_MSG;
STRUCT!{struct PORT_VIEW {
Length: ULONG,
SectionHandle: HANDLE,
SectionOffset: ULONG,
ViewSize: SIZE_T,
ViewBase: PVOID,
ViewRemoteBase: PVOID,
}}
pub type PPORT_VIEW = *mut PORT_VIEW;
STRUCT!{struct REMOTE_PORT_VIEW {
Length: ULONG,
ViewSize: SIZE_T,
ViewBase: PVOID,
}}
pub type PREMOTE_PORT_VIEW = *mut REMOTE_PORT_VIEW;
STRUCT!{struct PORT_MESSAGE64_u1_s {
DataLength: CSHORT,
TotalLength: CSHORT,
}}
STRUCT!{struct PORT_MESSAGE64_u2_s {
Type: CSHORT,
DataInfoOffset: CSHORT,
}}
UNION!{union PORT_MESSAGE64_u1 {
s: PORT_MESSAGE64_u1_s,
Length: ULONG,
}}
UNION!{union PORT_MESSAGE64_u2 {
s: PORT_MESSAGE64_u2_s,
ZeroInit: ULONG,
}}
UNION!{union PORT_MESSAGE64_u3 {
ClientId: CLIENT_ID64,
DoNotUseThisField: c_double,
}}
UNION!{union PORT_MESSAGE64_u4 {
ClientViewSize: ULONGLONG,
CallbackId: ULONG,
}}
STRUCT!{struct PORT_MESSAGE64 {
u1: PORT_MESSAGE64_u1,
u2: PORT_MESSAGE64_u2,
u3: PORT_MESSAGE64_u3,
MessageId: ULONG,
u4: PORT_MESSAGE64_u4,
}}
pub type PPORT_MESSAGE64 = *mut PORT_MESSAGE64;
STRUCT!{struct LPC_CLIENT_DIED_MSG64 {
PortMsg: PORT_MESSAGE64,
CreateTime: LARGE_INTEGER,
}}
pub type PLPC_CLIENT_DIED_MSG64 = *mut LPC_CLIENT_DIED_MSG64;
STRUCT!{struct PORT_VIEW64 {
Length: ULONG,
SectionHandle: ULONGLONG,
SectionOffset: ULONG,
ViewSize: ULONGLONG,
ViewBase: ULONGLONG,
ViewRemoteBase: ULONGLONG,
}}
pub type PPORT_VIEW64 = *mut PORT_VIEW64;
STRUCT!{struct REMOTE_PORT_VIEW64 {
Length: ULONG,
ViewSize: ULONGLONG,
ViewBase: ULONGLONG,
}}
pub type PREMOTE_PORT_VIEW64 = *mut REMOTE_PORT_VIEW64;
EXTERN!{extern "system" {
fn NtCreatePort(
PortHandle: PHANDLE,
ObjectAttributes: POBJECT_ATTRIBUTES,
MaxConnectionInfoLength: ULONG,
MaxMessageLength: ULONG,
MaxPoolUsage: ULONG,
) -> NTSTATUS;
fn NtCreateWaitablePort(
PortHandle: PHANDLE,
ObjectAttributes: POBJECT_ATTRIBUTES,
MaxConnectionInfoLength: ULONG,
MaxMessageLength: ULONG,
MaxPoolUsage: ULONG,
) -> NTSTATUS;
fn NtConnectPort(
PortHandle: PHANDLE,
PortName: PUNICODE_STRING,
SecurityQos: PSECURITY_QUALITY_OF_SERVICE,
ClientView: PPORT_VIEW,
ServerView: PREMOTE_PORT_VIEW,
MaxMessageLength: PULONG,
ConnectionInformation: PVOID,
ConnectionInformationLength: PULONG,
) -> NTSTATUS;
fn NtSecureConnectPort(
PortHandle: PHANDLE,
PortName: PUNICODE_STRING,
SecurityQos: PSECURITY_QUALITY_OF_SERVICE,
ClientView: PPORT_VIEW,
RequiredServerSid: PSID,
ServerView: PREMOTE_PORT_VIEW,
MaxMessageLength: PULONG,
ConnectionInformation: PVOID,
ConnectionInformationLength: PULONG,
) -> NTSTATUS;
fn NtListenPort(
PortHandle: HANDLE,
ConnectionRequest: PPORT_MESSAGE,
) -> NTSTATUS;
fn NtAcceptConnectPort(
PortHandle: PHANDLE,
PortContext: PVOID,
ConnectionRequest: PPORT_MESSAGE,
AcceptConnection: BOOLEAN,
ServerView: PPORT_VIEW,
ClientView: PREMOTE_PORT_VIEW,
) -> NTSTATUS;
fn NtCompleteConnectPort(
PortHandle: HANDLE,
) -> NTSTATUS;
fn NtRequestPort(
PortHandle: HANDLE,
RequestMessage: PPORT_MESSAGE,
) -> NTSTATUS;
fn NtRequestWaitReplyPort(
PortHandle: HANDLE,
RequestMessage: PPORT_MESSAGE,
ReplyMessage: PPORT_MESSAGE,
) -> NTSTATUS;
fn NtReplyPort(
PortHandle: HANDLE,
ReplyMessage: PPORT_MESSAGE,
) -> NTSTATUS;
fn NtReplyWaitReplyPort(
PortHandle: HANDLE,
ReplyMessage: PPORT_MESSAGE,
) -> NTSTATUS;
fn NtReplyWaitReceivePort(
PortHandle: HANDLE,
PortContext: *mut PVOID,
ReplyMessage: PPORT_MESSAGE,
ReceiveMessage: PPORT_MESSAGE,
) -> NTSTATUS;
fn NtReplyWaitReceivePortEx(
PortHandle: HANDLE,
PortContext: *mut PVOID,
ReplyMessage: PPORT_MESSAGE,
ReceiveMessage: PPORT_MESSAGE,
Timeout: PLARGE_INTEGER,
) -> NTSTATUS;
fn NtImpersonateClientOfPort(
PortHandle: HANDLE,
Message: PPORT_MESSAGE,
) -> NTSTATUS;
fn NtReadRequestData(
PortHandle: HANDLE,
Message: PPORT_MESSAGE,
DataEntryIndex: ULONG,
Buffer: PVOID,
BufferSize: SIZE_T,
NumberOfBytesRead: PSIZE_T,
) -> NTSTATUS;
fn NtWriteRequestData(
PortHandle: HANDLE,
Message: PPORT_MESSAGE,
DataEntryIndex: ULONG,
Buffer: PVOID,
BufferSize: SIZE_T,
NumberOfBytesWritten: PSIZE_T,
) -> NTSTATUS;
}}
ENUM!{enum PORT_INFORMATION_CLASS {
PortBasicInformation = 0,
PortDumpInformation = 1,
}}
EXTERN!{extern "system" {
fn NtQueryInformationPort(
PortHandle: HANDLE,
PortInformationClass: PORT_INFORMATION_CLASS,
PortInformation: PVOID,
Length: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
}}
pub type PALPC_HANDLE = *mut HANDLE;
pub type ALPC_HANDLE = HANDLE;
pub const ALPC_PORFLG_ALLOW_LPC_REQUESTS: ULONG = 0x20000;
pub const ALPC_PORFLG_WAITABLE_PORT: ULONG = 0x40000;
pub const ALPC_PORFLG_SYSTEM_PROCESS: ULONG = 0x100000;
#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
STRUCT!{struct ALPC_PORT_ATTRIBUTES {
Flags: ULONG,
SecurityQos: SECURITY_QUALITY_OF_SERVICE,
MaxMessageLength: SIZE_T,
MemoryBandwidth: SIZE_T,
MaxPoolUsage: SIZE_T,
MaxSectionSize: SIZE_T,
MaxViewSize: SIZE_T,
MaxTotalSectionSize: SIZE_T,
DupObjectTypes: ULONG,
Reserved: ULONG,
}}
#[cfg(target_arch = "x86")]
STRUCT!{struct ALPC_PORT_ATTRIBUTES {
Flags: ULONG,
SecurityQos: SECURITY_QUALITY_OF_SERVICE,
MaxMessageLength: SIZE_T,
MemoryBandwidth: SIZE_T,
MaxPoolUsage: SIZE_T,
MaxSectionSize: SIZE_T,
MaxViewSize: SIZE_T,
MaxTotalSectionSize: SIZE_T,
DupObjectTypes: ULONG,
}}
pub type PALPC_PORT_ATTRIBUTES = *mut ALPC_PORT_ATTRIBUTES;
pub const ALPC_MESSAGE_SECURITY_ATTRIBUTE: ULONG = 0x80000000;
pub const ALPC_MESSAGE_VIEW_ATTRIBUTE: ULONG = 0x40000000;
pub const ALPC_MESSAGE_CONTEXT_ATTRIBUTE: ULONG = 0x20000000;
pub const ALPC_MESSAGE_HANDLE_ATTRIBUTE: ULONG = 0x10000000;
STRUCT!{struct ALPC_MESSAGE_ATTRIBUTES {
AllocatedAttributes: ULONG,
ValidAttributes: ULONG,
}}
pub type PALPC_MESSAGE_ATTRIBUTES = *mut ALPC_MESSAGE_ATTRIBUTES;
STRUCT!{struct ALPC_COMPLETION_LIST_STATE {
Value: ULONG64,
}}
BITFIELD!{ALPC_COMPLETION_LIST_STATE Value: ULONG64 [
Head set_Head[0..24],
Tail set_Tail[24..48],
ActiveThreadCount set_ActiveThreadCount[48..64],
]}
pub type PALPC_COMPLETION_LIST_STATE = *mut ALPC_COMPLETION_LIST_STATE;
pub const ALPC_COMPLETION_LIST_BUFFER_GRANULARITY_MASK: ULONG = 0x3f;
STRUCT!{#[repr(align(128))] struct ALPC_COMPLETION_LIST_HEADER {
StartMagic: ULONG64,
TotalSize: ULONG,
ListOffset: ULONG,
ListSize: ULONG,
BitmapOffset: ULONG,
BitmapSize: ULONG,
DataOffset: ULONG,
DataSize: ULONG,
AttributeFlags: ULONG,
AttributeSize: ULONG,
__padding0: [u64; 10],
State: ALPC_COMPLETION_LIST_STATE,
LastMessageId: ULONG,
LastCallbackId: ULONG,
__padding1: [u32; 28],
PostCount: ULONG,
__padding2: [u32; 31],
ReturnCount: ULONG,
__padding3: [u32; 31],
LogSequenceNumber: ULONG,
__padding4: [u64; 15],
UserLock: RTL_SRWLOCK,
EndMagic: ULONG64,
__padding5: [u64; 14],
}}
pub type PALPC_COMPLETION_LIST_HEADER = *mut ALPC_COMPLETION_LIST_HEADER;
STRUCT!{struct ALPC_CONTEXT_ATTR {
PortContext: PVOID,
MessageContext: PVOID,
Sequence: ULONG,
MessageId: ULONG,
CallbackId: ULONG,
}}
pub type PALPC_CONTEXT_ATTR = *mut ALPC_CONTEXT_ATTR;
pub const ALPC_HANDLEFLG_DUPLICATE_SAME_ACCESS: ULONG = 0x10000;
pub const ALPC_HANDLEFLG_DUPLICATE_SAME_ATTRIBUTES: ULONG = 0x20000;
pub const ALPC_HANDLEFLG_DUPLICATE_INHERIT: ULONG = 0x80000;
STRUCT!{struct ALPC_HANDLE_ATTR32 {
Flags: ULONG,
Reserved0: ULONG,
SameAccess: ULONG,
SameAttributes: ULONG,
Indirect: ULONG,
Inherit: ULONG,
Reserved1: ULONG,
Handle: ULONG,
ObjectType: ULONG,
DesiredAccess: ULONG,
GrantedAccess: ULONG,
}}
pub type PALPC_HANDLE_ATTR32 = *mut ALPC_HANDLE_ATTR32;
STRUCT!{struct ALPC_HANDLE_ATTR {
Flags: ULONG,
Reserved0: ULONG,
SameAccess: ULONG,
SameAttributes: ULONG,
Indirect: ULONG,
Inherit: ULONG,
Reserved1: ULONG,
Handle: HANDLE,
HandleAttrArray: PALPC_HANDLE_ATTR32,
ObjectType: ULONG,
HandleCount: ULONG,
DesiredAccess: ACCESS_MASK,
GrantedAccess: ACCESS_MASK,
}}
pub type PALPC_HANDLE_ATTR = *mut ALPC_HANDLE_ATTR;
pub const ALPC_SECFLG_CREATE_HANDLE: ULONG = 0x20000;
STRUCT!{struct ALPC_SECURITY_ATTR {
Flags: ULONG,
QoS: PSECURITY_QUALITY_OF_SERVICE,
ContextHandle: ALPC_HANDLE,
}}
pub type PALPC_SECURITY_ATTR = *mut ALPC_SECURITY_ATTR;
pub const ALPC_VIEWFLG_NOT_SECURE: ULONG = 0x40000;
STRUCT!{struct ALPC_DATA_VIEW_ATTR {
Flags: ULONG,
SectionHandle: ALPC_HANDLE,
ViewBase: PVOID,
ViewSize: SIZE_T,
}}
pub type PALPC_DATA_VIEW_ATTR = *mut ALPC_DATA_VIEW_ATTR;
ENUM!{enum ALPC_PORT_INFORMATION_CLASS {
AlpcBasicInformation = 0,
AlpcPortInformation = 1,
AlpcAssociateCompletionPortInformation = 2,
AlpcConnectedSIDInformation = 3,
AlpcServerInformation = 4,
AlpcMessageZoneInformation = 5,
AlpcRegisterCompletionListInformation = 6,
AlpcUnregisterCompletionListInformation = 7,
AlpcAdjustCompletionListConcurrencyCountInformation = 8,
AlpcRegisterCallbackInformation = 9,
AlpcCompletionListRundownInformation = 10,
AlpcWaitForPortReferences = 11,
}}
STRUCT!{struct ALPC_BASIC_INFORMATION {
Flags: ULONG,
SequenceNo: ULONG,
PortContext: PVOID,
}}
pub type PALPC_BASIC_INFORMATION = *mut ALPC_BASIC_INFORMATION;
STRUCT!{struct ALPC_PORT_ASSOCIATE_COMPLETION_PORT {
CompletionKey: PVOID,
CompletionPort: HANDLE,
}}
pub type PALPC_PORT_ASSOCIATE_COMPLETION_PORT = *mut ALPC_PORT_ASSOCIATE_COMPLETION_PORT;
STRUCT!{struct ALPC_SERVER_INFORMATION_Out {
ThreadBlocked: BOOLEAN,
ConnectedProcessId: HANDLE,
ConnectionPortName: UNICODE_STRING,
}}
UNION!{union ALPC_SERVER_INFORMATION {
ThreadHandle: HANDLE,
Out: ALPC_SERVER_INFORMATION_Out,
}}
pub type PALPC_SERVER_INFORMATION = *mut ALPC_SERVER_INFORMATION;
STRUCT!{struct ALPC_PORT_MESSAGE_ZONE_INFORMATION {
Buffer: PVOID,
Size: ULONG,
}}
pub type PALPC_PORT_MESSAGE_ZONE_INFORMATION = *mut ALPC_PORT_MESSAGE_ZONE_INFORMATION;
STRUCT!{struct ALPC_PORT_COMPLETION_LIST_INFORMATION {
Buffer: PVOID,
Size: ULONG,
ConcurrencyCount: ULONG,
AttributeFlags: ULONG,
}}
pub type PALPC_PORT_COMPLETION_LIST_INFORMATION = *mut ALPC_PORT_COMPLETION_LIST_INFORMATION;
ENUM!{enum ALPC_MESSAGE_INFORMATION_CLASS {
AlpcMessageSidInformation = 0,
AlpcMessageTokenModifiedIdInformation = 1,
AlpcMessageDirectStatusInformation = 2,
AlpcMessageHandleInformation = 3,
MaxAlpcMessageInfoClass = 4,
}}
pub type PALPC_MESSAGE_INFORMATION_CLASS = *mut ALPC_MESSAGE_INFORMATION_CLASS;
STRUCT!{struct ALPC_MESSAGE_HANDLE_INFORMATION {
Index: ULONG,
Flags: ULONG,
Handle: ULONG,
ObjectType: ULONG,
GrantedAccess: ACCESS_MASK,
}}
pub type PALPC_MESSAGE_HANDLE_INFORMATION = *mut ALPC_MESSAGE_HANDLE_INFORMATION;
EXTERN!{extern "system" {
fn NtAlpcCreatePort(
PortHandle: PHANDLE,
ObjectAttributes: POBJECT_ATTRIBUTES,
PortAttributes: PALPC_PORT_ATTRIBUTES,
) -> NTSTATUS;
fn NtAlpcDisconnectPort(
PortHandle: HANDLE,
Flags: ULONG,
) -> NTSTATUS;
fn NtAlpcQueryInformation(
PortHandle: HANDLE,
PortInformationClass: ALPC_PORT_INFORMATION_CLASS,
PortInformation: PVOID,
Length: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn NtAlpcSetInformation(
PortHandle: HANDLE,
PortInformationClass: ALPC_PORT_INFORMATION_CLASS,
PortInformation: PVOID,
Length: ULONG,
) -> NTSTATUS;
fn NtAlpcCreatePortSection(
PortHandle: HANDLE,
Flags: ULONG,
SectionHandle: HANDLE,
SectionSize: SIZE_T,
AlpcSectionHandle: PALPC_HANDLE,
ActualSectionSize: PSIZE_T,
) -> NTSTATUS;
fn NtAlpcDeletePortSection(
PortHandle: HANDLE,
Flags: ULONG,
SectionHandle: ALPC_HANDLE,
) -> NTSTATUS;
fn NtAlpcCreateResourceReserve(
PortHandle: HANDLE,
Flags: ULONG,
MessageSize: SIZE_T,
ResourceId: PALPC_HANDLE,
) -> NTSTATUS;
fn NtAlpcDeleteResourceReserve(
PortHandle: HANDLE,
Flags: ULONG,
ResourceId: ALPC_HANDLE,
) -> NTSTATUS;
fn NtAlpcCreateSectionView(
PortHandle: HANDLE,
Flags: ULONG,
ViewAttributes: PALPC_DATA_VIEW_ATTR,
) -> NTSTATUS;
fn NtAlpcDeleteSectionView(
PortHandle: HANDLE,
Flags: ULONG,
ViewBase: PVOID,
) -> NTSTATUS;
fn NtAlpcCreateSecurityContext(
PortHandle: HANDLE,
Flags: ULONG,
SecurityAttribute: PALPC_SECURITY_ATTR,
) -> NTSTATUS;
fn NtAlpcDeleteSecurityContext(
PortHandle: HANDLE,
Flags: ULONG,
ContextHandle: ALPC_HANDLE,
) -> NTSTATUS;
fn NtAlpcRevokeSecurityContext(
PortHandle: HANDLE,
Flags: ULONG,
ContextHandle: ALPC_HANDLE,
) -> NTSTATUS;
fn NtAlpcQueryInformationMessage(
PortHandle: HANDLE,
PortMessage: PPORT_MESSAGE,
MessageInformationClass: ALPC_MESSAGE_INFORMATION_CLASS,
MessageInformation: PVOID,
Length: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
}}
pub const ALPC_MSGFLG_REPLY_MESSAGE: ULONG = 0x1;
pub const ALPC_MSGFLG_LPC_MODE: ULONG = 0x2;
pub const ALPC_MSGFLG_RELEASE_MESSAGE: ULONG = 0x10000;
pub const ALPC_MSGFLG_SYNC_REQUEST: ULONG = 0x20000;
pub const ALPC_MSGFLG_WAIT_USER_MODE: ULONG = 0x100000;
pub const ALPC_MSGFLG_WAIT_ALERTABLE: ULONG = 0x200000;
pub const ALPC_MSGFLG_WOW64_CALL: ULONG = 0x80000000;
EXTERN!{extern "system" {
fn NtAlpcConnectPort(
PortHandle: PHANDLE,
PortName: PUNICODE_STRING,
ObjectAttributes: POBJECT_ATTRIBUTES,
PortAttributes: PALPC_PORT_ATTRIBUTES,
Flags: ULONG,
RequiredServerSid: PSID,
ConnectionMessage: PPORT_MESSAGE,
BufferLength: PULONG,
OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
Timeout: PLARGE_INTEGER,
) -> NTSTATUS;
fn NtAlpcConnectPortEx(
PortHandle: PHANDLE,
ConnectionPortObjectAttributes: POBJECT_ATTRIBUTES,
ClientPortObjectAttributes: POBJECT_ATTRIBUTES,
PortAttributes: PALPC_PORT_ATTRIBUTES,
Flags: ULONG,
ServerSecurityRequirements: PSECURITY_DESCRIPTOR,
ConnectionMessage: PPORT_MESSAGE,
BufferLength: PSIZE_T,
OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
Timeout: PLARGE_INTEGER,
) -> NTSTATUS;
fn NtAlpcAcceptConnectPort(
PortHandle: PHANDLE,
ConnectionPortHandle: HANDLE,
Flags: ULONG,
ObjectAttributes: POBJECT_ATTRIBUTES,
PortAttributes: PALPC_PORT_ATTRIBUTES,
PortContext: PVOID,
ConnectionRequest: PPORT_MESSAGE,
ConnectionMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
AcceptConnection: BOOLEAN,
) -> NTSTATUS;
fn NtAlpcSendWaitReceivePort(
PortHandle: HANDLE,
Flags: ULONG,
SendMessageA: PPORT_MESSAGE,
SendMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
ReceiveMessage: PPORT_MESSAGE,
BufferLength: PSIZE_T,
ReceiveMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
Timeout: PLARGE_INTEGER,
) -> NTSTATUS;
}}
pub const ALPC_CANCELFLG_TRY_CANCEL: ULONG = 0x1;
pub const ALPC_CANCELFLG_NO_CONTEXT_CHECK: ULONG = 0x8;
pub const ALPC_CANCELFLGP_FLUSH: ULONG = 0x10000;
EXTERN!{extern "system" {
fn NtAlpcCancelMessage(
PortHandle: HANDLE,
Flags: ULONG,
MessageContext: PALPC_CONTEXT_ATTR,
) -> NTSTATUS;
fn NtAlpcImpersonateClientOfPort(
PortHandle: HANDLE,
Message: PPORT_MESSAGE,
Flags: PVOID,
) -> NTSTATUS;
fn NtAlpcImpersonateClientContainerOfPort(
PortHandle: HANDLE,
Message: PPORT_MESSAGE,
Flags: ULONG,
) -> NTSTATUS;
fn NtAlpcOpenSenderProcess(
ProcessHandle: PHANDLE,
PortHandle: HANDLE,
PortMessage: PPORT_MESSAGE,
Flags: ULONG,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn NtAlpcOpenSenderThread(
ThreadHandle: PHANDLE,
PortHandle: HANDLE,
PortMessage: PPORT_MESSAGE,
Flags: ULONG,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn AlpcMaxAllowedMessageLength() -> ULONG;
fn AlpcGetHeaderSize(
Flags: ULONG,
) -> ULONG;
fn AlpcInitializeMessageAttribute(
AttributeFlags: ULONG,
Buffer: PALPC_MESSAGE_ATTRIBUTES,
BufferSize: ULONG,
RequiredBufferSize: PULONG,
) -> NTSTATUS;
fn AlpcGetMessageAttribute(
Buffer: PALPC_MESSAGE_ATTRIBUTES,
AttributeFlag: ULONG,
) -> PVOID;
fn AlpcRegisterCompletionList(
PortHandle: HANDLE,
Buffer: PALPC_COMPLETION_LIST_HEADER,
Size: ULONG,
ConcurrencyCount: ULONG,
AttributeFlags: ULONG,
) -> NTSTATUS;
fn AlpcUnregisterCompletionList(
PortHandle: HANDLE,
) -> NTSTATUS;
fn AlpcRundownCompletionList(
PortHandle: HANDLE,
) -> NTSTATUS;
fn AlpcAdjustCompletionListConcurrencyCount(
PortHandle: HANDLE,
ConcurrencyCount: ULONG,
) -> NTSTATUS;
fn AlpcRegisterCompletionListWorkerThread(
CompletionList: PVOID,
) -> BOOLEAN;
fn AlpcUnregisterCompletionListWorkerThread(
CompletionList: PVOID,
) -> BOOLEAN;
fn AlpcGetCompletionListLastMessageInformation(
CompletionList: PVOID,
LastMessageId: PULONG,
LastCallbackId: PULONG,
);
fn AlpcGetOutstandingCompletionListMessageCount(
CompletionList: PVOID,
) -> ULONG;
fn AlpcGetMessageFromCompletionList(
CompletionList: PVOID,
MessageAttributes: *mut PALPC_MESSAGE_ATTRIBUTES,
) -> PPORT_MESSAGE;
fn AlpcFreeCompletionListMessage(
CompletionList: PVOID,
Message: PPORT_MESSAGE,
);
fn AlpcGetCompletionListMessageAttributes(
CompletionList: PVOID,
Message: PPORT_MESSAGE,
) -> PALPC_MESSAGE_ATTRIBUTES;
}}

42
vendor/ntapi/src/ntmisc.rs vendored Normal file
View File

@@ -0,0 +1,42 @@
use winapi::shared::ntdef::{HANDLE, NTSTATUS, PULONG, PVOID, ULONG};
use winapi::um::winnt::STANDARD_RIGHTS_ALL;
pub const FLT_PORT_CONNECT: u32 = 0x0001;
pub const FLT_PORT_ALL_ACCESS: u32 = FLT_PORT_CONNECT | STANDARD_RIGHTS_ALL;
ENUM!{enum VDMSERVICECLASS {
VdmStartExecution = 0,
VdmQueueInterrupt = 1,
VdmDelayInterrupt = 2,
VdmInitialize = 3,
VdmFeatures = 4,
VdmSetInt21Handler = 5,
VdmQueryDir = 6,
VdmPrinterDirectIoOpen = 7,
VdmPrinterDirectIoClose = 8,
VdmPrinterInitialize = 9,
VdmSetLdtEntries = 10,
VdmSetProcessLdtInfo = 11,
VdmAdlibEmulation = 12,
VdmPMCliControl = 13,
VdmQueryVdmProcess = 14,
}}
pub type PVDMSERVICECLASS = *mut VDMSERVICECLASS;
EXTERN!{extern "system" {
fn NtVdmControl(
Service: VDMSERVICECLASS,
ServiceData: PVOID,
) -> NTSTATUS;
fn NtTraceEvent(
TraceHandle: HANDLE,
Flags: ULONG,
FieldSize: ULONG,
Fields: PVOID,
) -> NTSTATUS;
fn NtTraceControl(
FunctionCode: ULONG,
InBuffer: PVOID,
InBufferLen: ULONG,
OutBuffer: PVOID,
OutBufferLen: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
}}

630
vendor/ntapi/src/ntmmapi.rs vendored Normal file
View File

@@ -0,0 +1,630 @@
use crate::winapi_local::um::winnt::PMEM_EXTENDED_PARAMETER;
use winapi::shared::basetsd::{PSIZE_T, PULONG_PTR, SIZE_T, ULONG_PTR};
use winapi::shared::ntdef::{
BOOLEAN, HANDLE, LARGE_INTEGER, NTSTATUS, PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES, PULONG,
PUNICODE_STRING, PVOID, UCHAR, ULONG, ULONGLONG, UNICODE_STRING, USHORT,
};
use winapi::um::winnt::{
ACCESS_MASK, PCFG_CALL_TARGET_INFO, STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE,
};
ENUM!{enum MEMORY_INFORMATION_CLASS {
MemoryBasicInformation = 0,
MemoryWorkingSetInformation = 1,
MemoryMappedFilenameInformation = 2,
MemoryRegionInformation = 3,
MemoryWorkingSetExInformation = 4,
MemorySharedCommitInformation = 5,
MemoryImageInformation = 6,
MemoryRegionInformationEx = 7,
MemoryPrivilegedBasicInformation = 8,
MemoryEnclaveImageInformation = 9,
MemoryBasicInformationCapped = 10,
}}
STRUCT!{struct MEMORY_WORKING_SET_BLOCK {
Bitfields: ULONG_PTR,
}}
#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
BITFIELD!{MEMORY_WORKING_SET_BLOCK Bitfields: ULONG_PTR [
Protection set_Protection[0..5],
ShareCount set_ShareCount[5..8],
Shared set_Shared[8..9],
Node set_Node[9..12],
VirtualPage set_VirtualPage[12..64],
]}
#[cfg(target_arch = "x86")]
BITFIELD!{MEMORY_WORKING_SET_BLOCK Bitfields: ULONG_PTR [
Protection set_Protection[0..5],
ShareCount set_ShareCount[5..8],
Shared set_Shared[8..9],
Node set_Node[9..12],
VirtualPage set_VirtualPage[12..32],
]}
pub type PMEMORY_WORKING_SET_BLOCK = *mut MEMORY_WORKING_SET_BLOCK;
STRUCT!{struct MEMORY_WORKING_SET_INFORMATION {
NumberOfEntries: ULONG_PTR,
WorkingSetInfo: [MEMORY_WORKING_SET_BLOCK; 1],
}}
pub type PMEMORY_WORKING_SET_INFORMATION = *mut MEMORY_WORKING_SET_INFORMATION;
STRUCT!{struct MEMORY_REGION_INFORMATION {
AllocationBase: PVOID,
AllocationProtect: ULONG,
RegionType: ULONG,
RegionSize: SIZE_T,
CommitSize: SIZE_T,
}}
BITFIELD!{MEMORY_REGION_INFORMATION RegionType: ULONG [
Private set_Private[0..1],
MappedDataFile set_MappedDataFile[1..2],
MappedImage set_MappedImage[2..3],
MappedPageFile set_MappedPageFile[3..4],
MappedPhysical set_MappedPhysical[4..5],
DirectMapped set_DirectMapped[5..6],
SoftwareEnclave set_SoftwareEnclave[6..7],
PageSize64K set_PageSize64K[7..8],
PlaceholderReservation set_PlaceholderReservation[8..9],
Reserved set_Reserved[9..32],
]}
pub type PMEMORY_REGION_INFORMATION = *mut MEMORY_REGION_INFORMATION;
ENUM!{enum MEMORY_WORKING_SET_EX_LOCATION {
MemoryLocationInvalid = 0,
MemoryLocationResident = 1,
MemoryLocationPagefile = 2,
MemoryLocationReserved = 3,
}}
UNION!{union MEMORY_WORKING_SET_EX_BLOCK_u {
Bitfields: ULONG_PTR,
Invalid: ULONG_PTR,
}}
STRUCT!{struct MEMORY_WORKING_SET_EX_BLOCK {
u: MEMORY_WORKING_SET_EX_BLOCK_u,
}}
#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Bitfields: ULONG_PTR [
Valid set_Valid[0..1],
ShareCount set_ShareCount[1..4],
Win32Protection set_Win32Protection[4..15],
Shared set_Shared[15..16],
Node set_Node[16..22],
Locked set_Locked[22..23],
LargePage set_LargePage[23..24],
Priority set_Priority[24..27],
Reserved set_Reserved[27..30],
SharedOriginal set_SharedOriginal[30..31],
Bad set_Bad[31..32],
ReservedUlong set_ReservedUlong[32..64],
]}
#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Invalid: ULONG_PTR [
Invalid_Valid set_Invalid_Valid[0..1],
Invalid_Reserved0 set_Invalid_Reserved0[1..15],
Invalid_Shared set_Invalid_Shared[15..16],
Invalid_Reserved1 set_Invalid_Reserved1[16..21],
Invalid_PageTable set_Invalid_PageTable[21..22],
Invalid_Location set_Invalid_Location[22..24],
Invalid_Priority set_Invalid_Priority[24..27],
Invalid_ModifiedList set_Invalid_ModifiedList[27..28],
Invalid_Reserved2 set_Invalid_Reserved2[28..30],
Invalid_SharedOriginal set_Invalid_SharedOriginal[30..31],
Invalid_Bad set_Invalid_Bad[31..32],
Invalid_ReservedUlong set_Invalid_ReservedUlong[32..64],
]}
#[cfg(target_arch = "x86")]
BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Bitfields: ULONG_PTR [
Valid set_Valid[0..1],
ShareCount set_ShareCount[1..4],
Win32Protection set_Win32Protection[4..15],
Shared set_Shared[15..16],
Node set_Node[16..22],
Locked set_Locked[22..23],
LargePage set_LargePage[23..24],
Priority set_Priority[24..27],
Reserved set_Reserved[27..30],
SharedOriginal set_SharedOriginal[30..31],
Bad set_Bad[31..32],
]}
#[cfg(target_arch = "x86")]
BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Invalid: ULONG_PTR [
Invalid_Valid set_Invalid_Valid[0..1],
Invalid_Reserved0 set_Invalid_Reserved0[1..15],
Invalid_Shared set_Invalid_Shared[15..16],
Invalid_Reserved1 set_Invalid_Reserved1[16..21],
Invalid_PageTable set_Invalid_PageTable[21..22],
Invalid_Location set_Invalid_Location[22..24],
Invalid_Priority set_Invalid_Priority[24..27],
Invalid_ModifiedList set_Invalid_ModifiedList[27..28],
Invalid_Reserved2 set_Invalid_Reserved2[28..30],
Invalid_SharedOriginal set_Invalid_SharedOriginal[30..31],
Invalid_Bad set_Invalid_Bad[31..32],
]}
pub type PMEMORY_WORKING_SET_EX_BLOCK = *mut MEMORY_WORKING_SET_EX_BLOCK;
STRUCT!{struct MEMORY_WORKING_SET_EX_INFORMATION {
VirtualAddress: PVOID,
VirtualAttributes: MEMORY_WORKING_SET_EX_BLOCK,
}}
pub type PMEMORY_WORKING_SET_EX_INFORMATION = *mut MEMORY_WORKING_SET_EX_INFORMATION;
STRUCT!{struct MEMORY_SHARED_COMMIT_INFORMATION {
CommitSize: SIZE_T,
}}
pub type PMEMORY_SHARED_COMMIT_INFORMATION = *mut MEMORY_SHARED_COMMIT_INFORMATION;
STRUCT!{struct MEMORY_IMAGE_INFORMATION {
ImageBase: PVOID,
SizeOfImage: SIZE_T,
ImageFlags: ULONG,
}}
BITFIELD!{MEMORY_IMAGE_INFORMATION ImageFlags: ULONG [
ImagePartialMap set_ImagePartialMap[0..1],
ImageNotExecutable set_ImageNotExecutable[1..2],
ImageSigningLevel set_ImageSigningLevel[2..6],
Reserved set_Reserved[6..32],
]}
pub type PMEMORY_IMAGE_INFORMATION = *mut MEMORY_IMAGE_INFORMATION;
STRUCT!{struct MEMORY_ENCLAVE_IMAGE_INFORMATION {
ImageInfo: MEMORY_IMAGE_INFORMATION,
UniqueID: [UCHAR; 32],
AuthorID: [UCHAR; 32],
}}
pub type PMEMORY_ENCLAVE_IMAGE_INFORMATION = *mut MEMORY_ENCLAVE_IMAGE_INFORMATION;
pub const MMPFNLIST_ZERO: u32 = 0;
pub const MMPFNLIST_FREE: u32 = 1;
pub const MMPFNLIST_STANDBY: u32 = 2;
pub const MMPFNLIST_MODIFIED: u32 = 3;
pub const MMPFNLIST_MODIFIEDNOWRITE: u32 = 4;
pub const MMPFNLIST_BAD: u32 = 5;
pub const MMPFNLIST_ACTIVE: u32 = 6;
pub const MMPFNLIST_TRANSITION: u32 = 7;
pub const MMPFNUSE_PROCESSPRIVATE: u32 = 0;
pub const MMPFNUSE_FILE: u32 = 1;
pub const MMPFNUSE_PAGEFILEMAPPED: u32 = 2;
pub const MMPFNUSE_PAGETABLE: u32 = 3;
pub const MMPFNUSE_PAGEDPOOL: u32 = 4;
pub const MMPFNUSE_NONPAGEDPOOL: u32 = 5;
pub const MMPFNUSE_SYSTEMPTE: u32 = 6;
pub const MMPFNUSE_SESSIONPRIVATE: u32 = 7;
pub const MMPFNUSE_METAFILE: u32 = 8;
pub const MMPFNUSE_AWEPAGE: u32 = 9;
pub const MMPFNUSE_DRIVERLOCKPAGE: u32 = 10;
pub const MMPFNUSE_KERNELSTACK: u32 = 11;
STRUCT!{struct MEMORY_FRAME_INFORMATION {
Bitfields: ULONGLONG,
}}
BITFIELD!{MEMORY_FRAME_INFORMATION Bitfields: ULONGLONG [
UseDescription set_UseDescription[0..4],
ListDescription set_ListDescription[4..7],
Reserved0 set_Reserved0[7..8],
Pinned set_Pinned[8..9],
DontUse set_DontUse[9..57],
Priority set_Priority[57..60],
Reserved set_Reserved[60..64],
]}
STRUCT!{struct FILEOFFSET_INFORMATION {
Bitfields: ULONGLONG,
}}
BITFIELD!{FILEOFFSET_INFORMATION Bitfields: ULONGLONG [
DontUse set_DontUse[0..9],
Offset set_Offset[9..57],
Reserved set_Reserved[57..64],
]}
STRUCT!{struct PAGEDIR_INFORMATION {
Bitfields: ULONGLONG,
}}
BITFIELD!{PAGEDIR_INFORMATION Bitfields: ULONGLONG [
DontUse set_DontUse[0..9],
PageDirectoryBase set_PageDirectoryBase[9..57],
Reserved set_Reserved[57..64],
]}
STRUCT!{struct UNIQUE_PROCESS_INFORMATION {
Bitfields: ULONGLONG,
}}
BITFIELD!{UNIQUE_PROCESS_INFORMATION Bitfields: ULONGLONG [
DontUse set_DontUse[0..9],
UniqueProcessKey set_UniqueProcessKey[9..57],
Reserved set_Reserved[57..64],
]}
pub type PUNIQUE_PROCESS_INFORMATION = *mut UNIQUE_PROCESS_INFORMATION;
UNION!{union MMPFN_IDENTITY_u1 {
e1: MEMORY_FRAME_INFORMATION,
e2: FILEOFFSET_INFORMATION,
e3: PAGEDIR_INFORMATION,
e4: UNIQUE_PROCESS_INFORMATION,
}}
UNION!{union MMPFN_IDENTITY_u2 {
e1: ULONG_PTR,
e2_CombinedPage: ULONG_PTR,
FileObject: ULONG_PTR,
UniqueFileObjectKey: ULONG_PTR,
ProtoPteAddress: ULONG_PTR,
VirtualAddress: ULONG_PTR,
}}
STRUCT!{struct MMPFN_IDENTITY {
u1: MMPFN_IDENTITY_u1,
PageFrameIndex: ULONG_PTR,
u2: MMPFN_IDENTITY_u2,
}}
BITFIELD!{unsafe MMPFN_IDENTITY_u2 e1: ULONG_PTR [
Image set_Image[0..1],
Mismatch set_Mismatch[1..2],
]}
pub type PMMPFN_IDENTITY = *mut MMPFN_IDENTITY;
STRUCT!{struct MMPFN_MEMSNAP_INFORMATION {
InitialPageFrameIndex: ULONG_PTR,
Count: ULONG_PTR,
}}
pub type PMMPFN_MEMSNAP_INFORMATION = *mut MMPFN_MEMSNAP_INFORMATION;
ENUM!{enum SECTION_INFORMATION_CLASS {
SectionBasicInformation = 0,
SectionImageInformation = 1,
SectionRelocationInformation = 2,
SectionOriginalBaseInformation = 3,
SectionInternalImageInformation = 4,
MaxSectionInfoClass = 5,
}}
STRUCT!{struct SECTION_BASIC_INFORMATION {
BaseAddress: PVOID,
AllocationAttributes: ULONG,
MaximumSize: LARGE_INTEGER,
}}
pub type PSECTION_BASIC_INFORMATION = *mut SECTION_BASIC_INFORMATION;
STRUCT!{struct SECTION_IMAGE_INFORMATION_u1_s {
SubSystemMinorVersion: USHORT,
SubSystemMajorVersion: USHORT,
}}
UNION!{union SECTION_IMAGE_INFORMATION_u1 {
s: SECTION_IMAGE_INFORMATION_u1_s,
SubSystemVersion: ULONG,
}}
STRUCT!{struct SECTION_IMAGE_INFORMATION_u2_s {
MajorOperatingSystemVersion: USHORT,
MinorOperatingSystemVersion: USHORT,
}}
UNION!{union SECTION_IMAGE_INFORMATION_u2 {
s: SECTION_IMAGE_INFORMATION_u2_s,
OperatingSystemVersion: ULONG,
}}
STRUCT!{struct SECTION_IMAGE_INFORMATION {
TransferAddress: PVOID,
ZeroBits: ULONG,
MaximumStackSize: SIZE_T,
CommittedStackSize: SIZE_T,
SubSystemType: ULONG,
u1: SECTION_IMAGE_INFORMATION_u1,
u2: SECTION_IMAGE_INFORMATION_u2,
ImageCharacteristics: USHORT,
DllCharacteristics: USHORT,
Machine: USHORT,
ImageContainsCode: BOOLEAN,
ImageFlags: UCHAR,
LoaderFlags: ULONG,
ImageFileSize: ULONG,
CheckSum: ULONG,
}}
BITFIELD!{SECTION_IMAGE_INFORMATION ImageFlags: UCHAR [
ComPlusNativeReady set_ComPlusNativeReady[0..1],
ComPlusILOnly set_ComPlusILOnly[1..2],
ImageDynamicallyRelocated set_ImageDynamicallyRelocated[2..3],
ImageMappedFlat set_ImageMappedFlat[3..4],
BaseBelow4gb set_BaseBelow4gb[4..5],
ComPlusPrefer32bit set_ComPlusPrefer32bit[5..6],
Reserved set_Reserved[6..8],
]}
pub type PSECTION_IMAGE_INFORMATION = *mut SECTION_IMAGE_INFORMATION;
STRUCT!{struct SECTION_INTERNAL_IMAGE_INFORMATION {
SectionInformation: SECTION_IMAGE_INFORMATION,
ExtendedFlags: ULONG,
}}
BITFIELD!{SECTION_INTERNAL_IMAGE_INFORMATION ExtendedFlags: ULONG [
ImageExportSuppressionEnabled set_ImageExportSuppressionEnabled[0..1],
Reserved set_Reserved[1..32],
]}
pub type PSECTION_INTERNAL_IMAGE_INFORMATION = *mut SECTION_INTERNAL_IMAGE_INFORMATION;
ENUM!{enum SECTION_INHERIT {
ViewShare = 1,
ViewUnmap = 2,
}}
pub const SEC_BASED: u32 = 0x200000;
pub const SEC_NO_CHANGE: u32 = 0x400000;
pub const SEC_GLOBAL: u32 = 0x20000000;
pub const MEM_EXECUTE_OPTION_DISABLE: u32 = 0x1;
pub const MEM_EXECUTE_OPTION_ENABLE: u32 = 0x2;
pub const MEM_EXECUTE_OPTION_DISABLE_THUNK_EMULATION: u32 = 0x4;
pub const MEM_EXECUTE_OPTION_PERMANENT: u32 = 0x8;
pub const MEM_EXECUTE_OPTION_EXECUTE_DISPATCH_ENABLE: u32 = 0x10;
pub const MEM_EXECUTE_OPTION_IMAGE_DISPATCH_ENABLE: u32 = 0x20;
pub const MEM_EXECUTE_OPTION_VALID_FLAGS: u32 = 0x3f;
EXTERN!{extern "system" {
fn NtAllocateVirtualMemory(
ProcessHandle: HANDLE,
BaseAddress: *mut PVOID,
ZeroBits: ULONG_PTR,
RegionSize: PSIZE_T,
AllocationType: ULONG,
Protect: ULONG,
) -> NTSTATUS;
fn NtFreeVirtualMemory(
ProcessHandle: HANDLE,
BaseAddress: *mut PVOID,
RegionSize: PSIZE_T,
FreeType: ULONG,
) -> NTSTATUS;
fn NtReadVirtualMemory(
ProcessHandle: HANDLE,
BaseAddress: PVOID,
Buffer: PVOID,
BufferSize: SIZE_T,
NumberOfBytesRead: PSIZE_T,
) -> NTSTATUS;
fn NtWriteVirtualMemory(
ProcessHandle: HANDLE,
BaseAddress: PVOID,
Buffer: PVOID,
BufferSize: SIZE_T,
NumberOfBytesWritten: PSIZE_T,
) -> NTSTATUS;
fn NtProtectVirtualMemory(
ProcessHandle: HANDLE,
BaseAddress: *mut PVOID,
RegionSize: PSIZE_T,
NewProtect: ULONG,
OldProtect: PULONG,
) -> NTSTATUS;
fn NtQueryVirtualMemory(
ProcessHandle: HANDLE,
BaseAddress: PVOID,
MemoryInformationClass: MEMORY_INFORMATION_CLASS,
MemoryInformation: PVOID,
MemoryInformationLength: SIZE_T,
ReturnLength: PSIZE_T,
) -> NTSTATUS;
}}
ENUM!{enum VIRTUAL_MEMORY_INFORMATION_CLASS {
VmPrefetchInformation = 0,
VmPagePriorityInformation = 1,
VmCfgCallTargetInformation = 2,
VmPageDirtyStateInformation = 3,
}}
STRUCT!{struct MEMORY_RANGE_ENTRY {
VirtualAddress: PVOID,
NumberOfBytes: SIZE_T,
}}
pub type PMEMORY_RANGE_ENTRY = *mut MEMORY_RANGE_ENTRY;
STRUCT!{struct CFG_CALL_TARGET_LIST_INFORMATION {
NumberOfEntries: ULONG,
Reserved: ULONG,
NumberOfEntriesProcessed: PULONG,
CallTargetInfo: PCFG_CALL_TARGET_INFO,
Section: PVOID,
FileOffset: ULONGLONG,
}}
pub type PCFG_CALL_TARGET_LIST_INFORMATION = *mut CFG_CALL_TARGET_LIST_INFORMATION;
EXTERN!{extern "system" {
fn NtSetInformationVirtualMemory(
ProcessHandle: HANDLE,
VmInformationClass: VIRTUAL_MEMORY_INFORMATION_CLASS,
NumberOfEntries: ULONG_PTR,
VirtualAddresses: PMEMORY_RANGE_ENTRY,
VmInformation: PVOID,
VmInformationLength: ULONG,
) -> NTSTATUS;
fn NtLockVirtualMemory(
ProcessHandle: HANDLE,
BaseAddress: *mut PVOID,
RegionSize: PSIZE_T,
MapType: ULONG,
) -> NTSTATUS;
fn NtUnlockVirtualMemory(
ProcessHandle: HANDLE,
BaseAddress: *mut PVOID,
RegionSize: PSIZE_T,
MapType: ULONG,
) -> NTSTATUS;
fn NtCreateSection(
SectionHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
MaximumSize: PLARGE_INTEGER,
SectionPageProtection: ULONG,
AllocationAttributes: ULONG,
FileHandle: HANDLE,
) -> NTSTATUS;
fn NtCreateSectionEx(
SectionHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
MaximumSize: PLARGE_INTEGER,
SectionPageProtection: ULONG,
AllocationAttributes: ULONG,
FileHandle: HANDLE,
ExtendedParameters: PMEM_EXTENDED_PARAMETER,
ExtendedParameterCount: ULONG,
) -> NTSTATUS;
fn NtOpenSection(
SectionHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn NtMapViewOfSection(
SectionHandle: HANDLE,
ProcessHandle: HANDLE,
BaseAddress: *mut PVOID,
ZeroBits: ULONG_PTR,
CommitSize: SIZE_T,
SectionOffset: PLARGE_INTEGER,
ViewSize: PSIZE_T,
InheritDisposition: SECTION_INHERIT,
AllocationType: ULONG,
Win32Protect: ULONG,
) -> NTSTATUS;
fn NtUnmapViewOfSection(
ProcessHandle: HANDLE,
BaseAddress: PVOID,
) -> NTSTATUS;
fn NtUnmapViewOfSectionEx(
ProcessHandle: HANDLE,
BaseAddress: PVOID,
Flags: ULONG,
) -> NTSTATUS;
fn NtExtendSection(
SectionHandle: HANDLE,
NewSectionSize: PLARGE_INTEGER,
) -> NTSTATUS;
fn NtQuerySection(
SectionHandle: HANDLE,
SectionInformationClass: SECTION_INFORMATION_CLASS,
SectionInformation: PVOID,
SectionInformationLength: SIZE_T,
ReturnLength: PSIZE_T,
) -> NTSTATUS;
fn NtAreMappedFilesTheSame(
File1MappedAsAnImage: PVOID,
File2MappedAsFile: PVOID,
) -> NTSTATUS;
}}
pub const MEMORY_PARTITION_QUERY_ACCESS: u32 = 0x0001;
pub const MEMORY_PARTITION_MODIFY_ACCESS: u32 = 0x0002;
pub const MEMORY_PARTITION_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE
| MEMORY_PARTITION_QUERY_ACCESS | MEMORY_PARTITION_MODIFY_ACCESS;
ENUM!{enum MEMORY_PARTITION_INFORMATION_CLASS {
SystemMemoryPartitionInformation = 0,
SystemMemoryPartitionMoveMemory = 1,
SystemMemoryPartitionAddPagefile = 2,
SystemMemoryPartitionCombineMemory = 3,
SystemMemoryPartitionInitialAddMemory = 4,
SystemMemoryPartitionGetMemoryEvents = 5,
SystemMemoryPartitionMax = 6,
}}
STRUCT!{struct MEMORY_PARTITION_CONFIGURATION_INFORMATION {
Flags: ULONG,
NumaNode: ULONG,
Channel: ULONG,
NumberOfNumaNodes: ULONG,
ResidentAvailablePages: ULONG_PTR,
CommittedPages: ULONG_PTR,
CommitLimit: ULONG_PTR,
PeakCommitment: ULONG_PTR,
TotalNumberOfPages: ULONG_PTR,
AvailablePages: ULONG_PTR,
ZeroPages: ULONG_PTR,
FreePages: ULONG_PTR,
StandbyPages: ULONG_PTR,
StandbyPageCountByPriority: [ULONG_PTR; 8],
RepurposedPagesByPriority: [ULONG_PTR; 8],
MaximumCommitLimit: ULONG_PTR,
DonatedPagesToPartitions: ULONG_PTR,
PartitionId: ULONG,
}}
pub type PMEMORY_PARTITION_CONFIGURATION_INFORMATION =
*mut MEMORY_PARTITION_CONFIGURATION_INFORMATION;
STRUCT!{struct MEMORY_PARTITION_TRANSFER_INFORMATION {
NumberOfPages: ULONG_PTR,
NumaNode: ULONG,
Flags: ULONG,
}}
pub type PMEMORY_PARTITION_TRANSFER_INFORMATION = *mut MEMORY_PARTITION_TRANSFER_INFORMATION;
STRUCT!{struct MEMORY_PARTITION_PAGEFILE_INFORMATION {
PageFileName: UNICODE_STRING,
MinimumSize: LARGE_INTEGER,
MaximumSize: LARGE_INTEGER,
Flags: ULONG,
}}
pub type PMEMORY_PARTITION_PAGEFILE_INFORMATION = *mut MEMORY_PARTITION_PAGEFILE_INFORMATION;
STRUCT!{struct MEMORY_PARTITION_PAGE_COMBINE_INFORMATION {
StopHandle: HANDLE,
Flags: ULONG,
TotalNumberOfPages: ULONG_PTR,
}}
pub type PMEMORY_PARTITION_PAGE_COMBINE_INFORMATION =
*mut MEMORY_PARTITION_PAGE_COMBINE_INFORMATION;
STRUCT!{struct MEMORY_PARTITION_PAGE_RANGE {
StartPage: ULONG_PTR,
NumberOfPages: ULONG_PTR,
}}
pub type PMEMORY_PARTITION_PAGE_RANGE = *mut MEMORY_PARTITION_PAGE_RANGE;
STRUCT!{struct MEMORY_PARTITION_INITIAL_ADD_INFORMATION {
Flags: ULONG,
NumberOfRanges: ULONG,
NumberOfPagesAdded: ULONG_PTR,
PartitionRanges: [MEMORY_PARTITION_PAGE_RANGE; 1],
}}
pub type PMEMORY_PARTITION_INITIAL_ADD_INFORMATION = *mut MEMORY_PARTITION_INITIAL_ADD_INFORMATION;
STRUCT!{struct MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION {
Flags: ULONG,
HandleAttributes: ULONG,
DesiredAccess: ULONG,
LowCommitCondition: HANDLE,
HighCommitCondition: HANDLE,
MaximumCommitCondition: HANDLE,
}}
BITFIELD!{MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION Flags: ULONG [
CommitEvents set_CommitEvents[0..1],
Spare set_Spare[1..32],
]}
pub type PMEMORY_PARTITION_MEMORY_EVENTS_INFORMATION =
*mut MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION;
EXTERN!{extern "system" {
fn NtCreatePartition(
PartitionHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
PreferredNode: ULONG,
) -> NTSTATUS;
fn NtOpenPartition(
PartitionHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn NtManagePartition(
PartitionInformationClass: MEMORY_PARTITION_INFORMATION_CLASS,
PartitionInformation: PVOID,
PartitionInformationLength: ULONG,
) -> NTSTATUS;
fn NtMapUserPhysicalPages(
VirtualAddress: PVOID,
NumberOfPages: ULONG_PTR,
UserPfnArray: PULONG_PTR,
) -> NTSTATUS;
fn NtMapUserPhysicalPagesScatter(
VirtualAddresses: *mut PVOID,
NumberOfPages: ULONG_PTR,
UserPfnArray: PULONG_PTR,
) -> NTSTATUS;
fn NtAllocateUserPhysicalPages(
ProcessHandle: HANDLE,
NumberOfPages: PULONG_PTR,
UserPfnArray: PULONG_PTR,
) -> NTSTATUS;
fn NtFreeUserPhysicalPages(
ProcessHandle: HANDLE,
NumberOfPages: PULONG_PTR,
UserPfnArray: PULONG_PTR,
) -> NTSTATUS;
fn NtOpenSession(
SessionHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn NtGetWriteWatch(
ProcessHandle: HANDLE,
Flags: ULONG,
BaseAddress: PVOID,
RegionSize: SIZE_T,
UserAddressArray: *mut PVOID,
EntriesInUserAddressArray: PULONG_PTR,
Granularity: PULONG,
) -> NTSTATUS;
fn NtResetWriteWatch(
ProcessHandle: HANDLE,
BaseAddress: PVOID,
RegionSize: SIZE_T,
) -> NTSTATUS;
fn NtCreatePagingFile(
PageFileName: PUNICODE_STRING,
MinimumSize: PLARGE_INTEGER,
MaximumSize: PLARGE_INTEGER,
Priority: ULONG,
) -> NTSTATUS;
fn NtFlushInstructionCache(
ProcessHandle: HANDLE,
BaseAddress: PVOID,
Length: SIZE_T,
) -> NTSTATUS;
fn NtFlushWriteBuffer() -> NTSTATUS;
}}

29
vendor/ntapi/src/ntnls.rs vendored Normal file
View File

@@ -0,0 +1,29 @@
use winapi::shared::ntdef::{BOOLEAN, PUSHORT, PVOID, UCHAR, USHORT};
pub const MAXIMUM_LEADBYTES: usize = 12;
STRUCT!{struct CPTABLEINFO {
CodePage: USHORT,
MaximumCharacterSize: USHORT,
DefaultChar: USHORT,
UniDefaultChar: USHORT,
TransDefaultChar: USHORT,
TransUniDefaultChar: USHORT,
DBCSCodePage: USHORT,
LeadByte: [UCHAR; MAXIMUM_LEADBYTES],
MultiByteTable: PUSHORT,
WideCharTable: PVOID,
DBCSRanges: PUSHORT,
DBCSOffsets: PUSHORT,
}}
pub type PCPTABLEINFO = *mut CPTABLEINFO;
STRUCT!{struct NLSTABLEINFO {
OemTableInfo: CPTABLEINFO,
AnsiTableInfo: CPTABLEINFO,
UpperCaseTable: PUSHORT,
LowerCaseTable: PUSHORT,
}}
pub type PNLSTABLEINFO = *mut NLSTABLEINFO;
EXTERN!{extern "C" {
static mut NlsAnsiCodePage: USHORT;
static mut NlsMbCodePageTag: BOOLEAN;
static mut NlsMbOemCodePageTag: BOOLEAN;
}}

226
vendor/ntapi/src/ntobapi.rs vendored Normal file
View File

@@ -0,0 +1,226 @@
use winapi::shared::ntdef::{
BOOLEAN, CHAR, HANDLE, LARGE_INTEGER, LONG, NTSTATUS, PHANDLE, PLARGE_INTEGER,
POBJECT_ATTRIBUTES, PULONG, PUNICODE_STRING, PVOID, UCHAR, ULONG, UNICODE_STRING, WAIT_TYPE,
};
use winapi::um::winnt::{
ACCESS_MASK, GENERIC_MAPPING, PSECURITY_DESCRIPTOR, SECURITY_INFORMATION,
STANDARD_RIGHTS_REQUIRED,
};
pub const OBJECT_TYPE_CREATE: u32 = 0x0001;
pub const OBJECT_TYPE_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | 0x1;
pub const DIRECTORY_QUERY: u32 = 0x0001;
pub const DIRECTORY_TRAVERSE: u32 = 0x0002;
pub const DIRECTORY_CREATE_OBJECT: u32 = 0x0004;
pub const DIRECTORY_CREATE_SUBDIRECTORY: u32 = 0x0008;
pub const DIRECTORY_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | 0xf;
pub const SYMBOLIC_LINK_QUERY: u32 = 0x0001;
pub const SYMBOLIC_LINK_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | 0x1;
pub const OBJ_PROTECT_CLOSE: u32 = 0x00000001;
pub const OBJ_INHERIT: u32 = 0x00000002;
pub const OBJ_AUDIT_OBJECT_CLOSE: u32 = 0x00000004;
ENUM!{enum OBJECT_INFORMATION_CLASS {
ObjectBasicInformation = 0,
ObjectNameInformation = 1,
ObjectTypeInformation = 2,
ObjectTypesInformation = 3,
ObjectHandleFlagInformation = 4,
ObjectSessionInformation = 5,
ObjectSessionObjectInformation = 6,
MaxObjectInfoClass = 7,
}}
STRUCT!{struct OBJECT_BASIC_INFORMATION {
Attributes: ULONG,
GrantedAccess: ACCESS_MASK,
HandleCount: ULONG,
PointerCount: ULONG,
PagedPoolCharge: ULONG,
NonPagedPoolCharge: ULONG,
Reserved: [ULONG; 3],
NameInfoSize: ULONG,
TypeInfoSize: ULONG,
SecurityDescriptorSize: ULONG,
CreationTime: LARGE_INTEGER,
}}
pub type POBJECT_BASIC_INFORMATION = *mut OBJECT_BASIC_INFORMATION;
STRUCT!{struct OBJECT_NAME_INFORMATION {
Name: UNICODE_STRING,
}}
pub type POBJECT_NAME_INFORMATION = *mut OBJECT_NAME_INFORMATION;
STRUCT!{struct OBJECT_TYPE_INFORMATION {
TypeName: UNICODE_STRING,
TotalNumberOfObjects: ULONG,
TotalNumberOfHandles: ULONG,
TotalPagedPoolUsage: ULONG,
TotalNonPagedPoolUsage: ULONG,
TotalNamePoolUsage: ULONG,
TotalHandleTableUsage: ULONG,
HighWaterNumberOfObjects: ULONG,
HighWaterNumberOfHandles: ULONG,
HighWaterPagedPoolUsage: ULONG,
HighWaterNonPagedPoolUsage: ULONG,
HighWaterNamePoolUsage: ULONG,
HighWaterHandleTableUsage: ULONG,
InvalidAttributes: ULONG,
GenericMapping: GENERIC_MAPPING,
ValidAccessMask: ULONG,
SecurityRequired: BOOLEAN,
MaintainHandleCount: BOOLEAN,
TypeIndex: UCHAR,
ReservedByte: CHAR,
PoolType: ULONG,
DefaultPagedPoolCharge: ULONG,
DefaultNonPagedPoolCharge: ULONG,
}}
pub type POBJECT_TYPE_INFORMATION = *mut OBJECT_TYPE_INFORMATION;
STRUCT!{struct OBJECT_TYPES_INFORMATION {
NumberOfTypes: ULONG,
}}
pub type POBJECT_TYPES_INFORMATION = *mut OBJECT_TYPES_INFORMATION;
STRUCT!{struct OBJECT_HANDLE_FLAG_INFORMATION {
Inherit: BOOLEAN,
ProtectFromClose: BOOLEAN,
}}
pub type POBJECT_HANDLE_FLAG_INFORMATION = *mut OBJECT_HANDLE_FLAG_INFORMATION;
EXTERN!{extern "system" {
fn NtQueryObject(
Handle: HANDLE,
ObjectInformationClass: OBJECT_INFORMATION_CLASS,
ObjectInformation: PVOID,
ObjectInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn NtSetInformationObject(
Handle: HANDLE,
ObjectInformationClass: OBJECT_INFORMATION_CLASS,
ObjectInformation: PVOID,
ObjectInformationLength: ULONG,
) -> NTSTATUS;
}}
pub const DUPLICATE_CLOSE_SOURCE: u32 = 0x00000001;
pub const DUPLICATE_SAME_ACCESS: u32 = 0x00000002;
pub const DUPLICATE_SAME_ATTRIBUTES: u32 = 0x00000004;
EXTERN!{extern "system" {
fn NtDuplicateObject(
SourceProcessHandle: HANDLE,
SourceHandle: HANDLE,
TargetProcessHandle: HANDLE,
TargetHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
HandleAttributes: ULONG,
Options: ULONG,
) -> NTSTATUS;
fn NtMakeTemporaryObject(
Handle: HANDLE,
) -> NTSTATUS;
fn NtMakePermanentObject(
Handle: HANDLE,
) -> NTSTATUS;
fn NtSignalAndWaitForSingleObject(
SignalHandle: HANDLE,
WaitHandle: HANDLE,
Alertable: BOOLEAN,
Timeout: PLARGE_INTEGER,
) -> NTSTATUS;
fn NtWaitForSingleObject(
Handle: HANDLE,
Alertable: BOOLEAN,
Timeout: PLARGE_INTEGER,
) -> NTSTATUS;
fn NtWaitForMultipleObjects(
Count: ULONG,
Handles: *mut HANDLE,
WaitType: WAIT_TYPE,
Alertable: BOOLEAN,
Timeout: PLARGE_INTEGER,
) -> NTSTATUS;
fn NtWaitForMultipleObjects32(
Count: ULONG,
Handles: *mut LONG,
WaitType: WAIT_TYPE,
Alertable: BOOLEAN,
Timeout: PLARGE_INTEGER,
) -> NTSTATUS;
fn NtSetSecurityObject(
Handle: HANDLE,
SecurityInformation: SECURITY_INFORMATION,
SecurityDescriptor: PSECURITY_DESCRIPTOR,
) -> NTSTATUS;
fn NtQuerySecurityObject(
Handle: HANDLE,
SecurityInformation: SECURITY_INFORMATION,
SecurityDescriptor: PSECURITY_DESCRIPTOR,
Length: ULONG,
LengthNeeded: PULONG,
) -> NTSTATUS;
fn NtClose(
Handle: HANDLE,
) -> NTSTATUS;
fn NtCompareObjects(
FirstObjectHandle: HANDLE,
SecondObjectHandle: HANDLE,
) -> NTSTATUS;
fn NtCreateDirectoryObject(
DirectoryHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn NtCreateDirectoryObjectEx(
DirectoryHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
ShadowDirectoryHandle: HANDLE,
Flags: ULONG,
) -> NTSTATUS;
fn NtOpenDirectoryObject(
DirectoryHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
}}
STRUCT!{struct OBJECT_DIRECTORY_INFORMATION {
Name: UNICODE_STRING,
TypeName: UNICODE_STRING,
}}
pub type POBJECT_DIRECTORY_INFORMATION = *mut OBJECT_DIRECTORY_INFORMATION;
EXTERN!{extern "system" {
fn NtQueryDirectoryObject(
DirectoryHandle: HANDLE,
Buffer: PVOID,
Length: ULONG,
ReturnSingleEntry: BOOLEAN,
RestartScan: BOOLEAN,
Context: PULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn NtCreatePrivateNamespace(
NamespaceHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
BoundaryDescriptor: PVOID,
) -> NTSTATUS;
fn NtOpenPrivateNamespace(
NamespaceHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
BoundaryDescriptor: PVOID,
) -> NTSTATUS;
fn NtDeletePrivateNamespace(
NamespaceHandle: HANDLE,
) -> NTSTATUS;
fn NtCreateSymbolicLinkObject(
LinkHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
LinkTarget: PUNICODE_STRING,
) -> NTSTATUS;
fn NtOpenSymbolicLinkObject(
LinkHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn NtQuerySymbolicLinkObject(
LinkHandle: HANDLE,
LinkTarget: PUNICODE_STRING,
ReturnedLength: PULONG,
) -> NTSTATUS;
}}

431
vendor/ntapi/src/ntpebteb.rs vendored Normal file
View File

@@ -0,0 +1,431 @@
use core::mem::size_of;
use crate::ntapi_base::CLIENT_ID;
use crate::ntpsapi::{GDI_HANDLE_BUFFER, PPEB_LDR_DATA};
use crate::ntrtl::PRTL_USER_PROCESS_PARAMETERS;
use winapi::shared::basetsd::{SIZE_T, ULONG_PTR};
use winapi::shared::guiddef::GUID;
use winapi::shared::ntdef::{
BOOLEAN, CHAR, HANDLE, LCID, LIST_ENTRY, LONG, NTSTATUS, PROCESSOR_NUMBER, PSTR, PVOID, UCHAR,
ULARGE_INTEGER, ULONG, ULONGLONG, UNICODE_STRING, USHORT, WCHAR,
};
use winapi::um::winnt::{
ACTIVATION_CONTEXT, FLS_MAXIMUM_AVAILABLE, NT_TIB, PRTL_CRITICAL_SECTION, PSLIST_HEADER,
};
STRUCT!{struct RTL_ACTIVATION_CONTEXT_STACK_FRAME {
Previous: PRTL_ACTIVATION_CONTEXT_STACK_FRAME,
ActivationContext: *mut ACTIVATION_CONTEXT,
Flags: ULONG,
}}
pub type PRTL_ACTIVATION_CONTEXT_STACK_FRAME = *mut RTL_ACTIVATION_CONTEXT_STACK_FRAME;
STRUCT!{struct ACTIVATION_CONTEXT_STACK {
ActiveFrame: *mut RTL_ACTIVATION_CONTEXT_STACK_FRAME,
FrameListCache: LIST_ENTRY,
Flags: ULONG,
NextCookieSequenceNumber: ULONG,
StackId: ULONG,
}}
pub type PACTIVATION_CONTEXT_STACK = *mut ACTIVATION_CONTEXT_STACK;
STRUCT!{struct API_SET_NAMESPACE {
Version: ULONG,
Size: ULONG,
Flags: ULONG,
Count: ULONG,
EntryOffset: ULONG,
HashOffset: ULONG,
HashFactor: ULONG,
}}
pub type PAPI_SET_NAMESPACE = *mut API_SET_NAMESPACE;
STRUCT!{struct API_SET_HASH_ENTRY {
Hash: ULONG,
Index: ULONG,
}}
pub type PAPI_SET_HASH_ENTRY = *mut API_SET_HASH_ENTRY;
STRUCT!{struct API_SET_NAMESPACE_ENTRY {
Flags: ULONG,
NameOffset: ULONG,
NameLength: ULONG,
HashedLength: ULONG,
ValueOffset: ULONG,
ValueCount: ULONG,
}}
pub type PAPI_SET_NAMESPACE_ENTRY = *mut API_SET_NAMESPACE_ENTRY;
STRUCT!{struct API_SET_VALUE_ENTRY {
Flags: ULONG,
NameOffset: ULONG,
NameLength: ULONG,
ValueOffset: ULONG,
ValueLength: ULONG,
}}
pub type PAPI_SET_VALUE_ENTRY = *mut API_SET_VALUE_ENTRY;
UNION!{union PEB_u {
KernelCallbackTable: PVOID,
UserSharedInfoPtr: PVOID,
}}
#[repr(C)]
pub struct LEAP_SECOND_DATA([u8; 0]); //fixme
STRUCT!{struct PEB {
InheritedAddressSpace: BOOLEAN,
ReadImageFileExecOptions: BOOLEAN,
BeingDebugged: BOOLEAN,
BitField: BOOLEAN,
Mutant: HANDLE,
ImageBaseAddress: PVOID,
Ldr: PPEB_LDR_DATA,
ProcessParameters: PRTL_USER_PROCESS_PARAMETERS,
SubSystemData: PVOID,
ProcessHeap: PVOID,
FastPebLock: PRTL_CRITICAL_SECTION,
IFEOKey: PVOID,
AtlThunkSListPtr: PSLIST_HEADER,
CrossProcessFlags: ULONG,
u: PEB_u,
SystemReserved: [ULONG; 1],
AtlThunkSListPtr32: ULONG,
ApiSetMap: PAPI_SET_NAMESPACE,
TlsExpansionCounter: ULONG,
TlsBitmap: PVOID,
TlsBitmapBits: [ULONG; 2],
ReadOnlySharedMemoryBase: PVOID,
SharedData: PVOID,
ReadOnlyStaticServerData: *mut PVOID,
AnsiCodePageData: PVOID,
OemCodePageData: PVOID,
UnicodeCaseTableData: PVOID,
NumberOfProcessors: ULONG,
NtGlobalFlag: ULONG,
CriticalSectionTimeout: ULARGE_INTEGER,
HeapSegmentReserve: SIZE_T,
HeapSegmentCommit: SIZE_T,
HeapDeCommitTotalFreeThreshold: SIZE_T,
HeapDeCommitFreeBlockThreshold: SIZE_T,
NumberOfHeaps: ULONG,
MaximumNumberOfHeaps: ULONG,
ProcessHeaps: *mut PVOID,
GdiSharedHandleTable: PVOID,
ProcessStarterHelper: PVOID,
GdiDCAttributeList: ULONG,
LoaderLock: PRTL_CRITICAL_SECTION,
OSMajorVersion: ULONG,
OSMinorVersion: ULONG,
OSBuildNumber: USHORT,
OSCSDVersion: USHORT,
OSPlatformId: ULONG,
ImageSubsystem: ULONG,
ImageSubsystemMajorVersion: ULONG,
ImageSubsystemMinorVersion: ULONG,
ActiveProcessAffinityMask: ULONG_PTR,
GdiHandleBuffer: GDI_HANDLE_BUFFER,
PostProcessInitRoutine: PVOID,
TlsExpansionBitmap: PVOID,
TlsExpansionBitmapBits: [ULONG; 32],
SessionId: ULONG,
AppCompatFlags: ULARGE_INTEGER,
AppCompatFlagsUser: ULARGE_INTEGER,
pShimData: PVOID,
AppCompatInfo: PVOID,
CSDVersion: UNICODE_STRING,
ActivationContextData: PVOID,
ProcessAssemblyStorageMap: PVOID,
SystemDefaultActivationContextData: PVOID,
SystemAssemblyStorageMap: PVOID,
MinimumStackCommit: SIZE_T,
FlsCallback: *mut PVOID,
FlsListHead: LIST_ENTRY,
FlsBitmap: PVOID,
FlsBitmapBits: [ULONG; FLS_MAXIMUM_AVAILABLE as usize / (size_of::<ULONG>() * 8)],
FlsHighIndex: ULONG,
WerRegistrationData: PVOID,
WerShipAssertPtr: PVOID,
pUnused: PVOID,
pImageHeaderHash: PVOID,
TracingFlags: ULONG,
CsrServerReadOnlySharedMemoryBase: ULONGLONG,
TppWorkerpListLock: PRTL_CRITICAL_SECTION,
TppWorkerpList: LIST_ENTRY,
WaitOnAddressHashTable: [PVOID; 128],
TelemetryCoverageHeader: PVOID,
CloudFileFlags: ULONG,
CloudFileDiagFlags: ULONG,
PlaceholderCompatibilityMode: CHAR,
PlaceholderCompatibilityModeReserved: [CHAR; 7],
LeapSecondData: *mut LEAP_SECOND_DATA,
LeapSecondFlags: ULONG,
NtGlobalFlag2: ULONG,
}}
BITFIELD!{PEB BitField: BOOLEAN [
ImageUsesLargePages set_ImageUsesLargePages[0..1],
IsProtectedProcess set_IsProtectedProcess[1..2],
IsImageDynamicallyRelocated set_IsImageDynamicallyRelocated[2..3],
SkipPatchingUser32Forwarders set_SkipPatchingUser32Forwarders[3..4],
IsPackagedProcess set_IsPackagedProcess[4..5],
IsAppContainer set_IsAppContainer[5..6],
IsProtectedProcessLight set_IsProtectedProcessLight[6..7],
IsLongPathAwareProcess set_IsLongPathAwareProcess[7..8],
]}
BITFIELD!{PEB CrossProcessFlags: ULONG [
ProcessInJob set_ProcessInJob[0..1],
ProcessInitializing set_ProcessInitializing[1..2],
ProcessUsingVEH set_ProcessUsingVEH[2..3],
ProcessUsingVCH set_ProcessUsingVCH[3..4],
ProcessUsingFTH set_ProcessUsingFTH[4..5],
ProcessPreviouslyThrottled set_ProcessPreviouslyThrottled[5..6],
ProcessCurrentlyThrottled set_ProcessCurrentlyThrottled[6..7],
ProcessImagesHotPatched set_ProcessImagesHotPatched[7..8],
ReservedBits0 set_ReservedBits0[8..32],
]}
BITFIELD!{PEB TracingFlags: ULONG [
HeapTracingEnabled set_HeapTracingEnabled[0..1],
CritSecTracingEnabled set_CritSecTracingEnabled[1..2],
LibLoaderTracingEnabled set_LibLoaderTracingEnabled[2..3],
SpareTracingBits set_SpareTracingBits[3..32],
]}
BITFIELD!{PEB LeapSecondFlags: ULONG [
SixtySecondEnabled set_SixtySecondEnabled[0..1],
Reserved set_Reserved[1..32],
]}
pub type PPEB = *mut PEB;
pub const GDI_BATCH_BUFFER_SIZE: usize = 310;
STRUCT!{struct GDI_TEB_BATCH {
Offset: ULONG,
HDC: ULONG_PTR,
Buffer: [ULONG; GDI_BATCH_BUFFER_SIZE],
}}
pub type PGDI_TEB_BATCH = *mut GDI_TEB_BATCH;
STRUCT!{struct TEB_ACTIVE_FRAME_CONTEXT {
Flags: ULONG,
FrameName: PSTR,
}}
pub type PTEB_ACTIVE_FRAME_CONTEXT = *mut TEB_ACTIVE_FRAME_CONTEXT;
STRUCT!{struct TEB_ACTIVE_FRAME {
Flags: ULONG,
Previous: *mut TEB_ACTIVE_FRAME,
Context: PTEB_ACTIVE_FRAME_CONTEXT,
}}
pub type PTEB_ACTIVE_FRAME = *mut TEB_ACTIVE_FRAME;
STRUCT!{struct TEB_u_s {
ReservedPad0: UCHAR,
ReservedPad1: UCHAR,
ReservedPad2: UCHAR,
IdealProcessor: UCHAR,
}}
UNION!{union TEB_u {
CurrentIdealProcessor: PROCESSOR_NUMBER,
IdealProcessorValue: ULONG,
s: TEB_u_s,
}}
#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
STRUCT!{struct TEB {
NtTib: NT_TIB,
EnvironmentPointer: PVOID,
ClientId: CLIENT_ID,
ActiveRpcHandle: PVOID,
ThreadLocalStoragePointer: PVOID,
ProcessEnvironmentBlock: PPEB,
LastErrorValue: ULONG,
CountOfOwnedCriticalSections: ULONG,
CsrClientThread: PVOID,
Win32ThreadInfo: PVOID,
User32Reserved: [ULONG; 26],
UserReserved: [ULONG; 5],
WOW32Reserved: PVOID,
CurrentLocale: LCID,
FpSoftwareStatusRegister: ULONG,
ReservedForDebuggerInstrumentation: [PVOID; 16],
SystemReserved1: [PVOID; 30],
PlaceholderCompatibilityMode: CHAR,
PlaceholderReserved: [CHAR; 11],
ProxiedProcessId: ULONG,
ActivationStack: ACTIVATION_CONTEXT_STACK,
WorkingOnBehalfTicket: [UCHAR; 8],
ExceptionCode: NTSTATUS,
ActivationContextStackPointer: PACTIVATION_CONTEXT_STACK,
InstrumentationCallbackSp: ULONG_PTR,
InstrumentationCallbackPreviousPc: ULONG_PTR,
InstrumentationCallbackPreviousSp: ULONG_PTR,
TxFsContext: ULONG,
InstrumentationCallbackDisabled: BOOLEAN,
GdiTebBatch: GDI_TEB_BATCH,
RealClientId: CLIENT_ID,
GdiCachedProcessHandle: HANDLE,
GdiClientPID: ULONG,
GdiClientTID: ULONG,
GdiThreadLocalInfo: PVOID,
Win32ClientInfo: [ULONG_PTR; 62],
glDispatchTable: [PVOID; 233],
glReserved1: [ULONG_PTR; 29],
glReserved2: PVOID,
glSectionInfo: PVOID,
glSection: PVOID,
glTable: PVOID,
glCurrentRC: PVOID,
glContext: PVOID,
LastStatusValue: NTSTATUS,
StaticUnicodeString: UNICODE_STRING,
StaticUnicodeBuffer: [WCHAR; 261],
DeallocationStack: PVOID,
TlsSlots: [PVOID; 64],
TlsLinks: LIST_ENTRY,
Vdm: PVOID,
ReservedForNtRpc: PVOID,
DbgSsReserved: [PVOID; 2],
HardErrorMode: ULONG,
Instrumentation: [PVOID; 11],
ActivityId: GUID,
SubProcessTag: PVOID,
PerflibData: PVOID,
EtwTraceData: PVOID,
WinSockData: PVOID,
GdiBatchCount: ULONG,
u: TEB_u,
GuaranteedStackBytes: ULONG,
ReservedForPerf: PVOID,
ReservedForOle: PVOID,
WaitingOnLoaderLock: ULONG,
SavedPriorityState: PVOID,
ReservedForCodeCoverage: ULONG_PTR,
ThreadPoolData: PVOID,
TlsExpansionSlots: *mut PVOID,
DeallocationBStore: PVOID,
BStoreLimit: PVOID,
MuiGeneration: ULONG,
IsImpersonating: ULONG,
NlsCache: PVOID,
pShimData: PVOID,
HeapVirtualAffinity: USHORT,
LowFragHeapDataSlot: USHORT,
CurrentTransactionHandle: HANDLE,
ActiveFrame: PTEB_ACTIVE_FRAME,
FlsData: PVOID,
PreferredLanguages: PVOID,
UserPrefLanguages: PVOID,
MergedPrefLanguages: PVOID,
MuiImpersonation: ULONG,
CrossTebFlags: USHORT,
SameTebFlags: USHORT,
TxnScopeEnterCallback: PVOID,
TxnScopeExitCallback: PVOID,
TxnScopeContext: PVOID,
LockCount: ULONG,
WowTebOffset: LONG,
ResourceRetValue: PVOID,
ReservedForWdf: PVOID,
ReservedForCrt: ULONGLONG,
EffectiveContainerId: GUID,
}}
#[cfg(target_arch = "x86")]
STRUCT!{struct TEB {
NtTib: NT_TIB,
EnvironmentPointer: PVOID,
ClientId: CLIENT_ID,
ActiveRpcHandle: PVOID,
ThreadLocalStoragePointer: PVOID,
ProcessEnvironmentBlock: PPEB,
LastErrorValue: ULONG,
CountOfOwnedCriticalSections: ULONG,
CsrClientThread: PVOID,
Win32ThreadInfo: PVOID,
User32Reserved: [ULONG; 26],
UserReserved: [ULONG; 5],
WOW32Reserved: PVOID,
CurrentLocale: LCID,
FpSoftwareStatusRegister: ULONG,
ReservedForDebuggerInstrumentation: [PVOID; 16],
SystemReserved1: [PVOID; 26],
PlaceholderCompatibilityMode: CHAR,
PlaceholderReserved: [CHAR; 11],
ProxiedProcessId: ULONG,
ActivationStack: ACTIVATION_CONTEXT_STACK,
WorkingOnBehalfTicket: [UCHAR; 8],
ExceptionCode: NTSTATUS,
ActivationContextStackPointer: PACTIVATION_CONTEXT_STACK,
InstrumentationCallbackSp: ULONG_PTR,
InstrumentationCallbackPreviousPc: ULONG_PTR,
InstrumentationCallbackPreviousSp: ULONG_PTR,
InstrumentationCallbackDisabled: BOOLEAN,
SpareBytes: [UCHAR; 23],
TxFsContext: ULONG,
GdiTebBatch: GDI_TEB_BATCH,
RealClientId: CLIENT_ID,
GdiCachedProcessHandle: HANDLE,
GdiClientPID: ULONG,
GdiClientTID: ULONG,
GdiThreadLocalInfo: PVOID,
Win32ClientInfo: [ULONG_PTR; 62],
glDispatchTable: [PVOID; 233],
glReserved1: [ULONG_PTR; 29],
glReserved2: PVOID,
glSectionInfo: PVOID,
glSection: PVOID,
glTable: PVOID,
glCurrentRC: PVOID,
glContext: PVOID,
LastStatusValue: NTSTATUS,
StaticUnicodeString: UNICODE_STRING,
StaticUnicodeBuffer: [WCHAR; 261],
DeallocationStack: PVOID,
TlsSlots: [PVOID; 64],
TlsLinks: LIST_ENTRY,
Vdm: PVOID,
ReservedForNtRpc: PVOID,
DbgSsReserved: [PVOID; 2],
HardErrorMode: ULONG,
Instrumentation: [PVOID; 9],
ActivityId: GUID,
SubProcessTag: PVOID,
PerflibData: PVOID,
EtwTraceData: PVOID,
WinSockData: PVOID,
GdiBatchCount: ULONG,
u: TEB_u,
GuaranteedStackBytes: ULONG,
ReservedForPerf: PVOID,
ReservedForOle: PVOID,
WaitingOnLoaderLock: ULONG,
SavedPriorityState: PVOID,
ReservedForCodeCoverage: ULONG_PTR,
ThreadPoolData: PVOID,
TlsExpansionSlots: *mut PVOID,
MuiGeneration: ULONG,
IsImpersonating: ULONG,
NlsCache: PVOID,
pShimData: PVOID,
HeapVirtualAffinity: USHORT,
LowFragHeapDataSlot: USHORT,
CurrentTransactionHandle: HANDLE,
ActiveFrame: PTEB_ACTIVE_FRAME,
FlsData: PVOID,
PreferredLanguages: PVOID,
UserPrefLanguages: PVOID,
MergedPrefLanguages: PVOID,
MuiImpersonation: ULONG,
CrossTebFlags: USHORT,
SameTebFlags: USHORT,
TxnScopeEnterCallback: PVOID,
TxnScopeExitCallback: PVOID,
TxnScopeContext: PVOID,
LockCount: ULONG,
WowTebOffset: LONG,
ResourceRetValue: PVOID,
ReservedForWdf: PVOID,
ReservedForCrt: ULONGLONG,
EffectiveContainerId: GUID,
}}
BITFIELD!{TEB SameTebFlags: USHORT [
SafeThunkCall set_SafeThunkCall[0..1],
InDebugPrint set_InDebugPrint[1..2],
HasFiberData set_HasFiberData[2..3],
SkipThreadAttach set_SkipThreadAttach[3..4],
WerInShipAssertCode set_WerInShipAssertCode[4..5],
RanProcessInit set_RanProcessInit[5..6],
ClonedThread set_ClonedThread[6..7],
SuppressDebugMsg set_SuppressDebugMsg[7..8],
DisableUserStackWalk set_DisableUserStackWalk[8..9],
RtlExceptionAttached set_RtlExceptionAttached[9..10],
InitialThread set_InitialThread[10..11],
SessionAware set_SessionAware[11..12],
LoadOwner set_LoadOwner[12..13],
LoaderWorker set_LoaderWorker[13..14],
SkipLoaderInit set_SkipLoaderInit[14..15],
SpareSameTebBits set_SpareSameTebBits[15..16],
]}
pub type PTEB = *mut TEB;

219
vendor/ntapi/src/ntpfapi.rs vendored Normal file
View File

@@ -0,0 +1,219 @@
use crate::ntexapi::SYSTEM_MEMORY_LIST_INFORMATION;
use crate::ntmmapi::MMPFN_IDENTITY;
use winapi::shared::basetsd::{SIZE_T, ULONG_PTR};
use winapi::shared::ntdef::{CHAR, LONGLONG, PVOID, ULONG, ULONGLONG, WCHAR};
ENUM!{enum PF_BOOT_PHASE_ID {
PfKernelInitPhase = 0,
PfBootDriverInitPhase = 90,
PfSystemDriverInitPhase = 120,
PfSessionManagerInitPhase = 150,
PfSMRegistryInitPhase = 180,
PfVideoInitPhase = 210,
PfPostVideoInitPhase = 240,
PfBootAcceptedRegistryInitPhase = 270,
PfUserShellReadyPhase = 300,
PfMaxBootPhaseId = 900,
}}
ENUM!{enum PF_ENABLE_STATUS {
PfSvNotSpecified = 0,
PfSvEnabled = 1,
PfSvDisabled = 2,
PfSvMaxEnableStatus = 3,
}}
STRUCT!{struct PF_TRACE_LIMITS {
MaxNumPages: ULONG,
MaxNumSections: ULONG,
TimerPeriod: LONGLONG,
}}
pub type PPF_TRACE_LIMITS = *mut PF_TRACE_LIMITS;
STRUCT!{struct PF_SYSTEM_PREFETCH_PARAMETERS {
EnableStatus: [PF_ENABLE_STATUS; 2],
TraceLimits: [PF_TRACE_LIMITS; 2],
MaxNumActiveTraces: ULONG,
MaxNumSavedTraces: ULONG,
RootDirPath: [WCHAR; 32],
HostingApplicationList: [WCHAR; 128],
}}
pub type PPF_SYSTEM_PREFETCH_PARAMETERS = *mut PF_SYSTEM_PREFETCH_PARAMETERS;
pub const PF_BOOT_CONTROL_VERSION: u32 = 1;
STRUCT!{struct PF_BOOT_CONTROL {
Version: ULONG,
DisableBootPrefetching: ULONG,
}}
pub type PPF_BOOT_CONTROL = *mut PF_BOOT_CONTROL;
ENUM!{enum PREFETCHER_INFORMATION_CLASS {
PrefetcherRetrieveTrace = 1,
PrefetcherSystemParameters = 2,
PrefetcherBootPhase = 3,
PrefetcherRetrieveBootLoaderTrace = 4,
PrefetcherBootControl = 5,
}}
pub const PREFETCHER_INFORMATION_VERSION: ULONG = 23;
pub const PREFETCHER_INFORMATION_MAGIC: ULONG = 0x6b756843;
STRUCT!{struct PREFETCHER_INFORMATION {
Version: ULONG,
Magic: ULONG,
PrefetcherInformationClass: PREFETCHER_INFORMATION_CLASS,
PrefetcherInformation: PVOID,
PrefetcherInformationLength: ULONG,
}}
pub type PPREFETCHER_INFORMATION = *mut PREFETCHER_INFORMATION;
STRUCT!{struct PF_SYSTEM_SUPERFETCH_PARAMETERS {
EnabledComponents: ULONG,
BootID: ULONG,
SavedSectInfoTracesMax: ULONG,
SavedPageAccessTracesMax: ULONG,
ScenarioPrefetchTimeoutStandby: ULONG,
ScenarioPrefetchTimeoutHibernate: ULONG,
}}
pub type PPF_SYSTEM_SUPERFETCH_PARAMETERS = *mut PF_SYSTEM_SUPERFETCH_PARAMETERS;
pub const PF_PFN_PRIO_REQUEST_VERSION: u32 = 1;
pub const PF_PFN_PRIO_REQUEST_QUERY_MEMORY_LIST: u32 = 0x1;
pub const PF_PFN_PRIO_REQUEST_VALID_FLAGS: u32 = 0x1;
STRUCT!{struct PF_PFN_PRIO_REQUEST {
Version: ULONG,
RequestFlags: ULONG,
PfnCount: ULONG_PTR,
MemInfo: SYSTEM_MEMORY_LIST_INFORMATION,
PageData: [MMPFN_IDENTITY; 256],
}}
pub type PPF_PFN_PRIO_REQUEST = *mut PF_PFN_PRIO_REQUEST;
ENUM!{enum PFS_PRIVATE_PAGE_SOURCE_TYPE {
PfsPrivateSourceKernel = 0,
PfsPrivateSourceSession = 1,
PfsPrivateSourceProcess = 2,
PfsPrivateSourceMax = 3,
}}
UNION!{union PFS_PRIVATE_PAGE_SOURCE_u {
SessionId: ULONG,
ProcessId: ULONG,
}}
STRUCT!{struct PFS_PRIVATE_PAGE_SOURCE {
Type: PFS_PRIVATE_PAGE_SOURCE_TYPE,
u: PFS_PRIVATE_PAGE_SOURCE_u,
ImagePathHash: ULONG,
UniqueProcessHash: ULONG_PTR,
}}
UNION!{union PF_PRIVSOURCE_INFO_u {
WsSwapPages: ULONG_PTR,
SessionPagedPoolPages: ULONG_PTR,
StoreSizePages: ULONG_PTR,
}}
pub type PPFS_PRIVATE_PAGE_SOURCE = *mut PFS_PRIVATE_PAGE_SOURCE;
STRUCT!{struct PF_PRIVSOURCE_INFO {
DbInfo: PFS_PRIVATE_PAGE_SOURCE,
EProcess: PVOID,
WsPrivatePages: SIZE_T,
TotalPrivatePages: SIZE_T,
SessionID: ULONG,
ImageName: [CHAR; 16],
u: PF_PRIVSOURCE_INFO_u,
WsTotalPages: ULONG_PTR,
DeepFreezeTimeMs: ULONG,
BitFields: ULONG,
}}
BITFIELD!{PF_PRIVSOURCE_INFO BitFields: ULONG [
ModernApp set_ModernApp[0..1],
DeepFrozen set_DeepFrozen[1..2],
Foreground set_Foreground[2..3],
PerProcessStore set_PerProcessStore[3..4],
Spare set_Spare[4..32],
]}
pub type PPF_PRIVSOURCE_INFO = *mut PF_PRIVSOURCE_INFO;
pub const PF_PRIVSOURCE_QUERY_REQUEST_VERSION: u32 = 3;
STRUCT!{struct PF_PRIVSOURCE_QUERY_REQUEST {
Version: ULONG,
Flags: ULONG,
InfoCount: ULONG,
InfoArray: [PF_PRIVSOURCE_INFO; 1],
}}
pub type PPF_PRIVSOURCE_QUERY_REQUEST = *mut PF_PRIVSOURCE_QUERY_REQUEST;
ENUM!{enum PF_PHASED_SCENARIO_TYPE {
PfScenarioTypeNone = 0,
PfScenarioTypeStandby = 1,
PfScenarioTypeHibernate = 2,
PfScenarioTypeFUS = 3,
PfScenarioTypeMax = 4,
}}
pub const PF_SCENARIO_PHASE_INFO_VERSION: u32 = 4;
STRUCT!{struct PF_SCENARIO_PHASE_INFO {
Version: ULONG,
ScenType: PF_PHASED_SCENARIO_TYPE,
PhaseId: ULONG,
SequenceNumber: ULONG,
Flags: ULONG,
FUSUserId: ULONG,
}}
pub type PPF_SCENARIO_PHASE_INFO = *mut PF_SCENARIO_PHASE_INFO;
STRUCT!{struct PF_MEMORY_LIST_NODE {
Bitfields: ULONGLONG,
StandbyLowPageCount: ULONGLONG,
StandbyMediumPageCount: ULONGLONG,
StandbyHighPageCount: ULONGLONG,
FreePageCount: ULONGLONG,
ModifiedPageCount: ULONGLONG,
}}
BITFIELD!{PF_MEMORY_LIST_NODE Bitfields: ULONGLONG [
Node set_Node[0..8],
Spare set_Spare[8..64],
]}
pub type PPF_MEMORY_LIST_NODE = *mut PF_MEMORY_LIST_NODE;
pub const PF_MEMORY_LIST_INFO_VERSION: u32 = 1;
STRUCT!{struct PF_MEMORY_LIST_INFO {
Version: ULONG,
Size: ULONG,
NodeCount: ULONG,
Nodes: [PF_MEMORY_LIST_NODE; 1],
}}
pub type PPF_MEMORY_LIST_INFO = *mut PF_MEMORY_LIST_INFO;
STRUCT!{struct PF_PHYSICAL_MEMORY_RANGE {
BasePfn: ULONG_PTR,
PageCount: ULONG_PTR,
}}
pub type PPF_PHYSICAL_MEMORY_RANGE = *mut PF_PHYSICAL_MEMORY_RANGE;
pub const PF_PHYSICAL_MEMORY_RANGE_INFO_VERSION: u32 = 1;
STRUCT!{struct PF_PHYSICAL_MEMORY_RANGE_INFO {
Version: ULONG,
RangeCount: ULONG,
Ranges: [PF_PHYSICAL_MEMORY_RANGE; 1],
}}
pub type PPF_PHYSICAL_MEMORY_RANGE_INFO = *mut PF_PHYSICAL_MEMORY_RANGE_INFO;
pub const PF_REPURPOSED_BY_PREFETCH_INFO_VERSION: u32 = 1;
STRUCT!{struct PF_REPURPOSED_BY_PREFETCH_INFO {
Version: ULONG,
RepurposedByPrefetch: ULONG,
}}
pub type PPF_REPURPOSED_BY_PREFETCH_INFO = *mut PF_REPURPOSED_BY_PREFETCH_INFO;
ENUM!{enum SUPERFETCH_INFORMATION_CLASS {
SuperfetchRetrieveTrace = 1,
SuperfetchSystemParameters = 2,
SuperfetchLogEvent = 3,
SuperfetchGenerateTrace = 4,
SuperfetchPrefetch = 5,
SuperfetchPfnQuery = 6,
SuperfetchPfnSetPriority = 7,
SuperfetchPrivSourceQuery = 8,
SuperfetchSequenceNumberQuery = 9,
SuperfetchScenarioPhase = 10,
SuperfetchWorkerPriority = 11,
SuperfetchScenarioQuery = 12,
SuperfetchScenarioPrefetch = 13,
SuperfetchRobustnessControl = 14,
SuperfetchTimeControl = 15,
SuperfetchMemoryListQuery = 16,
SuperfetchMemoryRangesQuery = 17,
SuperfetchTracingControl = 18,
SuperfetchTrimWhileAgingControl = 19,
SuperfetchRepurposedByPrefetch = 20,
SuperfetchInformationMax = 21,
}}
pub const SUPERFETCH_INFORMATION_VERSION: ULONG = 45;
pub const SUPERFETCH_INFORMATION_MAGIC: ULONG = 0x6b756843;
STRUCT!{struct SUPERFETCH_INFORMATION {
Version: ULONG,
Magic: ULONG,
InfoClass: SUPERFETCH_INFORMATION_CLASS,
Data: PVOID,
Length: ULONG,
}}
pub type PSUPERFETCH_INFORMATION = *mut SUPERFETCH_INFORMATION;

118
vendor/ntapi/src/ntpnpapi.rs vendored Normal file
View File

@@ -0,0 +1,118 @@
use winapi::shared::cfg::PNP_VETO_TYPE;
use winapi::shared::guiddef::GUID;
use winapi::shared::ntdef::{HANDLE, NTSTATUS, PULONG, PUNICODE_STRING, PVOID, ULONG, WCHAR};
ENUM!{enum PLUGPLAY_EVENT_CATEGORY {
HardwareProfileChangeEvent = 0,
TargetDeviceChangeEvent = 1,
DeviceClassChangeEvent = 2,
CustomDeviceEvent = 3,
DeviceInstallEvent = 4,
DeviceArrivalEvent = 5,
PowerEvent = 6,
VetoEvent = 7,
BlockedDriverEvent = 8,
InvalidIDEvent = 9,
MaxPlugEventCategory = 10,
}}
pub type PPLUGPLAY_EVENT_CATEGORY = *mut PLUGPLAY_EVENT_CATEGORY;
STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_DeviceClass {
ClassGuid: GUID,
SymbolicLinkName: [WCHAR; 1],
}}
STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_TargetDevice {
DeviceIds: [WCHAR; 1],
}}
STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_InstallDevice {
DeviceId: [WCHAR; 1],
}}
STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_CustomNotification {
NotificationStructure: PVOID,
DeviceIds: [WCHAR; 1],
}}
STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_ProfileNotification {
Notification: PVOID,
}}
STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_PowerNotification {
NotificationCode: ULONG,
NotificationData: ULONG,
}}
STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_VetoNotification {
VetoType: PNP_VETO_TYPE,
DeviceIdVetoNameBuffer: [WCHAR; 1],
}}
STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_BlockedDriverNotification {
BlockedDriverGuid: GUID,
}}
STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_InvalidIDNotification {
ParentId: [WCHAR; 1],
}}
UNION!{union PLUGPLAY_EVENT_BLOCK_u {
DeviceClass: PLUGPLAY_EVENT_BLOCK_u_DeviceClass,
TargetDevice: PLUGPLAY_EVENT_BLOCK_u_TargetDevice,
InstallDevice: PLUGPLAY_EVENT_BLOCK_u_InstallDevice,
CustomNotification: PLUGPLAY_EVENT_BLOCK_u_CustomNotification,
ProfileNotification: PLUGPLAY_EVENT_BLOCK_u_ProfileNotification,
PowerNotification: PLUGPLAY_EVENT_BLOCK_u_PowerNotification,
VetoNotification: PLUGPLAY_EVENT_BLOCK_u_VetoNotification,
BlockedDriverNotification: PLUGPLAY_EVENT_BLOCK_u_BlockedDriverNotification,
InvalidIDNotification: PLUGPLAY_EVENT_BLOCK_u_InvalidIDNotification,
}}
STRUCT!{struct PLUGPLAY_EVENT_BLOCK {
EventGuid: GUID,
EventCategory: PLUGPLAY_EVENT_CATEGORY,
Result: PULONG,
Flags: ULONG,
TotalSize: ULONG,
DeviceObject: PVOID,
u: PLUGPLAY_EVENT_BLOCK_u,
}}
pub type PPLUGPLAY_EVENT_BLOCK = *mut PLUGPLAY_EVENT_BLOCK;
ENUM!{enum PLUGPLAY_CONTROL_CLASS {
PlugPlayControlEnumerateDevice = 0,
PlugPlayControlRegisterNewDevice = 1,
PlugPlayControlDeregisterDevice = 2,
PlugPlayControlInitializeDevice = 3,
PlugPlayControlStartDevice = 4,
PlugPlayControlUnlockDevice = 5,
PlugPlayControlQueryAndRemoveDevice = 6,
PlugPlayControlUserResponse = 7,
PlugPlayControlGenerateLegacyDevice = 8,
PlugPlayControlGetInterfaceDeviceList = 9,
PlugPlayControlProperty = 10,
PlugPlayControlDeviceClassAssociation = 11,
PlugPlayControlGetRelatedDevice = 12,
PlugPlayControlGetInterfaceDeviceAlias = 13,
PlugPlayControlDeviceStatus = 14,
PlugPlayControlGetDeviceDepth = 15,
PlugPlayControlQueryDeviceRelations = 16,
PlugPlayControlTargetDeviceRelation = 17,
PlugPlayControlQueryConflictList = 18,
PlugPlayControlRetrieveDock = 19,
PlugPlayControlResetDevice = 20,
PlugPlayControlHaltDevice = 21,
PlugPlayControlGetBlockedDriverList = 22,
PlugPlayControlGetDeviceInterfaceEnabled = 23,
MaxPlugPlayControl = 24,
}}
pub type PPLUGPLAY_CONTROL_CLASS = *mut PLUGPLAY_CONTROL_CLASS;
EXTERN!{extern "system" {
fn NtGetPlugPlayEvent(
EventHandle: HANDLE,
Context: PVOID,
EventBlock: PPLUGPLAY_EVENT_BLOCK,
EventBufferSize: ULONG,
) -> NTSTATUS;
fn NtPlugPlayControl(
PnPControlClass: PLUGPLAY_CONTROL_CLASS,
PnPControlData: PVOID,
PnPControlDataLength: ULONG,
) -> NTSTATUS;
fn NtSerializeBoot() -> NTSTATUS;
fn NtEnableLastKnownGood() -> NTSTATUS;
fn NtDisableLastKnownGood() -> NTSTATUS;
fn NtReplacePartitionUnit(
TargetInstancePath: PUNICODE_STRING,
SpareInstancePath: PUNICODE_STRING,
Flags: ULONG,
) -> NTSTATUS;
}}

134
vendor/ntapi/src/ntpoapi.rs vendored Normal file
View File

@@ -0,0 +1,134 @@
use winapi::shared::ntdef::{
BOOLEAN, HANDLE, LONG, NTSTATUS, PLONG, PUNICODE_STRING, PVOID, UCHAR, ULONG, UNICODE_STRING,
USHORT,
};
use winapi::um::winnt::{
DEVICE_POWER_STATE, EXECUTION_STATE, LATENCY_TIME, PDEVICE_POWER_STATE, PEXECUTION_STATE,
POWER_ACTION, POWER_INFORMATION_LEVEL, SYSTEM_POWER_STATE,
};
UNION!{union POWER_STATE {
SystemState: SYSTEM_POWER_STATE,
DeviceState: DEVICE_POWER_STATE,
}}
pub type PPOWER_STATE = *mut POWER_STATE;
ENUM!{enum POWER_STATE_TYPE {
SystemPowerState = 0,
DevicePowerState = 1,
}}
pub type PPOWER_STATE_TYPE = *mut POWER_STATE_TYPE;
STRUCT!{struct SYSTEM_POWER_STATE_CONTEXT {
ContextAsUlong: ULONG,
}}
BITFIELD!{SYSTEM_POWER_STATE_CONTEXT ContextAsUlong: ULONG [
Reserved1 set_Reserved1[0..8],
TargetSystemState set_TargetSystemState[8..12],
EffectiveSystemState set_EffectiveSystemState[12..16],
CurrentSystemState set_CurrentSystemState[16..20],
IgnoreHibernationPath set_IgnoreHibernationPath[20..21],
PseudoTransition set_PseudoTransition[21..22],
Reserved2 set_Reserved2[22..32],
]}
pub type PSYSTEM_POWER_STATE_CONTEXT = *mut SYSTEM_POWER_STATE_CONTEXT;
STRUCT!{struct COUNTED_REASON_CONTEXT_u_s {
ResourceFileName: UNICODE_STRING,
ResourceReasonId: USHORT,
StringCount: ULONG,
ReasonStrings: PUNICODE_STRING,
}}
UNION!{union COUNTED_REASON_CONTEXT_u {
s: COUNTED_REASON_CONTEXT_u_s,
SimpleString: UNICODE_STRING,
}}
STRUCT!{struct COUNTED_REASON_CONTEXT {
Version: ULONG,
Flags: ULONG,
u: COUNTED_REASON_CONTEXT_u,
}}
pub type PCOUNTED_REASON_CONTEXT = *mut COUNTED_REASON_CONTEXT;
ENUM!{enum POWER_STATE_HANDLER_TYPE {
PowerStateSleeping1 = 0,
PowerStateSleeping2 = 1,
PowerStateSleeping3 = 2,
PowerStateSleeping4 = 3,
PowerStateShutdownOff = 4,
PowerStateShutdownReset = 5,
PowerStateSleeping4Firmware = 6,
PowerStateMaximum = 7,
}}
pub type PPOWER_STATE_HANDLER_TYPE = *mut POWER_STATE_HANDLER_TYPE;
FN!{stdcall PENTER_STATE_SYSTEM_HANDLER(
SystemContext: PVOID,
) -> NTSTATUS}
FN!{stdcall PENTER_STATE_HANDLER(
Context: PVOID,
SystemHandler: PENTER_STATE_SYSTEM_HANDLER,
SystemContext: PVOID,
NumberProcessors: LONG,
Number: PLONG,
) -> NTSTATUS}
STRUCT!{struct POWER_STATE_HANDLER {
Type: POWER_STATE_HANDLER_TYPE,
RtcWake: BOOLEAN,
Spare: [UCHAR; 3],
Handler: PENTER_STATE_HANDLER,
Context: PVOID,
}}
pub type PPOWER_STATE_HANDLER = *mut POWER_STATE_HANDLER;
FN!{stdcall PENTER_STATE_NOTIFY_HANDLER(
State: POWER_STATE_HANDLER_TYPE,
Context: PVOID,
Entering: BOOLEAN,
) -> NTSTATUS}
STRUCT!{struct POWER_STATE_NOTIFY_HANDLER {
Handler: PENTER_STATE_NOTIFY_HANDLER,
Context: PVOID,
}}
pub type PPOWER_STATE_NOTIFY_HANDLER = *mut POWER_STATE_NOTIFY_HANDLER;
STRUCT!{struct PROCESSOR_POWER_INFORMATION {
Number: ULONG,
MaxMhz: ULONG,
CurrentMhz: ULONG,
MhzLimit: ULONG,
MaxIdleState: ULONG,
CurrentIdleState: ULONG,
}}
pub type PPROCESSOR_POWER_INFORMATION = *mut PROCESSOR_POWER_INFORMATION;
STRUCT!{struct SYSTEM_POWER_INFORMATION {
MaxIdlenessAllowed: ULONG,
Idleness: ULONG,
TimeRemaining: ULONG,
CoolingMode: UCHAR,
}}
pub type PSYSTEM_POWER_INFORMATION = *mut SYSTEM_POWER_INFORMATION;
EXTERN!{extern "system" {
fn NtPowerInformation(
InformationLevel: POWER_INFORMATION_LEVEL,
InputBuffer: PVOID,
InputBufferLength: ULONG,
OutputBuffer: PVOID,
OutputBufferLength: ULONG,
) -> NTSTATUS;
fn NtSetThreadExecutionState(
NewFlags: EXECUTION_STATE,
PreviousFlags: PEXECUTION_STATE,
) -> NTSTATUS;
fn NtRequestWakeupLatency(
latency: LATENCY_TIME,
) -> NTSTATUS;
fn NtInitiatePowerAction(
SystemAction: POWER_ACTION,
LightestSystemState: SYSTEM_POWER_STATE,
Flags: ULONG,
Asynchronous: BOOLEAN,
) -> NTSTATUS;
fn NtSetSystemPowerState(
SystemAction: POWER_ACTION,
LightestSystemState: SYSTEM_POWER_STATE,
Flags: ULONG,
) -> NTSTATUS;
fn NtGetDevicePowerState(
Device: HANDLE,
State: PDEVICE_POWER_STATE,
) -> NTSTATUS;
fn NtIsSystemResumeAutomatic() -> BOOLEAN;
}}

1479
vendor/ntapi/src/ntpsapi.rs vendored Normal file
View File

File diff suppressed because it is too large Load Diff

450
vendor/ntapi/src/ntregapi.rs vendored Normal file
View File

@@ -0,0 +1,450 @@
use crate::ntioapi::{PIO_APC_ROUTINE, PIO_STATUS_BLOCK};
use winapi::shared::ntdef::{
BOOLEAN, HANDLE, LARGE_INTEGER, NTSTATUS, OBJECT_ATTRIBUTES, PHANDLE, POBJECT_ATTRIBUTES,
PULONG, PUNICODE_STRING, PVOID, UCHAR, ULONG, UNICODE_STRING, USHORT, WCHAR,
};
use winapi::um::winnt::ACCESS_MASK;
pub const REG_INIT_BOOT_SM: USHORT = 0x0000;
pub const REG_INIT_BOOT_SETUP: USHORT = 0x0001;
pub const REG_INIT_BOOT_ACCEPTED_BASE: USHORT = 0x0002;
pub const REG_INIT_BOOT_ACCEPTED_MAX: USHORT = REG_INIT_BOOT_ACCEPTED_BASE;
pub const REG_MAX_KEY_VALUE_NAME_LENGTH: u32 = 32767;
pub const REG_MAX_KEY_NAME_LENGTH: u32 = 512;
ENUM!{enum KEY_INFORMATION_CLASS {
KeyBasicInformation = 0,
KeyNodeInformation = 1,
KeyFullInformation = 2,
KeyNameInformation = 3,
KeyCachedInformation = 4,
KeyFlagsInformation = 5,
KeyVirtualizationInformation = 6,
KeyHandleTagsInformation = 7,
KeyTrustInformation = 8,
KeyLayerInformation = 9,
MaxKeyInfoClass = 10,
}}
STRUCT!{struct KEY_BASIC_INFORMATION {
LastWriteTime: LARGE_INTEGER,
TitleIndex: ULONG,
NameLength: ULONG,
Name: [WCHAR; 1],
}}
pub type PKEY_BASIC_INFORMATION = *mut KEY_BASIC_INFORMATION;
STRUCT!{struct KEY_NODE_INFORMATION {
LastWriteTime: LARGE_INTEGER,
TitleIndex: ULONG,
ClassOffset: ULONG,
ClassLength: ULONG,
NameLength: ULONG,
Name: [WCHAR; 1],
}}
pub type PKEY_NODE_INFORMATION = *mut KEY_NODE_INFORMATION;
STRUCT!{struct KEY_FULL_INFORMATION {
LastWriteTime: LARGE_INTEGER,
TitleIndex: ULONG,
ClassOffset: ULONG,
ClassLength: ULONG,
SubKeys: ULONG,
MaxNameLen: ULONG,
MaxClassLen: ULONG,
Values: ULONG,
MaxValueNameLen: ULONG,
MaxValueDataLen: ULONG,
Class: [WCHAR; 1],
}}
pub type PKEY_FULL_INFORMATION = *mut KEY_FULL_INFORMATION;
STRUCT!{struct KEY_NAME_INFORMATION {
NameLength: ULONG,
Name: [WCHAR; 1],
}}
pub type PKEY_NAME_INFORMATION = *mut KEY_NAME_INFORMATION;
STRUCT!{struct KEY_CACHED_INFORMATION {
LastWriteTime: LARGE_INTEGER,
TitleIndex: ULONG,
SubKeys: ULONG,
MaxNameLen: ULONG,
Values: ULONG,
MaxValueNameLen: ULONG,
MaxValueDataLen: ULONG,
NameLength: ULONG,
Name: [WCHAR; 1],
}}
pub type PKEY_CACHED_INFORMATION = *mut KEY_CACHED_INFORMATION;
STRUCT!{struct KEY_FLAGS_INFORMATION {
UserFlags: ULONG,
}}
pub type PKEY_FLAGS_INFORMATION = *mut KEY_FLAGS_INFORMATION;
STRUCT!{struct KEY_VIRTUALIZATION_INFORMATION {
Bitfields: ULONG,
}}
BITFIELD!{KEY_VIRTUALIZATION_INFORMATION Bitfields: ULONG [
VirtualizationCandidate set_VirtualizationCandidate[0..1],
VirtualizationEnabled set_VirtualizationEnabled[1..2],
VirtualTarget set_VirtualTarget[2..3],
VirtualStore set_VirtualStore[3..4],
VirtualSource set_VirtualSource[4..5],
Reserved set_Reserved[5..32],
]}
pub type PKEY_VIRTUALIZATION_INFORMATION = *mut KEY_VIRTUALIZATION_INFORMATION;
STRUCT!{struct KEY_TRUST_INFORMATION {
Bitfields: ULONG,
}}
BITFIELD!{KEY_TRUST_INFORMATION Bitfields: ULONG [
TrustedKey set_TrustedKey[0..1],
Reserved set_Reserved[1..32],
]}
pub type PKEY_TRUST_INFORMATION = *mut KEY_TRUST_INFORMATION;
STRUCT!{struct KEY_LAYER_INFORMATION {
IsTombstone: ULONG,
IsSupersedeLocal: ULONG,
IsSupersedeTree: ULONG,
ClassIsInherited: ULONG,
Reserved: ULONG,
}}
pub type PKEY_LAYER_INFORMATION = *mut KEY_LAYER_INFORMATION;
ENUM!{enum KEY_SET_INFORMATION_CLASS {
KeyWriteTimeInformation = 0,
KeyWow64FlagsInformation = 1,
KeyControlFlagsInformation = 2,
KeySetVirtualizationInformation = 3,
KeySetDebugInformation = 4,
KeySetHandleTagsInformation = 5,
KeySetLayerInformation = 6,
MaxKeySetInfoClass = 7,
}}
STRUCT!{struct KEY_WRITE_TIME_INFORMATION {
LastWriteTime: LARGE_INTEGER,
}}
pub type PKEY_WRITE_TIME_INFORMATION = *mut KEY_WRITE_TIME_INFORMATION;
STRUCT!{struct KEY_WOW64_FLAGS_INFORMATION {
UserFlags: ULONG,
}}
pub type PKEY_WOW64_FLAGS_INFORMATION = *mut KEY_WOW64_FLAGS_INFORMATION;
STRUCT!{struct KEY_HANDLE_TAGS_INFORMATION {
HandleTags: ULONG,
}}
pub type PKEY_HANDLE_TAGS_INFORMATION = *mut KEY_HANDLE_TAGS_INFORMATION;
STRUCT!{struct KEY_SET_LAYER_INFORMATION {
Bitfields: ULONG,
}}
BITFIELD!{KEY_SET_LAYER_INFORMATION Bitfields: ULONG [
IsTombstone set_IsTombstone[0..1],
IsSupersedeLocal set_IsSupersedeLocal[1..2],
IsSupersedeTree set_IsSupersedeTree[2..3],
ClassIsInherited set_ClassIsInherited[3..4],
Reserved set_Reserved[4..32],
]}
pub type PKEY_SET_LAYER_INFORMATION = *mut KEY_SET_LAYER_INFORMATION;
STRUCT!{struct KEY_CONTROL_FLAGS_INFORMATION {
ControlFlags: ULONG,
}}
pub type PKEY_CONTROL_FLAGS_INFORMATION = *mut KEY_CONTROL_FLAGS_INFORMATION;
STRUCT!{struct KEY_SET_VIRTUALIZATION_INFORMATION {
HandleTags: ULONG,
}}
BITFIELD!{KEY_SET_VIRTUALIZATION_INFORMATION HandleTags: ULONG [
VirtualTarget set_VirtualTarget[0..1],
VirtualStore set_VirtualStore[1..2],
VirtualSource set_VirtualSource[2..3],
Reserved set_Reserved[3..32],
]}
pub type PKEY_SET_VIRTUALIZATION_INFORMATION = *mut KEY_SET_VIRTUALIZATION_INFORMATION;
ENUM!{enum KEY_VALUE_INFORMATION_CLASS {
KeyValueBasicInformation = 0,
KeyValueFullInformation = 1,
KeyValuePartialInformation = 2,
KeyValueFullInformationAlign64 = 3,
KeyValuePartialInformationAlign64 = 4,
KeyValueLayerInformation = 5,
MaxKeyValueInfoClass = 6,
}}
STRUCT!{struct KEY_VALUE_BASIC_INFORMATION {
TitleIndex: ULONG,
Type: ULONG,
NameLength: ULONG,
Name: [WCHAR; 1],
}}
pub type PKEY_VALUE_BASIC_INFORMATION = *mut KEY_VALUE_BASIC_INFORMATION;
STRUCT!{struct KEY_VALUE_FULL_INFORMATION {
TitleIndex: ULONG,
Type: ULONG,
DataOffset: ULONG,
DataLength: ULONG,
NameLength: ULONG,
Name: [WCHAR; 1],
}}
pub type PKEY_VALUE_FULL_INFORMATION = *mut KEY_VALUE_FULL_INFORMATION;
STRUCT!{struct KEY_VALUE_PARTIAL_INFORMATION {
TitleIndex: ULONG,
Type: ULONG,
DataLength: ULONG,
Data: [UCHAR; 1],
}}
pub type PKEY_VALUE_PARTIAL_INFORMATION = *mut KEY_VALUE_PARTIAL_INFORMATION;
STRUCT!{struct KEY_VALUE_PARTIAL_INFORMATION_ALIGN64 {
Type: ULONG,
DataLength: ULONG,
Data: [UCHAR; 1],
}}
pub type PKEY_VALUE_PARTIAL_INFORMATION_ALIGN64 = *mut KEY_VALUE_PARTIAL_INFORMATION_ALIGN64;
STRUCT!{struct KEY_VALUE_LAYER_INFORMATION {
IsTombstone: ULONG,
Reserved: ULONG,
}}
pub type PKEY_VALUE_LAYER_INFORMATION = *mut KEY_VALUE_LAYER_INFORMATION;
STRUCT!{struct KEY_VALUE_ENTRY {
ValueName: PUNICODE_STRING,
DataLength: ULONG,
DataOffset: ULONG,
Type: ULONG,
}}
pub type PKEY_VALUE_ENTRY = *mut KEY_VALUE_ENTRY;
ENUM!{enum REG_ACTION {
KeyAdded = 0,
KeyRemoved = 1,
KeyModified = 2,
}}
STRUCT!{struct REG_NOTIFY_INFORMATION {
NextEntryOffset: ULONG,
Action: REG_ACTION,
KeyLength: ULONG,
Key: [WCHAR; 1],
}}
pub type PREG_NOTIFY_INFORMATION = *mut REG_NOTIFY_INFORMATION;
STRUCT!{struct KEY_PID_ARRAY {
PID: HANDLE,
KeyName: UNICODE_STRING,
}}
pub type PKEY_PID_ARRAY = *mut KEY_PID_ARRAY;
STRUCT!{struct KEY_OPEN_SUBKEYS_INFORMATION {
Count: ULONG,
KeyArray: [KEY_PID_ARRAY; 1],
}}
pub type PKEY_OPEN_SUBKEYS_INFORMATION = *mut KEY_OPEN_SUBKEYS_INFORMATION;
EXTERN!{extern "system" {
fn NtCreateKey(
KeyHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
TitleIndex: ULONG,
Class: PUNICODE_STRING,
CreateOptions: ULONG,
Disposition: PULONG,
) -> NTSTATUS;
fn NtCreateKeyTransacted(
KeyHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
TitleIndex: ULONG,
Class: PUNICODE_STRING,
CreateOptions: ULONG,
TransactionHandle: HANDLE,
Disposition: PULONG,
) -> NTSTATUS;
fn NtOpenKey(
KeyHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn NtOpenKeyTransacted(
KeyHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
TransactionHandle: HANDLE,
) -> NTSTATUS;
fn NtOpenKeyEx(
KeyHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
OpenOptions: ULONG,
) -> NTSTATUS;
fn NtOpenKeyTransactedEx(
KeyHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
OpenOptions: ULONG,
TransactionHandle: HANDLE,
) -> NTSTATUS;
fn NtDeleteKey(
KeyHandle: HANDLE,
) -> NTSTATUS;
fn NtRenameKey(
KeyHandle: HANDLE,
NewName: PUNICODE_STRING,
) -> NTSTATUS;
fn NtDeleteValueKey(
KeyHandle: HANDLE,
ValueName: PUNICODE_STRING,
) -> NTSTATUS;
fn NtQueryKey(
KeyHandle: HANDLE,
KeyInformationClass: KEY_INFORMATION_CLASS,
KeyInformation: PVOID,
Length: ULONG,
ResultLength: PULONG,
) -> NTSTATUS;
fn NtSetInformationKey(
KeyHandle: HANDLE,
KeySetInformationClass: KEY_SET_INFORMATION_CLASS,
KeySetInformation: PVOID,
KeySetInformationLength: ULONG,
) -> NTSTATUS;
fn NtQueryValueKey(
KeyHandle: HANDLE,
ValueName: PUNICODE_STRING,
KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS,
KeyValueInformation: PVOID,
Length: ULONG,
ResultLength: PULONG,
) -> NTSTATUS;
fn NtSetValueKey(
KeyHandle: HANDLE,
ValueName: PUNICODE_STRING,
TitleIndex: ULONG,
Type: ULONG,
Data: PVOID,
DataSize: ULONG,
) -> NTSTATUS;
fn NtQueryMultipleValueKey(
KeyHandle: HANDLE,
ValueEntries: PKEY_VALUE_ENTRY,
EntryCount: ULONG,
ValueBuffer: PVOID,
BufferLength: PULONG,
RequiredBufferLength: PULONG,
) -> NTSTATUS;
fn NtEnumerateKey(
KeyHandle: HANDLE,
Index: ULONG,
KeyInformationClass: KEY_INFORMATION_CLASS,
KeyInformation: PVOID,
Length: ULONG,
ResultLength: PULONG,
) -> NTSTATUS;
fn NtEnumerateValueKey(
KeyHandle: HANDLE,
Index: ULONG,
KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS,
KeyValueInformation: PVOID,
Length: ULONG,
ResultLength: PULONG,
) -> NTSTATUS;
fn NtFlushKey(
KeyHandle: HANDLE,
) -> NTSTATUS;
fn NtCompactKeys(
Count: ULONG,
KeyArray: *mut HANDLE,
) -> NTSTATUS;
fn NtCompressKey(
Key: HANDLE,
) -> NTSTATUS;
fn NtLoadKey(
TargetKey: POBJECT_ATTRIBUTES,
SourceFile: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn NtLoadKey2(
TargetKey: POBJECT_ATTRIBUTES,
SourceFile: POBJECT_ATTRIBUTES,
Flags: ULONG,
) -> NTSTATUS;
fn NtLoadKeyEx(
TargetKey: POBJECT_ATTRIBUTES,
SourceFile: POBJECT_ATTRIBUTES,
Flags: ULONG,
TrustClassKey: HANDLE,
Event: HANDLE,
DesiredAccess: ACCESS_MASK,
RootHandle: PHANDLE,
IoStatus: PIO_STATUS_BLOCK,
) -> NTSTATUS;
fn NtReplaceKey(
NewFile: POBJECT_ATTRIBUTES,
TargetHandle: HANDLE,
OldFile: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn NtSaveKey(
KeyHandle: HANDLE,
FileHandle: HANDLE,
) -> NTSTATUS;
fn NtSaveKeyEx(
KeyHandle: HANDLE,
FileHandle: HANDLE,
Format: ULONG,
) -> NTSTATUS;
fn NtSaveMergedKeys(
HighPrecedenceKeyHandle: HANDLE,
LowPrecedenceKeyHandle: HANDLE,
FileHandle: HANDLE,
) -> NTSTATUS;
fn NtRestoreKey(
KeyHandle: HANDLE,
FileHandle: HANDLE,
Flags: ULONG,
) -> NTSTATUS;
fn NtUnloadKey(
TargetKey: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
}}
pub const REG_FORCE_UNLOAD: ULONG = 1;
pub const REG_UNLOAD_LEGAL_FLAGS: ULONG = REG_FORCE_UNLOAD;
EXTERN!{extern "system" {
fn NtUnloadKey2(
TargetKey: POBJECT_ATTRIBUTES,
Flags: ULONG,
) -> NTSTATUS;
fn NtUnloadKeyEx(
TargetKey: POBJECT_ATTRIBUTES,
Event: HANDLE,
) -> NTSTATUS;
fn NtNotifyChangeKey(
KeyHandle: HANDLE,
Event: HANDLE,
ApcRoutine: PIO_APC_ROUTINE,
ApcContext: PVOID,
IoStatusBlock: PIO_STATUS_BLOCK,
CompletionFilter: ULONG,
WatchTree: BOOLEAN,
Buffer: PVOID,
BufferSize: ULONG,
Asynchronous: BOOLEAN,
) -> NTSTATUS;
fn NtNotifyChangeMultipleKeys(
MasterKeyHandle: HANDLE,
Count: ULONG,
SubordinateObjects: *mut OBJECT_ATTRIBUTES,
Event: HANDLE,
ApcRoutine: PIO_APC_ROUTINE,
ApcContext: PVOID,
IoStatusBlock: PIO_STATUS_BLOCK,
CompletionFilter: ULONG,
WatchTree: BOOLEAN,
Buffer: PVOID,
BufferSize: ULONG,
Asynchronous: BOOLEAN,
) -> NTSTATUS;
fn NtQueryOpenSubKeys(
TargetKey: POBJECT_ATTRIBUTES,
HandleCount: PULONG,
) -> NTSTATUS;
fn NtQueryOpenSubKeysEx(
TargetKey: POBJECT_ATTRIBUTES,
BufferLength: ULONG,
Buffer: PVOID,
RequiredSize: PULONG,
) -> NTSTATUS;
fn NtInitializeRegistry(
BootCondition: USHORT,
) -> NTSTATUS;
fn NtLockRegistryKey(
KeyHandle: HANDLE,
) -> NTSTATUS;
fn NtLockProductActivationKeys(
pPrivateVer: *mut ULONG,
pSafeMode: *mut ULONG,
) -> NTSTATUS;
fn NtFreezeRegistry(
TimeOutInSeconds: ULONG,
) -> NTSTATUS;
fn NtThawRegistry() -> NTSTATUS;
}}

4373
vendor/ntapi/src/ntrtl.rs vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1077
vendor/ntapi/src/ntsam.rs vendored Normal file
View File

File diff suppressed because it is too large Load Diff

439
vendor/ntapi/src/ntseapi.rs vendored Normal file
View File

@@ -0,0 +1,439 @@
use winapi::shared::basetsd::{PLONG64, PULONG64, ULONG64};
use winapi::shared::ntdef::{
BOOLEAN, HANDLE, LONG, NTSTATUS, PBOOLEAN, PHANDLE, PLARGE_INTEGER, PLUID, PNTSTATUS,
POBJECT_ATTRIBUTES, PUCHAR, PULONG, PUNICODE_STRING, PVOID, ULONG, UNICODE_STRING, USHORT,
};
use winapi::um::winnt::{
ACCESS_MASK, AUDIT_EVENT_TYPE, PACCESS_MASK, PGENERIC_MAPPING, POBJECT_TYPE_LIST,
PPRIVILEGE_SET, PSECURITY_DESCRIPTOR, PSE_SIGNING_LEVEL, PSID, PSID_AND_ATTRIBUTES,
PTOKEN_DEFAULT_DACL, PTOKEN_GROUPS, PTOKEN_MANDATORY_POLICY, PTOKEN_OWNER,
PTOKEN_PRIMARY_GROUP, PTOKEN_PRIVILEGES, PTOKEN_SOURCE, PTOKEN_USER, SE_SIGNING_LEVEL,
TOKEN_INFORMATION_CLASS, TOKEN_TYPE,
};
pub const SE_MIN_WELL_KNOWN_PRIVILEGE: LONG = 2;
pub const SE_CREATE_TOKEN_PRIVILEGE: LONG = 2;
pub const SE_ASSIGNPRIMARYTOKEN_PRIVILEGE: LONG = 3;
pub const SE_LOCK_MEMORY_PRIVILEGE: LONG = 4;
pub const SE_INCREASE_QUOTA_PRIVILEGE: LONG = 5;
pub const SE_MACHINE_ACCOUNT_PRIVILEGE: LONG = 6;
pub const SE_TCB_PRIVILEGE: LONG = 7;
pub const SE_SECURITY_PRIVILEGE: LONG = 8;
pub const SE_TAKE_OWNERSHIP_PRIVILEGE: LONG = 9;
pub const SE_LOAD_DRIVER_PRIVILEGE: LONG = 10;
pub const SE_SYSTEM_PROFILE_PRIVILEGE: LONG = 11;
pub const SE_SYSTEMTIME_PRIVILEGE: LONG = 12;
pub const SE_PROF_SINGLE_PROCESS_PRIVILEGE: LONG = 13;
pub const SE_INC_BASE_PRIORITY_PRIVILEGE: LONG = 14;
pub const SE_CREATE_PAGEFILE_PRIVILEGE: LONG = 15;
pub const SE_CREATE_PERMANENT_PRIVILEGE: LONG = 16;
pub const SE_BACKUP_PRIVILEGE: LONG = 17;
pub const SE_RESTORE_PRIVILEGE: LONG = 18;
pub const SE_SHUTDOWN_PRIVILEGE: LONG = 19;
pub const SE_DEBUG_PRIVILEGE: LONG = 20;
pub const SE_AUDIT_PRIVILEGE: LONG = 21;
pub const SE_SYSTEM_ENVIRONMENT_PRIVILEGE: LONG = 22;
pub const SE_CHANGE_NOTIFY_PRIVILEGE: LONG = 23;
pub const SE_REMOTE_SHUTDOWN_PRIVILEGE: LONG = 24;
pub const SE_UNDOCK_PRIVILEGE: LONG = 25;
pub const SE_SYNC_AGENT_PRIVILEGE: LONG = 26;
pub const SE_ENABLE_DELEGATION_PRIVILEGE: LONG = 27;
pub const SE_MANAGE_VOLUME_PRIVILEGE: LONG = 28;
pub const SE_IMPERSONATE_PRIVILEGE: LONG = 29;
pub const SE_CREATE_GLOBAL_PRIVILEGE: LONG = 30;
pub const SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE: LONG = 31;
pub const SE_RELABEL_PRIVILEGE: LONG = 32;
pub const SE_INC_WORKING_SET_PRIVILEGE: LONG = 33;
pub const SE_TIME_ZONE_PRIVILEGE: LONG = 34;
pub const SE_CREATE_SYMBOLIC_LINK_PRIVILEGE: LONG = 35;
pub const SE_DELEGATE_SESSION_USER_IMPERSONATE_PRIVILEGE: LONG = 36;
pub const SE_MAX_WELL_KNOWN_PRIVILEGE: LONG = SE_DELEGATE_SESSION_USER_IMPERSONATE_PRIVILEGE;
pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_INVALID: USHORT = 0x00;
pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_INT64: USHORT = 0x01;
pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_UINT64: USHORT = 0x02;
pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_STRING: USHORT = 0x03;
pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_FQBN: USHORT = 0x04;
pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_SID: USHORT = 0x05;
pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_BOOLEAN: USHORT = 0x06;
pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING: USHORT = 0x10;
pub const TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE: USHORT = 0x0001;
pub const TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE: USHORT = 0x0002;
pub const TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY: USHORT = 0x0004;
pub const TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT: USHORT = 0x0008;
pub const TOKEN_SECURITY_ATTRIBUTE_DISABLED: USHORT = 0x0010;
pub const TOKEN_SECURITY_ATTRIBUTE_MANDATORY: USHORT = 0x0020;
pub const TOKEN_SECURITY_ATTRIBUTE_COMPARE_IGNORE: USHORT = 0x0040;
pub const TOKEN_SECURITY_ATTRIBUTE_VALID_FLAGS: USHORT = TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE
| TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE | TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY
| TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT | TOKEN_SECURITY_ATTRIBUTE_DISABLED
| TOKEN_SECURITY_ATTRIBUTE_MANDATORY;
pub const TOKEN_SECURITY_ATTRIBUTE_CUSTOM_FLAGS: u32 = 0xffff0000;
STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE {
Version: ULONG64,
Name: UNICODE_STRING,
}}
pub type PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE = *mut TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE;
STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE {
pValue: PVOID,
ValueLength: ULONG,
}}
pub type PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE =
*mut TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE;
UNION!{union TOKEN_SECURITY_ATTRIBUTE_V1_Values {
pInt64: PLONG64,
pUint64: PULONG64,
pString: PUNICODE_STRING,
pFqbn: PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE,
pOctetString: PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE,
}}
STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_V1 {
Name: UNICODE_STRING,
ValueType: USHORT,
Reserved: USHORT,
Flags: ULONG,
ValueCount: ULONG,
Values: TOKEN_SECURITY_ATTRIBUTE_V1_Values,
}}
pub type PTOKEN_SECURITY_ATTRIBUTE_V1 = *mut TOKEN_SECURITY_ATTRIBUTE_V1;
pub const TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1: USHORT = 1;
pub const TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION: USHORT =
TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1;
STRUCT!{struct TOKEN_SECURITY_ATTRIBUTES_INFORMATION {
Version: USHORT,
Reserved: USHORT,
AttributeCount: ULONG,
pAttributeV1: PTOKEN_SECURITY_ATTRIBUTE_V1,
}}
pub type PTOKEN_SECURITY_ATTRIBUTES_INFORMATION = *mut TOKEN_SECURITY_ATTRIBUTES_INFORMATION;
STRUCT!{struct TOKEN_PROCESS_TRUST_LEVEL {
TrustLevelSid: PSID,
}}
pub type PTOKEN_PROCESS_TRUST_LEVEL = *mut TOKEN_PROCESS_TRUST_LEVEL;
EXTERN!{extern "system" {
fn NtCreateToken(
TokenHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
TokenType: TOKEN_TYPE,
AuthenticationId: PLUID,
ExpirationTime: PLARGE_INTEGER,
User: PTOKEN_USER,
Groups: PTOKEN_GROUPS,
Privileges: PTOKEN_PRIVILEGES,
Owner: PTOKEN_OWNER,
PrimaryGroup: PTOKEN_PRIMARY_GROUP,
DefaultDacl: PTOKEN_DEFAULT_DACL,
TokenSource: PTOKEN_SOURCE,
) -> NTSTATUS;
fn NtCreateLowBoxToken(
TokenHandle: PHANDLE,
ExistingTokenHandle: HANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
PackageSid: PSID,
CapabilityCount: ULONG,
Capabilities: PSID_AND_ATTRIBUTES,
HandleCount: ULONG,
Handles: *mut HANDLE,
) -> NTSTATUS;
fn NtCreateTokenEx(
TokenHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
TokenType: TOKEN_TYPE,
AuthenticationId: PLUID,
ExpirationTime: PLARGE_INTEGER,
User: PTOKEN_USER,
Groups: PTOKEN_GROUPS,
Privileges: PTOKEN_PRIVILEGES,
UserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
DeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
DeviceGroups: PTOKEN_GROUPS,
TokenMandatoryPolicy: PTOKEN_MANDATORY_POLICY,
Owner: PTOKEN_OWNER,
PrimaryGroup: PTOKEN_PRIMARY_GROUP,
DefaultDacl: PTOKEN_DEFAULT_DACL,
TokenSource: PTOKEN_SOURCE,
) -> NTSTATUS;
fn NtOpenProcessToken(
ProcessHandle: HANDLE,
DesiredAccess: ACCESS_MASK,
TokenHandle: PHANDLE,
) -> NTSTATUS;
fn NtOpenProcessTokenEx(
ProcessHandle: HANDLE,
DesiredAccess: ACCESS_MASK,
HandleAttributes: ULONG,
TokenHandle: PHANDLE,
) -> NTSTATUS;
fn NtOpenThreadToken(
ThreadHandle: HANDLE,
DesiredAccess: ACCESS_MASK,
OpenAsSelf: BOOLEAN,
TokenHandle: PHANDLE,
) -> NTSTATUS;
fn NtOpenThreadTokenEx(
ThreadHandle: HANDLE,
DesiredAccess: ACCESS_MASK,
OpenAsSelf: BOOLEAN,
HandleAttributes: ULONG,
TokenHandle: PHANDLE,
) -> NTSTATUS;
fn NtDuplicateToken(
ExistingTokenHandle: HANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
EffectiveOnly: BOOLEAN,
TokenType: TOKEN_TYPE,
NewTokenHandle: PHANDLE,
) -> NTSTATUS;
fn NtQueryInformationToken(
TokenHandle: HANDLE,
TokenInformationClass: TOKEN_INFORMATION_CLASS,
TokenInformation: PVOID,
TokenInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn NtSetInformationToken(
TokenHandle: HANDLE,
TokenInformationClass: TOKEN_INFORMATION_CLASS,
TokenInformation: PVOID,
TokenInformationLength: ULONG,
) -> NTSTATUS;
fn NtAdjustPrivilegesToken(
TokenHandle: HANDLE,
DisableAllPrivileges: BOOLEAN,
NewState: PTOKEN_PRIVILEGES,
BufferLength: ULONG,
PreviousState: PTOKEN_PRIVILEGES,
ReturnLength: PULONG,
) -> NTSTATUS;
fn NtAdjustGroupsToken(
TokenHandle: HANDLE,
ResetToDefault: BOOLEAN,
NewState: PTOKEN_GROUPS,
BufferLength: ULONG,
PreviousState: PTOKEN_GROUPS,
ReturnLength: PULONG,
) -> NTSTATUS;
fn NtAdjustTokenClaimsAndDeviceGroups(
TokenHandle: HANDLE,
UserResetToDefault: BOOLEAN,
DeviceResetToDefault: BOOLEAN,
DeviceGroupsResetToDefault: BOOLEAN,
NewUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
NewDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
NewDeviceGroupsState: PTOKEN_GROUPS,
UserBufferLength: ULONG,
PreviousUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
DeviceBufferLength: ULONG,
PreviousDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
DeviceGroupsBufferLength: ULONG,
PreviousDeviceGroups: PTOKEN_GROUPS,
UserReturnLength: PULONG,
DeviceReturnLength: PULONG,
DeviceGroupsReturnBufferLength: PULONG,
) -> NTSTATUS;
fn NtFilterToken(
ExistingTokenHandle: HANDLE,
Flags: ULONG,
SidsToDisable: PTOKEN_GROUPS,
PrivilegesToDelete: PTOKEN_PRIVILEGES,
RestrictedSids: PTOKEN_GROUPS,
NewTokenHandle: PHANDLE,
) -> NTSTATUS;
fn NtFilterTokenEx(
ExistingTokenHandle: HANDLE,
Flags: ULONG,
SidsToDisable: PTOKEN_GROUPS,
PrivilegesToDelete: PTOKEN_PRIVILEGES,
RestrictedSids: PTOKEN_GROUPS,
DisableUserClaimsCount: ULONG,
UserClaimsToDisable: PUNICODE_STRING,
DisableDeviceClaimsCount: ULONG,
DeviceClaimsToDisable: PUNICODE_STRING,
DeviceGroupsToDisable: PTOKEN_GROUPS,
RestrictedUserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
RestrictedDeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
RestrictedDeviceGroups: PTOKEN_GROUPS,
NewTokenHandle: PHANDLE,
) -> NTSTATUS;
fn NtCompareTokens(
FirstTokenHandle: HANDLE,
SecondTokenHandle: HANDLE,
Equal: PBOOLEAN,
) -> NTSTATUS;
fn NtPrivilegeCheck(
ClientToken: HANDLE,
RequiredPrivileges: PPRIVILEGE_SET,
Result: PBOOLEAN,
) -> NTSTATUS;
fn NtImpersonateAnonymousToken(
ThreadHandle: HANDLE,
) -> NTSTATUS;
fn NtQuerySecurityAttributesToken(
TokenHandle: HANDLE,
Attributes: PUNICODE_STRING,
NumberOfAttributes: ULONG,
Buffer: PVOID,
Length: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn NtAccessCheck(
SecurityDescriptor: PSECURITY_DESCRIPTOR,
ClientToken: HANDLE,
DesiredAccess: ACCESS_MASK,
GenericMapping: PGENERIC_MAPPING,
PrivilegeSet: PPRIVILEGE_SET,
PrivilegeSetLength: PULONG,
GrantedAccess: PACCESS_MASK,
AccessStatus: PNTSTATUS,
) -> NTSTATUS;
fn NtAccessCheckByType(
SecurityDescriptor: PSECURITY_DESCRIPTOR,
PrincipalSelfSid: PSID,
ClientToken: HANDLE,
DesiredAccess: ACCESS_MASK,
ObjectTypeList: POBJECT_TYPE_LIST,
ObjectTypeListLength: ULONG,
GenericMapping: PGENERIC_MAPPING,
PrivilegeSet: PPRIVILEGE_SET,
PrivilegeSetLength: PULONG,
GrantedAccess: PACCESS_MASK,
AccessStatus: PNTSTATUS,
) -> NTSTATUS;
fn NtAccessCheckByTypeResultList(
SecurityDescriptor: PSECURITY_DESCRIPTOR,
PrincipalSelfSid: PSID,
ClientToken: HANDLE,
DesiredAccess: ACCESS_MASK,
ObjectTypeList: POBJECT_TYPE_LIST,
ObjectTypeListLength: ULONG,
GenericMapping: PGENERIC_MAPPING,
PrivilegeSet: PPRIVILEGE_SET,
PrivilegeSetLength: PULONG,
GrantedAccess: PACCESS_MASK,
AccessStatus: PNTSTATUS,
) -> NTSTATUS;
fn NtSetCachedSigningLevel(
Flags: ULONG,
InputSigningLevel: SE_SIGNING_LEVEL,
SourceFiles: PHANDLE,
SourceFileCount: ULONG,
TargetFile: HANDLE,
) -> NTSTATUS;
fn NtGetCachedSigningLevel(
File: HANDLE,
Flags: PULONG,
SigningLevel: PSE_SIGNING_LEVEL,
Thumbprint: PUCHAR,
ThumbprintSize: PULONG,
ThumbprintAlgorithm: PULONG,
) -> NTSTATUS;
fn NtAccessCheckAndAuditAlarm(
SubsystemName: PUNICODE_STRING,
HandleId: PVOID,
ObjectTypeName: PUNICODE_STRING,
ObjectName: PUNICODE_STRING,
SecurityDescriptor: PSECURITY_DESCRIPTOR,
DesiredAccess: ACCESS_MASK,
GenericMapping: PGENERIC_MAPPING,
ObjectCreation: BOOLEAN,
GrantedAccess: PACCESS_MASK,
AccessStatus: PNTSTATUS,
GenerateOnClose: PBOOLEAN,
) -> NTSTATUS;
fn NtAccessCheckByTypeAndAuditAlarm(
SubsystemName: PUNICODE_STRING,
HandleId: PVOID,
ObjectTypeName: PUNICODE_STRING,
ObjectName: PUNICODE_STRING,
SecurityDescriptor: PSECURITY_DESCRIPTOR,
PrincipalSelfSid: PSID,
DesiredAccess: ACCESS_MASK,
AuditType: AUDIT_EVENT_TYPE,
Flags: ULONG,
ObjectTypeList: POBJECT_TYPE_LIST,
ObjectTypeListLength: ULONG,
GenericMapping: PGENERIC_MAPPING,
ObjectCreation: BOOLEAN,
GrantedAccess: PACCESS_MASK,
AccessStatus: PNTSTATUS,
GenerateOnClose: PBOOLEAN,
) -> NTSTATUS;
fn NtAccessCheckByTypeResultListAndAuditAlarm(
SubsystemName: PUNICODE_STRING,
HandleId: PVOID,
ObjectTypeName: PUNICODE_STRING,
ObjectName: PUNICODE_STRING,
SecurityDescriptor: PSECURITY_DESCRIPTOR,
PrincipalSelfSid: PSID,
DesiredAccess: ACCESS_MASK,
AuditType: AUDIT_EVENT_TYPE,
Flags: ULONG,
ObjectTypeList: POBJECT_TYPE_LIST,
ObjectTypeListLength: ULONG,
GenericMapping: PGENERIC_MAPPING,
ObjectCreation: BOOLEAN,
GrantedAccess: PACCESS_MASK,
AccessStatus: PNTSTATUS,
GenerateOnClose: PBOOLEAN,
) -> NTSTATUS;
fn NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
SubsystemName: PUNICODE_STRING,
HandleId: PVOID,
ClientToken: HANDLE,
ObjectTypeName: PUNICODE_STRING,
ObjectName: PUNICODE_STRING,
SecurityDescriptor: PSECURITY_DESCRIPTOR,
PrincipalSelfSid: PSID,
DesiredAccess: ACCESS_MASK,
AuditType: AUDIT_EVENT_TYPE,
Flags: ULONG,
ObjectTypeList: POBJECT_TYPE_LIST,
ObjectTypeListLength: ULONG,
GenericMapping: PGENERIC_MAPPING,
ObjectCreation: BOOLEAN,
GrantedAccess: PACCESS_MASK,
AccessStatus: PNTSTATUS,
GenerateOnClose: PBOOLEAN,
) -> NTSTATUS;
fn NtOpenObjectAuditAlarm(
SubsystemName: PUNICODE_STRING,
HandleId: PVOID,
ObjectTypeName: PUNICODE_STRING,
ObjectName: PUNICODE_STRING,
SecurityDescriptor: PSECURITY_DESCRIPTOR,
ClientToken: HANDLE,
DesiredAccess: ACCESS_MASK,
GrantedAccess: ACCESS_MASK,
Privileges: PPRIVILEGE_SET,
ObjectCreation: BOOLEAN,
AccessGranted: BOOLEAN,
GenerateOnClose: PBOOLEAN,
) -> NTSTATUS;
fn NtPrivilegeObjectAuditAlarm(
SubsystemName: PUNICODE_STRING,
HandleId: PVOID,
ClientToken: HANDLE,
DesiredAccess: ACCESS_MASK,
Privileges: PPRIVILEGE_SET,
AccessGranted: BOOLEAN,
) -> NTSTATUS;
fn NtCloseObjectAuditAlarm(
SubsystemName: PUNICODE_STRING,
HandleId: PVOID,
GenerateOnClose: BOOLEAN,
) -> NTSTATUS;
fn NtDeleteObjectAuditAlarm(
SubsystemName: PUNICODE_STRING,
HandleId: PVOID,
GenerateOnClose: BOOLEAN,
) -> NTSTATUS;
fn NtPrivilegedServiceAuditAlarm(
SubsystemName: PUNICODE_STRING,
ServiceName: PUNICODE_STRING,
ClientToken: HANDLE,
Privileges: PPRIVILEGE_SET,
AccessGranted: BOOLEAN,
) -> NTSTATUS;
}}

15
vendor/ntapi/src/ntsmss.rs vendored Normal file
View File

@@ -0,0 +1,15 @@
use crate::ntlpcapi::PPORT_MESSAGE;
use winapi::shared::minwindef::DWORD;
use winapi::shared::ntdef::{HANDLE, NTSTATUS, PHANDLE, PUNICODE_STRING};
EXTERN!{extern "system" {
fn RtlConnectToSm(
ApiPortName: PUNICODE_STRING,
ApiPortHandle: HANDLE,
ProcessImageType: DWORD,
SmssConnection: PHANDLE,
) -> NTSTATUS;
fn RtlSendMsgToSm(
ApiPortHandle: HANDLE,
MessageData: PPORT_MESSAGE,
) -> NTSTATUS;
}}

239
vendor/ntapi/src/nttmapi.rs vendored Normal file
View File

@@ -0,0 +1,239 @@
use winapi::shared::basetsd::ULONG_PTR;
use winapi::shared::guiddef::LPGUID;
use winapi::shared::ktmtypes::{NOTIFICATION_MASK, PCRM_PROTOCOL_ID, PTRANSACTION_NOTIFICATION};
use winapi::shared::ntdef::{
BOOLEAN, HANDLE, NTSTATUS, PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES, PULONG,
PUNICODE_STRING, PVOID, ULONG,
};
use winapi::um::winnt::{
ACCESS_MASK, ENLISTMENT_INFORMATION_CLASS, KTMOBJECT_TYPE, PKTMOBJECT_CURSOR,
RESOURCEMANAGER_INFORMATION_CLASS, TRANSACTIONMANAGER_INFORMATION_CLASS,
TRANSACTION_INFORMATION_CLASS,
};
EXTERN!{extern "system" {
fn NtCreateTransactionManager(
TmHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
LogFileName: PUNICODE_STRING,
CreateOptions: ULONG,
CommitStrength: ULONG,
) -> NTSTATUS;
fn NtOpenTransactionManager(
TmHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
LogFileName: PUNICODE_STRING,
TmIdentity: LPGUID,
OpenOptions: ULONG,
) -> NTSTATUS;
fn NtRenameTransactionManager(
LogFileName: PUNICODE_STRING,
ExistingTransactionManagerGuid: LPGUID,
) -> NTSTATUS;
fn NtRollforwardTransactionManager(
TransactionManagerHandle: HANDLE,
TmVirtualClock: PLARGE_INTEGER,
) -> NTSTATUS;
fn NtRecoverTransactionManager(
TransactionManagerHandle: HANDLE,
) -> NTSTATUS;
fn NtQueryInformationTransactionManager(
TransactionManagerHandle: HANDLE,
TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS,
TransactionManagerInformation: PVOID,
TransactionManagerInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn NtSetInformationTransactionManager(
TmHandle: HANDLE,
TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS,
TransactionManagerInformation: PVOID,
TransactionManagerInformationLength: ULONG,
) -> NTSTATUS;
fn NtEnumerateTransactionObject(
RootObjectHandle: HANDLE,
QueryType: KTMOBJECT_TYPE,
ObjectCursor: PKTMOBJECT_CURSOR,
ObjectCursorLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn NtCreateTransaction(
TransactionHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
Uow: LPGUID,
TmHandle: HANDLE,
CreateOptions: ULONG,
IsolationLevel: ULONG,
IsolationFlags: ULONG,
Timeout: PLARGE_INTEGER,
Description: PUNICODE_STRING,
) -> NTSTATUS;
fn NtOpenTransaction(
TransactionHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
Uow: LPGUID,
TmHandle: HANDLE,
) -> NTSTATUS;
fn NtQueryInformationTransaction(
TransactionHandle: HANDLE,
TransactionInformationClass: TRANSACTION_INFORMATION_CLASS,
TransactionInformation: PVOID,
TransactionInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn NtSetInformationTransaction(
TransactionHandle: HANDLE,
TransactionInformationClass: TRANSACTION_INFORMATION_CLASS,
TransactionInformation: PVOID,
TransactionInformationLength: ULONG,
) -> NTSTATUS;
fn NtCommitTransaction(
TransactionHandle: HANDLE,
Wait: BOOLEAN,
) -> NTSTATUS;
fn NtRollbackTransaction(
TransactionHandle: HANDLE,
Wait: BOOLEAN,
) -> NTSTATUS;
fn NtCreateEnlistment(
EnlistmentHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ResourceManagerHandle: HANDLE,
TransactionHandle: HANDLE,
ObjectAttributes: POBJECT_ATTRIBUTES,
CreateOptions: ULONG,
NotificationMask: NOTIFICATION_MASK,
EnlistmentKey: PVOID,
) -> NTSTATUS;
fn NtOpenEnlistment(
EnlistmentHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ResourceManagerHandle: HANDLE,
EnlistmentGuid: LPGUID,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn NtQueryInformationEnlistment(
EnlistmentHandle: HANDLE,
EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS,
EnlistmentInformation: PVOID,
EnlistmentInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn NtSetInformationEnlistment(
EnlistmentHandle: HANDLE,
EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS,
EnlistmentInformation: PVOID,
EnlistmentInformationLength: ULONG,
) -> NTSTATUS;
fn NtRecoverEnlistment(
EnlistmentHandle: HANDLE,
EnlistmentKey: PVOID,
) -> NTSTATUS;
fn NtPrePrepareEnlistment(
EnlistmentHandle: HANDLE,
TmVirtualClock: PLARGE_INTEGER,
) -> NTSTATUS;
fn NtPrepareEnlistment(
EnlistmentHandle: HANDLE,
TmVirtualClock: PLARGE_INTEGER,
) -> NTSTATUS;
fn NtCommitEnlistment(
EnlistmentHandle: HANDLE,
TmVirtualClock: PLARGE_INTEGER,
) -> NTSTATUS;
fn NtRollbackEnlistment(
EnlistmentHandle: HANDLE,
TmVirtualClock: PLARGE_INTEGER,
) -> NTSTATUS;
fn NtPrePrepareComplete(
EnlistmentHandle: HANDLE,
TmVirtualClock: PLARGE_INTEGER,
) -> NTSTATUS;
fn NtPrepareComplete(
EnlistmentHandle: HANDLE,
TmVirtualClock: PLARGE_INTEGER,
) -> NTSTATUS;
fn NtCommitComplete(
EnlistmentHandle: HANDLE,
TmVirtualClock: PLARGE_INTEGER,
) -> NTSTATUS;
fn NtReadOnlyEnlistment(
EnlistmentHandle: HANDLE,
TmVirtualClock: PLARGE_INTEGER,
) -> NTSTATUS;
fn NtRollbackComplete(
EnlistmentHandle: HANDLE,
TmVirtualClock: PLARGE_INTEGER,
) -> NTSTATUS;
fn NtSinglePhaseReject(
EnlistmentHandle: HANDLE,
TmVirtualClock: PLARGE_INTEGER,
) -> NTSTATUS;
fn NtCreateResourceManager(
ResourceManagerHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
TmHandle: HANDLE,
RmGuid: LPGUID,
ObjectAttributes: POBJECT_ATTRIBUTES,
CreateOptions: ULONG,
Description: PUNICODE_STRING,
) -> NTSTATUS;
fn NtOpenResourceManager(
ResourceManagerHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
TmHandle: HANDLE,
ResourceManagerGuid: LPGUID,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn NtRecoverResourceManager(
ResourceManagerHandle: HANDLE,
) -> NTSTATUS;
fn NtGetNotificationResourceManager(
ResourceManagerHandle: HANDLE,
TransactionNotification: PTRANSACTION_NOTIFICATION,
NotificationLength: ULONG,
Timeout: PLARGE_INTEGER,
ReturnLength: PULONG,
Asynchronous: ULONG,
AsynchronousContext: ULONG_PTR,
) -> NTSTATUS;
fn NtQueryInformationResourceManager(
ResourceManagerHandle: HANDLE,
ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS,
ResourceManagerInformation: PVOID,
ResourceManagerInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn NtSetInformationResourceManager(
ResourceManagerHandle: HANDLE,
ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS,
ResourceManagerInformation: PVOID,
ResourceManagerInformationLength: ULONG,
) -> NTSTATUS;
fn NtRegisterProtocolAddressInformation(
ResourceManager: HANDLE,
ProtocolId: PCRM_PROTOCOL_ID,
ProtocolInformationSize: ULONG,
ProtocolInformation: PVOID,
CreateOptions: ULONG,
) -> NTSTATUS;
fn NtPropagationComplete(
ResourceManagerHandle: HANDLE,
RequestCookie: ULONG,
BufferLength: ULONG,
Buffer: PVOID,
) -> NTSTATUS;
fn NtPropagationFailed(
ResourceManagerHandle: HANDLE,
RequestCookie: ULONG,
PropStatus: NTSTATUS,
) -> NTSTATUS;
fn NtFreezeTransactions(
FreezeTimeout: PLARGE_INTEGER,
ThawTimeout: PLARGE_INTEGER,
) -> NTSTATUS;
fn NtThawTransactions() -> NTSTATUS;
}}

207
vendor/ntapi/src/nttp.rs vendored Normal file
View File

@@ -0,0 +1,207 @@
use crate::ntioapi::PIO_STATUS_BLOCK;
use winapi::shared::ntdef::{HANDLE, LOGICAL, LONG, NTSTATUS, PLARGE_INTEGER, PVOID};
use winapi::um::winnt::{
PRTL_CRITICAL_SECTION, PTP_CALLBACK_ENVIRON, PTP_CALLBACK_INSTANCE, PTP_CLEANUP_GROUP, PTP_IO,
PTP_POOL, PTP_POOL_STACK_INFORMATION, PTP_SIMPLE_CALLBACK, PTP_TIMER, PTP_TIMER_CALLBACK,
PTP_WAIT, PTP_WAIT_CALLBACK, PTP_WORK, PTP_WORK_CALLBACK,
};
#[repr(C)]
pub struct TP_ALPC([u8; 0]);
pub type PTP_ALPC = *mut TP_ALPC;
FN!{stdcall PTP_ALPC_CALLBACK(
Instance: PTP_CALLBACK_INSTANCE,
Context: PVOID,
Alpc: PTP_ALPC,
) -> ()}
FN!{stdcall PTP_ALPC_CALLBACK_EX(
Instanc: PTP_CALLBACK_INSTANCE,
Contex: PVOID,
Alp: PTP_ALPC,
ApcContext: PVOID,
) -> ()}
EXTERN!{extern "system" {
fn TpAllocPool(
PoolReturn: *mut PTP_POOL,
Reserved: PVOID,
) -> NTSTATUS;
fn TpReleasePool(
Pool: PTP_POOL,
);
fn TpSetPoolMaxThreads(
Pool: PTP_POOL,
MaxThreads: LONG,
);
fn TpSetPoolMinThreads(
Pool: PTP_POOL,
MinThreads: LONG,
) -> NTSTATUS;
fn TpQueryPoolStackInformation(
Pool: PTP_POOL,
PoolStackInformation: PTP_POOL_STACK_INFORMATION,
) -> NTSTATUS;
fn TpSetPoolStackInformation(
Pool: PTP_POOL,
PoolStackInformation: PTP_POOL_STACK_INFORMATION,
) -> NTSTATUS;
fn TpAllocCleanupGroup(
CleanupGroupReturn: *mut PTP_CLEANUP_GROUP,
) -> NTSTATUS;
fn TpReleaseCleanupGroup(
CleanupGroup: PTP_CLEANUP_GROUP,
);
fn TpReleaseCleanupGroupMembers(
CleanupGroup: PTP_CLEANUP_GROUP,
CancelPendingCallbacks: LOGICAL,
CleanupParameter: PVOID,
);
fn TpCallbackSetEventOnCompletion(
Instance: PTP_CALLBACK_INSTANCE,
Event: HANDLE,
);
fn TpCallbackReleaseSemaphoreOnCompletion(
Instance: PTP_CALLBACK_INSTANCE,
Semaphore: HANDLE,
ReleaseCount: LONG,
);
fn TpCallbackReleaseMutexOnCompletion(
Instance: PTP_CALLBACK_INSTANCE,
Mutex: HANDLE,
);
fn TpCallbackLeaveCriticalSectionOnCompletion(
Instance: PTP_CALLBACK_INSTANCE,
CriticalSection: PRTL_CRITICAL_SECTION,
);
fn TpCallbackUnloadDllOnCompletion(
Instance: PTP_CALLBACK_INSTANCE,
DllHandle: PVOID,
);
fn TpCallbackMayRunLong(
Instance: PTP_CALLBACK_INSTANCE,
) -> NTSTATUS;
fn TpDisassociateCallback(
Instance: PTP_CALLBACK_INSTANCE,
);
fn TpSimpleTryPost(
Callback: PTP_SIMPLE_CALLBACK,
Context: PVOID,
CallbackEnviron: PTP_CALLBACK_ENVIRON,
) -> NTSTATUS;
fn TpAllocWork(
WorkReturn: *mut PTP_WORK,
Callback: PTP_WORK_CALLBACK,
Context: PVOID,
CallbackEnviron: PTP_CALLBACK_ENVIRON,
) -> NTSTATUS;
fn TpReleaseWork(
Work: PTP_WORK,
);
fn TpPostWork(
Work: PTP_WORK,
);
fn TpWaitForWork(
Work: PTP_WORK,
CancelPendingCallbacks: LOGICAL,
);
fn TpAllocTimer(
Timer: *mut PTP_TIMER,
Callback: PTP_TIMER_CALLBACK,
Context: PVOID,
CallbackEnviron: PTP_CALLBACK_ENVIRON,
) -> NTSTATUS;
fn TpReleaseTimer(
Timer: PTP_TIMER,
);
fn TpSetTimer(
Timer: PTP_TIMER,
DueTime: PLARGE_INTEGER,
Period: LONG,
WindowLength: LONG,
);
fn TpIsTimerSet(
Timer: PTP_TIMER,
) -> LOGICAL;
fn TpWaitForTimer(
Timer: PTP_TIMER,
CancelPendingCallbacks: LOGICAL,
);
fn TpAllocWait(
WaitReturn: *mut PTP_WAIT,
Callback: PTP_WAIT_CALLBACK,
Context: PVOID,
CallbackEnviron: PTP_CALLBACK_ENVIRON,
) -> NTSTATUS;
fn TpReleaseWait(
Wait: PTP_WAIT,
);
fn TpSetWait(
Wait: PTP_WAIT,
Handle: HANDLE,
Timeout: PLARGE_INTEGER,
);
fn TpWaitForWait(
Wait: PTP_WAIT,
CancelPendingCallbacks: LOGICAL,
);
}}
FN!{stdcall PTP_IO_CALLBACK(
Instance: PTP_CALLBACK_INSTANCE,
Context: PVOID,
ApcContext: PVOID,
IoSB: PIO_STATUS_BLOCK,
Io: PTP_IO,
) -> ()}
EXTERN!{extern "system" {
fn TpAllocIoCompletion(
IoReturn: *mut PTP_IO,
File: HANDLE,
Callback: PTP_IO_CALLBACK,
Context: PVOID,
CallbackEnviron: PTP_CALLBACK_ENVIRON,
) -> NTSTATUS;
fn TpReleaseIoCompletion(
Io: PTP_IO,
);
fn TpStartAsyncIoOperation(
Io: PTP_IO,
);
fn TpCancelAsyncIoOperation(
Io: PTP_IO,
);
fn TpWaitForIoCompletion(
Io: PTP_IO,
CancelPendingCallbacks: LOGICAL,
);
fn TpAllocAlpcCompletion(
AlpcReturn: *mut PTP_ALPC,
AlpcPort: HANDLE,
Callback: PTP_ALPC_CALLBACK,
Context: PVOID,
CallbackEnviron: PTP_CALLBACK_ENVIRON,
) -> NTSTATUS;
fn TpAllocAlpcCompletionEx(
AlpcReturn: *mut PTP_ALPC,
AlpcPort: HANDLE,
Callback: PTP_ALPC_CALLBACK_EX,
Context: PVOID,
CallbackEnviron: PTP_CALLBACK_ENVIRON,
) -> NTSTATUS;
fn TpReleaseAlpcCompletion(
Alpc: PTP_ALPC,
);
fn TpWaitForAlpcCompletion(
Alpc: PTP_ALPC,
);
}}
ENUM!{enum TP_TRACE_TYPE {
TpTraceThreadPriority = 1,
TpTraceThreadAffinity = 2,
MaxTpTraceType = 3,
}}
EXTERN!{extern "system" {
fn TpCaptureCaller(
Type: TP_TRACE_TYPE,
);
fn TpCheckTerminateWorker(
Thread: HANDLE,
);
}}

476
vendor/ntapi/src/ntwow64.rs vendored Normal file
View File

@@ -0,0 +1,476 @@
use core::mem::size_of;
use crate::ntapi_base::CLIENT_ID32;
use crate::ntldr::{LDR_DDAG_STATE, LDR_DLL_LOAD_REASON};
use crate::ntpsapi::GDI_HANDLE_BUFFER32;
use crate::ntrtl::RTL_MAX_DRIVE_LETTERS;
use crate::string::{UTF16Const, UTF8Const};
use winapi::shared::guiddef::GUID;
use winapi::shared::ntdef::{
BOOLEAN, CHAR, LARGE_INTEGER, LCID, LIST_ENTRY32, LONG, NTSTATUS, PROCESSOR_NUMBER,
SINGLE_LIST_ENTRY32, STRING32, UCHAR, ULARGE_INTEGER, ULONG, ULONGLONG, UNICODE_STRING,
UNICODE_STRING32, USHORT, WCHAR,
};
use winapi::um::winnt::{FLS_MAXIMUM_AVAILABLE, NT_TIB32};
pub const WOW64_SYSTEM_DIRECTORY: UTF8Const = UTF8Const("SysWOW64\0");
/// "SysWOW64"
pub const WOW64_SYSTEM_DIRECTORY_U: UTF16Const = UTF16Const(&[
0x0053, 0x0079, 0x0073, 0x0057, 0x004F, 0x0057, 0x0036, 0x0034, 0u16,
]);
pub const WOW64_X86_TAG: UTF8Const = UTF8Const(" (x86)\0");
/// " (x86)"
pub const WOW64_X86_TAG_U: UTF16Const = UTF16Const(&[
0x0020, 0x0028, 0x0078, 0x0038, 0x0036, 0x0029, 0u16,
]);
ENUM!{enum WOW64_SHARED_INFORMATION {
SharedNtdll32LdrInitializeThunk = 0,
SharedNtdll32KiUserExceptionDispatcher = 1,
SharedNtdll32KiUserApcDispatcher = 2,
SharedNtdll32KiUserCallbackDispatcher = 3,
SharedNtdll32ExpInterlockedPopEntrySListFault = 4,
SharedNtdll32ExpInterlockedPopEntrySListResume = 5,
SharedNtdll32ExpInterlockedPopEntrySListEnd = 6,
SharedNtdll32RtlUserThreadStart = 7,
SharedNtdll32pQueryProcessDebugInformationRemote = 8,
SharedNtdll32BaseAddress = 9,
SharedNtdll32LdrSystemDllInitBlock = 10,
Wow64SharedPageEntriesCount = 11,
}}
STRUCT!{struct RTL_BALANCED_NODE32_u_s {
Left: ULONG, // WOW64_POINTER
Right: ULONG, // WOW64_POINTER
}}
UNION!{union RTL_BALANCED_NODE32_u {
Children: [ULONG; 2], // WOW64_POINTER
s: RTL_BALANCED_NODE32_u_s,
}}
STRUCT!{struct RTL_BALANCED_NODE32 {
u: RTL_BALANCED_NODE32_u,
ParentValue: ULONG,
}}
pub type PRTL_BALANCED_NODE32 = *mut RTL_BALANCED_NODE32;
STRUCT!{struct RTL_RB_TREE32 {
Root: ULONG, // WOW64_POINTER
Min: ULONG, // WOW64_POINTER
}}
pub type PRTL_RB_TREE32 = *mut RTL_RB_TREE32;
STRUCT!{struct PEB_LDR_DATA32 {
Length: ULONG,
Initialized: BOOLEAN,
SsHandle: ULONG,
InLoadOrderModuleList: LIST_ENTRY32,
InMemoryOrderModuleList: LIST_ENTRY32,
InInitializationOrderModuleList: LIST_ENTRY32,
EntryInProgress: ULONG,
ShutdownInProgress: BOOLEAN,
ShutdownThreadId: ULONG,
}}
pub type PPEB_LDR_DATA32 = *mut PEB_LDR_DATA32;
STRUCT!{struct LDR_SERVICE_TAG_RECORD32 {
Next: ULONG,
ServiceTag: ULONG,
}}
pub type PLDR_SERVICE_TAG_RECORD32 = *mut LDR_SERVICE_TAG_RECORD32;
STRUCT!{struct LDRP_CSLIST32 {
Tail: ULONG, // WOW64_POINTER
}}
pub type PLDRP_CSLIST32 = *mut LDRP_CSLIST32;
UNION!{union LDR_DDAG_NODE32_u {
Dependencies: LDRP_CSLIST32,
RemovalLink: SINGLE_LIST_ENTRY32,
}}
STRUCT!{struct LDR_DDAG_NODE32 {
Modules: LIST_ENTRY32,
ServiceTagList: ULONG, // WOW64_POINTER
LoadCount: ULONG,
LoadWhileUnloadingCount: ULONG,
LowestLink: ULONG,
u: LDR_DDAG_NODE32_u,
IncomingDependencies: LDRP_CSLIST32,
State: LDR_DDAG_STATE,
CondenseLink: SINGLE_LIST_ENTRY32,
PreorderNumber: ULONG,
}}
pub type PLDR_DDAG_NODE32 = *mut LDR_DDAG_NODE32;
pub const LDR_DATA_TABLE_ENTRY_SIZE_WINXP_32: usize = 80;
pub const LDR_DATA_TABLE_ENTRY_SIZE_WIN7_32: usize = 144;
pub const LDR_DATA_TABLE_ENTRY_SIZE_WIN8_32: usize = 152;
UNION!{union LDR_DATA_TABLE_ENTRY32_u1 {
InInitializationOrderLinks: LIST_ENTRY32,
InProgressLinks: LIST_ENTRY32,
}}
UNION!{union LDR_DATA_TABLE_ENTRY32_u2 {
FlagGroup: [UCHAR; 4],
Flags: ULONG,
}}
STRUCT!{struct LDR_DATA_TABLE_ENTRY32 {
InLoadOrderLinks: LIST_ENTRY32,
InMemoryOrderLinks: LIST_ENTRY32,
u1: LDR_DATA_TABLE_ENTRY32_u1,
DllBase: ULONG, // WOW64_POINTER
EntryPoint: ULONG, // WOW64_POINTER
SizeOfImage: ULONG,
FullDllName: UNICODE_STRING32,
BaseDllName: UNICODE_STRING32,
u2: LDR_DATA_TABLE_ENTRY32_u2,
ObsoleteLoadCount: USHORT,
TlsIndex: USHORT,
HashLinks: LIST_ENTRY32,
TimeDateStamp: ULONG,
EntryPointActivationContext: ULONG, // WOW64_POINTER
Lock: ULONG, // WOW64_POINTER
DdagNode: ULONG, // WOW64_POINTER
NodeModuleLink: LIST_ENTRY32,
LoadContext: ULONG, // WOW64_POINTER
ParentDllBase: ULONG, // WOW64_POINTER
SwitchBackContext: ULONG, // WOW64_POINTER
BaseAddressIndexNode: RTL_BALANCED_NODE32,
MappingInfoIndexNode: RTL_BALANCED_NODE32,
OriginalBase: ULONG,
LoadTime: LARGE_INTEGER,
BaseNameHashValue: ULONG,
LoadReason: LDR_DLL_LOAD_REASON,
ImplicitPathOptions: ULONG,
ReferenceCount: ULONG,
DependentLoadFlags: ULONG,
SigningLevel: UCHAR,
}}
BITFIELD!{unsafe LDR_DATA_TABLE_ENTRY32_u2 Flags: ULONG [
PackagedBinary set_PackagedBinary[0..1],
MarkedForRemoval set_MarkedForRemoval[1..2],
ImageDll set_ImageDll[2..3],
LoadNotificationsSent set_LoadNotificationsSent[3..4],
TelemetryEntryProcessed set_TelemetryEntryProcessed[4..5],
ProcessStaticImport set_ProcessStaticImport[5..6],
InLegacyLists set_InLegacyLists[6..7],
InIndexes set_InIndexes[7..8],
ShimDll set_ShimDll[8..9],
InExceptionTable set_InExceptionTable[9..10],
ReservedFlags1 set_ReservedFlags1[10..12],
LoadInProgress set_LoadInProgress[12..13],
LoadConfigProcessed set_LoadConfigProcessed[13..14],
EntryProcessed set_EntryProcessed[14..15],
ProtectDelayLoad set_ProtectDelayLoad[15..16],
ReservedFlags3 set_ReservedFlags3[16..18],
DontCallForThreads set_DontCallForThreads[18..19],
ProcessAttachCalled set_ProcessAttachCalled[19..20],
ProcessAttachFailed set_ProcessAttachFailed[20..21],
CorDeferredValidate set_CorDeferredValidate[21..22],
CorImage set_CorImage[22..23],
DontRelocate set_DontRelocate[23..24],
CorILOnly set_CorILOnly[24..25],
ReservedFlags5 set_ReservedFlags5[25..28],
Redirected set_Redirected[28..29],
ReservedFlags6 set_ReservedFlags6[29..31],
CompatDatabaseProcessed set_CompatDatabaseProcessed[31..32],
]}
pub type PLDR_DATA_TABLE_ENTRY32 = *mut LDR_DATA_TABLE_ENTRY32;
STRUCT!{struct CURDIR32 {
DosPath: UNICODE_STRING32,
Handle: ULONG, // WOW64_POINTER
}}
pub type PCURDIR32 = *mut CURDIR32;
STRUCT!{struct RTL_DRIVE_LETTER_CURDIR32 {
Flags: USHORT,
Length: USHORT,
TimeStamp: ULONG,
DosPath: STRING32,
}}
pub type PRTL_DRIVE_LETTER_CURDIR32 = *mut RTL_DRIVE_LETTER_CURDIR32;
STRUCT!{struct RTL_USER_PROCESS_PARAMETERS32 {
MaximumLength: ULONG,
Length: ULONG,
Flags: ULONG,
DebugFlags: ULONG,
ConsoleHandle: ULONG, // WOW64_POINTER
ConsoleFlags: ULONG,
StandardInput: ULONG, // WOW64_POINTER
StandardOutput: ULONG, // WOW64_POINTER
StandardError: ULONG, // WOW64_POINTER
CurrentDirectory: CURDIR32,
DllPath: UNICODE_STRING32,
ImagePathName: UNICODE_STRING32,
CommandLine: UNICODE_STRING32,
Environment: ULONG, // WOW64_POINTER
StartingX: ULONG,
StartingY: ULONG,
CountX: ULONG,
CountY: ULONG,
CountCharsX: ULONG,
CountCharsY: ULONG,
FillAttribute: ULONG,
WindowFlags: ULONG,
ShowWindowFlags: ULONG,
WindowTitle: UNICODE_STRING32,
DesktopInfo: UNICODE_STRING32,
ShellInfo: UNICODE_STRING32,
RuntimeData: UNICODE_STRING32,
CurrentDirectories: [RTL_DRIVE_LETTER_CURDIR32; RTL_MAX_DRIVE_LETTERS],
EnvironmentSize: ULONG,
EnvironmentVersion: ULONG,
PackageDependencyData: ULONG, // WOW64_POINTER
ProcessGroupId: ULONG,
LoaderThreads: ULONG,
}}
pub type PRTL_USER_PROCESS_PARAMETERS32 = *mut RTL_USER_PROCESS_PARAMETERS32;
UNION!{union PEB32_u {
KernelCallbackTable: ULONG, // WOW64_POINTER
UserSharedInfoPtr: ULONG, // WOW64_POINTER
}}
STRUCT!{struct PEB32 {
InheritedAddressSpace: BOOLEAN,
ReadImageFileExecOptions: BOOLEAN,
BeingDebugged: BOOLEAN,
BitField: BOOLEAN,
Mutant: ULONG, // WOW64_POINTER
ImageBaseAddress: ULONG, // WOW64_POINTER
Ldr: ULONG, // WOW64_POINTER
ProcessParameters: ULONG, // WOW64_POINTER
SubSystemData: ULONG, // WOW64_POINTER
ProcessHeap: ULONG, // WOW64_POINTER
FastPebLock: ULONG, // WOW64_POINTER
AtlThunkSListPtr: ULONG, // WOW64_POINTER
IFEOKey: ULONG, // WOW64_POINTER
CrossProcessFlags: ULONG,
u: PEB32_u,
SystemReserved: [ULONG; 1],
AtlThunkSListPtr32: ULONG,
ApiSetMap: ULONG, // WOW64_POINTER
TlsExpansionCounter: ULONG,
TlsBitmap: ULONG, // WOW64_POINTER
TlsBitmapBits: [ULONG; 2],
ReadOnlySharedMemoryBase: ULONG, // WOW64_POINTER
HotpatchInformation: ULONG, // WOW64_POINTER
ReadOnlyStaticServerData: ULONG, // WOW64_POINTER
AnsiCodePageData: ULONG, // WOW64_POINTER
OemCodePageData: ULONG, // WOW64_POINTER
UnicodeCaseTableData: ULONG, // WOW64_POINTER
NumberOfProcessors: ULONG,
NtGlobalFlag: ULONG,
CriticalSectionTimeout: LARGE_INTEGER,
HeapSegmentReserve: ULONG,
HeapSegmentCommit: ULONG,
HeapDeCommitTotalFreeThreshold: ULONG,
HeapDeCommitFreeBlockThreshold: ULONG,
NumberOfHeaps: ULONG,
MaximumNumberOfHeaps: ULONG,
ProcessHeaps: ULONG, // WOW64_POINTER
GdiSharedHandleTable: ULONG, // WOW64_POINTER
ProcessStarterHelper: ULONG, // WOW64_POINTER
GdiDCAttributeList: ULONG,
LoaderLock: ULONG, // WOW64_POINTER
OSMajorVersion: ULONG,
OSMinorVersion: ULONG,
OSBuildNumber: USHORT,
OSCSDVersion: USHORT,
OSPlatformId: ULONG,
ImageSubsystem: ULONG,
ImageSubsystemMajorVersion: ULONG,
ImageSubsystemMinorVersion: ULONG,
ActiveProcessAffinityMask: ULONG,
GdiHandleBuffer: GDI_HANDLE_BUFFER32,
PostProcessInitRoutine: ULONG, // WOW64_POINTER
TlsExpansionBitmap: ULONG, // WOW64_POINTER
TlsExpansionBitmapBits: [ULONG; 32],
SessionId: ULONG,
AppCompatFlags: ULARGE_INTEGER,
AppCompatFlagsUser: ULARGE_INTEGER,
pShimData: ULONG, // WOW64_POINTER
AppCompatInfo: ULONG, // WOW64_POINTER
CSDVersion: UNICODE_STRING32,
ActivationContextData: ULONG, // WOW64_POINTER
ProcessAssemblyStorageMap: ULONG, // WOW64_POINTER
SystemDefaultActivationContextData: ULONG, // WOW64_POINTER
SystemAssemblyStorageMap: ULONG, // WOW64_POINTER
MinimumStackCommit: ULONG,
FlsCallback: ULONG, // WOW64_POINTER
FlsListHead: LIST_ENTRY32,
FlsBitmap: ULONG, // WOW64_POINTER
FlsBitmapBits: [ULONG; FLS_MAXIMUM_AVAILABLE as usize / (size_of::<ULONG>() * 8)],
FlsHighIndex: ULONG,
WerRegistrationData: ULONG, // WOW64_POINTER
WerShipAssertPtr: ULONG, // WOW64_POINTER
pContextData: ULONG, // WOW64_POINTER
pImageHeaderHash: ULONG, // WOW64_POINTER
TracingFlags: ULONG,
CsrServerReadOnlySharedMemoryBase: ULONGLONG,
TppWorkerpListLock: ULONG, // WOW64_POINTER
TppWorkerpList: LIST_ENTRY32,
WaitOnAddressHashTable: [ULONG; 128], // WOW64_POINTER
TelemetryCoverageHeader: ULONG, // WOW64_POINTER
CloudFileFlags: ULONG,
CloudFileDiagFlags: ULONG,
PlaceholderCompatibilityMode: CHAR,
PlaceholderCompatibilityModeReserved: [CHAR; 7],
}}
BITFIELD!{PEB32 BitField: BOOLEAN [
ImageUsesLargePages set_ImageUsesLargePages[0..1],
IsProtectedProcess set_IsProtectedProcess[1..2],
IsImageDynamicallyRelocated set_IsImageDynamicallyRelocated[2..3],
SkipPatchingUser32Forwarders set_SkipPatchingUser32Forwarders[3..4],
IsPackagedProcess set_IsPackagedProcess[4..5],
IsAppContainer set_IsAppContainer[5..6],
IsProtectedProcessLight set_IsProtectedProcessLight[6..7],
IsLongPathAwareProcess set_IsLongPathAwareProcess[7..8],
]}
BITFIELD!{PEB32 CrossProcessFlags: ULONG [
ProcessInJob set_ProcessInJob[0..1],
ProcessInitializing set_ProcessInitializing[1..2],
ProcessUsingVEH set_ProcessUsingVEH[2..3],
ProcessUsingVCH set_ProcessUsingVCH[3..4],
ProcessUsingFTH set_ProcessUsingFTH[4..5],
ReservedBits0 set_ReservedBits0[5..32],
]}
BITFIELD!{PEB32 TracingFlags: ULONG [
HeapTracingEnabled set_HeapTracingEnabled[0..1],
CritSecTracingEnabled set_CritSecTracingEnabled[1..2],
LibLoaderTracingEnabled set_LibLoaderTracingEnabled[2..3],
SpareTracingBits set_SpareTracingBits[3..32],
]}
pub type PPEB32 = *mut PEB32;
pub const GDI_BATCH_BUFFER_SIZE: usize = 310;
STRUCT!{struct GDI_TEB_BATCH32 {
Offset: ULONG,
HDC: ULONG,
Buffer: [ULONG; GDI_BATCH_BUFFER_SIZE],
}}
pub type PGDI_TEB_BATCH32 = *mut GDI_TEB_BATCH32;
STRUCT!{struct TEB32_u_s {
ReservedPad0: UCHAR,
ReservedPad1: UCHAR,
ReservedPad2: UCHAR,
IdealProcessor: UCHAR,
}}
UNION!{union TEB32_u {
CurrentIdealProcessor: PROCESSOR_NUMBER,
IdealProcessorValue: ULONG,
s: TEB32_u_s,
}}
STRUCT!{struct TEB32 {
NtTib: NT_TIB32,
EnvironmentPointer: ULONG, // WOW64_POINTER
ClientId: CLIENT_ID32,
ActiveRpcHandle: ULONG, // WOW64_POINTER
ThreadLocalStoragePointer: ULONG, // WOW64_POINTER
ProcessEnvironmentBlock: ULONG, // WOW64_POINTER
LastErrorValue: ULONG,
CountOfOwnedCriticalSections: ULONG,
CsrClientThread: ULONG, // WOW64_POINTER
Win32ThreadInfo: ULONG, // WOW64_POINTER
User32Reserved: [ULONG; 26],
UserReserved: [ULONG; 5],
WOW32Reserved: ULONG, // WOW64_POINTER
CurrentLocale: LCID,
FpSoftwareStatusRegister: ULONG,
ReservedForDebuggerInstrumentation: [ULONG; 16], // WOW64_POINTER
SystemReserved1: [ULONG; 36], // WOW64_POINTER
WorkingOnBehalfTicket: [UCHAR; 8],
ExceptionCode: NTSTATUS,
ActivationContextStackPointer: ULONG, // WOW64_POINTER
InstrumentationCallbackSp: ULONG,
InstrumentationCallbackPreviousPc: ULONG,
InstrumentationCallbackPreviousSp: ULONG,
InstrumentationCallbackDisabled: BOOLEAN,
SpareBytes: [UCHAR; 23],
TxFsContext: ULONG,
GdiTebBatch: GDI_TEB_BATCH32,
RealClientId: CLIENT_ID32,
GdiCachedProcessHandle: ULONG, // WOW64_POINTER
GdiClientPID: ULONG,
GdiClientTID: ULONG,
GdiThreadLocalInfo: ULONG, // WOW64_POINTER
Win32ClientInfo: [ULONG; 62],
glDispatchTable: [ULONG; 233], // WOW64_POINTER
glReserved1: [ULONG; 29], // WOW64_POINTER
glReserved2: ULONG, // WOW64_POINTER
glSectionInfo: ULONG, // WOW64_POINTER
glSection: ULONG, // WOW64_POINTER
glTable: ULONG, // WOW64_POINTER
glCurrentRC: ULONG, // WOW64_POINTER
glContext: ULONG, // WOW64_POINTER
LastStatusValue: NTSTATUS,
StaticUnicodeString: UNICODE_STRING32,
StaticUnicodeBuffer: [WCHAR; 261],
DeallocationStack: ULONG, // WOW64_POINTER
TlsSlots: [ULONG; 64], // WOW64_POINTER
TlsLinks: LIST_ENTRY32,
Vdm: ULONG, // WOW64_POINTER
ReservedForNtRpc: ULONG, // WOW64_POINTER
DbgSsReserved: [ULONG; 2], // WOW64_POINTER
HardErrorMode: ULONG,
Instrumentation: [ULONG; 9], // WOW64_POINTER
ActivityId: GUID,
SubProcessTag: ULONG, // WOW64_POINTER
PerflibData: ULONG, // WOW64_POINTER
EtwTraceData: ULONG, // WOW64_POINTER
WinSockData: ULONG, // WOW64_POINTER
GdiBatchCount: ULONG,
u: TEB32_u,
GuaranteedStackBytes: ULONG,
ReservedForPerf: ULONG, // WOW64_POINTER
ReservedForOle: ULONG, // WOW64_POINTER
WaitingOnLoaderLock: ULONG,
SavedPriorityState: ULONG, // WOW64_POINTER
ReservedForCodeCoverage: ULONG,
ThreadPoolData: ULONG, // WOW64_POINTER
TlsExpansionSlots: ULONG, // WOW64_POINTER
MuiGeneration: ULONG,
IsImpersonating: ULONG,
NlsCache: ULONG, // WOW64_POINTER
pShimData: ULONG, // WOW64_POINTER
HeapVirtualAffinity: USHORT,
LowFragHeapDataSlot: USHORT,
CurrentTransactionHandle: ULONG, // WOW64_POINTER
ActiveFrame: ULONG, // WOW64_POINTER
FlsData: ULONG, // WOW64_POINTER
PreferredLanguages: ULONG, // WOW64_POINTER
UserPrefLanguages: ULONG, // WOW64_POINTER
MergedPrefLanguages: ULONG, // WOW64_POINTER
MuiImpersonation: ULONG,
CrossTebFlags: USHORT,
SameTebFlags: USHORT,
TxnScopeEnterCallback: ULONG, // WOW64_POINTER
TxnScopeExitCallback: ULONG, // WOW64_POINTER
TxnScopeContext: ULONG, // WOW64_POINTER
LockCount: ULONG,
WowTebOffset: LONG,
ResourceRetValue: ULONG, // WOW64_POINTER
ReservedForWdf: ULONG, // WOW64_POINTER
ReservedForCrt: ULONGLONG,
EffectiveContainerId: GUID,
}}
BITFIELD!{TEB32 SameTebFlags: USHORT [
SafeThunkCall set_SafeThunkCall[0..1],
InDebugPrint set_InDebugPrint[1..2],
HasFiberData set_HasFiberData[2..3],
SkipThreadAttach set_SkipThreadAttach[3..4],
WerInShipAssertCode set_WerInShipAssertCode[4..5],
RanProcessInit set_RanProcessInit[5..6],
ClonedThread set_ClonedThread[6..7],
SuppressDebugMsg set_SuppressDebugMsg[7..8],
DisableUserStackWalk set_DisableUserStackWalk[8..9],
RtlExceptionAttached set_RtlExceptionAttached[9..10],
InitialThread set_InitialThread[10..11],
SessionAware set_SessionAware[11..12],
LoadOwner set_LoadOwner[12..13],
LoaderWorker set_LoaderWorker[13..14],
SpareSameTebBits set_SpareSameTebBits[14..16],
]}
pub type PTEB32 = *mut TEB32;
#[inline]
pub fn UStr32ToUStr(
Destination: &mut UNICODE_STRING,
Source: &UNICODE_STRING32,
) {
Destination.Length = Source.Length;
Destination.MaximumLength = Source.MaximumLength;
Destination.Buffer = Source.Buffer as *mut u16;
}
#[inline]
pub fn UStrToUStr32(
Destination: &mut UNICODE_STRING32,
Source: &UNICODE_STRING,
) {
Destination.Length = Source.Length;
Destination.MaximumLength = Source.MaximumLength;
Destination.Buffer = Source.Buffer as u32;
}

29
vendor/ntapi/src/ntxcapi.rs vendored Normal file
View File

@@ -0,0 +1,29 @@
use winapi::shared::ntdef::{BOOLEAN, NTSTATUS, PSTR, PVOID, ULONG};
use winapi::um::winnt::{PCONTEXT, PEXCEPTION_RECORD};
EXTERN!{extern "system" {
fn RtlDispatchException(
ExceptionRecord: PEXCEPTION_RECORD,
ContextRecord: PCONTEXT,
) -> BOOLEAN;
fn RtlRaiseStatus(
Status: NTSTATUS,
);
fn RtlRaiseException(
ExceptionRecord: PEXCEPTION_RECORD,
);
fn NtContinue(
ContextRecord: PCONTEXT,
TestAlert: BOOLEAN,
) -> NTSTATUS;
fn NtRaiseException(
ExceptionRecord: PEXCEPTION_RECORD,
ContextRecord: PCONTEXT,
FirstChance: BOOLEAN,
) -> NTSTATUS;
fn RtlAssert(
VoidFailedAssertion: PVOID,
VoidFileName: PVOID,
LineNumber: ULONG,
MutableMessage: PSTR,
);
}}

2699
vendor/ntapi/src/ntzwapi.rs vendored Normal file
View File

File diff suppressed because it is too large Load Diff

58
vendor/ntapi/src/string.rs vendored Normal file
View File

@@ -0,0 +1,58 @@
/// A wrapper over UTF16 string constants.
pub struct UTF16Const(pub &'static [u16]);
impl UTF16Const {
#[inline]
pub fn as_ptr(&self) -> *const u16 {
self.0.as_ptr()
}
#[inline]
pub fn as_mut_ptr(&self) -> *mut u16 {
self.0.as_ptr() as *mut u16
}
#[inline]
pub fn len(&self) -> usize {
self.0.len() - 1
}
}
impl AsRef<[u16]> for UTF16Const {
#[inline]
fn as_ref(&self) -> &[u16] {
&self.0[..self.len()]
}
}
impl Copy for UTF16Const {}
impl Clone for UTF16Const {
#[inline]
fn clone(&self) -> UTF16Const { *self }
}
/// A wrapper over UTF8 string constants.
pub struct UTF8Const(pub &'static str);
impl UTF8Const {
#[inline]
pub fn as_ptr(&self) -> *const i8 {
self.0.as_ptr() as *const i8
}
#[inline]
pub fn as_mut_ptr(&self) -> *mut i8 {
self.0.as_ptr() as *mut i8
}
#[inline]
pub fn len(&self) -> usize {
self.0.len() - 1
}
#[inline]
pub fn as_str(&self) -> &str {
&self.0[..self.len()]
}
}
impl AsRef<str> for UTF8Const {
#[inline]
fn as_ref(&self) -> &str {
&self.0[..self.len()]
}
}
impl Copy for UTF8Const {}
impl Clone for UTF8Const {
#[inline]
fn clone(&self) -> UTF8Const { *self }
}

77
vendor/ntapi/src/subprocesstag.rs vendored Normal file
View File

@@ -0,0 +1,77 @@
use winapi::shared::minwindef::DWORD;
use winapi::shared::ntdef::{LPCWSTR, LPWSTR, PVOID};
ENUM!{enum TAG_INFO_LEVEL {
eTagInfoLevelNameFromTag = 1,
eTagInfoLevelNamesReferencingModule = 2,
eTagInfoLevelNameTagMapping = 3,
eTagInfoLevelMax = 4,
}}
ENUM!{enum TAG_TYPE {
eTagTypeService = 1,
eTagTypeMax = 2,
}}
STRUCT!{struct TAG_INFO_NAME_FROM_TAG_IN_PARAMS {
dwPid: DWORD,
dwTag: DWORD,
}}
pub type PTAG_INFO_NAME_FROM_TAG_IN_PARAMS = *mut TAG_INFO_NAME_FROM_TAG_IN_PARAMS;
STRUCT!{struct TAG_INFO_NAME_FROM_TAG_OUT_PARAMS {
eTagType: DWORD,
pszName: LPWSTR,
}}
pub type PTAG_INFO_NAME_FROM_TAG_OUT_PARAMS = *mut TAG_INFO_NAME_FROM_TAG_OUT_PARAMS;
STRUCT!{struct TAG_INFO_NAME_FROM_TAG {
InParams: TAG_INFO_NAME_FROM_TAG_IN_PARAMS,
OutParams: TAG_INFO_NAME_FROM_TAG_OUT_PARAMS,
}}
pub type PTAG_INFO_NAME_FROM_TAG = *mut TAG_INFO_NAME_FROM_TAG;
STRUCT!{struct TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS {
dwPid: DWORD,
pszModule: LPWSTR,
}}
pub type PTAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS =
*mut TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS;
STRUCT!{struct TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS {
eTagType: DWORD,
pmszNames: LPWSTR,
}}
pub type PTAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS =
*mut TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS;
STRUCT!{struct TAG_INFO_NAMES_REFERENCING_MODULE {
InParams: TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS,
OutParams: TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS,
}}
pub type PTAG_INFO_NAMES_REFERENCING_MODULE = *mut TAG_INFO_NAMES_REFERENCING_MODULE;
STRUCT!{struct TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS {
dwPid: DWORD,
}}
pub type PTAG_INFO_NAME_TAG_MAPPING_IN_PARAMS = *mut TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS;
STRUCT!{struct TAG_INFO_NAME_TAG_MAPPING_ELEMENT {
eTagType: DWORD,
dwTag: DWORD,
pszName: LPWSTR,
pszGroupName: LPWSTR,
}}
pub type PTAG_INFO_NAME_TAG_MAPPING_ELEMENT = *mut TAG_INFO_NAME_TAG_MAPPING_ELEMENT;
STRUCT!{struct TAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS {
cElements: DWORD,
pNameTagMappingElements: PTAG_INFO_NAME_TAG_MAPPING_ELEMENT,
}}
pub type PTAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS = *mut TAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS;
STRUCT!{struct TAG_INFO_NAME_TAG_MAPPING {
InParams: TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS,
pOutParams: PTAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS,
}}
pub type PTAG_INFO_NAME_TAG_MAPPING = *mut TAG_INFO_NAME_TAG_MAPPING;
EXTERN!{extern "system" {
fn I_QueryTagInformation(
pszMachineName: LPCWSTR,
eInfoLevel: TAG_INFO_LEVEL,
pTagInfo: PVOID,
) -> DWORD;
}}
FN!{stdcall PQUERY_TAG_INFORMATION(
pszMachineName: LPCWSTR,
eInfoLevel: TAG_INFO_LEVEL,
pTagInfo: PVOID,
) -> DWORD}

1
vendor/ntapi/src/winapi_local.rs vendored Normal file
View File

@@ -0,0 +1 @@
pub mod um;

2
vendor/ntapi/src/winapi_local/um.rs vendored Normal file
View File

@@ -0,0 +1,2 @@
pub(crate) mod winioctl;
pub mod winnt;

4
vendor/ntapi/src/winapi_local/um/winioctl.rs vendored Normal file
View File

@@ -0,0 +1,4 @@
#[inline]
pub(crate) const fn CTL_CODE(DeviceType: u32, Function: u32, Method: u32, Access: u32) -> u32 {
(DeviceType << 16) | (Access << 14) | (Function << 2) | Method
}

71
vendor/ntapi/src/winapi_local/um/winnt.rs vendored Normal file
View File

@@ -0,0 +1,71 @@
use winapi::shared::basetsd::{DWORD64, SIZE_T, ULONG64};
use winapi::shared::minwindef::DWORD;
use winapi::um::winnt::{HANDLE, PVOID};
#[doc(hidden)]
#[inline]
pub const fn UInt32x32To64(a: u32, b: u32) -> u64 {
a as u64 * b as u64
}
#[cfg(not(target_arch = "aarch64"))]
IFDEF!{
use core::arch::asm;
use crate::ntpebteb::TEB;
#[inline]
pub unsafe fn __readfsdword(Offset: DWORD) -> DWORD {
let out: u32;
asm!(
"mov {:e}, fs:[{:e}]",
lateout(reg) out,
in(reg) Offset,
options(nostack, pure, readonly),
);
out
}
#[inline]
#[cfg(target_pointer_width = "64")]
pub unsafe fn __readgsqword(Offset: DWORD) -> DWORD64 {
let out: u64;
asm!(
"mov {}, gs:[{:e}]",
lateout(reg) out,
in(reg) Offset,
options(nostack, pure, readonly),
);
out
}
#[inline] #[allow(unused_unsafe)]
pub unsafe fn NtCurrentTeb() -> *mut TEB {
use winapi::um::winnt::NT_TIB;
let teb_offset = FIELD_OFFSET!(NT_TIB, _Self) as u32;
#[cfg(target_arch = "x86_64")] {
__readgsqword(teb_offset) as *mut TEB
}
#[cfg(target_arch = "x86")] {
__readfsdword(teb_offset) as *mut TEB
}
}
}
ENUM!{enum MEM_EXTENDED_PARAMETER_TYPE {
MemExtendedParameterInvalidType = 0,
MemExtendedParameterAddressRequirements = 1,
MemExtendedParameterNumaNode = 2,
MemExtendedParameterPartitionHandle = 3,
MemExtendedParameterMax = 4,
}}
pub type PMEM_EXTENDED_PARAMETER_TYPE = *mut MEM_EXTENDED_PARAMETER_TYPE;
UNION!{union MEM_EXTENDED_PARAMETER_u {
ULong64: DWORD64,
Pointer: PVOID,
Size: SIZE_T,
Handle: HANDLE,
ULong: DWORD,
}}
STRUCT!{struct MEM_EXTENDED_PARAMETER {
BitFields: ULONG64,
u: MEM_EXTENDED_PARAMETER_u,
}}
BITFIELD!{MEM_EXTENDED_PARAMETER BitFields: ULONG64 [
Type set_Type[0..8],
Reserved set_Reserved[8..64],
]}
pub type PMEM_EXTENDED_PARAMETER = *mut MEM_EXTENDED_PARAMETER;

848
vendor/ntapi/src/winsta.rs vendored Normal file
View File

@@ -0,0 +1,848 @@
use core::ptr::null_mut;
use crate::ntrtl::RTL_TIME_ZONE_INFORMATION;
use winapi::shared::basetsd::SIZE_T;
use winapi::shared::minwindef::{BYTE, DWORD, FILETIME};
use winapi::shared::ntdef::{
BOOLEAN, CHAR, HANDLE, LARGE_INTEGER, LONG, PULONG, PVOID, PWSTR, UCHAR, ULONG, UNICODE_STRING,
USHORT, WCHAR,
};
use winapi::shared::windef::HWND;
use winapi::um::winnt::{PSID, STANDARD_RIGHTS_REQUIRED};
pub const WINSTATION_QUERY: u32 = 0x00000001;
pub const WINSTATION_SET: u32 = 0x00000002;
pub const WINSTATION_RESET: u32 = 0x00000004;
pub const WINSTATION_VIRTUAL: u32 = 0x00000008;
pub const WINSTATION_SHADOW: u32 = 0x00000010;
pub const WINSTATION_LOGON: u32 = 0x00000020;
pub const WINSTATION_LOGOFF: u32 = 0x00000040;
pub const WINSTATION_MSG: u32 = 0x00000080;
pub const WINSTATION_CONNECT: u32 = 0x00000100;
pub const WINSTATION_DISCONNECT: u32 = 0x00000200;
pub const WINSTATION_GUEST_ACCESS: u32 = WINSTATION_LOGON;
pub const WINSTATION_CURRENT_GUEST_ACCESS: u32 = WINSTATION_VIRTUAL | WINSTATION_LOGOFF;
pub const WINSTATION_USER_ACCESS: u32 =
WINSTATION_GUEST_ACCESS | WINSTATION_QUERY | WINSTATION_CONNECT;
pub const WINSTATION_CURRENT_USER_ACCESS: u32 = WINSTATION_SET | WINSTATION_RESET
| WINSTATION_VIRTUAL | WINSTATION_LOGOFF | WINSTATION_DISCONNECT;
pub const WINSTATION_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | WINSTATION_QUERY | WINSTATION_SET
| WINSTATION_RESET | WINSTATION_VIRTUAL | WINSTATION_SHADOW | WINSTATION_LOGON | WINSTATION_MSG
| WINSTATION_CONNECT | WINSTATION_DISCONNECT;
pub const WDPREFIX_LENGTH: usize = 12;
pub const CALLBACK_LENGTH: usize = 50;
pub const DLLNAME_LENGTH: usize = 32;
pub const CDNAME_LENGTH: usize = 32;
pub const WDNAME_LENGTH: usize = 32;
pub const PDNAME_LENGTH: usize = 32;
pub const DEVICENAME_LENGTH: usize = 128;
pub const MODEMNAME_LENGTH: usize = DEVICENAME_LENGTH;
pub const STACK_ADDRESS_LENGTH: usize = 128;
pub const MAX_BR_NAME: usize = 65;
pub const DIRECTORY_LENGTH: usize = 256;
pub const INITIALPROGRAM_LENGTH: usize = 256;
pub const USERNAME_LENGTH: usize = 20;
pub const DOMAIN_LENGTH: usize = 17;
pub const PASSWORD_LENGTH: usize = 14;
pub const NASISPECIFICNAME_LENGTH: usize = 14;
pub const NASIUSERNAME_LENGTH: usize = 47;
pub const NASIPASSWORD_LENGTH: usize = 24;
pub const NASISESSIONNAME_LENGTH: usize = 16;
pub const NASIFILESERVER_LENGTH: usize = 47;
pub const CLIENTDATANAME_LENGTH: usize = 7;
pub const CLIENTNAME_LENGTH: usize = 20;
pub const CLIENTADDRESS_LENGTH: usize = 30;
pub const IMEFILENAME_LENGTH: usize = 32;
pub const CLIENTLICENSE_LENGTH: usize = 32;
pub const CLIENTMODEM_LENGTH: usize = 40;
pub const CLIENT_PRODUCT_ID_LENGTH: usize = 32;
pub const MAX_COUNTER_EXTENSIONS: u32 = 2;
pub const WINSTATIONNAME_LENGTH: usize = 32;
pub const TERMSRV_TOTAL_SESSIONS: u32 = 1;
pub const TERMSRV_DISC_SESSIONS: u32 = 2;
pub const TERMSRV_RECON_SESSIONS: u32 = 3;
pub const TERMSRV_CURRENT_ACTIVE_SESSIONS: u32 = 4;
pub const TERMSRV_CURRENT_DISC_SESSIONS: u32 = 5;
pub const TERMSRV_PENDING_SESSIONS: u32 = 6;
pub const TERMSRV_SUCC_TOTAL_LOGONS: u32 = 7;
pub const TERMSRV_SUCC_LOCAL_LOGONS: u32 = 8;
pub const TERMSRV_SUCC_REMOTE_LOGONS: u32 = 9;
pub const TERMSRV_SUCC_SESSION0_LOGONS: u32 = 10;
pub const TERMSRV_CURRENT_TERMINATING_SESSIONS: u32 = 11;
pub const TERMSRV_CURRENT_LOGGEDON_SESSIONS: u32 = 12;
pub type PTS_TIME_ZONE_INFORMATION = *mut RTL_TIME_ZONE_INFORMATION;
pub type TS_TIME_ZONE_INFORMATION = RTL_TIME_ZONE_INFORMATION;
pub type WINSTATIONNAME = [WCHAR; WINSTATIONNAME_LENGTH + 1];
STRUCT!{struct VARDATA_WIRE {
Size: USHORT,
Offset: USHORT,
}}
pub type PVARDATA_WIRE = *mut VARDATA_WIRE;
ENUM!{enum WINSTATIONSTATECLASS {
State_Active = 0,
State_Connected = 1,
State_ConnectQuery = 2,
State_Shadow = 3,
State_Disconnected = 4,
State_Idle = 5,
State_Listen = 6,
State_Reset = 7,
State_Down = 8,
State_Init = 9,
}}
UNION!{union SESSIONIDW_u {
SessionId: ULONG,
LogonId: ULONG,
}}
STRUCT!{struct SESSIONIDW {
u: SESSIONIDW_u,
WinStationName: WINSTATIONNAME,
State: WINSTATIONSTATECLASS,
}}
pub type PSESSIONIDW = *mut SESSIONIDW;
ENUM!{enum WINSTATIONINFOCLASS {
WinStationCreateData = 0,
WinStationConfiguration = 1,
WinStationPdParams = 2,
WinStationWd = 3,
WinStationPd = 4,
WinStationPrinter = 5,
WinStationClient = 6,
WinStationModules = 7,
WinStationInformation = 8,
WinStationTrace = 9,
WinStationBeep = 10,
WinStationEncryptionOff = 11,
WinStationEncryptionPerm = 12,
WinStationNtSecurity = 13,
WinStationUserToken = 14,
WinStationUnused1 = 15,
WinStationVideoData = 16,
WinStationInitialProgram = 17,
WinStationCd = 18,
WinStationSystemTrace = 19,
WinStationVirtualData = 20,
WinStationClientData = 21,
WinStationSecureDesktopEnter = 22,
WinStationSecureDesktopExit = 23,
WinStationLoadBalanceSessionTarget = 24,
WinStationLoadIndicator = 25,
WinStationShadowInfo = 26,
WinStationDigProductId = 27,
WinStationLockedState = 28,
WinStationRemoteAddress = 29,
WinStationIdleTime = 30,
WinStationLastReconnectType = 31,
WinStationDisallowAutoReconnect = 32,
WinStationMprNotifyInfo = 33,
WinStationExecSrvSystemPipe = 34,
WinStationSmartCardAutoLogon = 35,
WinStationIsAdminLoggedOn = 36,
WinStationReconnectedFromId = 37,
WinStationEffectsPolicy = 38,
WinStationType = 39,
WinStationInformationEx = 40,
WinStationValidationInfo = 41,
}}
STRUCT!{struct WINSTATIONCREATE {
Bitfields: ULONG,
MaxInstanceCount: ULONG,
}}
BITFIELD!{WINSTATIONCREATE Bitfields: ULONG [
fEnableWinStation set_fEnableWinStation[0..1],
]}
pub type PWINSTATIONCREATE = *mut WINSTATIONCREATE;
STRUCT!{struct WINSTACONFIGWIRE {
Comment: [WCHAR; 61],
OEMId: [CHAR; 4],
UserConfig: VARDATA_WIRE,
NewFields: VARDATA_WIRE,
}}
pub type PWINSTACONFIGWIRE = *mut WINSTACONFIGWIRE;
ENUM!{enum CALLBACKCLASS {
Callback_Disable = 0,
Callback_Roving = 1,
Callback_Fixed = 2,
}}
ENUM!{enum SHADOWCLASS {
Shadow_Disable = 0,
Shadow_EnableInputNotify = 1,
Shadow_EnableInputNoNotify = 2,
Shadow_EnableNoInputNotify = 3,
Shadow_EnableNoInputNoNotify = 4,
}}
STRUCT!{struct USERCONFIG {
Bitfields: ULONG,
Bitfields2: ULONG,
UserName: [WCHAR; USERNAME_LENGTH + 1],
Domain: [WCHAR; DOMAIN_LENGTH + 1],
Password: [WCHAR; PASSWORD_LENGTH + 1],
WorkDirectory: [WCHAR; DIRECTORY_LENGTH + 1],
InitialProgram: [WCHAR; INITIALPROGRAM_LENGTH + 1],
CallbackNumber: [WCHAR; CALLBACK_LENGTH + 1],
Callback: CALLBACKCLASS,
Shadow: SHADOWCLASS,
MaxConnectionTime: ULONG,
MaxDisconnectionTime: ULONG,
MaxIdleTime: ULONG,
KeyboardLayout: ULONG,
MinEncryptionLevel: BYTE,
NWLogonServer: [WCHAR; NASIFILESERVER_LENGTH + 1],
PublishedName: [WCHAR; MAX_BR_NAME],
WFProfilePath: [WCHAR; DIRECTORY_LENGTH + 1],
WFHomeDir: [WCHAR; DIRECTORY_LENGTH + 1],
WFHomeDirDrive: [WCHAR; 4],
}}
BITFIELD!{USERCONFIG Bitfields: ULONG [
fInheritAutoLogon set_fInheritAutoLogon[0..1],
fInheritResetBroken set_fInheritResetBroken[1..2],
fInheritReconnectSame set_fInheritReconnectSame[2..3],
fInheritInitialProgram set_fInheritInitialProgram[3..4],
fInheritCallback set_fInheritCallback[4..5],
fInheritCallbackNumber set_fInheritCallbackNumber[5..6],
fInheritShadow set_fInheritShadow[6..7],
fInheritMaxSessionTime set_fInheritMaxSessionTime[7..8],
fInheritMaxDisconnectionTime set_fInheritMaxDisconnectionTime[8..9],
fInheritMaxIdleTime set_fInheritMaxIdleTime[9..10],
fInheritAutoClient set_fInheritAutoClient[10..11],
fInheritSecurity set_fInheritSecurity[11..12],
fPromptForPassword set_fPromptForPassword[12..13],
fResetBroken set_fResetBroken[13..14],
fReconnectSame set_fReconnectSame[14..15],
fLogonDisabled set_fLogonDisabled[15..16],
fWallPaperDisabled set_fWallPaperDisabled[16..17],
fAutoClientDrives set_fAutoClientDrives[17..18],
fAutoClientLpts set_fAutoClientLpts[18..19],
fForceClientLptDef set_fForceClientLptDef[19..20],
fRequireEncryption set_fRequireEncryption[20..21],
fDisableEncryption set_fDisableEncryption[21..22],
fUnused1 set_fUnused1[22..23],
fHomeDirectoryMapRoot set_fHomeDirectoryMapRoot[23..24],
fUseDefaultGina set_fUseDefaultGina[24..25],
fCursorBlinkDisabled set_fCursorBlinkDisabled[25..26],
fPublishedApp set_fPublishedApp[26..27],
fHideTitleBar set_fHideTitleBar[27..28],
fMaximize set_fMaximize[28..29],
fDisableCpm set_fDisableCpm[29..30],
fDisableCdm set_fDisableCdm[30..31],
fDisableCcm set_fDisableCcm[31..32],
]}
BITFIELD!{USERCONFIG Bitfields2: ULONG [
fDisableLPT set_fDisableLPT[0..1],
fDisableClip set_fDisableClip[1..2],
fDisableExe set_fDisableExe[2..3],
fDisableCam set_fDisableCam[3..4],
fDisableAutoReconnect set_fDisableAutoReconnect[4..5],
ColorDepth set_ColorDepth[5..6],
fInheritColorDepth set_fInheritColorDepth[6..7],
fErrorInvalidProfile set_fErrorInvalidProfile[7..8],
fPasswordIsScPin set_fPasswordIsScPin[8..9],
fDisablePNPRedir set_fDisablePNPRedir[9..10],
]}
pub type PUSERCONFIG = *mut USERCONFIG;
ENUM!{enum SDCLASS {
SdNone = 0,
SdConsole = 1,
SdNetwork = 2,
SdAsync = 3,
SdOemTransport = 4,
}}
pub type DEVICENAME = [WCHAR; DEVICENAME_LENGTH + 1];
pub type MODEMNAME = [WCHAR; MODEMNAME_LENGTH + 1];
pub type NASISPECIFICNAME = [WCHAR; NASISPECIFICNAME_LENGTH + 1];
pub type NASIUSERNAME = [WCHAR; NASIUSERNAME_LENGTH + 1];
pub type NASIPASSWORD = [WCHAR; NASIPASSWORD_LENGTH + 1];
pub type NASISESIONNAME = [WCHAR; NASISESSIONNAME_LENGTH + 1];
pub type NASIFILESERVER = [WCHAR; NASIFILESERVER_LENGTH + 1];
pub type WDNAME = [WCHAR; WDNAME_LENGTH + 1];
pub type WDPREFIX = [WCHAR; WDPREFIX_LENGTH + 1];
pub type CDNAME = [WCHAR; CDNAME_LENGTH + 1];
pub type DLLNAME = [WCHAR; DLLNAME_LENGTH + 1];
pub type PDNAME = [WCHAR; PDNAME_LENGTH + 1];
STRUCT!{struct NETWORKCONFIG {
LanAdapter: LONG,
NetworkName: DEVICENAME,
Flags: ULONG,
}}
pub type PNETWORKCONFIG = *mut NETWORKCONFIG;
ENUM!{enum FLOWCONTROLCLASS {
FlowControl_None = 0,
FlowControl_Hardware = 1,
FlowControl_Software = 2,
}}
ENUM!{enum RECEIVEFLOWCONTROLCLASS {
ReceiveFlowControl_None = 0,
ReceiveFlowControl_RTS = 1,
ReceiveFlowControl_DTR = 2,
}}
ENUM!{enum TRANSMITFLOWCONTROLCLASS {
TransmitFlowControl_None = 0,
TransmitFlowControl_CTS = 1,
TransmitFlowControl_DSR = 2,
}}
ENUM!{enum ASYNCCONNECTCLASS {
Connect_CTS = 0,
Connect_DSR = 1,
Connect_RI = 2,
Connect_DCD = 3,
Connect_FirstChar = 4,
Connect_Perm = 5,
}}
STRUCT!{struct FLOWCONTROLCONFIG {
Bitfields: ULONG,
XonChar: CHAR,
XoffChar: CHAR,
Type: FLOWCONTROLCLASS,
HardwareReceive: RECEIVEFLOWCONTROLCLASS,
HardwareTransmit: TRANSMITFLOWCONTROLCLASS,
}}
BITFIELD!{FLOWCONTROLCONFIG Bitfields: ULONG [
fEnableSoftwareTx set_fEnableSoftwareTx[0..1],
fEnableSoftwareRx set_fEnableSoftwareRx[1..2],
fEnableDTR set_fEnableDTR[2..3],
fEnableRTS set_fEnableRTS[3..4],
]}
pub type PFLOWCONTROLCONFIG = *mut FLOWCONTROLCONFIG;
STRUCT!{struct CONNECTCONFIG {
Type: ASYNCCONNECTCLASS,
Bitfields: ULONG,
}}
BITFIELD!{CONNECTCONFIG Bitfields: ULONG [
fEnableBreakDisconnect set_fEnableBreakDisconnect[0..1],
]}
pub type PCONNECTCONFIG = *mut CONNECTCONFIG;
STRUCT!{struct ASYNCCONFIG {
DeviceName: DEVICENAME,
ModemName: MODEMNAME,
BaudRate: ULONG,
Parity: ULONG,
StopBits: ULONG,
ByteSize: ULONG,
Bitfields: ULONG,
FlowControl: FLOWCONTROLCONFIG,
Connect: CONNECTCONFIG,
}}
BITFIELD!{ASYNCCONFIG Bitfields: ULONG [
fEnableDsrSensitivity set_fEnableDsrSensitivity[0..1],
fConnectionDriver set_fConnectionDriver[1..2],
]}
pub type PASYNCCONFIG = *mut ASYNCCONFIG;
STRUCT!{struct NASICONFIG {
SpecificName: NASISPECIFICNAME,
UserName: NASIUSERNAME,
PassWord: NASIPASSWORD,
SessionName: NASISESIONNAME,
FileServer: NASIFILESERVER,
GlobalSession: BOOLEAN,
}}
pub type PNASICONFIG = *mut NASICONFIG;
STRUCT!{struct OEMTDCONFIG {
Adapter: LONG,
DeviceName: DEVICENAME,
Flags: ULONG,
}}
pub type POEMTDCONFIG = *mut OEMTDCONFIG;
UNION!{union PDPARAMS_u {
Network: NETWORKCONFIG,
Async: ASYNCCONFIG,
Nasi: NASICONFIG,
OemTd: OEMTDCONFIG,
}}
STRUCT!{struct PDPARAMS {
SdClass: SDCLASS,
u: PDPARAMS_u,
}}
pub type PPDPARAMS = *mut PDPARAMS;
STRUCT!{struct WDCONFIG {
WdName: WDNAME,
WdDLL: DLLNAME,
WsxDLL: DLLNAME,
WdFlag: ULONG,
WdInputBufferLength: ULONG,
CfgDLL: DLLNAME,
WdPrefix: WDPREFIX,
}}
pub type PWDCONFIG = *mut WDCONFIG;
STRUCT!{struct PDCONFIG2 {
PdName: PDNAME,
SdClass: SDCLASS,
PdDLL: DLLNAME,
PdFlag: ULONG,
OutBufLength: ULONG,
OutBufCount: ULONG,
OutBufDelay: ULONG,
InteractiveDelay: ULONG,
PortNumber: ULONG,
KeepAliveTimeout: ULONG,
}}
pub type PPDCONFIG2 = *mut PDCONFIG2;
STRUCT!{struct WINSTATIONCLIENT {
Bitfields: ULONG,
ClientName: [WCHAR; CLIENTNAME_LENGTH + 1],
Domain: [WCHAR; DOMAIN_LENGTH + 1],
UserName: [WCHAR; USERNAME_LENGTH + 1],
Password: [WCHAR; PASSWORD_LENGTH + 1],
WorkDirectory: [WCHAR; DIRECTORY_LENGTH + 1],
InitialProgram: [WCHAR; INITIALPROGRAM_LENGTH + 1],
SerialNumber: ULONG,
EncryptionLevel: BYTE,
ClientAddressFamily: ULONG,
ClientAddress: [WCHAR; CLIENTADDRESS_LENGTH + 1],
HRes: USHORT,
VRes: USHORT,
ColorDepth: USHORT,
ProtocolType: USHORT,
KeyboardLayout: ULONG,
KeyboardType: ULONG,
KeyboardSubType: ULONG,
KeyboardFunctionKey: ULONG,
ImeFileName: [WCHAR; IMEFILENAME_LENGTH + 1],
ClientDirectory: [WCHAR; DIRECTORY_LENGTH + 1],
ClientLicense: [WCHAR; CLIENTLICENSE_LENGTH + 1],
ClientModem: [WCHAR; CLIENTMODEM_LENGTH + 1],
ClientBuildNumber: ULONG,
ClientHardwareId: ULONG,
ClientProductId: USHORT,
OutBufCountHost: USHORT,
OutBufCountClient: USHORT,
OutBufLength: USHORT,
AudioDriverName: [WCHAR; 9],
ClientTimeZone: TS_TIME_ZONE_INFORMATION,
ClientSessionId: ULONG,
ClientDigProductId: [WCHAR; CLIENT_PRODUCT_ID_LENGTH],
PerformanceFlags: ULONG,
ActiveInputLocale: ULONG,
}}
BITFIELD!{WINSTATIONCLIENT Bitfields: ULONG [
fTextOnly set_fTextOnly[0..1],
fDisableCtrlAltDel set_fDisableCtrlAltDel[1..2],
fMouse set_fMouse[2..3],
fDoubleClickDetect set_fDoubleClickDetect[3..4],
fINetClient set_fINetClient[4..5],
fPromptForPassword set_fPromptForPassword[5..6],
fMaximizeShell set_fMaximizeShell[6..7],
fEnableWindowsKey set_fEnableWindowsKey[7..8],
fRemoteConsoleAudio set_fRemoteConsoleAudio[8..9],
fPasswordIsScPin set_fPasswordIsScPin[9..10],
fNoAudioPlayback set_fNoAudioPlayback[10..11],
fUsingSavedCreds set_fUsingSavedCreds[11..12],
]}
pub type PWINSTATIONCLIENT = *mut WINSTATIONCLIENT;
STRUCT!{struct TSHARE_COUNTERS {
Reserved: ULONG,
}}
pub type PTSHARE_COUNTERS = *mut TSHARE_COUNTERS;
UNION!{union PROTOCOLCOUNTERS_Specific {
TShareCounters: TSHARE_COUNTERS,
Reserved: [ULONG; 100],
}}
STRUCT!{struct PROTOCOLCOUNTERS {
WdBytes: ULONG,
WdFrames: ULONG,
WaitForOutBuf: ULONG,
Frames: ULONG,
Bytes: ULONG,
CompressedBytes: ULONG,
CompressFlushes: ULONG,
Errors: ULONG,
Timeouts: ULONG,
AsyncFramingError: ULONG,
AsyncOverrunError: ULONG,
AsyncOverflowError: ULONG,
AsyncParityError: ULONG,
TdErrors: ULONG,
ProtocolType: USHORT,
Length: USHORT,
Specific: PROTOCOLCOUNTERS_Specific,
}}
pub type PPROTOCOLCOUNTERS = *mut PROTOCOLCOUNTERS;
STRUCT!{struct THINWIRECACHE {
CacheReads: ULONG,
CacheHits: ULONG,
}}
pub type PTHINWIRECACHE = *mut THINWIRECACHE;
pub const MAX_THINWIRECACHE: usize = 4;
STRUCT!{struct RESERVED_CACHE {
ThinWireCache: [THINWIRECACHE; MAX_THINWIRECACHE],
}}
pub type PRESERVED_CACHE = *mut RESERVED_CACHE;
STRUCT!{struct TSHARE_CACHE {
Reserved: ULONG,
}}
pub type PTSHARE_CACHE = *mut TSHARE_CACHE;
UNION!{union CACHE_STATISTICS_Specific {
ReservedCacheStats: RESERVED_CACHE,
TShareCacheStats: TSHARE_CACHE,
Reserved: [ULONG; 20],
}}
STRUCT!{struct CACHE_STATISTICS {
ProtocolType: USHORT,
Length: USHORT,
Specific: CACHE_STATISTICS_Specific,
}}
pub type PCACHE_STATISTICS = *mut CACHE_STATISTICS;
STRUCT!{struct PROTOCOLSTATUS {
Output: PROTOCOLCOUNTERS,
Input: PROTOCOLCOUNTERS,
Cache: CACHE_STATISTICS,
AsyncSignal: ULONG,
AsyncSignalMask: ULONG,
}}
pub type PPROTOCOLSTATUS = *mut PROTOCOLSTATUS;
STRUCT!{struct WINSTATIONINFORMATION {
ConnectState: WINSTATIONSTATECLASS,
WinStationName: WINSTATIONNAME,
LogonId: ULONG,
ConnectTime: LARGE_INTEGER,
DisconnectTime: LARGE_INTEGER,
LastInputTime: LARGE_INTEGER,
LogonTime: LARGE_INTEGER,
Status: PROTOCOLSTATUS,
Domain: [WCHAR; DOMAIN_LENGTH + 1],
UserName: [WCHAR; USERNAME_LENGTH + 1],
CurrentTime: LARGE_INTEGER,
}}
pub type PWINSTATIONINFORMATION = *mut WINSTATIONINFORMATION;
STRUCT!{struct WINSTATIONUSERTOKEN {
ProcessId: HANDLE,
ThreadId: HANDLE,
UserToken: HANDLE,
}}
pub type PWINSTATIONUSERTOKEN = *mut WINSTATIONUSERTOKEN;
STRUCT!{struct WINSTATIONVIDEODATA {
HResolution: USHORT,
VResolution: USHORT,
fColorDepth: USHORT,
}}
pub type PWINSTATIONVIDEODATA = *mut WINSTATIONVIDEODATA;
ENUM!{enum CDCLASS {
CdNone = 0,
CdModem = 1,
CdClass_Maximum = 2,
}}
STRUCT!{struct CDCONFIG {
CdClass: CDCLASS,
CdName: CDNAME,
CdDLL: DLLNAME,
CdFlag: ULONG,
}}
pub type PCDCONFIG = *mut CDCONFIG;
pub type CLIENTDATANAME = [CHAR; CLIENTDATANAME_LENGTH + 1];
pub type PCLIENTDATANAME = *mut CHAR;
STRUCT!{struct WINSTATIONCLIENTDATA {
DataName: CLIENTDATANAME,
fUnicodeData: BOOLEAN,
}}
pub type PWINSTATIONCLIENTDATA = *mut WINSTATIONCLIENTDATA;
ENUM!{enum LOADFACTORTYPE {
ErrorConstraint = 0,
PagedPoolConstraint = 1,
NonPagedPoolConstraint = 2,
AvailablePagesConstraint = 3,
SystemPtesConstraint = 4,
CPUConstraint = 5,
}}
STRUCT!{struct WINSTATIONLOADINDICATORDATA {
RemainingSessionCapacity: ULONG,
LoadFactor: LOADFACTORTYPE,
TotalSessions: ULONG,
DisconnectedSessions: ULONG,
IdleCPU: LARGE_INTEGER,
TotalCPU: LARGE_INTEGER,
RawSessionCapacity: ULONG,
reserved: [ULONG; 9],
}}
pub type PWINSTATIONLOADINDICATORDATA = *mut WINSTATIONLOADINDICATORDATA;
ENUM!{enum SHADOWSTATECLASS {
State_NoShadow = 0,
State_Shadowing = 1,
State_Shadowed = 2,
}}
STRUCT!{struct WINSTATIONSHADOW {
ShadowState: SHADOWSTATECLASS,
ShadowClass: SHADOWCLASS,
SessionId: ULONG,
ProtocolType: ULONG,
}}
pub type PWINSTATIONSHADOW = *mut WINSTATIONSHADOW;
STRUCT!{struct WINSTATIONPRODID {
DigProductId: [WCHAR; CLIENT_PRODUCT_ID_LENGTH],
ClientDigProductId: [WCHAR; CLIENT_PRODUCT_ID_LENGTH],
OuterMostDigProductId: [WCHAR; CLIENT_PRODUCT_ID_LENGTH],
CurrentSessionId: ULONG,
ClientSessionId: ULONG,
OuterMostSessionId: ULONG,
}}
pub type PWINSTATIONPRODID = *mut WINSTATIONPRODID;
STRUCT!{struct WINSTATIONREMOTEADDRESS_u_ipv4 {
sin_port: USHORT,
sin_addr: ULONG,
sin_zero: [UCHAR; 8],
}}
STRUCT!{struct WINSTATIONREMOTEADDRESS_u_ipv6 {
sin6_port: USHORT,
sin6_flowinfo: ULONG,
sin6_addr: [USHORT; 8],
sin6_scope_id: ULONG,
}}
UNION!{union WINSTATIONREMOTEADDRESS_u {
ipv4: WINSTATIONREMOTEADDRESS_u_ipv4,
ipv6: WINSTATIONREMOTEADDRESS_u_ipv6,
}}
STRUCT!{struct WINSTATIONREMOTEADDRESS {
sin_family: USHORT,
u: WINSTATIONREMOTEADDRESS_u,
}}
pub type PWINSTATIONREMOTEADDRESS = *mut WINSTATIONREMOTEADDRESS;
STRUCT!{struct WINSTATIONINFORMATIONEX_LEVEL1 {
SessionId: ULONG,
SessionState: WINSTATIONSTATECLASS,
SessionFlags: LONG,
WinStationName: WINSTATIONNAME,
UserName: [WCHAR; USERNAME_LENGTH + 1],
DomainName: [WCHAR; DOMAIN_LENGTH + 1],
LogonTime: LARGE_INTEGER,
ConnectTime: LARGE_INTEGER,
DisconnectTime: LARGE_INTEGER,
LastInputTime: LARGE_INTEGER,
CurrentTime: LARGE_INTEGER,
ProtocolStatus: PROTOCOLSTATUS,
}}
pub type PWINSTATIONINFORMATIONEX_LEVEL1 = *mut WINSTATIONINFORMATIONEX_LEVEL1;
STRUCT!{struct WINSTATIONINFORMATIONEX_LEVEL2 {
SessionId: ULONG,
SessionState: WINSTATIONSTATECLASS,
SessionFlags: LONG,
WinStationName: WINSTATIONNAME,
SamCompatibleUserName: [WCHAR; USERNAME_LENGTH + 1],
SamCompatibleDomainName: [WCHAR; DOMAIN_LENGTH + 1],
LogonTime: LARGE_INTEGER,
ConnectTime: LARGE_INTEGER,
DisconnectTime: LARGE_INTEGER,
LastInputTime: LARGE_INTEGER,
CurrentTime: LARGE_INTEGER,
ProtocolStatus: PROTOCOLSTATUS,
UserName: [WCHAR; 257],
DomainName: [WCHAR; 256],
}}
pub type PWINSTATIONINFORMATIONEX_LEVEL2 = *mut WINSTATIONINFORMATIONEX_LEVEL2;
UNION!{union WINSTATIONINFORMATIONEX_LEVEL {
WinStationInfoExLevel1: WINSTATIONINFORMATIONEX_LEVEL1,
WinStationInfoExLevel2: WINSTATIONINFORMATIONEX_LEVEL2,
}}
pub type PWINSTATIONINFORMATIONEX_LEVEL = *mut WINSTATIONINFORMATIONEX_LEVEL;
STRUCT!{struct WINSTATIONINFORMATIONEX {
Level: ULONG,
Data: WINSTATIONINFORMATIONEX_LEVEL,
}}
pub type PWINSTATIONINFORMATIONEX = *mut WINSTATIONINFORMATIONEX;
pub const TS_PROCESS_INFO_MAGIC_NT4: u32 = 0x23495452;
STRUCT!{struct TS_PROCESS_INFORMATION_NT4 {
MagicNumber: ULONG,
LogonId: ULONG,
ProcessSid: PVOID,
Pad: ULONG,
}}
pub type PTS_PROCESS_INFORMATION_NT4 = *mut TS_PROCESS_INFORMATION_NT4;
pub const SIZEOF_TS4_SYSTEM_THREAD_INFORMATION: u32 = 64;
pub const SIZEOF_TS4_SYSTEM_PROCESS_INFORMATION: u32 = 136;
STRUCT!{struct TS_SYS_PROCESS_INFORMATION {
NextEntryOffset: ULONG,
NumberOfThreads: ULONG,
SpareLi1: LARGE_INTEGER,
SpareLi2: LARGE_INTEGER,
SpareLi3: LARGE_INTEGER,
CreateTime: LARGE_INTEGER,
UserTime: LARGE_INTEGER,
KernelTime: LARGE_INTEGER,
ImageName: UNICODE_STRING,
BasePriority: LONG,
UniqueProcessId: ULONG,
InheritedFromUniqueProcessId: ULONG,
HandleCount: ULONG,
SessionId: ULONG,
SpareUl3: ULONG,
PeakVirtualSize: SIZE_T,
VirtualSize: SIZE_T,
PageFaultCount: ULONG,
PeakWorkingSetSize: ULONG,
WorkingSetSize: ULONG,
QuotaPeakPagedPoolUsage: SIZE_T,
QuotaPagedPoolUsage: SIZE_T,
QuotaPeakNonPagedPoolUsage: SIZE_T,
QuotaNonPagedPoolUsage: SIZE_T,
PagefileUsage: SIZE_T,
PeakPagefileUsage: SIZE_T,
PrivatePageCount: SIZE_T,
}}
pub type PTS_SYS_PROCESS_INFORMATION = *mut TS_SYS_PROCESS_INFORMATION;
STRUCT!{struct TS_ALL_PROCESSES_INFO {
pTsProcessInfo: PTS_SYS_PROCESS_INFORMATION,
SizeOfSid: ULONG,
pSid: PSID,
}}
pub type PTS_ALL_PROCESSES_INFO = *mut TS_ALL_PROCESSES_INFO;
STRUCT!{struct TS_COUNTER_HEADER {
dwCounterID: DWORD,
bResult: BOOLEAN,
}}
pub type PTS_COUNTER_HEADER = *mut TS_COUNTER_HEADER;
STRUCT!{struct TS_COUNTER {
CounterHead: TS_COUNTER_HEADER,
dwValue: DWORD,
StartTime: LARGE_INTEGER,
}}
pub type PTS_COUNTER = *mut TS_COUNTER;
pub const WSD_LOGOFF: ULONG = 0x1;
pub const WSD_SHUTDOWN: ULONG = 0x2;
pub const WSD_REBOOT: ULONG = 0x4;
pub const WSD_POWEROFF: ULONG = 0x8;
pub const WEVENT_NONE: ULONG = 0x0;
pub const WEVENT_CREATE: ULONG = 0x1;
pub const WEVENT_DELETE: ULONG = 0x2;
pub const WEVENT_RENAME: ULONG = 0x4;
pub const WEVENT_CONNECT: ULONG = 0x8;
pub const WEVENT_DISCONNECT: ULONG = 0x10;
pub const WEVENT_LOGON: ULONG = 0x20;
pub const WEVENT_LOGOFF: ULONG = 0x40;
pub const WEVENT_STATECHANGE: ULONG = 0x80;
pub const WEVENT_LICENSE: ULONG = 0x100;
pub const WEVENT_ALL: ULONG = 0x7fffffff;
pub const WEVENT_FLUSH: ULONG = 0x80000000;
pub const KBDSHIFT: USHORT = 0x1;
pub const KBDCTRL: USHORT = 0x2;
pub const KBDALT: USHORT = 0x4;
pub const WNOTIFY_ALL_SESSIONS: ULONG = 0x1;
pub const LOGONID_CURRENT: i32 = -1;
pub const SERVERNAME_CURRENT: PWSTR = null_mut();
EXTERN!{extern "system" {
fn WinStationFreeMemory(
Buffer: PVOID,
) -> BOOLEAN;
fn WinStationOpenServerW(
ServerName: PWSTR,
) -> HANDLE;
fn WinStationCloseServer(
ServerHandle: HANDLE,
) -> BOOLEAN;
fn WinStationServerPing(
ServerHandle: HANDLE,
) -> BOOLEAN;
fn WinStationGetTermSrvCountersValue(
ServerHandle: HANDLE,
Count: ULONG,
Counters: PTS_COUNTER,
) -> BOOLEAN;
fn WinStationShutdownSystem(
ServerHandle: HANDLE,
ShutdownFlags: ULONG,
) -> BOOLEAN;
fn WinStationWaitSystemEvent(
ServerHandle: HANDLE,
EventMask: ULONG,
EventFlags: PULONG,
) -> BOOLEAN;
fn WinStationRegisterConsoleNotification(
ServerHandle: HANDLE,
WindowHandle: HWND,
Flags: ULONG,
) -> BOOLEAN;
fn WinStationUnRegisterConsoleNotification(
ServerHandle: HANDLE,
WindowHandle: HWND,
) -> BOOLEAN;
fn WinStationEnumerateW(
ServerHandle: HANDLE,
SessionIds: *mut PSESSIONIDW,
Count: PULONG,
) -> BOOLEAN;
fn WinStationQueryInformationW(
ServerHandle: HANDLE,
SessionId: ULONG,
WinStationInformationClass: WINSTATIONINFOCLASS,
pWinStationInformation: PVOID,
WinStationInformationLength: ULONG,
pReturnLength: PULONG,
) -> BOOLEAN;
fn WinStationSetInformationW(
ServerHandle: HANDLE,
SessionId: ULONG,
WinStationInformationClass: WINSTATIONINFOCLASS,
pWinStationInformation: PVOID,
WinStationInformationLength: ULONG,
) -> BOOLEAN;
fn WinStationNameFromLogonIdW(
ServerHandle: HANDLE,
SessionId: ULONG,
pWinStationName: PWSTR,
) -> BOOLEAN;
fn WinStationSendMessageW(
ServerHandle: HANDLE,
SessionId: ULONG,
Title: PWSTR,
TitleLength: ULONG,
Message: PWSTR,
MessageLength: ULONG,
Style: ULONG,
Timeout: ULONG,
Response: PULONG,
DoNotWait: BOOLEAN,
) -> BOOLEAN;
fn WinStationConnectW(
ServerHandle: HANDLE,
SessionId: ULONG,
TargetSessionId: ULONG,
pPassword: PWSTR,
bWait: BOOLEAN,
) -> BOOLEAN;
fn WinStationDisconnect(
ServerHandle: HANDLE,
SessionId: ULONG,
bWait: BOOLEAN,
) -> BOOLEAN;
fn WinStationReset(
ServerHandle: HANDLE,
SessionId: ULONG,
bWait: BOOLEAN,
) -> BOOLEAN;
fn WinStationShadow(
ServerHandle: HANDLE,
TargetServerName: PWSTR,
TargetSessionId: ULONG,
HotKeyVk: UCHAR,
HotkeyModifiers: USHORT,
) -> BOOLEAN;
fn WinStationShadowStop(
ServerHandle: HANDLE,
SessionId: ULONG,
bWait: BOOLEAN,
) -> BOOLEAN;
fn WinStationEnumerateProcesses(
ServerHandle: HANDLE,
Processes: *mut PVOID,
) -> BOOLEAN;
fn WinStationGetAllProcesses(
ServerHandle: HANDLE,
Level: ULONG,
NumberOfProcesses: PULONG,
Processes: *mut PTS_ALL_PROCESSES_INFO,
) -> BOOLEAN;
fn WinStationFreeGAPMemory(
Level: ULONG,
Processes: PTS_ALL_PROCESSES_INFO,
NumberOfProcesses: ULONG,
) -> BOOLEAN;
fn WinStationTerminateProcess(
ServerHandle: HANDLE,
ProcessId: ULONG,
ExitCode: ULONG,
) -> BOOLEAN;
fn WinStationGetProcessSid(
ServerHandle: HANDLE,
ProcessId: ULONG,
ProcessStartTime: FILETIME,
pProcessUserSid: PVOID,
dwSidSize: PULONG,
) -> BOOLEAN;
fn WinStationSwitchToServicesSession() -> BOOLEAN;
fn WinStationRevertFromServicesSession() -> BOOLEAN;
fn _WinStationWaitForConnect() -> BOOLEAN;
}}