Google Git
Sign in
android / toolchain / rustc / refs/heads/main / . / vendor / ntapi-0.3.7 / src / ntexapi.rs
blob: 5fa47c913728e1cc3102b9c92a01bd18f69d0916 [file] [log] [blame] [edit]
use core::mem::uninitialized;
use core::ptr::read_volatile;
#[cfg(target_arch = "x86")]
use core::sync::atomic::spin_loop_hint;
use crate::ntapi_base::{CLIENT_ID, KPRIORITY, KSYSTEM_TIME, PRTL_ATOM, RTL_ATOM};
use crate::ntioapi::{BUS_DATA_TYPE, FILE_IO_COMPLETION_INFORMATION, INTERFACE_TYPE};
use crate::ntkeapi::{KPROFILE_SOURCE, KTHREAD_STATE, KWAIT_REASON};
use crate::ntldr::RTL_PROCESS_MODULE_INFORMATION_EX;
use crate::ntpebteb::PTEB;
use crate::ntpoapi::COUNTED_REASON_CONTEXT;
use winapi::shared::basetsd::{KAFFINITY, PULONG64, PULONG_PTR, SIZE_T, ULONG64, ULONG_PTR};
use winapi::shared::evntrace::PROFILE_SOURCE_INFO;
use winapi::shared::guiddef::{GUID, LPGUID};
use winapi::shared::ntdef::{
BOOLEAN, CCHAR, EVENT_TYPE, HANDLE, LANGID, LARGE_INTEGER, LCID, LOGICAL, LONG, LONGLONG,
NTSTATUS, NT_PRODUCT_TYPE, PBOOLEAN, PCHAR, PCWNF_STATE_NAME, PGROUP_AFFINITY, PHANDLE,
PHYSICAL_ADDRESS, PLARGE_INTEGER, PLCID, PLONG, PLUID, POBJECT_ATTRIBUTES, PUCHAR,
PULARGE_INTEGER, PULONG, PUNICODE_STRING, PUSHORT, PVOID, PWNF_STATE_NAME, PWSTR, TIMER_TYPE,
UCHAR, ULARGE_INTEGER, ULONG, ULONGLONG, UNICODE_STRING, USHORT, VOID, WCHAR, WNF_STATE_NAME,
};
use winapi::um::winnt::{
ACCESS_MASK, ANYSIZE_ARRAY, FIRMWARE_TYPE, GENERIC_MAPPING, PSECURITY_DESCRIPTOR,
STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE, XSTATE_CONFIGURATION,
};
use crate::winapi_local::um::winnt::UInt32x32To64;
EXTERN!{extern "system" {
fn NtDelayExecution(
Alertable: BOOLEAN,
DelayInterval: PLARGE_INTEGER,
) -> NTSTATUS;
fn NtQuerySystemEnvironmentValue(
VariableName: PUNICODE_STRING,
VariableValue: PWSTR,
ValueLength: USHORT,
ReturnLength: PUSHORT,
) -> NTSTATUS;
fn NtSetSystemEnvironmentValue(
VariableName: PUNICODE_STRING,
VariableValue: PUNICODE_STRING,
) -> NTSTATUS;
fn NtQuerySystemEnvironmentValueEx(
VariableName: PUNICODE_STRING,
VendorGuid: LPGUID,
Value: PVOID,
ValueLength: PULONG,
Attributes: PULONG,
) -> NTSTATUS;
fn NtSetSystemEnvironmentValueEx(
VariableName: PUNICODE_STRING,
VendorGuid: LPGUID,
Value: PVOID,
ValueLength: ULONG,
Attributes: ULONG,
) -> NTSTATUS;
fn NtEnumerateSystemEnvironmentValuesEx(
InformationClass: ULONG,
Buffer: PVOID,
BufferLength: PULONG,
) -> NTSTATUS;
}}
STRUCT!{struct BOOT_ENTRY {
Version: ULONG,
Length: ULONG,
Id: ULONG,
Attributes: ULONG,
FriendlyNameOffset: ULONG,
BootFilePathOffset: ULONG,
OsOptionsLength: ULONG,
OsOptions: [UCHAR; 1],
}}
pub type PBOOT_ENTRY = *mut BOOT_ENTRY;
STRUCT!{struct BOOT_ENTRY_LIST {
NextEntryOffset: ULONG,
BootEntry: BOOT_ENTRY,
}}
pub type PBOOT_ENTRY_LIST = *mut BOOT_ENTRY_LIST;
STRUCT!{struct BOOT_OPTIONS {
Version: ULONG,
Length: ULONG,
Timeout: ULONG,
CurrentBootEntryId: ULONG,
NextBootEntryId: ULONG,
HeadlessRedirection: [WCHAR; 1],
}}
pub type PBOOT_OPTIONS = *mut BOOT_OPTIONS;
STRUCT!{struct FILE_PATH {
Version: ULONG,
Length: ULONG,
Type: ULONG,
FilePath: [UCHAR; 1],
}}
pub type PFILE_PATH = *mut FILE_PATH;
STRUCT!{struct EFI_DRIVER_ENTRY {
Version: ULONG,
Length: ULONG,
Id: ULONG,
FriendlyNameOffset: ULONG,
DriverFilePathOffset: ULONG,
}}
pub type PEFI_DRIVER_ENTRY = *mut EFI_DRIVER_ENTRY;
STRUCT!{struct EFI_DRIVER_ENTRY_LIST {
NextEntryOffset: ULONG,
DriverEntry: EFI_DRIVER_ENTRY,
}}
pub type PEFI_DRIVER_ENTRY_LIST = *mut EFI_DRIVER_ENTRY_LIST;
EXTERN!{extern "system" {
fn NtAddBootEntry(
BootEntry: PBOOT_ENTRY,
Id: PULONG,
) -> NTSTATUS;
fn NtDeleteBootEntry(
Id: ULONG,
) -> NTSTATUS;
fn NtModifyBootEntry(
BootEntry: PBOOT_ENTRY,
) -> NTSTATUS;
fn NtEnumerateBootEntries(
Buffer: PVOID,
BufferLength: PULONG,
) -> NTSTATUS;
fn NtQueryBootEntryOrder(
Ids: PULONG,
Count: PULONG,
) -> NTSTATUS;
fn NtSetBootEntryOrder(
Ids: PULONG,
Count: ULONG,
) -> NTSTATUS;
fn NtQueryBootOptions(
BootOptions: PBOOT_OPTIONS,
BootOptionsLength: PULONG,
) -> NTSTATUS;
fn NtSetBootOptions(
BootOptions: PBOOT_OPTIONS,
FieldsToChange: ULONG,
) -> NTSTATUS;
fn NtTranslateFilePath(
InputFilePath: PFILE_PATH,
OutputType: ULONG,
OutputFilePath: PFILE_PATH,
OutputFilePathLength: PULONG,
) -> NTSTATUS;
fn NtAddDriverEntry(
DriverEntry: PEFI_DRIVER_ENTRY,
Id: PULONG,
) -> NTSTATUS;
fn NtDeleteDriverEntry(
Id: ULONG,
) -> NTSTATUS;
fn NtModifyDriverEntry(
DriverEntry: PEFI_DRIVER_ENTRY,
) -> NTSTATUS;
fn NtEnumerateDriverEntries(
Buffer: PVOID,
BufferLength: PULONG,
) -> NTSTATUS;
fn NtQueryDriverEntryOrder(
Ids: PULONG,
Count: PULONG,
) -> NTSTATUS;
fn NtSetDriverEntryOrder(
Ids: PULONG,
Count: ULONG,
) -> NTSTATUS;
}}
ENUM!{enum FILTER_BOOT_OPTION_OPERATION {
FilterBootOptionOperationOpenSystemStore = 0,
FilterBootOptionOperationSetElement = 1,
FilterBootOptionOperationDeleteElement = 2,
FilterBootOptionOperationMax = 3,
}}
EXTERN!{extern "system" {
fn NtFilterBootOption(
FilterOperation: FILTER_BOOT_OPTION_OPERATION,
ObjectType: ULONG,
ElementType: ULONG,
Data: PVOID,
DataSize: ULONG,
) -> NTSTATUS;
}}
pub const EVENT_QUERY_STATE: u32 = 0x0001;
ENUM!{enum EVENT_INFORMATION_CLASS {
EventBasicInformation = 0,
}}
STRUCT!{struct EVENT_BASIC_INFORMATION {
EventType: EVENT_TYPE,
EventState: LONG,
}}
pub type PEVENT_BASIC_INFORMATION = *mut EVENT_BASIC_INFORMATION;
EXTERN!{extern "system" {
fn NtCreateEvent(
EventHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
EventType: EVENT_TYPE,
InitialState: BOOLEAN,
) -> NTSTATUS;
fn NtOpenEvent(
EventHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn NtSetEvent(
EventHandle: HANDLE,
PreviousState: PLONG,
) -> NTSTATUS;
fn NtSetEventBoostPriority(
EventHandle: HANDLE,
) -> NTSTATUS;
fn NtClearEvent(
EventHandle: HANDLE,
) -> NTSTATUS;
fn NtResetEvent(
EventHandle: HANDLE,
PreviousState: PLONG,
) -> NTSTATUS;
fn NtPulseEvent(
EventHandle: HANDLE,
PreviousState: PLONG,
) -> NTSTATUS;
fn NtQueryEvent(
EventHandle: HANDLE,
EventInformationClass: EVENT_INFORMATION_CLASS,
EventInformation: PVOID,
EventInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
}}
pub const EVENT_PAIR_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE;
EXTERN!{extern "system" {
fn NtCreateEventPair(
EventPairHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn NtOpenEventPair(
EventPairHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn NtSetLowEventPair(
EventPairHandle: HANDLE,
) -> NTSTATUS;
fn NtSetHighEventPair(
EventPairHandle: HANDLE,
) -> NTSTATUS;
fn NtWaitLowEventPair(
EventPairHandle: HANDLE,
) -> NTSTATUS;
fn NtWaitHighEventPair(
EventPairHandle: HANDLE,
) -> NTSTATUS;
fn NtSetLowWaitHighEventPair(
EventPairHandle: HANDLE,
) -> NTSTATUS;
fn NtSetHighWaitLowEventPair(
EventPairHandle: HANDLE,
) -> NTSTATUS;
}}
ENUM!{enum MUTANT_INFORMATION_CLASS {
MutantBasicInformation = 0,
MutantOwnerInformation = 1,
}}
STRUCT!{struct MUTANT_BASIC_INFORMATION {
CurrentCount: LONG,
OwnedByCaller: BOOLEAN,
AbandonedState: BOOLEAN,
}}
pub type PMUTANT_BASIC_INFORMATION = *mut MUTANT_BASIC_INFORMATION;
STRUCT!{struct MUTANT_OWNER_INFORMATION {
ClientId: CLIENT_ID,
}}
pub type PMUTANT_OWNER_INFORMATION = *mut MUTANT_OWNER_INFORMATION;
EXTERN!{extern "system" {
fn NtCreateMutant(
MutantHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
InitialOwner: BOOLEAN,
) -> NTSTATUS;
fn NtOpenMutant(
MutantHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn NtReleaseMutant(
MutantHandle: HANDLE,
PreviousCount: PLONG,
) -> NTSTATUS;
fn NtQueryMutant(
MutantHandle: HANDLE,
MutantInformationClass: MUTANT_INFORMATION_CLASS,
MutantInformation: PVOID,
MutantInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
}}
pub const SEMAPHORE_QUERY_STATE: u32 = 0x0001;
ENUM!{enum SEMAPHORE_INFORMATION_CLASS {
SemaphoreBasicInformation = 0,
}}
STRUCT!{struct SEMAPHORE_BASIC_INFORMATION {
CurrentCount: LONG,
MaximumCount: LONG,
}}
pub type PSEMAPHORE_BASIC_INFORMATION = *mut SEMAPHORE_BASIC_INFORMATION;
EXTERN!{extern "system" {
fn NtCreateSemaphore(
SemaphoreHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
InitialCount: LONG,
MaximumCount: LONG,
) -> NTSTATUS;
fn NtOpenSemaphore(
SemaphoreHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn NtReleaseSemaphore(
SemaphoreHandle: HANDLE,
ReleaseCount: LONG,
PreviousCount: PLONG,
) -> NTSTATUS;
fn NtQuerySemaphore(
SemaphoreHandle: HANDLE,
SemaphoreInformationClass: SEMAPHORE_INFORMATION_CLASS,
SemaphoreInformation: PVOID,
SemaphoreInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
}}
ENUM!{enum TIMER_INFORMATION_CLASS {
TimerBasicInformation = 0,
}}
STRUCT!{struct TIMER_BASIC_INFORMATION {
RemainingTime: LARGE_INTEGER,
TimerState: BOOLEAN,
}}
pub type PTIMER_BASIC_INFORMATION = *mut TIMER_BASIC_INFORMATION;
FN!{stdcall PTIMER_APC_ROUTINE(
TimerContext: PVOID,
TimerLowValue: ULONG,
TimerHighValue: LONG,
) -> ()}
ENUM!{enum TIMER_SET_INFORMATION_CLASS {
TimerSetCoalescableTimer = 0,
MaxTimerInfoClass = 1,
}}
STRUCT!{struct TIMER_SET_COALESCABLE_TIMER_INFO {
DueTime: LARGE_INTEGER,
TimerApcRoutine: PTIMER_APC_ROUTINE,
TimerContext: PVOID,
WakeContext: *mut COUNTED_REASON_CONTEXT,
Period: ULONG,
TolerableDelay: ULONG,
PreviousState: PBOOLEAN,
}}
pub type PTIMER_SET_COALESCABLE_TIMER_INFO = *mut TIMER_SET_COALESCABLE_TIMER_INFO;
EXTERN!{extern "system" {
fn NtCreateTimer(
TimerHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
TimerType: TIMER_TYPE,
) -> NTSTATUS;
fn NtOpenTimer(
TimerHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn NtSetTimer(
TimerHandle: HANDLE,
DueTime: PLARGE_INTEGER,
TimerApcRoutine: PTIMER_APC_ROUTINE,
TimerContext: PVOID,
ResumeTimer: BOOLEAN,
Period: LONG,
PreviousState: PBOOLEAN,
) -> NTSTATUS;
fn NtSetTimerEx(
TimerHandle: HANDLE,
TimerSetInformationClass: TIMER_SET_INFORMATION_CLASS,
TimerSetInformation: PVOID,
TimerSetInformationLength: ULONG,
) -> NTSTATUS;
fn NtCancelTimer(
TimerHandle: HANDLE,
CurrentState: PBOOLEAN,
) -> NTSTATUS;
fn NtQueryTimer(
TimerHandle: HANDLE,
TimerInformationClass: TIMER_INFORMATION_CLASS,
TimerInformation: PVOID,
TimerInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn NtCreateIRTimer(
TimerHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
) -> NTSTATUS;
fn NtSetIRTimer(
TimerHandle: HANDLE,
DueTime: PLARGE_INTEGER,
) -> NTSTATUS;
}}
STRUCT!{struct T2_SET_PARAMETERS {
Version: ULONG,
Reserved: ULONG,
NoWakeTolerance: LONGLONG,
}}
pub type PT2_SET_PARAMETERS = *mut T2_SET_PARAMETERS;
pub type PT2_CANCEL_PARAMETERS = PVOID;
EXTERN!{extern "system" {
fn NtCreateTimer2(
TimerHandle: PHANDLE,
Reserved1: PVOID,
Reserved2: PVOID,
Attributes: ULONG,
DesiredAccess: ACCESS_MASK,
) -> NTSTATUS;
fn NtSetTimer2(
TimerHandle: HANDLE,
DueTime: PLARGE_INTEGER,
Period: PLARGE_INTEGER,
Parameters: PT2_SET_PARAMETERS,
) -> NTSTATUS;
fn NtCancelTimer2(
TimerHandle: HANDLE,
Parameters: PT2_CANCEL_PARAMETERS,
) -> NTSTATUS;
}}
pub const PROFILE_CONTROL: u32 = 0x0001;
pub const PROFILE_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | PROFILE_CONTROL;
EXTERN!{extern "system" {
fn NtCreateProfile(
ProfileHandle: PHANDLE,
Process: HANDLE,
ProfileBase: PVOID,
ProfileSize: SIZE_T,
BucketSize: ULONG,
Buffer: PULONG,
BufferSize: ULONG,
ProfileSource: KPROFILE_SOURCE,
Affinity: KAFFINITY,
) -> NTSTATUS;
fn NtCreateProfileEx(
ProfileHandle: PHANDLE,
Process: HANDLE,
ProfileBase: PVOID,
ProfileSize: SIZE_T,
BucketSize: ULONG,
Buffer: PULONG,
BufferSize: ULONG,
ProfileSource: KPROFILE_SOURCE,
GroupCount: USHORT,
GroupAffinity: PGROUP_AFFINITY,
) -> NTSTATUS;
fn NtStartProfile(
ProfileHandle: HANDLE,
) -> NTSTATUS;
fn NtStopProfile(
ProfileHandle: HANDLE,
) -> NTSTATUS;
fn NtQueryIntervalProfile(
ProfileSource: KPROFILE_SOURCE,
Interval: PULONG,
) -> NTSTATUS;
fn NtSetIntervalProfile(
Interval: ULONG,
Source: KPROFILE_SOURCE,
) -> NTSTATUS;
}}
pub const KEYEDEVENT_WAIT: ULONG = 0x0001;
pub const KEYEDEVENT_WAKE: ULONG = 0x0002;
pub const KEYEDEVENT_ALL_ACCESS: ACCESS_MASK =
STANDARD_RIGHTS_REQUIRED | KEYEDEVENT_WAIT | KEYEDEVENT_WAKE;
EXTERN!{extern "system" {
fn NtCreateKeyedEvent(
KeyedEventHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
Flags: ULONG,
) -> NTSTATUS;
fn NtOpenKeyedEvent(
KeyedEventHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn NtReleaseKeyedEvent(
KeyedEventHandle: HANDLE,
KeyValue: PVOID,
Alertable: BOOLEAN,
Timeout: PLARGE_INTEGER,
) -> NTSTATUS;
fn NtWaitForKeyedEvent(
KeyedEventHandle: HANDLE,
KeyValue: PVOID,
Alertable: BOOLEAN,
Timeout: PLARGE_INTEGER,
) -> NTSTATUS;
fn NtUmsThreadYield(
SchedulerParam: PVOID,
) -> NTSTATUS;
}}
ENUM!{enum WNF_STATE_NAME_LIFETIME {
WnfWellKnownStateName = 0,
WnfPermanentStateName = 1,
WnfPersistentStateName = 2,
WnfTemporaryStateName = 3,
}}
ENUM!{enum WNF_STATE_NAME_INFORMATION {
WnfInfoStateNameExist = 0,
WnfInfoSubscribersPresent = 1,
WnfInfoIsQuiescent = 2,
}}
ENUM!{enum WNF_DATA_SCOPE {
WnfDataScopeSystem = 0,
WnfDataScopeSession = 1,
WnfDataScopeUser = 2,
WnfDataScopeProcess = 3,
WnfDataScopeMachine = 4,
}}
STRUCT!{struct WNF_TYPE_ID {
TypeId: GUID,
}}
pub type PWNF_TYPE_ID = *mut WNF_TYPE_ID;
pub type PCWNF_TYPE_ID = *const WNF_TYPE_ID;
pub type PWNF_CHANGE_STAMP = *mut ULONG;
pub type WNF_CHANGE_STAMP = ULONG;
STRUCT!{struct WNF_DELIVERY_DESCRIPTOR {
SubscriptionId: ULONGLONG,
StateName: WNF_STATE_NAME,
ChangeStamp: WNF_CHANGE_STAMP,
StateDataSize: ULONG,
EventMask: ULONG,
TypeId: WNF_TYPE_ID,
StateDataOffset: ULONG,
}}
pub type PWNF_DELIVERY_DESCRIPTOR = *mut WNF_DELIVERY_DESCRIPTOR;
EXTERN!{extern "system" {
fn NtCreateWnfStateName(
StateName: PWNF_STATE_NAME,
NameLifetime: WNF_STATE_NAME_LIFETIME,
DataScope: WNF_DATA_SCOPE,
PersistData: BOOLEAN,
TypeId: PCWNF_TYPE_ID,
MaximumStateSize: ULONG,
SecurityDescriptor: PSECURITY_DESCRIPTOR,
) -> NTSTATUS;
fn NtDeleteWnfStateName(
StateName: PCWNF_STATE_NAME,
) -> NTSTATUS;
fn NtUpdateWnfStateData(
StateName: PCWNF_STATE_NAME,
Buffer: *const VOID,
Length: ULONG,
TypeId: PCWNF_TYPE_ID,
ExplicitScope: *const VOID,
MatchingChangeStamp: WNF_CHANGE_STAMP,
CheckStamp: LOGICAL,
) -> NTSTATUS;
fn NtDeleteWnfStateData(
StateName: PCWNF_STATE_NAME,
ExplicitScope: *const VOID,
) -> NTSTATUS;
fn NtQueryWnfStateData(
StateName: PCWNF_STATE_NAME,
TypeId: PCWNF_TYPE_ID,
ExplicitScope: *const VOID,
ChangeStamp: PWNF_CHANGE_STAMP,
Buffer: PVOID,
BufferSize: PULONG,
) -> NTSTATUS;
fn NtQueryWnfStateNameInformation(
StateName: PCWNF_STATE_NAME,
NameInfoClass: WNF_STATE_NAME_INFORMATION,
ExplicitScope: *const VOID,
InfoBuffer: PVOID,
InfoBufferSize: ULONG,
) -> NTSTATUS;
fn NtSubscribeWnfStateChange(
StateName: PCWNF_STATE_NAME,
ChangeStamp: WNF_CHANGE_STAMP,
EventMask: ULONG,
SubscriptionId: PULONG64,
) -> NTSTATUS;
fn NtUnsubscribeWnfStateChange(
StateName: PCWNF_STATE_NAME,
) -> NTSTATUS;
fn NtGetCompleteWnfStateSubscription(
OldDescriptorStateName: PWNF_STATE_NAME,
OldSubscriptionId: *mut ULONG64,
OldDescriptorEventMask: ULONG,
OldDescriptorStatus: ULONG,
NewDeliveryDescriptor: PWNF_DELIVERY_DESCRIPTOR,
DescriptorSize: ULONG,
) -> NTSTATUS;
fn NtSetWnfProcessNotificationEvent(
NotificationEvent: HANDLE,
) -> NTSTATUS;
}}
pub const WORKER_FACTORY_RELEASE_WORKER: u32 = 0x0001;
pub const WORKER_FACTORY_WAIT: u32 = 0x0002;
pub const WORKER_FACTORY_SET_INFORMATION: u32 = 0x0004;
pub const WORKER_FACTORY_QUERY_INFORMATION: u32 = 0x0008;
pub const WORKER_FACTORY_READY_WORKER: u32 = 0x0010;
pub const WORKER_FACTORY_SHUTDOWN: u32 = 0x0020;
pub const WORKER_FACTORY_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED
| WORKER_FACTORY_RELEASE_WORKER | WORKER_FACTORY_WAIT | WORKER_FACTORY_SET_INFORMATION
| WORKER_FACTORY_QUERY_INFORMATION | WORKER_FACTORY_READY_WORKER | WORKER_FACTORY_SHUTDOWN;
ENUM!{enum WORKERFACTORYINFOCLASS {
WorkerFactoryTimeout = 0,
WorkerFactoryRetryTimeout = 1,
WorkerFactoryIdleTimeout = 2,
WorkerFactoryBindingCount = 3,
WorkerFactoryThreadMinimum = 4,
WorkerFactoryThreadMaximum = 5,
WorkerFactoryPaused = 6,
WorkerFactoryBasicInformation = 7,
WorkerFactoryAdjustThreadGoal = 8,
WorkerFactoryCallbackType = 9,
WorkerFactoryStackInformation = 10,
WorkerFactoryThreadBasePriority = 11,
WorkerFactoryTimeoutWaiters = 12,
WorkerFactoryFlags = 13,
WorkerFactoryThreadSoftMaximum = 14,
MaxWorkerFactoryInfoClass = 15,
}}
pub type PWORKERFACTORYINFOCLASS = *mut WORKERFACTORYINFOCLASS;
STRUCT!{struct WORKER_FACTORY_BASIC_INFORMATION {
Timeout: LARGE_INTEGER,
RetryTimeout: LARGE_INTEGER,
IdleTimeout: LARGE_INTEGER,
Paused: BOOLEAN,
TimerSet: BOOLEAN,
QueuedToExWorker: BOOLEAN,
MayCreate: BOOLEAN,
CreateInProgress: BOOLEAN,
InsertedIntoQueue: BOOLEAN,
Shutdown: BOOLEAN,
BindingCount: ULONG,
ThreadMinimum: ULONG,
ThreadMaximum: ULONG,
PendingWorkerCount: ULONG,
WaitingWorkerCount: ULONG,
TotalWorkerCount: ULONG,
ReleaseCount: ULONG,
InfiniteWaitGoal: LONGLONG,
StartRoutine: PVOID,
StartParameter: PVOID,
ProcessId: HANDLE,
StackReserve: SIZE_T,
StackCommit: SIZE_T,
LastThreadCreationStatus: NTSTATUS,
}}
pub type PWORKER_FACTORY_BASIC_INFORMATION = *mut WORKER_FACTORY_BASIC_INFORMATION;
EXTERN!{extern "system" {
fn NtCreateWorkerFactory(
WorkerFactoryHandleReturn: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
CompletionPortHandle: HANDLE,
WorkerProcessHandle: HANDLE,
StartRoutine: PVOID,
StartParameter: PVOID,
MaxThreadCount: ULONG,
StackReserve: SIZE_T,
StackCommit: SIZE_T,
) -> NTSTATUS;
fn NtQueryInformationWorkerFactory(
WorkerFactoryHandle: HANDLE,
WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS,
WorkerFactoryInformation: PVOID,
WorkerFactoryInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn NtSetInformationWorkerFactory(
WorkerFactoryHandle: HANDLE,
WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS,
WorkerFactoryInformation: PVOID,
WorkerFactoryInformationLength: ULONG,
) -> NTSTATUS;
fn NtShutdownWorkerFactory(
WorkerFactoryHandle: HANDLE,
PendingWorkerCount: *mut LONG,
) -> NTSTATUS;
fn NtReleaseWorkerFactoryWorker(
WorkerFactoryHandle: HANDLE,
) -> NTSTATUS;
fn NtWorkerFactoryWorkerReady(
WorkerFactoryHandle: HANDLE,
) -> NTSTATUS;
fn NtWaitForWorkViaWorkerFactory(
WorkerFactoryHandle: HANDLE,
MiniPacket: *mut FILE_IO_COMPLETION_INFORMATION,
) -> NTSTATUS;
fn NtQuerySystemTime(
SystemTime: PLARGE_INTEGER,
) -> NTSTATUS;
fn NtSetSystemTime(
SystemTime: PLARGE_INTEGER,
PreviousTime: PLARGE_INTEGER,
) -> NTSTATUS;
fn NtQueryTimerResolution(
MaximumTime: PULONG,
MinimumTime: PULONG,
CurrentTime: PULONG,
) -> NTSTATUS;
fn NtSetTimerResolution(
DesiredTime: ULONG,
SetResolution: BOOLEAN,
ActualTime: PULONG,
) -> NTSTATUS;
fn NtQueryPerformanceCounter(
PerformanceCounter: PLARGE_INTEGER,
PerformanceFrequency: PLARGE_INTEGER,
) -> NTSTATUS;
fn NtAllocateLocallyUniqueId(
Luid: PLUID,
) -> NTSTATUS;
fn NtSetUuidSeed(
Seed: PCHAR,
) -> NTSTATUS;
fn NtAllocateUuids(
Time: PULARGE_INTEGER,
Range: PULONG,
Sequence: PULONG,
Seed: PCHAR,
) -> NTSTATUS;
}}
ENUM!{enum SYSTEM_INFORMATION_CLASS {
SystemBasicInformation = 0,
SystemProcessorInformation = 1,
SystemPerformanceInformation = 2,
SystemTimeOfDayInformation = 3,
SystemPathInformation = 4,
SystemProcessInformation = 5,
SystemCallCountInformation = 6,
SystemDeviceInformation = 7,
SystemProcessorPerformanceInformation = 8,
SystemFlagsInformation = 9,
SystemCallTimeInformation = 10,
SystemModuleInformation = 11,
SystemLocksInformation = 12,
SystemStackTraceInformation = 13,
SystemPagedPoolInformation = 14,
SystemNonPagedPoolInformation = 15,
SystemHandleInformation = 16,
SystemObjectInformation = 17,
SystemPageFileInformation = 18,
SystemVdmInstemulInformation = 19,
SystemVdmBopInformation = 20,
SystemFileCacheInformation = 21,
SystemPoolTagInformation = 22,
SystemInterruptInformation = 23,
SystemDpcBehaviorInformation = 24,
SystemFullMemoryInformation = 25,
SystemLoadGdiDriverInformation = 26,
SystemUnloadGdiDriverInformation = 27,
SystemTimeAdjustmentInformation = 28,
SystemSummaryMemoryInformation = 29,
SystemMirrorMemoryInformation = 30,
SystemPerformanceTraceInformation = 31,
SystemObsolete0 = 32,
SystemExceptionInformation = 33,
SystemCrashDumpStateInformation = 34,
SystemKernelDebuggerInformation = 35,
SystemContextSwitchInformation = 36,
SystemRegistryQuotaInformation = 37,
SystemExtendServiceTableInformation = 38,
SystemPrioritySeperation = 39,
SystemVerifierAddDriverInformation = 40,
SystemVerifierRemoveDriverInformation = 41,
SystemProcessorIdleInformation = 42,
SystemLegacyDriverInformation = 43,
SystemCurrentTimeZoneInformation = 44,
SystemLookasideInformation = 45,
SystemTimeSlipNotification = 46,
SystemSessionCreate = 47,
SystemSessionDetach = 48,
SystemSessionInformation = 49,
SystemRangeStartInformation = 50,
SystemVerifierInformation = 51,
SystemVerifierThunkExtend = 52,
SystemSessionProcessInformation = 53,
SystemLoadGdiDriverInSystemSpace = 54,
SystemNumaProcessorMap = 55,
SystemPrefetcherInformation = 56,
SystemExtendedProcessInformation = 57,
SystemRecommendedSharedDataAlignment = 58,
SystemComPlusPackage = 59,
SystemNumaAvailableMemory = 60,
SystemProcessorPowerInformation = 61,
SystemEmulationBasicInformation = 62,
SystemEmulationProcessorInformation = 63,
SystemExtendedHandleInformation = 64,
SystemLostDelayedWriteInformation = 65,
SystemBigPoolInformation = 66,
SystemSessionPoolTagInformation = 67,
SystemSessionMappedViewInformation = 68,
SystemHotpatchInformation = 69,
SystemObjectSecurityMode = 70,
SystemWatchdogTimerHandler = 71,
SystemWatchdogTimerInformation = 72,
SystemLogicalProcessorInformation = 73,
SystemWow64SharedInformationObsolete = 74,
SystemRegisterFirmwareTableInformationHandler = 75,
SystemFirmwareTableInformation = 76,
SystemModuleInformationEx = 77,
SystemVerifierTriageInformation = 78,
SystemSuperfetchInformation = 79,
SystemMemoryListInformation = 80,
SystemFileCacheInformationEx = 81,
SystemThreadPriorityClientIdInformation = 82,
SystemProcessorIdleCycleTimeInformation = 83,
SystemVerifierCancellationInformation = 84,
SystemProcessorPowerInformationEx = 85,
SystemRefTraceInformation = 86,
SystemSpecialPoolInformation = 87,
SystemProcessIdInformation = 88,
SystemErrorPortInformation = 89,
SystemBootEnvironmentInformation = 90,
SystemHypervisorInformation = 91,
SystemVerifierInformationEx = 92,
SystemTimeZoneInformation = 93,
SystemImageFileExecutionOptionsInformation = 94,
SystemCoverageInformation = 95,
SystemPrefetchPatchInformation = 96,
SystemVerifierFaultsInformation = 97,
SystemSystemPartitionInformation = 98,
SystemSystemDiskInformation = 99,
SystemProcessorPerformanceDistribution = 100,
SystemNumaProximityNodeInformation = 101,
SystemDynamicTimeZoneInformation = 102,
SystemCodeIntegrityInformation = 103,
SystemProcessorMicrocodeUpdateInformation = 104,
SystemProcessorBrandString = 105,
SystemVirtualAddressInformation = 106,
SystemLogicalProcessorAndGroupInformation = 107,
SystemProcessorCycleTimeInformation = 108,
SystemStoreInformation = 109,
SystemRegistryAppendString = 110,
SystemAitSamplingValue = 111,
SystemVhdBootInformation = 112,
SystemCpuQuotaInformation = 113,
SystemNativeBasicInformation = 114,
SystemSpare1 = 115,
SystemLowPriorityIoInformation = 116,
SystemTpmBootEntropyInformation = 117,
SystemVerifierCountersInformation = 118,
SystemPagedPoolInformationEx = 119,
SystemSystemPtesInformationEx = 120,
SystemNodeDistanceInformation = 121,
SystemAcpiAuditInformation = 122,
SystemBasicPerformanceInformation = 123,
SystemQueryPerformanceCounterInformation = 124,
SystemSessionBigPoolInformation = 125,
SystemBootGraphicsInformation = 126,
SystemScrubPhysicalMemoryInformation = 127,
SystemBadPageInformation = 128,
SystemProcessorProfileControlArea = 129,
SystemCombinePhysicalMemoryInformation = 130,
SystemEntropyInterruptTimingCallback = 131,
SystemConsoleInformation = 132,
SystemPlatformBinaryInformation = 133,
SystemThrottleNotificationInformation = 134,
SystemHypervisorProcessorCountInformation = 135,
SystemDeviceDataInformation = 136,
SystemDeviceDataEnumerationInformation = 137,
SystemMemoryTopologyInformation = 138,
SystemMemoryChannelInformation = 139,
SystemBootLogoInformation = 140,
SystemProcessorPerformanceInformationEx = 141,
SystemSpare0 = 142,
SystemSecureBootPolicyInformation = 143,
SystemPageFileInformationEx = 144,
SystemSecureBootInformation = 145,
SystemEntropyInterruptTimingRawInformation = 146,
SystemPortableWorkspaceEfiLauncherInformation = 147,
SystemFullProcessInformation = 148,
SystemKernelDebuggerInformationEx = 149,
SystemBootMetadataInformation = 150,
SystemSoftRebootInformation = 151,
SystemElamCertificateInformation = 152,
SystemOfflineDumpConfigInformation = 153,
SystemProcessorFeaturesInformation = 154,
SystemRegistryReconciliationInformation = 155,
SystemEdidInformation = 156,
SystemManufacturingInformation = 157,
SystemEnergyEstimationConfigInformation = 158,
SystemHypervisorDetailInformation = 159,
SystemProcessorCycleStatsInformation = 160,
SystemVmGenerationCountInformation = 161,
SystemTrustedPlatformModuleInformation = 162,
SystemKernelDebuggerFlags = 163,
SystemCodeIntegrityPolicyInformation = 164,
SystemIsolatedUserModeInformation = 165,
SystemHardwareSecurityTestInterfaceResultsInformation = 166,
SystemSingleModuleInformation = 167,
SystemAllowedCpuSetsInformation = 168,
SystemVsmProtectionInformation = 169,
SystemInterruptCpuSetsInformation = 170,
SystemSecureBootPolicyFullInformation = 171,
SystemCodeIntegrityPolicyFullInformation = 172,
SystemAffinitizedInterruptProcessorInformation = 173,
SystemRootSiloInformation = 174,
SystemCpuSetInformation = 175,
SystemCpuSetTagInformation = 176,
SystemWin32WerStartCallout = 177,
SystemSecureKernelProfileInformation = 178,
SystemCodeIntegrityPlatformManifestInformation = 179,
SystemInterruptSteeringInformation = 180,
SystemSupportedProcessorArchitectures = 181,
SystemMemoryUsageInformation = 182,
SystemCodeIntegrityCertificateInformation = 183,
SystemPhysicalMemoryInformation = 184,
SystemControlFlowTransition = 185,
SystemKernelDebuggingAllowed = 186,
SystemActivityModerationExeState = 187,
SystemActivityModerationUserSettings = 188,
SystemCodeIntegrityPoliciesFullInformation = 189,
SystemCodeIntegrityUnlockInformation = 190,
SystemIntegrityQuotaInformation = 191,
SystemFlushInformation = 192,
SystemProcessorIdleMaskInformation = 193,
SystemSecureDumpEncryptionInformation = 194,
SystemWriteConstraintInformation = 195,
SystemKernelVaShadowInformation = 196,
SystemHypervisorSharedPageInformation = 197,
SystemFirmwareBootPerformanceInformation = 198,
SystemCodeIntegrityVerificationInformation = 199,
SystemFirmwarePartitionInformation = 200,
SystemSpeculationControlInformation = 201,
SystemDmaGuardPolicyInformation = 202,
SystemEnclaveLaunchControlInformation = 203,
SystemWorkloadAllowedCpuSetsInformation = 204,
SystemCodeIntegrityUnlockModeInformation = 205,
SystemLeapSecondInformation = 206,
SystemFlags2Information = 207,
MaxSystemInfoClass = 208,
}}
STRUCT!{struct SYSTEM_BASIC_INFORMATION {
Reserved: ULONG,
TimerResolution: ULONG,
PageSize: ULONG,
NumberOfPhysicalPages: ULONG,
LowestPhysicalPageNumber: ULONG,
HighestPhysicalPageNumber: ULONG,
AllocationGranularity: ULONG,
MinimumUserModeAddress: ULONG_PTR,
MaximumUserModeAddress: ULONG_PTR,
ActiveProcessorsAffinityMask: ULONG_PTR,
NumberOfProcessors: CCHAR,
}}
pub type PSYSTEM_BASIC_INFORMATION = *mut SYSTEM_BASIC_INFORMATION;
STRUCT!{struct SYSTEM_PROCESSOR_INFORMATION {
ProcessorArchitecture: USHORT,
ProcessorLevel: USHORT,
ProcessorRevision: USHORT,
MaximumProcessors: USHORT,
ProcessorFeatureBits: ULONG,
}}
pub type PSYSTEM_PROCESSOR_INFORMATION = *mut SYSTEM_PROCESSOR_INFORMATION;
STRUCT!{struct SYSTEM_PERFORMANCE_INFORMATION {
IdleProcessTime: LARGE_INTEGER,
IoReadTransferCount: LARGE_INTEGER,
IoWriteTransferCount: LARGE_INTEGER,
IoOtherTransferCount: LARGE_INTEGER,
IoReadOperationCount: ULONG,
IoWriteOperationCount: ULONG,
IoOtherOperationCount: ULONG,
AvailablePages: ULONG,
CommittedPages: ULONG,
CommitLimit: ULONG,
PeakCommitment: ULONG,
PageFaultCount: ULONG,
CopyOnWriteCount: ULONG,
TransitionCount: ULONG,
CacheTransitionCount: ULONG,
DemandZeroCount: ULONG,
PageReadCount: ULONG,
PageReadIoCount: ULONG,
CacheReadCount: ULONG,
CacheIoCount: ULONG,
DirtyPagesWriteCount: ULONG,
DirtyWriteIoCount: ULONG,
MappedPagesWriteCount: ULONG,
MappedWriteIoCount: ULONG,
PagedPoolPages: ULONG,
NonPagedPoolPages: ULONG,
PagedPoolAllocs: ULONG,
PagedPoolFrees: ULONG,
NonPagedPoolAllocs: ULONG,
NonPagedPoolFrees: ULONG,
FreeSystemPtes: ULONG,
ResidentSystemCodePage: ULONG,
TotalSystemDriverPages: ULONG,
TotalSystemCodePages: ULONG,
NonPagedPoolLookasideHits: ULONG,
PagedPoolLookasideHits: ULONG,
AvailablePagedPoolPages: ULONG,
ResidentSystemCachePage: ULONG,
ResidentPagedPoolPage: ULONG,
ResidentSystemDriverPage: ULONG,
CcFastReadNoWait: ULONG,
CcFastReadWait: ULONG,
CcFastReadResourceMiss: ULONG,
CcFastReadNotPossible: ULONG,
CcFastMdlReadNoWait: ULONG,
CcFastMdlReadWait: ULONG,
CcFastMdlReadResourceMiss: ULONG,
CcFastMdlReadNotPossible: ULONG,
CcMapDataNoWait: ULONG,
CcMapDataWait: ULONG,
CcMapDataNoWaitMiss: ULONG,
CcMapDataWaitMiss: ULONG,
CcPinMappedDataCount: ULONG,
CcPinReadNoWait: ULONG,
CcPinReadWait: ULONG,
CcPinReadNoWaitMiss: ULONG,
CcPinReadWaitMiss: ULONG,
CcCopyReadNoWait: ULONG,
CcCopyReadWait: ULONG,
CcCopyReadNoWaitMiss: ULONG,
CcCopyReadWaitMiss: ULONG,
CcMdlReadNoWait: ULONG,
CcMdlReadWait: ULONG,
CcMdlReadNoWaitMiss: ULONG,
CcMdlReadWaitMiss: ULONG,
CcReadAheadIos: ULONG,
CcLazyWriteIos: ULONG,
CcLazyWritePages: ULONG,
CcDataFlushes: ULONG,
CcDataPages: ULONG,
ContextSwitches: ULONG,
FirstLevelTbFills: ULONG,
SecondLevelTbFills: ULONG,
SystemCalls: ULONG,
CcTotalDirtyPages: ULONGLONG,
CcDirtyPageThreshold: ULONGLONG,
ResidentAvailablePages: LONGLONG,
SharedCommittedPages: ULONGLONG,
}}
pub type PSYSTEM_PERFORMANCE_INFORMATION = *mut SYSTEM_PERFORMANCE_INFORMATION;
STRUCT!{struct SYSTEM_TIMEOFDAY_INFORMATION {
BootTime: LARGE_INTEGER,
CurrentTime: LARGE_INTEGER,
TimeZoneBias: LARGE_INTEGER,
TimeZoneId: ULONG,
Reserved: ULONG,
BootTimeBias: ULONGLONG,
SleepTimeBias: ULONGLONG,
}}
pub type PSYSTEM_TIMEOFDAY_INFORMATION = *mut SYSTEM_TIMEOFDAY_INFORMATION;
STRUCT!{struct SYSTEM_THREAD_INFORMATION {
KernelTime: LARGE_INTEGER,
UserTime: LARGE_INTEGER,
CreateTime: LARGE_INTEGER,
WaitTime: ULONG,
StartAddress: PVOID,
ClientId: CLIENT_ID,
Priority: KPRIORITY,
BasePriority: LONG,
ContextSwitches: ULONG,
ThreadState: KTHREAD_STATE,
WaitReason: KWAIT_REASON,
}}
pub type PSYSTEM_THREAD_INFORMATION = *mut SYSTEM_THREAD_INFORMATION;
STRUCT!{struct SYSTEM_EXTENDED_THREAD_INFORMATION {
ThreadInfo: SYSTEM_THREAD_INFORMATION,
StackBase: PVOID,
StackLimit: PVOID,
Win32StartAddress: PVOID,
TebBase: PTEB,
Reserved2: ULONG_PTR,
Reserved3: ULONG_PTR,
Reserved4: ULONG_PTR,
}}
pub type PSYSTEM_EXTENDED_THREAD_INFORMATION = *mut SYSTEM_EXTENDED_THREAD_INFORMATION;
STRUCT!{struct SYSTEM_PROCESS_INFORMATION {
NextEntryOffset: ULONG,
NumberOfThreads: ULONG,
WorkingSetPrivateSize: LARGE_INTEGER,
HardFaultCount: ULONG,
NumberOfThreadsHighWatermark: ULONG,
CycleTime: ULONGLONG,
CreateTime: LARGE_INTEGER,
UserTime: LARGE_INTEGER,
KernelTime: LARGE_INTEGER,
ImageName: UNICODE_STRING,
BasePriority: KPRIORITY,
UniqueProcessId: HANDLE,
InheritedFromUniqueProcessId: HANDLE,
HandleCount: ULONG,
SessionId: ULONG,
UniqueProcessKey: ULONG_PTR,
PeakVirtualSize: SIZE_T,
VirtualSize: SIZE_T,
PageFaultCount: ULONG,
PeakWorkingSetSize: SIZE_T,
WorkingSetSize: SIZE_T,
QuotaPeakPagedPoolUsage: SIZE_T,
QuotaPagedPoolUsage: SIZE_T,
QuotaPeakNonPagedPoolUsage: SIZE_T,
QuotaNonPagedPoolUsage: SIZE_T,
PagefileUsage: SIZE_T,
PeakPagefileUsage: SIZE_T,
PrivatePageCount: SIZE_T,
ReadOperationCount: LARGE_INTEGER,
WriteOperationCount: LARGE_INTEGER,
OtherOperationCount: LARGE_INTEGER,
ReadTransferCount: LARGE_INTEGER,
WriteTransferCount: LARGE_INTEGER,
OtherTransferCount: LARGE_INTEGER,
Threads: [SYSTEM_THREAD_INFORMATION; 1],
}}
pub type PSYSTEM_PROCESS_INFORMATION = *mut SYSTEM_PROCESS_INFORMATION;
STRUCT!{struct SYSTEM_CALL_COUNT_INFORMATION {
Length: ULONG,
NumberOfTables: ULONG,
}}
pub type PSYSTEM_CALL_COUNT_INFORMATION = *mut SYSTEM_CALL_COUNT_INFORMATION;
STRUCT!{struct SYSTEM_DEVICE_INFORMATION {
NumberOfDisks: ULONG,
NumberOfFloppies: ULONG,
NumberOfCdRoms: ULONG,
NumberOfTapes: ULONG,
NumberOfSerialPorts: ULONG,
NumberOfParallelPorts: ULONG,
}}
pub type PSYSTEM_DEVICE_INFORMATION = *mut SYSTEM_DEVICE_INFORMATION;
STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION {
IdleTime: LARGE_INTEGER,
KernelTime: LARGE_INTEGER,
UserTime: LARGE_INTEGER,
DpcTime: LARGE_INTEGER,
InterruptTime: LARGE_INTEGER,
InterruptCount: ULONG,
}}
pub type PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION = *mut SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION;
STRUCT!{struct SYSTEM_FLAGS_INFORMATION {
Flags: ULONG,
}}
pub type PSYSTEM_FLAGS_INFORMATION = *mut SYSTEM_FLAGS_INFORMATION;
STRUCT!{struct SYSTEM_CALL_TIME_INFORMATION {
Length: ULONG,
TotalCalls: ULONG,
TimeOfCalls: [LARGE_INTEGER; 1],
}}
pub type PSYSTEM_CALL_TIME_INFORMATION = *mut SYSTEM_CALL_TIME_INFORMATION;
STRUCT!{struct RTL_PROCESS_LOCK_INFORMATION {
Address: PVOID,
Type: USHORT,
CreatorBackTraceIndex: USHORT,
OwningThread: HANDLE,
LockCount: LONG,
ContentionCount: ULONG,
EntryCount: ULONG,
RecursionCount: LONG,
NumberOfWaitingShared: ULONG,
NumberOfWaitingExclusive: ULONG,
}}
pub type PRTL_PROCESS_LOCK_INFORMATION = *mut RTL_PROCESS_LOCK_INFORMATION;
STRUCT!{struct RTL_PROCESS_LOCKS {
NumberOfLocks: ULONG,
Locks: [RTL_PROCESS_LOCK_INFORMATION; 1],
}}
pub type PRTL_PROCESS_LOCKS = *mut RTL_PROCESS_LOCKS;
STRUCT!{struct RTL_PROCESS_BACKTRACE_INFORMATION {
SymbolicBackTrace: PCHAR,
TraceCount: ULONG,
Index: USHORT,
Depth: USHORT,
BackTrace: [PVOID; 32],
}}
pub type PRTL_PROCESS_BACKTRACE_INFORMATION = *mut RTL_PROCESS_BACKTRACE_INFORMATION;
STRUCT!{struct RTL_PROCESS_BACKTRACES {
CommittedMemory: ULONG,
ReservedMemory: ULONG,
NumberOfBackTraceLookups: ULONG,
NumberOfBackTraces: ULONG,
BackTraces: [RTL_PROCESS_BACKTRACE_INFORMATION; 1],
}}
pub type PRTL_PROCESS_BACKTRACES = *mut RTL_PROCESS_BACKTRACES;
STRUCT!{struct SYSTEM_HANDLE_TABLE_ENTRY_INFO {
UniqueProcessId: USHORT,
CreatorBackTraceIndex: USHORT,
ObjectTypeIndex: UCHAR,
HandleAttributes: UCHAR,
HandleValue: USHORT,
Object: PVOID,
GrantedAccess: ULONG,
}}
pub type PSYSTEM_HANDLE_TABLE_ENTRY_INFO = *mut SYSTEM_HANDLE_TABLE_ENTRY_INFO;
STRUCT!{struct SYSTEM_HANDLE_INFORMATION {
NumberOfHandles: ULONG,
Handles: [SYSTEM_HANDLE_TABLE_ENTRY_INFO; 1],
}}
pub type PSYSTEM_HANDLE_INFORMATION = *mut SYSTEM_HANDLE_INFORMATION;
STRUCT!{struct SYSTEM_OBJECTTYPE_INFORMATION {
NextEntryOffset: ULONG,
NumberOfObjects: ULONG,
NumberOfHandles: ULONG,
TypeIndex: ULONG,
InvalidAttributes: ULONG,
GenericMapping: GENERIC_MAPPING,
ValidAccessMask: ULONG,
PoolType: ULONG,
SecurityRequired: BOOLEAN,
WaitableObject: BOOLEAN,
TypeName: UNICODE_STRING,
}}
pub type PSYSTEM_OBJECTTYPE_INFORMATION = *mut SYSTEM_OBJECTTYPE_INFORMATION;
STRUCT!{struct SYSTEM_OBJECT_INFORMATION {
NextEntryOffset: ULONG,
Object: PVOID,
CreatorUniqueProcess: HANDLE,
CreatorBackTraceIndex: USHORT,
Flags: USHORT,
PointerCount: LONG,
HandleCount: LONG,
PagedPoolCharge: ULONG,
NonPagedPoolCharge: ULONG,
ExclusiveProcessId: HANDLE,
SecurityDescriptor: PVOID,
NameInfo: UNICODE_STRING,
}}
pub type PSYSTEM_OBJECT_INFORMATION = *mut SYSTEM_OBJECT_INFORMATION;
STRUCT!{struct SYSTEM_PAGEFILE_INFORMATION {
NextEntryOffset: ULONG,
TotalSize: ULONG,
TotalInUse: ULONG,
PeakUsage: ULONG,
PageFileName: UNICODE_STRING,
}}
pub type PSYSTEM_PAGEFILE_INFORMATION = *mut SYSTEM_PAGEFILE_INFORMATION;
pub const MM_WORKING_SET_MAX_HARD_ENABLE: ULONG = 0x1;
pub const MM_WORKING_SET_MAX_HARD_DISABLE: ULONG = 0x2;
pub const MM_WORKING_SET_MIN_HARD_ENABLE: ULONG = 0x4;
pub const MM_WORKING_SET_MIN_HARD_DISABLE: ULONG = 0x8;
STRUCT!{struct SYSTEM_FILECACHE_INFORMATION {
CurrentSize: SIZE_T,
PeakSize: SIZE_T,
PageFaultCount: ULONG,
MinimumWorkingSet: SIZE_T,
MaximumWorkingSet: SIZE_T,
CurrentSizeIncludingTransitionInPages: SIZE_T,
PeakSizeIncludingTransitionInPages: SIZE_T,
TransitionRePurposeCount: ULONG,
Flags: ULONG,
}}
pub type PSYSTEM_FILECACHE_INFORMATION = *mut SYSTEM_FILECACHE_INFORMATION;
STRUCT!{struct SYSTEM_BASIC_WORKING_SET_INFORMATION {
CurrentSize: SIZE_T,
PeakSize: SIZE_T,
PageFaultCount: ULONG,
}}
pub type PSYSTEM_BASIC_WORKING_SET_INFORMATION = *mut SYSTEM_BASIC_WORKING_SET_INFORMATION;
UNION!{union SYSTEM_POOLTAG_u {
Tag: [UCHAR; 4],
TagUlong: ULONG,
}}
STRUCT!{struct SYSTEM_POOLTAG {
u: SYSTEM_POOLTAG_u,
PagedAllocs: ULONG,
PagedFrees: ULONG,
PagedUsed: SIZE_T,
NonPagedAllocs: ULONG,
NonPagedFrees: ULONG,
NonPagedUsed: SIZE_T,
}}
pub type PSYSTEM_POOLTAG = *mut SYSTEM_POOLTAG;
STRUCT!{struct SYSTEM_POOLTAG_INFORMATION {
Count: ULONG,
TagInfo: [SYSTEM_POOLTAG; 1],
}}
pub type PSYSTEM_POOLTAG_INFORMATION = *mut SYSTEM_POOLTAG_INFORMATION;
STRUCT!{struct SYSTEM_INTERRUPT_INFORMATION {
ContextSwitches: ULONG,
DpcCount: ULONG,
DpcRate: ULONG,
TimeIncrement: ULONG,
DpcBypassCount: ULONG,
ApcBypassCount: ULONG,
}}
pub type PSYSTEM_INTERRUPT_INFORMATION = *mut SYSTEM_INTERRUPT_INFORMATION;
STRUCT!{struct SYSTEM_DPC_BEHAVIOR_INFORMATION {
Spare: ULONG,
DpcQueueDepth: ULONG,
MinimumDpcRate: ULONG,
AdjustDpcThreshold: ULONG,
IdealDpcRate: ULONG,
}}
pub type PSYSTEM_DPC_BEHAVIOR_INFORMATION = *mut SYSTEM_DPC_BEHAVIOR_INFORMATION;
STRUCT!{struct SYSTEM_QUERY_TIME_ADJUST_INFORMATION {
TimeAdjustment: ULONG,
TimeIncrement: ULONG,
Enable: BOOLEAN,
}}
pub type PSYSTEM_QUERY_TIME_ADJUST_INFORMATION = *mut SYSTEM_QUERY_TIME_ADJUST_INFORMATION;
STRUCT!{struct SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE {
TimeAdjustment: ULONGLONG,
TimeIncrement: ULONGLONG,
Enable: BOOLEAN,
}}
pub type PSYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE =
*mut SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE;
STRUCT!{struct SYSTEM_SET_TIME_ADJUST_INFORMATION {
TimeAdjustment: ULONG,
Enable: BOOLEAN,
}}
pub type PSYSTEM_SET_TIME_ADJUST_INFORMATION = *mut SYSTEM_SET_TIME_ADJUST_INFORMATION;
STRUCT!{struct SYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE {
TimeAdjustment: ULONGLONG,
Enable: BOOLEAN,
}}
pub type PSYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE =
*mut SYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE;
ENUM!{enum EVENT_TRACE_INFORMATION_CLASS {
EventTraceKernelVersionInformation = 0,
EventTraceGroupMaskInformation = 1,
EventTracePerformanceInformation = 2,
EventTraceTimeProfileInformation = 3,
EventTraceSessionSecurityInformation = 4,
EventTraceSpinlockInformation = 5,
EventTraceStackTracingInformation = 6,
EventTraceExecutiveResourceInformation = 7,
EventTraceHeapTracingInformation = 8,
EventTraceHeapSummaryTracingInformation = 9,
EventTracePoolTagFilterInformation = 10,
EventTracePebsTracingInformation = 11,
EventTraceProfileConfigInformation = 12,
EventTraceProfileSourceListInformation = 13,
EventTraceProfileEventListInformation = 14,
EventTraceProfileCounterListInformation = 15,
EventTraceStackCachingInformation = 16,
EventTraceObjectTypeFilterInformation = 17,
EventTraceSoftRestartInformation = 18,
EventTraceLastBranchConfigurationInformation = 19,
EventTraceLastBranchEventListInformation = 20,
EventTraceProfileSourceAddInformation = 21,
EventTraceProfileSourceRemoveInformation = 22,
EventTraceProcessorTraceConfigurationInformation = 23,
EventTraceProcessorTraceEventListInformation = 24,
EventTraceCoverageSamplerInformation = 25,
MaxEventTraceInfoClass = 26,
}}
STRUCT!{struct EVENT_TRACE_VERSION_INFORMATION {
EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
EventTraceKernelVersion: ULONG,
}}
pub type PEVENT_TRACE_VERSION_INFORMATION = *mut EVENT_TRACE_VERSION_INFORMATION;
STRUCT!{struct PERFINFO_GROUPMASK {
Masks: [ULONG; 8],
}}
pub type PPERFINFO_GROUPMASK = *mut PERFINFO_GROUPMASK;
STRUCT!{struct EVENT_TRACE_GROUPMASK_INFORMATION {
EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
TraceHandle: HANDLE,
EventTraceGroupMasks: PERFINFO_GROUPMASK,
}}
pub type PEVENT_TRACE_GROUPMASK_INFORMATION = *mut EVENT_TRACE_GROUPMASK_INFORMATION;
STRUCT!{struct EVENT_TRACE_PERFORMANCE_INFORMATION {
EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
LogfileBytesWritten: LARGE_INTEGER,
}}
pub type PEVENT_TRACE_PERFORMANCE_INFORMATION = *mut EVENT_TRACE_PERFORMANCE_INFORMATION;
STRUCT!{struct EVENT_TRACE_TIME_PROFILE_INFORMATION {
EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
ProfileInterval: ULONG,
}}
pub type PEVENT_TRACE_TIME_PROFILE_INFORMATION = *mut EVENT_TRACE_TIME_PROFILE_INFORMATION;
STRUCT!{struct EVENT_TRACE_SESSION_SECURITY_INFORMATION {
EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
SecurityInformation: ULONG,
TraceHandle: HANDLE,
SecurityDescriptor: [UCHAR; 1],
}}
pub type PEVENT_TRACE_SESSION_SECURITY_INFORMATION = *mut EVENT_TRACE_SESSION_SECURITY_INFORMATION;
STRUCT!{struct EVENT_TRACE_SPINLOCK_INFORMATION {
EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
SpinLockSpinThreshold: ULONG,
SpinLockAcquireSampleRate: ULONG,
SpinLockContentionSampleRate: ULONG,
SpinLockHoldThreshold: ULONG,
}}
pub type PEVENT_TRACE_SPINLOCK_INFORMATION = *mut EVENT_TRACE_SPINLOCK_INFORMATION;
STRUCT!{struct EVENT_TRACE_SYSTEM_EVENT_INFORMATION {
EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
TraceHandle: HANDLE,
HookId: [ULONG; 1],
}}
pub type PEVENT_TRACE_SYSTEM_EVENT_INFORMATION = *mut EVENT_TRACE_SYSTEM_EVENT_INFORMATION;
STRUCT!{struct EVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION {
EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
ReleaseSamplingRate: ULONG,
ContentionSamplingRate: ULONG,
NumberOfExcessiveTimeouts: ULONG,
}}
pub type PEVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION =
*mut EVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION;
STRUCT!{struct EVENT_TRACE_HEAP_TRACING_INFORMATION {
EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
ProcessId: ULONG,
}}
pub type PEVENT_TRACE_HEAP_TRACING_INFORMATION = *mut EVENT_TRACE_HEAP_TRACING_INFORMATION;
STRUCT!{struct EVENT_TRACE_TAG_FILTER_INFORMATION {
EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
TraceHandle: HANDLE,
Filter: [ULONG; 1],
}}
pub type PEVENT_TRACE_TAG_FILTER_INFORMATION = *mut EVENT_TRACE_TAG_FILTER_INFORMATION;
STRUCT!{struct EVENT_TRACE_PROFILE_COUNTER_INFORMATION {
EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
TraceHandle: HANDLE,
ProfileSource: [ULONG; 1],
}}
pub type PEVENT_TRACE_PROFILE_COUNTER_INFORMATION = *mut EVENT_TRACE_PROFILE_COUNTER_INFORMATION;
STRUCT!{struct EVENT_TRACE_PROFILE_LIST_INFORMATION {
EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
Spare: ULONG,
Profile: [*mut PROFILE_SOURCE_INFO; 1],
}}
pub type PEVENT_TRACE_PROFILE_LIST_INFORMATION = *mut EVENT_TRACE_PROFILE_LIST_INFORMATION;
STRUCT!{struct EVENT_TRACE_STACK_CACHING_INFORMATION {
EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
TraceHandle: HANDLE,
Enabled: BOOLEAN,
Reserved: [UCHAR; 3],
CacheSize: ULONG,
BucketCount: ULONG,
}}
pub type PEVENT_TRACE_STACK_CACHING_INFORMATION = *mut EVENT_TRACE_STACK_CACHING_INFORMATION;
STRUCT!{struct EVENT_TRACE_SOFT_RESTART_INFORMATION {
EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
TraceHandle: HANDLE,
PersistTraceBuffers: BOOLEAN,
FileName: [WCHAR; 1],
}}
pub type PEVENT_TRACE_SOFT_RESTART_INFORMATION = *mut EVENT_TRACE_SOFT_RESTART_INFORMATION;
STRUCT!{struct EVENT_TRACE_PROFILE_ADD_INFORMATION {
EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
PerfEvtEventSelect: BOOLEAN,
PerfEvtUnitSelect: BOOLEAN,
PerfEvtType: ULONG,
CpuInfoHierarchy: [ULONG; 3],
InitialInterval: ULONG,
AllowsHalt: BOOLEAN,
Persist: BOOLEAN,
ProfileSourceDescription: [WCHAR; 1],
}}
pub type PEVENT_TRACE_PROFILE_ADD_INFORMATION = *mut EVENT_TRACE_PROFILE_ADD_INFORMATION;
STRUCT!{struct EVENT_TRACE_PROFILE_REMOVE_INFORMATION {
EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
ProfileSource: KPROFILE_SOURCE,
CpuInfoHierarchy: [ULONG; 3],
}}
pub type PEVENT_TRACE_PROFILE_REMOVE_INFORMATION = *mut EVENT_TRACE_PROFILE_REMOVE_INFORMATION;
STRUCT!{struct EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION {
EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
CoverageSamplerInformationClass: BOOLEAN,
MajorVersion: UCHAR,
MinorVersion: UCHAR,
Reserved: UCHAR,
SamplerHandle: HANDLE,
}}
pub type PEVENT_TRACE_COVERAGE_SAMPLER_INFORMATION = *mut EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION;
STRUCT!{struct SYSTEM_EXCEPTION_INFORMATION {
AlignmentFixupCount: ULONG,
ExceptionDispatchCount: ULONG,
FloatingEmulationCount: ULONG,
ByteWordEmulationCount: ULONG,
}}
pub type PSYSTEM_EXCEPTION_INFORMATION = *mut SYSTEM_EXCEPTION_INFORMATION;
STRUCT!{struct SYSTEM_KERNEL_DEBUGGER_INFORMATION {
KernelDebuggerEnabled: BOOLEAN,
KernelDebuggerNotPresent: BOOLEAN,
}}
pub type PSYSTEM_KERNEL_DEBUGGER_INFORMATION = *mut SYSTEM_KERNEL_DEBUGGER_INFORMATION;
STRUCT!{struct SYSTEM_CONTEXT_SWITCH_INFORMATION {
ContextSwitches: ULONG,
FindAny: ULONG,
FindLast: ULONG,
FindIdeal: ULONG,
IdleAny: ULONG,
IdleCurrent: ULONG,
IdleLast: ULONG,
IdleIdeal: ULONG,
PreemptAny: ULONG,
PreemptCurrent: ULONG,
PreemptLast: ULONG,
SwitchToIdle: ULONG,
}}
pub type PSYSTEM_CONTEXT_SWITCH_INFORMATION = *mut SYSTEM_CONTEXT_SWITCH_INFORMATION;
STRUCT!{struct SYSTEM_REGISTRY_QUOTA_INFORMATION {
RegistryQuotaAllowed: ULONG,
RegistryQuotaUsed: ULONG,
PagedPoolSize: SIZE_T,
}}
pub type PSYSTEM_REGISTRY_QUOTA_INFORMATION = *mut SYSTEM_REGISTRY_QUOTA_INFORMATION;
STRUCT!{struct SYSTEM_PROCESSOR_IDLE_INFORMATION {
IdleTime: ULONGLONG,
C1Time: ULONGLONG,
C2Time: ULONGLONG,
C3Time: ULONGLONG,
C1Transitions: ULONG,
C2Transitions: ULONG,
C3Transitions: ULONG,
Padding: ULONG,
}}
pub type PSYSTEM_PROCESSOR_IDLE_INFORMATION = *mut SYSTEM_PROCESSOR_IDLE_INFORMATION;
STRUCT!{struct SYSTEM_LEGACY_DRIVER_INFORMATION {
VetoType: ULONG,
VetoList: UNICODE_STRING,
}}
pub type PSYSTEM_LEGACY_DRIVER_INFORMATION = *mut SYSTEM_LEGACY_DRIVER_INFORMATION;
STRUCT!{struct SYSTEM_LOOKASIDE_INFORMATION {
CurrentDepth: USHORT,
MaximumDepth: USHORT,
TotalAllocates: ULONG,
AllocateMisses: ULONG,
TotalFrees: ULONG,
FreeMisses: ULONG,
Type: ULONG,
Tag: ULONG,
Size: ULONG,
}}
pub type PSYSTEM_LOOKASIDE_INFORMATION = *mut SYSTEM_LOOKASIDE_INFORMATION;
STRUCT!{struct SYSTEM_RANGE_START_INFORMATION {
SystemRangeStart: PVOID,
}}
pub type PSYSTEM_RANGE_START_INFORMATION = *mut SYSTEM_RANGE_START_INFORMATION;
STRUCT!{struct SYSTEM_VERIFIER_INFORMATION {
NextEntryOffset: ULONG,
Level: ULONG,
DriverName: UNICODE_STRING,
RaiseIrqls: ULONG,
AcquireSpinLocks: ULONG,
SynchronizeExecutions: ULONG,
AllocationsAttempted: ULONG,
AllocationsSucceeded: ULONG,
AllocationsSucceededSpecialPool: ULONG,
AllocationsWithNoTag: ULONG,
TrimRequests: ULONG,
Trims: ULONG,
AllocationsFailed: ULONG,
AllocationsFailedDeliberately: ULONG,
Loads: ULONG,
Unloads: ULONG,
UnTrackedPool: ULONG,
CurrentPagedPoolAllocations: ULONG,
CurrentNonPagedPoolAllocations: ULONG,
PeakPagedPoolAllocations: ULONG,
PeakNonPagedPoolAllocations: ULONG,
PagedPoolUsageInBytes: SIZE_T,
NonPagedPoolUsageInBytes: SIZE_T,
PeakPagedPoolUsageInBytes: SIZE_T,
PeakNonPagedPoolUsageInBytes: SIZE_T,
}}
pub type PSYSTEM_VERIFIER_INFORMATION = *mut SYSTEM_VERIFIER_INFORMATION;
STRUCT!{struct SYSTEM_SESSION_PROCESS_INFORMATION {
SessionId: ULONG,
SizeOfBuf: ULONG,
Buffer: PVOID,
}}
pub type PSYSTEM_SESSION_PROCESS_INFORMATION = *mut SYSTEM_SESSION_PROCESS_INFORMATION;
STRUCT!{struct SYSTEM_PROCESSOR_POWER_INFORMATION {
CurrentFrequency: UCHAR,
ThermalLimitFrequency: UCHAR,
ConstantThrottleFrequency: UCHAR,
DegradedThrottleFrequency: UCHAR,
LastBusyFrequency: UCHAR,
LastC3Frequency: UCHAR,
LastAdjustedBusyFrequency: UCHAR,
ProcessorMinThrottle: UCHAR,
ProcessorMaxThrottle: UCHAR,
NumberOfFrequencies: ULONG,
PromotionCount: ULONG,
DemotionCount: ULONG,
ErrorCount: ULONG,
RetryCount: ULONG,
CurrentFrequencyTime: ULONGLONG,
CurrentProcessorTime: ULONGLONG,
CurrentProcessorIdleTime: ULONGLONG,
LastProcessorTime: ULONGLONG,
LastProcessorIdleTime: ULONGLONG,
Energy: ULONGLONG,
}}
pub type PSYSTEM_PROCESSOR_POWER_INFORMATION = *mut SYSTEM_PROCESSOR_POWER_INFORMATION;
STRUCT!{struct SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX {
Object: PVOID,
UniqueProcessId: ULONG_PTR,
HandleValue: ULONG_PTR,
GrantedAccess: ULONG,
CreatorBackTraceIndex: USHORT,
ObjectTypeIndex: USHORT,
HandleAttributes: ULONG,
Reserved: ULONG,
}}
pub type PSYSTEM_HANDLE_TABLE_ENTRY_INFO_EX = *mut SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX;
STRUCT!{struct SYSTEM_HANDLE_INFORMATION_EX {
NumberOfHandles: ULONG_PTR,
Reserved: ULONG_PTR,
Handles: [SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX; 1],
}}
pub type PSYSTEM_HANDLE_INFORMATION_EX = *mut SYSTEM_HANDLE_INFORMATION_EX;
UNION!{union SYSTEM_BIGPOOL_ENTRY_u1 {
VirtualAddress: PVOID,
Bitfields: ULONG_PTR,
}}
UNION!{union SYSTEM_BIGPOOL_ENTRY_u2 {
Tag: [UCHAR; 4],
TagUlong: ULONG,
}}
BITFIELD!{unsafe SYSTEM_BIGPOOL_ENTRY_u1 Bitfields: ULONG_PTR [
NonPaged set_NonPaged[0..1],
]}
STRUCT!{struct SYSTEM_BIGPOOL_ENTRY {
u1: SYSTEM_BIGPOOL_ENTRY_u1,
SizeInBytes: SIZE_T,
u2: SYSTEM_BIGPOOL_ENTRY_u2,
}}
pub type PSYSTEM_BIGPOOL_ENTRY = *mut SYSTEM_BIGPOOL_ENTRY;
STRUCT!{struct SYSTEM_BIGPOOL_INFORMATION {
Count: ULONG,
AllocatedInfo: [SYSTEM_BIGPOOL_ENTRY; 1],
}}
pub type PSYSTEM_BIGPOOL_INFORMATION = *mut SYSTEM_BIGPOOL_INFORMATION;
UNION!{union SYSTEM_POOL_ENTRY_u {
Tag: [UCHAR; 4],
TagUlong: ULONG,
ProcessChargedQuota: PVOID,
}}
STRUCT!{struct SYSTEM_POOL_ENTRY {
Allocated: BOOLEAN,
Spare0: BOOLEAN,
AllocatorBackTraceIndex: USHORT,
Size: ULONG,
u: SYSTEM_POOL_ENTRY_u,
}}
pub type PSYSTEM_POOL_ENTRY = *mut SYSTEM_POOL_ENTRY;
STRUCT!{struct SYSTEM_POOL_INFORMATION {
TotalSize: SIZE_T,
FirstEntry: PVOID,
EntryOverhead: USHORT,
PoolTagPresent: BOOLEAN,
Spare0: BOOLEAN,
NumberOfEntries: ULONG,
Entries: [SYSTEM_POOL_ENTRY; 1],
}}
pub type PSYSTEM_POOL_INFORMATION = *mut SYSTEM_POOL_INFORMATION;
STRUCT!{struct SYSTEM_SESSION_POOLTAG_INFORMATION {
NextEntryOffset: SIZE_T,
SessionId: ULONG,
Count: ULONG,
TagInfo: [SYSTEM_POOLTAG; 1],
}}
pub type PSYSTEM_SESSION_POOLTAG_INFORMATION = *mut SYSTEM_SESSION_POOLTAG_INFORMATION;
STRUCT!{struct SYSTEM_SESSION_MAPPED_VIEW_INFORMATION {
NextEntryOffset: SIZE_T,
SessionId: ULONG,
ViewFailures: ULONG,
NumberOfBytesAvailable: SIZE_T,
NumberOfBytesAvailableContiguous: SIZE_T,
}}
pub type PSYSTEM_SESSION_MAPPED_VIEW_INFORMATION = *mut SYSTEM_SESSION_MAPPED_VIEW_INFORMATION;
ENUM!{enum SYSTEM_FIRMWARE_TABLE_ACTION {
SystemFirmwareTableEnumerate = 0,
SystemFirmwareTableGet = 1,
SystemFirmwareTableMax = 2,
}}
STRUCT!{struct SYSTEM_FIRMWARE_TABLE_INFORMATION {
ProviderSignature: ULONG,
Action: SYSTEM_FIRMWARE_TABLE_ACTION,
TableID: ULONG,
TableBufferLength: ULONG,
TableBuffer: [UCHAR; 1],
}}
pub type PSYSTEM_FIRMWARE_TABLE_INFORMATION = *mut SYSTEM_FIRMWARE_TABLE_INFORMATION;
STRUCT!{struct SYSTEM_MEMORY_LIST_INFORMATION {
ZeroPageCount: ULONG_PTR,
FreePageCount: ULONG_PTR,
ModifiedPageCount: ULONG_PTR,
ModifiedNoWritePageCount: ULONG_PTR,
BadPageCount: ULONG_PTR,
PageCountByPriority: [ULONG_PTR; 8],
RepurposedPagesByPriority: [ULONG_PTR; 8],
ModifiedPageCountPageFile: ULONG_PTR,
}}
pub type PSYSTEM_MEMORY_LIST_INFORMATION = *mut SYSTEM_MEMORY_LIST_INFORMATION;
ENUM!{enum SYSTEM_MEMORY_LIST_COMMAND {
MemoryCaptureAccessedBits = 0,
MemoryCaptureAndResetAccessedBits = 1,
MemoryEmptyWorkingSets = 2,
MemoryFlushModifiedList = 3,
MemoryPurgeStandbyList = 4,
MemoryPurgeLowPriorityStandbyList = 5,
MemoryCommandMax = 6,
}}
STRUCT!{struct SYSTEM_THREAD_CID_PRIORITY_INFORMATION {
ClientId: CLIENT_ID,
Priority: KPRIORITY,
}}
pub type PSYSTEM_THREAD_CID_PRIORITY_INFORMATION = *mut SYSTEM_THREAD_CID_PRIORITY_INFORMATION;
STRUCT!{struct SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION {
CycleTime: ULONGLONG,
}}
pub type PSYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION =
*mut SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION;
STRUCT!{struct SYSTEM_REF_TRACE_INFORMATION {
TraceEnable: BOOLEAN,
TracePermanent: BOOLEAN,
TraceProcessName: UNICODE_STRING,
TracePoolTags: UNICODE_STRING,
}}
pub type PSYSTEM_REF_TRACE_INFORMATION = *mut SYSTEM_REF_TRACE_INFORMATION;
STRUCT!{struct SYSTEM_PROCESS_ID_INFORMATION {
ProcessId: HANDLE,
ImageName: UNICODE_STRING,
}}
pub type PSYSTEM_PROCESS_ID_INFORMATION = *mut SYSTEM_PROCESS_ID_INFORMATION;
STRUCT!{struct SYSTEM_BOOT_ENVIRONMENT_INFORMATION {
BootIdentifier: GUID,
FirmwareType: FIRMWARE_TYPE,
BootFlags: ULONGLONG,
}}
BITFIELD!{SYSTEM_BOOT_ENVIRONMENT_INFORMATION BootFlags: ULONGLONG [
DbgMenuOsSelection set_DbgMenuOsSelection[0..1],
DbgHiberBoot set_DbgHiberBoot[1..2],
DbgSoftBoot set_DbgSoftBoot[2..3],
DbgMeasuredLaunch set_DbgMeasuredLaunch[3..4],
]}
pub type PSYSTEM_BOOT_ENVIRONMENT_INFORMATION = *mut SYSTEM_BOOT_ENVIRONMENT_INFORMATION;
STRUCT!{struct SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION {
FlagsToEnable: ULONG,
FlagsToDisable: ULONG,
}}
pub type PSYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION =
*mut SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION;
#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
STRUCT!{struct SYSTEM_VERIFIER_INFORMATION_EX {
VerifyMode: ULONG,
OptionChanges: ULONG,
PreviousBucketName: UNICODE_STRING,
IrpCancelTimeoutMsec: ULONG,
VerifierExtensionEnabled: ULONG,
Reserved: [ULONG; 1],
}}
#[cfg(target_arch = "x86")]
STRUCT!{struct SYSTEM_VERIFIER_INFORMATION_EX {
VerifyMode: ULONG,
OptionChanges: ULONG,
PreviousBucketName: UNICODE_STRING,
IrpCancelTimeoutMsec: ULONG,
VerifierExtensionEnabled: ULONG,
Reserved: [ULONG; 3],
}}
pub type PSYSTEM_VERIFIER_INFORMATION_EX = *mut SYSTEM_VERIFIER_INFORMATION_EX;
STRUCT!{struct SYSTEM_SYSTEM_PARTITION_INFORMATION {
SystemPartition: UNICODE_STRING,
}}
pub type PSYSTEM_SYSTEM_PARTITION_INFORMATION = *mut SYSTEM_SYSTEM_PARTITION_INFORMATION;
STRUCT!{struct SYSTEM_SYSTEM_DISK_INFORMATION {
SystemDisk: UNICODE_STRING,
}}
pub type PSYSTEM_SYSTEM_DISK_INFORMATION = *mut SYSTEM_SYSTEM_DISK_INFORMATION;
STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT {
Hits: ULONGLONG,
PercentFrequency: UCHAR,
}}
pub type PSYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT = *mut SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT;
STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8 {
Hits: ULONG,
PercentFrequency: UCHAR,
}}
pub type PSYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8 =
*mut SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8;
STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION {
ProcessorNumber: ULONG,
StateCount: ULONG,
States: [SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT; 1],
}}
pub type PSYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION =
*mut SYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION;
STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION {
ProcessorCount: ULONG,
Offsets: [ULONG; 1],
}}
pub type PSYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION =
*mut SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION;
STRUCT!{struct SYSTEM_CODEINTEGRITY_INFORMATION {
Length: ULONG,
CodeIntegrityOptions: ULONG,
}}
pub type PSYSTEM_CODEINTEGRITY_INFORMATION = *mut SYSTEM_CODEINTEGRITY_INFORMATION;
ENUM!{enum SYSTEM_VA_TYPE {
SystemVaTypeAll = 0,
SystemVaTypeNonPagedPool = 1,
SystemVaTypePagedPool = 2,
SystemVaTypeSystemCache = 3,
SystemVaTypeSystemPtes = 4,
SystemVaTypeSessionSpace = 5,
SystemVaTypeMax = 6,
}}
pub type PSYSTEM_VA_TYPE = *mut SYSTEM_VA_TYPE;
STRUCT!{struct SYSTEM_VA_LIST_INFORMATION {
VirtualSize: SIZE_T,
VirtualPeak: SIZE_T,
VirtualLimit: SIZE_T,
AllocationFailures: SIZE_T,
}}
pub type PSYSTEM_VA_LIST_INFORMATION = *mut SYSTEM_VA_LIST_INFORMATION;
STRUCT!{struct SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS {
KeyHandle: HANDLE,
ValueNamePointer: PUNICODE_STRING,
RequiredLengthPointer: PULONG,
Buffer: PUCHAR,
BufferLength: ULONG,
Type: ULONG,
AppendBuffer: PUCHAR,
AppendBufferLength: ULONG,
CreateIfDoesntExist: BOOLEAN,
TruncateExistingValue: BOOLEAN,
}}
pub type PSYSTEM_REGISTRY_APPEND_STRING_PARAMETERS = *mut SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS;
STRUCT!{struct SYSTEM_VHD_BOOT_INFORMATION {
OsDiskIsVhd: BOOLEAN,
OsVhdFilePathOffset: ULONG,
OsVhdParentVolume: [WCHAR; ANYSIZE_ARRAY],
}}
pub type PSYSTEM_VHD_BOOT_INFORMATION = *mut SYSTEM_VHD_BOOT_INFORMATION;
STRUCT!{struct SYSTEM_LOW_PRIORITY_IO_INFORMATION {
LowPriReadOperations: ULONG,
LowPriWriteOperations: ULONG,
KernelBumpedToNormalOperations: ULONG,
LowPriPagingReadOperations: ULONG,
KernelPagingReadsBumpedToNormal: ULONG,
LowPriPagingWriteOperations: ULONG,
KernelPagingWritesBumpedToNormal: ULONG,
BoostedIrpCount: ULONG,
BoostedPagingIrpCount: ULONG,
BlanketBoostCount: ULONG,
}}
pub type PSYSTEM_LOW_PRIORITY_IO_INFORMATION = *mut SYSTEM_LOW_PRIORITY_IO_INFORMATION;
ENUM!{enum TPM_BOOT_ENTROPY_RESULT_CODE {
TpmBootEntropyStructureUninitialized = 0,
TpmBootEntropyDisabledByPolicy = 1,
TpmBootEntropyNoTpmFound = 2,
TpmBootEntropyTpmError = 3,
TpmBootEntropySuccess = 4,
}}
STRUCT!{struct TPM_BOOT_ENTROPY_NT_RESULT {
Policy: ULONGLONG,
ResultCode: TPM_BOOT_ENTROPY_RESULT_CODE,
ResultStatus: NTSTATUS,
Time: ULONGLONG,
EntropyLength: ULONG,
EntropyData: [UCHAR; 40],
}}
pub type PTPM_BOOT_ENTROPY_NT_RESULT = *mut TPM_BOOT_ENTROPY_NT_RESULT;
STRUCT!{struct SYSTEM_VERIFIER_COUNTERS_INFORMATION {
Legacy: SYSTEM_VERIFIER_INFORMATION,
RaiseIrqls: ULONG,
AcquireSpinLocks: ULONG,
SynchronizeExecutions: ULONG,
AllocationsWithNoTag: ULONG,
AllocationsFailed: ULONG,
AllocationsFailedDeliberately: ULONG,
LockedBytes: SIZE_T,
PeakLockedBytes: SIZE_T,
MappedLockedBytes: SIZE_T,
PeakMappedLockedBytes: SIZE_T,
MappedIoSpaceBytes: SIZE_T,
PeakMappedIoSpaceBytes: SIZE_T,
PagesForMdlBytes: SIZE_T,
PeakPagesForMdlBytes: SIZE_T,
ContiguousMemoryBytes: SIZE_T,
PeakContiguousMemoryBytes: SIZE_T,
ExecutePoolTypes: ULONG,
ExecutePageProtections: ULONG,
ExecutePageMappings: ULONG,
ExecuteWriteSections: ULONG,
SectionAlignmentFailures: ULONG,
UnsupportedRelocs: ULONG,
IATInExecutableSection: ULONG,
}}
pub type PSYSTEM_VERIFIER_COUNTERS_INFORMATION = *mut SYSTEM_VERIFIER_COUNTERS_INFORMATION;
STRUCT!{struct SYSTEM_ACPI_AUDIT_INFORMATION {
RsdpCount: ULONG,
Bitfields: ULONG,
}}
BITFIELD!{SYSTEM_ACPI_AUDIT_INFORMATION Bitfields: ULONG [
SameRsdt set_SameRsdt[0..1],
SlicPresent set_SlicPresent[1..2],
SlicDifferent set_SlicDifferent[2..3],
]}
pub type PSYSTEM_ACPI_AUDIT_INFORMATION = *mut SYSTEM_ACPI_AUDIT_INFORMATION;
STRUCT!{struct SYSTEM_BASIC_PERFORMANCE_INFORMATION {
AvailablePages: SIZE_T,
CommittedPages: SIZE_T,
CommitLimit: SIZE_T,
PeakCommitment: SIZE_T,
}}
pub type PSYSTEM_BASIC_PERFORMANCE_INFORMATION = *mut SYSTEM_BASIC_PERFORMANCE_INFORMATION;
STRUCT!{struct QUERY_PERFORMANCE_COUNTER_FLAGS {
ul: ULONG,
}}
BITFIELD!{QUERY_PERFORMANCE_COUNTER_FLAGS ul: ULONG [
KernelTransition set_KernelTransition[0..1],
Reserved set_Reserved[1..32],
]}
STRUCT!{struct SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION {
Version: ULONG,
Flags: QUERY_PERFORMANCE_COUNTER_FLAGS,
ValidFlags: QUERY_PERFORMANCE_COUNTER_FLAGS,
}}
pub type PSYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION =
*mut SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION;
ENUM!{enum SYSTEM_PIXEL_FORMAT {
SystemPixelFormatUnknown = 0,
SystemPixelFormatR8G8B8 = 1,
SystemPixelFormatR8G8B8X8 = 2,
SystemPixelFormatB8G8R8 = 3,
SystemPixelFormatB8G8R8X8 = 4,
}}
STRUCT!{struct SYSTEM_BOOT_GRAPHICS_INFORMATION {
FrameBuffer: LARGE_INTEGER,
Width: ULONG,
Height: ULONG,
PixelStride: ULONG,
Flags: ULONG,
Format: SYSTEM_PIXEL_FORMAT,
DisplayRotation: ULONG,
}}
pub type PSYSTEM_BOOT_GRAPHICS_INFORMATION = *mut SYSTEM_BOOT_GRAPHICS_INFORMATION;
STRUCT!{struct MEMORY_SCRUB_INFORMATION {
Handle: HANDLE,
PagesScrubbed: ULONG,
}}
pub type PMEMORY_SCRUB_INFORMATION = *mut MEMORY_SCRUB_INFORMATION;
STRUCT!{struct PEBS_DS_SAVE_AREA {
BtsBufferBase: ULONGLONG,
BtsIndex: ULONGLONG,
BtsAbsoluteMaximum: ULONGLONG,
BtsInterruptThreshold: ULONGLONG,
PebsBufferBase: ULONGLONG,
PebsIndex: ULONGLONG,
PebsAbsoluteMaximum: ULONGLONG,
PebsInterruptThreshold: ULONGLONG,
PebsCounterReset0: ULONGLONG,
PebsCounterReset1: ULONGLONG,
PebsCounterReset2: ULONGLONG,
PebsCounterReset3: ULONGLONG,
}}
pub type PPEBS_DS_SAVE_AREA = *mut PEBS_DS_SAVE_AREA;
STRUCT!{struct PROCESSOR_PROFILE_CONTROL_AREA {
PebsDsSaveArea: PEBS_DS_SAVE_AREA,
}}
pub type PPROCESSOR_PROFILE_CONTROL_AREA = *mut PROCESSOR_PROFILE_CONTROL_AREA;
STRUCT!{struct SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA {
ProcessorProfileControlArea: PROCESSOR_PROFILE_CONTROL_AREA,
Allocate: BOOLEAN,
}}
pub type PSYSTEM_PROCESSOR_PROFILE_CONTROL_AREA = *mut SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA;
STRUCT!{struct MEMORY_COMBINE_INFORMATION {
Handle: HANDLE,
PagesCombined: ULONG_PTR,
}}
pub type PMEMORY_COMBINE_INFORMATION = *mut MEMORY_COMBINE_INFORMATION;
pub const MEMORY_COMBINE_FLAGS_COMMON_PAGES_ONLY: ULONG = 0x4;
STRUCT!{struct MEMORY_COMBINE_INFORMATION_EX {
Handle: HANDLE,
PagesCombined: ULONG_PTR,
Flags: ULONG,
}}
pub type PMEMORY_COMBINE_INFORMATION_EX = *mut MEMORY_COMBINE_INFORMATION_EX;
STRUCT!{struct MEMORY_COMBINE_INFORMATION_EX2 {
Handle: HANDLE,
PagesCombined: ULONG_PTR,
Flags: ULONG,
ProcessHandle: HANDLE,
}}
pub type PMEMORY_COMBINE_INFORMATION_EX2 = *mut MEMORY_COMBINE_INFORMATION_EX2;
STRUCT!{struct SYSTEM_CONSOLE_INFORMATION {
Bitfields: ULONG,
}}
BITFIELD!{SYSTEM_CONSOLE_INFORMATION Bitfields: ULONG [
DriverLoaded set_DriverLoaded[0..1],
Spare set_Spare[1..32],
]}
pub type PSYSTEM_CONSOLE_INFORMATION = *mut SYSTEM_CONSOLE_INFORMATION;
STRUCT!{struct SYSTEM_PLATFORM_BINARY_INFORMATION {
PhysicalAddress: ULONG64,
HandoffBuffer: PVOID,
CommandLineBuffer: PVOID,
HandoffBufferSize: ULONG,
CommandLineBufferSize: ULONG,
}}
pub type PSYSTEM_PLATFORM_BINARY_INFORMATION = *mut SYSTEM_PLATFORM_BINARY_INFORMATION;
STRUCT!{struct SYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION {
NumberOfLogicalProcessors: ULONG,
NumberOfCores: ULONG,
}}
pub type PSYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION =
*mut SYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION;
STRUCT!{struct SYSTEM_DEVICE_DATA_INFORMATION {
DeviceId: UNICODE_STRING,
DataName: UNICODE_STRING,
DataType: ULONG,
DataBufferLength: ULONG,
DataBuffer: PVOID,
}}
pub type PSYSTEM_DEVICE_DATA_INFORMATION = *mut SYSTEM_DEVICE_DATA_INFORMATION;
STRUCT!{struct PHYSICAL_CHANNEL_RUN {
NodeNumber: ULONG,
ChannelNumber: ULONG,
BasePage: ULONGLONG,
PageCount: ULONGLONG,
Flags: ULONG,
}}
pub type PPHYSICAL_CHANNEL_RUN = *mut PHYSICAL_CHANNEL_RUN;
STRUCT!{struct SYSTEM_MEMORY_TOPOLOGY_INFORMATION {
NumberOfRuns: ULONGLONG,
NumberOfNodes: ULONG,
NumberOfChannels: ULONG,
Run: [PHYSICAL_CHANNEL_RUN; 1],
}}
pub type PSYSTEM_MEMORY_TOPOLOGY_INFORMATION = *mut SYSTEM_MEMORY_TOPOLOGY_INFORMATION;
STRUCT!{struct SYSTEM_MEMORY_CHANNEL_INFORMATION {
ChannelNumber: ULONG,
ChannelHeatIndex: ULONG,
TotalPageCount: ULONGLONG,
ZeroPageCount: ULONGLONG,
FreePageCount: ULONGLONG,
StandbyPageCount: ULONGLONG,
}}
pub type PSYSTEM_MEMORY_CHANNEL_INFORMATION = *mut SYSTEM_MEMORY_CHANNEL_INFORMATION;
STRUCT!{struct SYSTEM_BOOT_LOGO_INFORMATION {
Flags: ULONG,
BitmapOffset: ULONG,
}}
pub type PSYSTEM_BOOT_LOGO_INFORMATION = *mut SYSTEM_BOOT_LOGO_INFORMATION;
STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX {
IdleTime: LARGE_INTEGER,
KernelTime: LARGE_INTEGER,
UserTime: LARGE_INTEGER,
DpcTime: LARGE_INTEGER,
InterruptTime: LARGE_INTEGER,
InterruptCount: ULONG,
Spare0: ULONG,
AvailableTime: LARGE_INTEGER,
Spare1: LARGE_INTEGER,
Spare2: LARGE_INTEGER,
}}
pub type PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX =
*mut SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX;
STRUCT!{struct SYSTEM_SECUREBOOT_POLICY_INFORMATION {
PolicyPublisher: GUID,
PolicyVersion: ULONG,
PolicyOptions: ULONG,
}}
pub type PSYSTEM_SECUREBOOT_POLICY_INFORMATION = *mut SYSTEM_SECUREBOOT_POLICY_INFORMATION;
STRUCT!{struct SYSTEM_PAGEFILE_INFORMATION_EX {
Info: SYSTEM_PAGEFILE_INFORMATION,
MinimumSize: ULONG,
MaximumSize: ULONG,
}}
pub type PSYSTEM_PAGEFILE_INFORMATION_EX = *mut SYSTEM_PAGEFILE_INFORMATION_EX;
STRUCT!{struct SYSTEM_SECUREBOOT_INFORMATION {
SecureBootEnabled: BOOLEAN,
SecureBootCapable: BOOLEAN,
}}
pub type PSYSTEM_SECUREBOOT_INFORMATION = *mut SYSTEM_SECUREBOOT_INFORMATION;
STRUCT!{struct PROCESS_DISK_COUNTERS {
BytesRead: ULONGLONG,
BytesWritten: ULONGLONG,
ReadOperationCount: ULONGLONG,
WriteOperationCount: ULONGLONG,
FlushOperationCount: ULONGLONG,
}}
pub type PPROCESS_DISK_COUNTERS = *mut PROCESS_DISK_COUNTERS;
UNION!{union ENERGY_STATE_DURATION_u {
Value: ULONGLONG,
LastChangeTime: ULONG,
}}
UNION!{union ENERGY_STATE_DURATION {
u: ENERGY_STATE_DURATION_u,
BitFields: ULONG,
}}
pub type PENERGY_STATE_DURATION = *mut ENERGY_STATE_DURATION;
BITFIELD!{unsafe ENERGY_STATE_DURATION BitFields: ULONG [
Duration set_Duration[0..31],
IsInState set_IsInState[31..32],
]}
STRUCT!{struct PROCESS_ENERGY_VALUES {
Cycles: [[ULONGLONG; 4]; 2],
DiskEnergy: ULONGLONG,
NetworkTailEnergy: ULONGLONG,
MBBTailEnergy: ULONGLONG,
NetworkTxRxBytes: ULONGLONG,
MBBTxRxBytes: ULONGLONG,
ForegroundDuration: ENERGY_STATE_DURATION,
DesktopVisibleDuration: ENERGY_STATE_DURATION,
PSMForegroundDuration: ENERGY_STATE_DURATION,
CompositionRendered: ULONG,
CompositionDirtyGenerated: ULONG,
CompositionDirtyPropagated: ULONG,
Reserved1: ULONG,
AttributedCycles: [[ULONGLONG; 2]; 4],
WorkOnBehalfCycles: [[ULONGLONG; 2]; 4],
}}
pub type PPROCESS_ENERGY_VALUES = *mut PROCESS_ENERGY_VALUES;
STRUCT!{struct TIMELINE_BITMAP {
Value: ULONGLONG,
EndTime: ULONG,
Bitmap: ULONG,
}}
pub type PTIMELINE_BITMAP = *mut TIMELINE_BITMAP;
STRUCT!{struct PROCESS_ENERGY_VALUES_EXTENSION_Timelines {
CpuTimeline: TIMELINE_BITMAP,
DiskTimeline: TIMELINE_BITMAP,
NetworkTimeline: TIMELINE_BITMAP,
MBBTimeline: TIMELINE_BITMAP,
ForegroundTimeline: TIMELINE_BITMAP,
DesktopVisibleTimeline: TIMELINE_BITMAP,
CompositionRenderedTimeline: TIMELINE_BITMAP,
CompositionDirtyGeneratedTimeline: TIMELINE_BITMAP,
CompositionDirtyPropagatedTimeline: TIMELINE_BITMAP,
InputTimeline: TIMELINE_BITMAP,
AudioInTimeline: TIMELINE_BITMAP,
AudioOutTimeline: TIMELINE_BITMAP,
DisplayRequiredTimeline: TIMELINE_BITMAP,
KeyboardInputTimeline: TIMELINE_BITMAP,
}}
STRUCT!{struct PROCESS_ENERGY_VALUES_EXTENSION_Durations {
InputDuration: ENERGY_STATE_DURATION,
AudioInDuration: ENERGY_STATE_DURATION,
AudioOutDuration: ENERGY_STATE_DURATION,
DisplayRequiredDuration: ENERGY_STATE_DURATION,
PSMBackgroundDuration: ENERGY_STATE_DURATION,
}}
STRUCT!{struct PROCESS_ENERGY_VALUES_EXTENSION {
Timelines: PROCESS_ENERGY_VALUES_EXTENSION_Timelines,
Durations: PROCESS_ENERGY_VALUES_EXTENSION_Durations,
KeyboardInput: ULONG,
MouseInput: ULONG,
}}
pub type PPROCESS_ENERGY_VALUES_EXTENSION = *mut PROCESS_ENERGY_VALUES_EXTENSION;
STRUCT!{struct PROCESS_EXTENDED_ENERGY_VALUES {
Base: PROCESS_ENERGY_VALUES,
Extension: PROCESS_ENERGY_VALUES_EXTENSION,
}}
pub type PPROCESS_EXTENDED_ENERGY_VALUES = *mut PROCESS_EXTENDED_ENERGY_VALUES;
ENUM!{enum SYSTEM_PROCESS_CLASSIFICATION {
SystemProcessClassificationNormal = 0,
SystemProcessClassificationSystem = 1,
SystemProcessClassificationSecureSystem = 2,
SystemProcessClassificationMemCompression = 3,
SystemProcessClassificationRegistry = 4,
SystemProcessClassificationMaximum = 5,
}}
STRUCT!{struct SYSTEM_PROCESS_INFORMATION_EXTENSION {
DiskCounters: PROCESS_DISK_COUNTERS,
ContextSwitches: ULONGLONG,
Flags: ULONG,
UserSidOffset: ULONG,
PackageFullNameOffset: ULONG,
EnergyValues: PROCESS_ENERGY_VALUES,
AppIdOffset: ULONG,
SharedCommitCharge: SIZE_T,
JobObjectId: ULONG,
SpareUlong: ULONG,
ProcessSequenceNumber: ULONGLONG,
}}
BITFIELD!{SYSTEM_PROCESS_INFORMATION_EXTENSION Flags: ULONG [
HasStrongId set_HasStrongId[0..1],
Classification set_Classification[1..5],
BackgroundActivityModerated set_BackgroundActivityModerated[5..6],
Spare set_Spare[6..32],
]}
pub type PSYSTEM_PROCESS_INFORMATION_EXTENSION = *mut SYSTEM_PROCESS_INFORMATION_EXTENSION;
STRUCT!{struct SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION {
EfiLauncherEnabled: BOOLEAN,
}}
pub type PSYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION =
*mut SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION;
STRUCT!{struct SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX {
DebuggerAllowed: BOOLEAN,
DebuggerEnabled: BOOLEAN,
DebuggerPresent: BOOLEAN,
}}
pub type PSYSTEM_KERNEL_DEBUGGER_INFORMATION_EX = *mut SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX;
STRUCT!{struct SYSTEM_ELAM_CERTIFICATE_INFORMATION {
ElamDriverFile: HANDLE,
}}
pub type PSYSTEM_ELAM_CERTIFICATE_INFORMATION = *mut SYSTEM_ELAM_CERTIFICATE_INFORMATION;
STRUCT!{struct SYSTEM_PROCESSOR_FEATURES_INFORMATION {
ProcessorFeatureBits: ULONGLONG,
Reserved: [ULONGLONG; 3],
}}
pub type PSYSTEM_PROCESSOR_FEATURES_INFORMATION = *mut SYSTEM_PROCESSOR_FEATURES_INFORMATION;
STRUCT!{struct SYSTEM_MANUFACTURING_INFORMATION {
Options: ULONG,
ProfileName: UNICODE_STRING,
}}
pub type PSYSTEM_MANUFACTURING_INFORMATION = *mut SYSTEM_MANUFACTURING_INFORMATION;
STRUCT!{struct SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION {
Enabled: BOOLEAN,
}}
pub type PSYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION =
*mut SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION;
STRUCT!{struct HV_DETAILS {
Data: [ULONG; 4],
}}
pub type PHV_DETAILS = *mut HV_DETAILS;
STRUCT!{struct SYSTEM_HYPERVISOR_DETAIL_INFORMATION {
HvVendorAndMaxFunction: HV_DETAILS,
HypervisorInterface: HV_DETAILS,
HypervisorVersion: HV_DETAILS,
HvFeatures: HV_DETAILS,
HwFeatures: HV_DETAILS,
EnlightenmentInfo: HV_DETAILS,
ImplementationLimits: HV_DETAILS,
}}
pub type PSYSTEM_HYPERVISOR_DETAIL_INFORMATION = *mut SYSTEM_HYPERVISOR_DETAIL_INFORMATION;
STRUCT!{struct SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION {
Cycles: [[ULONGLONG; 4]; 2],
}}
pub type PSYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION = *mut SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION;
STRUCT!{struct SYSTEM_TPM_INFORMATION {
Flags: ULONG,
}}
pub type PSYSTEM_TPM_INFORMATION = *mut SYSTEM_TPM_INFORMATION;
STRUCT!{struct SYSTEM_VSM_PROTECTION_INFORMATION {
DmaProtectionsAvailable: BOOLEAN,
DmaProtectionsInUse: BOOLEAN,
HardwareMbecAvailable: BOOLEAN,
}}
pub type PSYSTEM_VSM_PROTECTION_INFORMATION = *mut SYSTEM_VSM_PROTECTION_INFORMATION;
STRUCT!{struct SYSTEM_CODEINTEGRITYPOLICY_INFORMATION {
Options: ULONG,
HVCIOptions: ULONG,
Version: ULONGLONG,
PolicyGuid: GUID,
}}
pub type PSYSTEM_CODEINTEGRITYPOLICY_INFORMATION = *mut SYSTEM_CODEINTEGRITYPOLICY_INFORMATION;
STRUCT!{struct SYSTEM_ISOLATED_USER_MODE_INFORMATION {
Bitfields1: BOOLEAN,
Bitfields2: BOOLEAN,
Spare0: [BOOLEAN; 6],
Spare1: ULONGLONG,
}}
BITFIELD!{SYSTEM_ISOLATED_USER_MODE_INFORMATION Bitfields1: BOOLEAN [
SecureKernelRunning set_SecureKernelRunning[0..1],
HvciEnabled set_HvciEnabled[1..2],
HvciStrictMode set_HvciStrictMode[2..3],
DebugEnabled set_DebugEnabled[3..4],
FirmwarePageProtection set_FirmwarePageProtection[4..5],
EncryptionKeyAvailable set_EncryptionKeyAvailable[5..6],
SpareFlags set_SpareFlags[6..7],
TrustletRunning set_TrustletRunning[7..8],
]}
BITFIELD!{SYSTEM_ISOLATED_USER_MODE_INFORMATION Bitfields2: BOOLEAN [
SpareFlags2 set_SpareFlags2[0..1],
]}
pub type PSYSTEM_ISOLATED_USER_MODE_INFORMATION = *mut SYSTEM_ISOLATED_USER_MODE_INFORMATION;
STRUCT!{struct SYSTEM_SINGLE_MODULE_INFORMATION {
TargetModuleAddress: PVOID,
ExInfo: RTL_PROCESS_MODULE_INFORMATION_EX,
}}
pub type PSYSTEM_SINGLE_MODULE_INFORMATION = *mut SYSTEM_SINGLE_MODULE_INFORMATION;
STRUCT!{struct SYSTEM_INTERRUPT_CPU_SET_INFORMATION {
Gsiv: ULONG,
Group: USHORT,
CpuSets: ULONGLONG,
}}
pub type PSYSTEM_INTERRUPT_CPU_SET_INFORMATION = *mut SYSTEM_INTERRUPT_CPU_SET_INFORMATION;
STRUCT!{struct SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION {
PolicyInformation: SYSTEM_SECUREBOOT_POLICY_INFORMATION,
PolicySize: ULONG,
Policy: [UCHAR; 1],
}}
pub type PSYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION =
*mut SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION;
STRUCT!{struct SYSTEM_ROOT_SILO_INFORMATION {
NumberOfSilos: ULONG,
SiloIdList: [ULONG; 1],
}}
pub type PSYSTEM_ROOT_SILO_INFORMATION = *mut SYSTEM_ROOT_SILO_INFORMATION;
STRUCT!{struct SYSTEM_CPU_SET_TAG_INFORMATION {
Tag: ULONGLONG,
CpuSets: [ULONGLONG; 1],
}}
pub type PSYSTEM_CPU_SET_TAG_INFORMATION = *mut SYSTEM_CPU_SET_TAG_INFORMATION;
STRUCT!{struct SYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION {
ExtentCount: ULONG,
ValidStructureSize: ULONG,
NextExtentIndex: ULONG,
ExtentRestart: ULONG,
CycleCount: ULONG,
TimeoutCount: ULONG,
CycleTime: ULONGLONG,
CycleTimeMax: ULONGLONG,
ExtentTime: ULONGLONG,
ExtentTimeIndex: ULONG,
ExtentTimeMaxIndex: ULONG,
ExtentTimeMax: ULONGLONG,
HyperFlushTimeMax: ULONGLONG,
TranslateVaTimeMax: ULONGLONG,
DebugExemptionCount: ULONGLONG,
TbHitCount: ULONGLONG,
TbMissCount: ULONGLONG,
VinaPendingYield: ULONGLONG,
HashCycles: ULONGLONG,
HistogramOffset: ULONG,
HistogramBuckets: ULONG,
HistogramShift: ULONG,
Reserved1: ULONG,
PageNotPresentCount: ULONGLONG,
}}
pub type PSYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION =
*mut SYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION;
STRUCT!{struct SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION {
PlatformManifestSize: ULONG,
PlatformManifest: [UCHAR; 1],
}}
pub type PSYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION =
*mut SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION;
STRUCT!{struct SYSTEM_MEMORY_USAGE_INFORMATION {
TotalPhysicalBytes: ULONGLONG,
AvailableBytes: ULONGLONG,
ResidentAvailableBytes: LONGLONG,
CommittedBytes: ULONGLONG,
SharedCommittedBytes: ULONGLONG,
CommitLimitBytes: ULONGLONG,
PeakCommitmentBytes: ULONGLONG,
}}
pub type PSYSTEM_MEMORY_USAGE_INFORMATION = *mut SYSTEM_MEMORY_USAGE_INFORMATION;
STRUCT!{struct SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION {
ImageFile: HANDLE,
Type: ULONG,
}}
pub type PSYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION =
*mut SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION;
STRUCT!{struct SYSTEM_PHYSICAL_MEMORY_INFORMATION {
TotalPhysicalBytes: ULONGLONG,
LowestPhysicalAddress: ULONGLONG,
HighestPhysicalAddress: ULONGLONG,
}}
pub type PSYSTEM_PHYSICAL_MEMORY_INFORMATION = *mut SYSTEM_PHYSICAL_MEMORY_INFORMATION;
ENUM!{enum SYSTEM_ACTIVITY_MODERATION_STATE {
SystemActivityModerationStateSystemManaged = 0,
SystemActivityModerationStateUserManagedAllowThrottling = 1,
SystemActivityModerationStateUserManagedDisableThrottling = 2,
MaxSystemActivityModerationState = 3,
}}
ENUM!{enum SYSTEM_ACTIVITY_MODERATION_APP_TYPE {
SystemActivityModerationAppTypeClassic = 0,
SystemActivityModerationAppTypePackaged = 1,
MaxSystemActivityModerationAppType = 2,
}}
STRUCT!{struct SYSTEM_ACTIVITY_MODERATION_INFO {
Identifier: UNICODE_STRING,
ModerationState: SYSTEM_ACTIVITY_MODERATION_STATE,
AppType: SYSTEM_ACTIVITY_MODERATION_APP_TYPE,
}}
pub type PSYSTEM_ACTIVITY_MODERATION_INFO = *mut SYSTEM_ACTIVITY_MODERATION_INFO;
STRUCT!{struct SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS {
UserKeyHandle: HANDLE,
}}
pub type PSYSTEM_ACTIVITY_MODERATION_USER_SETTINGS = *mut SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS;
STRUCT!{struct SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION {
Flags: ULONG,
UnlockId: [UCHAR; 32],
}}
BITFIELD!{SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION Flags: ULONG [
Locked set_Locked[0..1],
Unlockable set_Unlockable[1..2],
UnlockApplied set_UnlockApplied[2..3],
UnlockIdValid set_UnlockIdValid[3..4],
Reserved set_Reserved[4..32],
]}
pub type PSYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION = *mut SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION;
STRUCT!{struct SYSTEM_FLUSH_INFORMATION {
SupportedFlushMethods: ULONG,
ProcessorCacheFlushSize: ULONG,
SystemFlushCapabilities: ULONGLONG,
Reserved: [ULONGLONG; 2],
}}
pub type PSYSTEM_FLUSH_INFORMATION = *mut SYSTEM_FLUSH_INFORMATION;
STRUCT!{struct SYSTEM_WRITE_CONSTRAINT_INFORMATION {
WriteConstraintPolicy: ULONG,
Reserved: ULONG,
}}
pub type PSYSTEM_WRITE_CONSTRAINT_INFORMATION = *mut SYSTEM_WRITE_CONSTRAINT_INFORMATION;
STRUCT!{struct SYSTEM_KERNEL_VA_SHADOW_INFORMATION {
Flags: ULONG,
}}
BITFIELD!{SYSTEM_KERNEL_VA_SHADOW_INFORMATION Flags: ULONG [
KvaShadowEnabled set_KvaShadowEnabled[0..1],
KvaShadowUserGlobal set_KvaShadowUserGlobal[1..2],
KvaShadowPcid set_KvaShadowPcid[2..3],
KvaShadowInvpcid set_KvaShadowInvpcid[3..4],
KvaShadowRequired set_KvaShadowRequired[4..5],
KvaShadowRequiredAvailable set_KvaShadowRequiredAvailable[5..6],
InvalidPteBit set_InvalidPteBit[6..12],
L1DataCacheFlushSupported set_L1DataCacheFlushSupported[12..13],
L1TerminalFaultMitigationPresent set_L1TerminalFaultMitigationPresent[13..14],
Reserved set_Reserved[14..32],
]}
pub type PSYSTEM_KERNEL_VA_SHADOW_INFORMATION = *mut SYSTEM_KERNEL_VA_SHADOW_INFORMATION;
STRUCT!{struct SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION {
FileHandle: HANDLE,
ImageSize: ULONG,
Image: PVOID,
}}
pub type PSYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION =
*mut SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION;
STRUCT!{struct SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION {
HypervisorSharedUserVa: PVOID,
}}
pub type PSYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION =
*mut SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION;
STRUCT!{struct SYSTEM_SPECULATION_CONTROL_INFORMATION {
Flags: ULONG,
}}
BITFIELD!{SYSTEM_SPECULATION_CONTROL_INFORMATION Flags: ULONG [
BpbEnabled set_BpbEnabled[0..1],
BpbDisabledSystemPolicy set_BpbDisabledSystemPolicy[1..2],
BpbDisabledNoHardwareSupport set_BpbDisabledNoHardwareSupport[2..3],
SpecCtrlEnumerated set_SpecCtrlEnumerated[3..4],
SpecCmdEnumerated set_SpecCmdEnumerated[4..5],
IbrsPresent set_IbrsPresent[5..6],
StibpPresent set_StibpPresent[6..7],
SmepPresent set_SmepPresent[7..8],
SpeculativeStoreBypassDisableAvailable set_SpeculativeStoreBypassDisableAvailable[8..9],
SpeculativeStoreBypassDisableSupported set_SpeculativeStoreBypassDisableSupported[9..10],
SpeculativeStoreBypassDisabledSystemWide set_SpeculativeStoreBypassDisabledSystemWide[10..11],
SpeculativeStoreBypassDisabledKernel set_SpeculativeStoreBypassDisabledKernel[11..12],
SpeculativeStoreBypassDisableRequired set_SpeculativeStoreBypassDisableRequired[12..13],
BpbDisabledKernelToUser set_BpbDisabledKernelToUser[13..14],
SpecCtrlRetpolineEnabled set_SpecCtrlRetpolineEnabled[14..15],
SpecCtrlImportOptimizationEnabled set_SpecCtrlImportOptimizationEnabled[15..16],
Reserved set_Reserved[16..32],
]}
pub type PSYSTEM_SPECULATION_CONTROL_INFORMATION = *mut SYSTEM_SPECULATION_CONTROL_INFORMATION;
STRUCT!{struct SYSTEM_DMA_GUARD_POLICY_INFORMATION {
DmaGuardPolicyEnabled: BOOLEAN,
}}
pub type PSYSTEM_DMA_GUARD_POLICY_INFORMATION = *mut SYSTEM_DMA_GUARD_POLICY_INFORMATION;
STRUCT!{struct SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION {
EnclaveLaunchSigner: [UCHAR; 32],
}}
pub type PSYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION =
*mut SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION;
STRUCT!{struct SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION {
WorkloadClass: ULONGLONG,
CpuSets: [ULONGLONG; 1],
}}
pub type PSYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION =
*mut SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION;
EXTERN!{extern "system" {
fn NtQuerySystemInformation(
SystemInformationClass: SYSTEM_INFORMATION_CLASS,
SystemInformation: PVOID,
SystemInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn NtQuerySystemInformationEx(
SystemInformationClass: SYSTEM_INFORMATION_CLASS,
InputBuffer: PVOID,
InputBufferLength: ULONG,
SystemInformation: PVOID,
SystemInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn NtSetSystemInformation(
SystemInformationClass: SYSTEM_INFORMATION_CLASS,
SystemInformation: PVOID,
SystemInformationLength: ULONG,
) -> NTSTATUS;
}}
ENUM!{enum SYSDBG_COMMAND {
SysDbgQueryModuleInformation = 0,
SysDbgQueryTraceInformation = 1,
SysDbgSetTracepoint = 2,
SysDbgSetSpecialCall = 3,
SysDbgClearSpecialCalls = 4,
SysDbgQuerySpecialCalls = 5,
SysDbgBreakPoint = 6,
SysDbgQueryVersion = 7,
SysDbgReadVirtual = 8,
SysDbgWriteVirtual = 9,
SysDbgReadPhysical = 10,
SysDbgWritePhysical = 11,
SysDbgReadControlSpace = 12,
SysDbgWriteControlSpace = 13,
SysDbgReadIoSpace = 14,
SysDbgWriteIoSpace = 15,
SysDbgReadMsr = 16,
SysDbgWriteMsr = 17,
SysDbgReadBusData = 18,
SysDbgWriteBusData = 19,
SysDbgCheckLowMemory = 20,
SysDbgEnableKernelDebugger = 21,
SysDbgDisableKernelDebugger = 22,
SysDbgGetAutoKdEnable = 23,
SysDbgSetAutoKdEnable = 24,
SysDbgGetPrintBufferSize = 25,
SysDbgSetPrintBufferSize = 26,
SysDbgGetKdUmExceptionEnable = 27,
SysDbgSetKdUmExceptionEnable = 28,
SysDbgGetTriageDump = 29,
SysDbgGetKdBlockEnable = 30,
SysDbgSetKdBlockEnable = 31,
SysDbgRegisterForUmBreakInfo = 32,
SysDbgGetUmBreakPid = 33,
SysDbgClearUmBreakPid = 34,
SysDbgGetUmAttachPid = 35,
SysDbgClearUmAttachPid = 36,
SysDbgGetLiveKernelDump = 37,
}}
pub type PSYSDBG_COMMAND = *mut SYSDBG_COMMAND;
STRUCT!{struct SYSDBG_VIRTUAL {
Address: PVOID,
Buffer: PVOID,
Request: ULONG,
}}
pub type PSYSDBG_VIRTUAL = *mut SYSDBG_VIRTUAL;
STRUCT!{struct SYSDBG_PHYSICAL {
Address: PHYSICAL_ADDRESS,
Buffer: PVOID,
Request: ULONG,
}}
pub type PSYSDBG_PHYSICAL = *mut SYSDBG_PHYSICAL;
STRUCT!{struct SYSDBG_CONTROL_SPACE {
Address: ULONG64,
Buffer: PVOID,
Request: ULONG,
Processor: ULONG,
}}
pub type PSYSDBG_CONTROL_SPACE = *mut SYSDBG_CONTROL_SPACE;
STRUCT!{struct SYSDBG_IO_SPACE {
Address: ULONG64,
Buffer: PVOID,
Request: ULONG,
InterfaceType: INTERFACE_TYPE,
BusNumber: ULONG,
AddressSpace: ULONG,
}}
pub type PSYSDBG_IO_SPACE = *mut SYSDBG_IO_SPACE;
STRUCT!{struct SYSDBG_MSR {
Msr: ULONG,
Data: ULONG64,
}}
pub type PSYSDBG_MSR = *mut SYSDBG_MSR;
STRUCT!{struct SYSDBG_BUS_DATA {
Address: ULONG,
Buffer: PVOID,
Request: ULONG,
BusDataType: BUS_DATA_TYPE,
BusNumber: ULONG,
SlotNumber: ULONG,
}}
pub type PSYSDBG_BUS_DATA = *mut SYSDBG_BUS_DATA;
STRUCT!{struct SYSDBG_TRIAGE_DUMP {
Flags: ULONG,
BugCheckCode: ULONG,
BugCheckParam1: ULONG_PTR,
BugCheckParam2: ULONG_PTR,
BugCheckParam3: ULONG_PTR,
BugCheckParam4: ULONG_PTR,
ProcessHandles: ULONG,
ThreadHandles: ULONG,
Handles: PHANDLE,
}}
pub type PSYSDBG_TRIAGE_DUMP = *mut SYSDBG_TRIAGE_DUMP;
STRUCT!{struct SYSDBG_LIVEDUMP_CONTROL_FLAGS {
AsUlong: ULONG,
}}
BITFIELD!{SYSDBG_LIVEDUMP_CONTROL_FLAGS AsUlong: ULONG [
UseDumpStorageStack set_UseDumpStorageStack[0..1],
CompressMemoryPagesData set_CompressMemoryPagesData[1..2],
IncludeUserSpaceMemoryPages set_IncludeUserSpaceMemoryPages[2..3],
AbortIfMemoryPressure set_AbortIfMemoryPressure[3..4],
Reserved set_Reserved[4..32],
]}
pub type PSYSDBG_LIVEDUMP_CONTROL_FLAGS = *mut SYSDBG_LIVEDUMP_CONTROL_FLAGS;
STRUCT!{struct SYSDBG_LIVEDUMP_CONTROL_ADDPAGES {
AsUlong: ULONG,
}}
BITFIELD!{SYSDBG_LIVEDUMP_CONTROL_ADDPAGES AsUlong: ULONG [
HypervisorPages set_HypervisorPages[0..1],
Reserved set_Reserved[1..32],
]}
pub type PSYSDBG_LIVEDUMP_CONTROL_ADDPAGES = *mut SYSDBG_LIVEDUMP_CONTROL_ADDPAGES;
pub const SYSDBG_LIVEDUMP_CONTROL_VERSION: ULONG = 1;
STRUCT!{struct SYSDBG_LIVEDUMP_CONTROL {
Version: ULONG,
BugCheckCode: ULONG,
BugCheckParam1: ULONG_PTR,
BugCheckParam2: ULONG_PTR,
BugCheckParam3: ULONG_PTR,
BugCheckParam4: ULONG_PTR,
DumpFileHandle: HANDLE,
CancelEventHandle: HANDLE,
Flags: SYSDBG_LIVEDUMP_CONTROL_FLAGS,
AddPagesControl: SYSDBG_LIVEDUMP_CONTROL_ADDPAGES,
}}
pub type PSYSDBG_LIVEDUMP_CONTROL = *mut SYSDBG_LIVEDUMP_CONTROL;
EXTERN!{extern "system" {
fn NtSystemDebugControl(
Command: SYSDBG_COMMAND,
InputBuffer: PVOID,
InputBufferLength: ULONG,
OutputBuffer: PVOID,
OutputBufferLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
}}
ENUM!{enum HARDERROR_RESPONSE_OPTION {
OptionAbortRetryIgnore = 0,
OptionOk = 1,
OptionOkCancel = 2,
OptionRetryCancel = 3,
OptionYesNo = 4,
OptionYesNoCancel = 5,
OptionShutdownSystem = 6,
OptionOkNoWait = 7,
OptionCancelTryContinue = 8,
}}
ENUM!{enum HARDERROR_RESPONSE {
ResponseReturnToCaller = 0,
ResponseNotHandled = 1,
ResponseAbort = 2,
ResponseCancel = 3,
ResponseIgnore = 4,
ResponseNo = 5,
ResponseOk = 6,
ResponseRetry = 7,
ResponseYes = 8,
ResponseTryAgain = 9,
ResponseContinue = 10,
}}
pub const HARDERROR_OVERRIDE_ERRORMODE: ULONG = 0x10000000;
EXTERN!{extern "system" {
fn NtRaiseHardError(
ErrorStatus: NTSTATUS,
NumberOfParameters: ULONG,
UnicodeStringParameterMask: ULONG,
Parameters: PULONG_PTR,
ValidResponseOptions: ULONG,
Response: PULONG,
) -> NTSTATUS;
}}
ENUM!{enum ALTERNATIVE_ARCHITECTURE_TYPE {
StandardDesign = 0,
NEC98x86 = 1,
EndAlternatives = 2,
}}
pub const PROCESSOR_FEATURE_MAX: usize = 64;
pub const MAX_WOW64_SHARED_ENTRIES: u32 = 16;
pub const NX_SUPPORT_POLICY_ALWAYSOFF: u32 = 0;
pub const NX_SUPPORT_POLICY_ALWAYSON: u32 = 1;
pub const NX_SUPPORT_POLICY_OPTIN: u32 = 2;
pub const NX_SUPPORT_POLICY_OPTOUT: u32 = 3;
UNION!{union KUSER_SHARED_DATA_u {
TickCount: KSYSTEM_TIME,
TickCountQuad: ULONG64,
ReservedTickCountOverlay: [ULONG; 3],
}}
STRUCT!{#[repr(packed(4))] struct KUSER_SHARED_DATA {
TickCountLowDeprecated: ULONG,
TickCountMultiplier: ULONG,
InterruptTime: KSYSTEM_TIME,
SystemTime: KSYSTEM_TIME,
TimeZoneBias: KSYSTEM_TIME,
ImageNumberLow: USHORT,
ImageNumberHigh: USHORT,
NtSystemRoot: [WCHAR; 260],
MaxStackTraceDepth: ULONG,
CryptoExponent: ULONG,
TimeZoneId: ULONG,
LargePageMinimum: ULONG,
AitSamplingValue: ULONG,
AppCompatFlag: ULONG,
RNGSeedVersion: ULONGLONG,
GlobalValidationRunlevel: ULONG,
TimeZoneBiasStamp: LONG,
NtBuildNumber: ULONG,
NtProductType: NT_PRODUCT_TYPE,
ProductTypeIsValid: BOOLEAN,
Reserved0: [UCHAR; 1],
NativeProcessorArchitecture: USHORT,
NtMajorVersion: ULONG,
NtMinorVersion: ULONG,
ProcessorFeatures: [BOOLEAN; PROCESSOR_FEATURE_MAX],
Reserved1: ULONG,
Reserved3: ULONG,
TimeSlip: ULONG,
AlternativeArchitecture: ALTERNATIVE_ARCHITECTURE_TYPE,
BootId: ULONG,
SystemExpirationDate: LARGE_INTEGER,
SuiteMask: ULONG,
KdDebuggerEnabled: BOOLEAN,
MitigationPolicies: UCHAR,
Reserved6: [UCHAR; 2],
ActiveConsoleId: ULONG,
DismountCount: ULONG,
ComPlusPackage: ULONG,
LastSystemRITEventTickCount: ULONG,
NumberOfPhysicalPages: ULONG,
SafeBootMode: BOOLEAN,
VirtualizationFlags: UCHAR,
Reserved12: [UCHAR; 2],
SharedDataFlags: ULONG,
DataFlagsPad: [ULONG; 1],
TestRetInstruction: ULONGLONG,
QpcFrequency: LONGLONG,
SystemCall: ULONG,
SystemCallPad0: ULONG,
SystemCallPad: [ULONGLONG; 2],
u: KUSER_SHARED_DATA_u,
//TickCountPad: [ULONG; 1],
Cookie: ULONG,
CookiePad: [ULONG; 1],
ConsoleSessionForegroundProcessId: LONGLONG,
TimeUpdateLock: ULONGLONG,
BaselineSystemTimeQpc: ULONGLONG,
BaselineInterruptTimeQpc: ULONGLONG,
QpcSystemTimeIncrement: ULONGLONG,
QpcInterruptTimeIncrement: ULONGLONG,
QpcSystemTimeIncrementShift: UCHAR,
QpcInterruptTimeIncrementShift: UCHAR,
UnparkedProcessorCount: USHORT,
EnclaveFeatureMask: [ULONG; 4],
TelemetryCoverageRound: ULONG,
UserModeGlobalLogger: [USHORT; 16],
ImageFileExecutionOptions: ULONG,
LangGenerationCount: ULONG,
Reserved4: ULONGLONG,
InterruptTimeBias: ULONG64,
QpcBias: ULONG64,
ActiveProcessorCount: ULONG,
ActiveGroupCount: UCHAR,
Reserved9: UCHAR,
QpcData: UCHAR,
TimeZoneBiasEffectiveStart: LARGE_INTEGER,
TimeZoneBiasEffectiveEnd: LARGE_INTEGER,
XState: XSTATE_CONFIGURATION,
}}
BITFIELD!{KUSER_SHARED_DATA MitigationPolicies: UCHAR [
NXSupportPolicy set_NXSupportPolicy[0..2],
SEHValidationPolicy set_SEHValidationPolicy[2..4],
CurDirDevicesSkippedForDlls set_CurDirDevicesSkippedForDlls[4..6],
Reserved set_Reserved[6..8],
]}
BITFIELD!{KUSER_SHARED_DATA SharedDataFlags: ULONG [
DbgErrorPortPresent set_DbgErrorPortPresent[0..1],
DbgElevationEnabled set_DbgElevationEnabled[1..2],
DbgVirtEnabled set_DbgVirtEnabled[2..3],
DbgInstallerDetectEnabled set_DbgInstallerDetectEnabled[3..4],
DbgLkgEnabled set_DbgLkgEnabled[4..5],
DbgDynProcessorEnabled set_DbgDynProcessorEnabled[5..6],
DbgConsoleBrokerEnabled set_DbgConsoleBrokerEnabled[6..7],
DbgSecureBootEnabled set_DbgSecureBootEnabled[7..8],
DbgMultiSessionSku set_DbgMultiSessionSku[8..9],
DbgMultiUsersInSessionSku set_DbgMultiUsersInSessionSku[9..10],
DbgStateSeparationEnabled set_DbgStateSeparationEnabled[10..11],
SpareBits set_SpareBits[11..32],
]}
BITFIELD!{KUSER_SHARED_DATA QpcData: UCHAR [
QpcBypassEnabled set_QpcBypassEnabled[0..1],
QpcShift set_QpcShift[1..2],
]}
pub type PKUSER_SHARED_DATA = *mut KUSER_SHARED_DATA;
pub const USER_SHARED_DATA: *const KUSER_SHARED_DATA = 0x7ffe0000 as *const _;
#[inline]
pub unsafe fn NtGetTickCount64() -> ULONGLONG {
let mut tick_count: ULARGE_INTEGER = uninitialized();
#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] {
*tick_count.QuadPart_mut() = read_volatile(&(*USER_SHARED_DATA).u.TickCountQuad);
}
#[cfg(target_arch = "x86")] {
loop {
tick_count.s_mut().HighPart =
read_volatile(&(*USER_SHARED_DATA).u.TickCount.High1Time) as u32;
tick_count.s_mut().LowPart = read_volatile(&(*USER_SHARED_DATA).u.TickCount.LowPart);
if tick_count.s().HighPart == read_volatile(&(*USER_SHARED_DATA).u.TickCount.High2Time)
as u32
{
break;
}
spin_loop_hint();
}
}
(UInt32x32To64(tick_count.s().LowPart, (*USER_SHARED_DATA).TickCountMultiplier) >> 24)
+ (UInt32x32To64(
tick_count.s().HighPart as u32,
(*USER_SHARED_DATA).TickCountMultiplier,
) << 8)
}
#[inline]
pub unsafe fn NtGetTickCount() -> ULONG {
#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] {
((read_volatile(&(*USER_SHARED_DATA).u.TickCountQuad)
* (*USER_SHARED_DATA).TickCountMultiplier as u64) >> 24) as u32
}
#[cfg(target_arch = "x86")] {
let mut tick_count: ULARGE_INTEGER = uninitialized();
loop {
tick_count.s_mut().HighPart = read_volatile(&(*USER_SHARED_DATA).u.TickCount.High1Time)
as u32;
tick_count.s_mut().LowPart = read_volatile(&(*USER_SHARED_DATA).u.TickCount.LowPart);
if tick_count.s().HighPart == read_volatile(&(*USER_SHARED_DATA).u.TickCount.High2Time)
as u32
{
break;
}
spin_loop_hint();
}
((UInt32x32To64(tick_count.s().LowPart, (*USER_SHARED_DATA).TickCountMultiplier) >> 24)
+ UInt32x32To64(
(tick_count.s().HighPart as u32) << 8,
(*USER_SHARED_DATA).TickCountMultiplier,
)) as u32
}
}
EXTERN!{extern "system" {
fn NtQueryDefaultLocale(
UserProfile: BOOLEAN,
DefaultLocaleId: PLCID,
) -> NTSTATUS;
fn NtSetDefaultLocale(
UserProfile: BOOLEAN,
DefaultLocaleId: LCID,
) -> NTSTATUS;
fn NtQueryInstallUILanguage(
InstallUILanguageId: *mut LANGID,
) -> NTSTATUS;
fn NtFlushInstallUILanguage(
InstallUILanguage: LANGID,
SetComittedFlag: ULONG,
) -> NTSTATUS;
fn NtQueryDefaultUILanguage(
DefaultUILanguageId: *mut LANGID,
) -> NTSTATUS;
fn NtSetDefaultUILanguage(
DefaultUILanguageId: LANGID,
) -> NTSTATUS;
fn NtIsUILanguageComitted() -> NTSTATUS;
fn NtInitializeNlsFiles(
BaseAddress: *mut PVOID,
DefaultLocaleId: PLCID,
DefaultCasingTableSize: PLARGE_INTEGER,
) -> NTSTATUS;
fn NtGetNlsSectionPtr(
SectionType: ULONG,
SectionData: ULONG,
ContextData: PVOID,
SectionPointer: *mut PVOID,
SectionSize: PULONG,
) -> NTSTATUS;
fn NtMapCMFModule(
What: ULONG,
Index: ULONG,
CacheIndexOut: PULONG,
CacheFlagsOut: PULONG,
ViewSizeOut: PULONG,
BaseAddress: *mut PVOID,
) -> NTSTATUS;
fn NtGetMUIRegistryInfo(
Flags: ULONG,
DataSize: PULONG,
Data: PVOID,
) -> NTSTATUS;
fn NtAddAtom(
AtomName: PWSTR,
Length: ULONG,
Atom: PRTL_ATOM,
) -> NTSTATUS;
}}
pub const ATOM_FLAG_GLOBAL: ULONG = 0x2;
EXTERN!{extern "system" {
fn NtAddAtomEx(
AtomName: PWSTR,
Length: ULONG,
Atom: PRTL_ATOM,
Flags: ULONG,
) -> NTSTATUS;
fn NtFindAtom(
AtomName: PWSTR,
Length: ULONG,
Atom: PRTL_ATOM,
) -> NTSTATUS;
fn NtDeleteAtom(
Atom: RTL_ATOM,
) -> NTSTATUS;
}}
ENUM!{enum ATOM_INFORMATION_CLASS {
AtomBasicInformation = 0,
AtomTableInformation = 1,
}}
STRUCT!{struct ATOM_BASIC_INFORMATION {
UsageCount: USHORT,
Flags: USHORT,
NameLength: USHORT,
Name: [WCHAR; 1],
}}
pub type PATOM_BASIC_INFORMATION = *mut ATOM_BASIC_INFORMATION;
STRUCT!{struct ATOM_TABLE_INFORMATION {
NumberOfAtoms: ULONG,
Atoms: [RTL_ATOM; 1],
}}
pub type PATOM_TABLE_INFORMATION = *mut ATOM_TABLE_INFORMATION;
EXTERN!{extern "system" {
fn NtQueryInformationAtom(
Atom: RTL_ATOM,
AtomInformationClass: ATOM_INFORMATION_CLASS,
AtomInformation: PVOID,
AtomInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
}}
pub const FLG_STOP_ON_EXCEPTION: u32 = 0x00000001;
pub const FLG_SHOW_LDR_SNAPS: u32 = 0x00000002;
pub const FLG_DEBUG_INITIAL_COMMAND: u32 = 0x00000004;
pub const FLG_STOP_ON_HUNG_GUI: u32 = 0x00000008;
pub const FLG_HEAP_ENABLE_TAIL_CHECK: u32 = 0x00000010;
pub const FLG_HEAP_ENABLE_FREE_CHECK: u32 = 0x00000020;
pub const FLG_HEAP_VALIDATE_PARAMETERS: u32 = 0x00000040;
pub const FLG_HEAP_VALIDATE_ALL: u32 = 0x00000080;
pub const FLG_APPLICATION_VERIFIER: u32 = 0x00000100;
pub const FLG_POOL_ENABLE_TAGGING: u32 = 0x00000400;
pub const FLG_HEAP_ENABLE_TAGGING: u32 = 0x00000800;
pub const FLG_USER_STACK_TRACE_DB: u32 = 0x00001000;
pub const FLG_KERNEL_STACK_TRACE_DB: u32 = 0x00002000;
pub const FLG_MAINTAIN_OBJECT_TYPELIST: u32 = 0x00004000;
pub const FLG_HEAP_ENABLE_TAG_BY_DLL: u32 = 0x00008000;
pub const FLG_DISABLE_STACK_EXTENSION: u32 = 0x00010000;
pub const FLG_ENABLE_CSRDEBUG: u32 = 0x00020000;
pub const FLG_ENABLE_KDEBUG_SYMBOL_LOAD: u32 = 0x00040000;
pub const FLG_DISABLE_PAGE_KERNEL_STACKS: u32 = 0x00080000;
pub const FLG_ENABLE_SYSTEM_CRIT_BREAKS: u32 = 0x00100000;
pub const FLG_HEAP_DISABLE_COALESCING: u32 = 0x00200000;
pub const FLG_ENABLE_CLOSE_EXCEPTIONS: u32 = 0x00400000;
pub const FLG_ENABLE_EXCEPTION_LOGGING: u32 = 0x00800000;
pub const FLG_ENABLE_HANDLE_TYPE_TAGGING: u32 = 0x01000000;
pub const FLG_HEAP_PAGE_ALLOCS: u32 = 0x02000000;
pub const FLG_DEBUG_INITIAL_COMMAND_EX: u32 = 0x04000000;
pub const FLG_DISABLE_DBGPRINT: u32 = 0x08000000;
pub const FLG_CRITSEC_EVENT_CREATION: u32 = 0x10000000;
pub const FLG_LDR_TOP_DOWN: u32 = 0x20000000;
pub const FLG_ENABLE_HANDLE_EXCEPTIONS: u32 = 0x40000000;
pub const FLG_DISABLE_PROTDLLS: u32 = 0x80000000;
pub const FLG_VALID_BITS: u32 = 0xfffffdff;
pub const FLG_USERMODE_VALID_BITS: u32 = FLG_STOP_ON_EXCEPTION | FLG_SHOW_LDR_SNAPS
| FLG_HEAP_ENABLE_TAIL_CHECK | FLG_HEAP_ENABLE_FREE_CHECK | FLG_HEAP_VALIDATE_PARAMETERS
| FLG_HEAP_VALIDATE_ALL | FLG_APPLICATION_VERIFIER | FLG_HEAP_ENABLE_TAGGING
| FLG_USER_STACK_TRACE_DB | FLG_HEAP_ENABLE_TAG_BY_DLL | FLG_DISABLE_STACK_EXTENSION
| FLG_ENABLE_SYSTEM_CRIT_BREAKS | FLG_HEAP_DISABLE_COALESCING | FLG_DISABLE_PROTDLLS
| FLG_HEAP_PAGE_ALLOCS | FLG_CRITSEC_EVENT_CREATION | FLG_LDR_TOP_DOWN;
pub const FLG_BOOTONLY_VALID_BITS: u32 = FLG_KERNEL_STACK_TRACE_DB | FLG_MAINTAIN_OBJECT_TYPELIST
| FLG_ENABLE_CSRDEBUG | FLG_DEBUG_INITIAL_COMMAND | FLG_DEBUG_INITIAL_COMMAND_EX
| FLG_DISABLE_PAGE_KERNEL_STACKS;
pub const FLG_KERNELMODE_VALID_BITS: u32 = FLG_STOP_ON_EXCEPTION | FLG_SHOW_LDR_SNAPS
| FLG_STOP_ON_HUNG_GUI | FLG_POOL_ENABLE_TAGGING | FLG_ENABLE_KDEBUG_SYMBOL_LOAD
| FLG_ENABLE_CLOSE_EXCEPTIONS | FLG_ENABLE_EXCEPTION_LOGGING | FLG_ENABLE_HANDLE_TYPE_TAGGING
| FLG_DISABLE_DBGPRINT | FLG_ENABLE_HANDLE_EXCEPTIONS;
EXTERN!{extern "system" {
fn NtQueryLicenseValue(
ValueName: PUNICODE_STRING,
Type: PULONG,
Data: PVOID,
DataSize: ULONG,
ResultDataSize: PULONG,
) -> NTSTATUS;
fn NtSetDefaultHardErrorPort(
DefaultHardErrorPort: HANDLE,
) -> NTSTATUS;
}}
ENUM!{enum SHUTDOWN_ACTION {
ShutdownNoReboot = 0,
ShutdownReboot = 1,
ShutdownPowerOff = 2,
}}
EXTERN!{extern "system" {
fn NtShutdownSystem(
Action: SHUTDOWN_ACTION,
) -> NTSTATUS;
fn NtDisplayString(
String: PUNICODE_STRING,
) -> NTSTATUS;
fn NtDrawText(
Text: PUNICODE_STRING,
) -> NTSTATUS;
}}