Google Git
Sign in
android / toolchain / rustc / refs/heads/main / . / vendor / ntapi-0.3.7 / src / ntpsapi.rs
blob: b2ba28afee300a08a60c90db33606d254dd34d02 [file] [log] [blame] [edit]
use crate::ntapi_base::{CLIENT_ID, KPRIORITY, PCLIENT_ID};
use crate::ntexapi::{PROCESS_DISK_COUNTERS, PROCESS_ENERGY_VALUES};
use crate::ntpebteb::{PPEB, PTEB};
use winapi::ctypes::c_void;
use winapi::shared::basetsd::{PSIZE_T, SIZE_T, ULONG64, ULONG_PTR};
use winapi::shared::ntdef::{
BOOLEAN, HANDLE, LARGE_INTEGER, LIST_ENTRY, LONG, LONGLONG, NTSTATUS, NT_PRODUCT_TYPE,
PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES, PROCESSOR_NUMBER, PSINGLE_LIST_ENTRY, PULONG,
PVOID, SINGLE_LIST_ENTRY, UCHAR, ULONG, ULONGLONG, UNICODE_STRING, USHORT, WCHAR,
};
use winapi::um::winnt::{
ACCESS_MASK, CONTEXT, HARDWARE_COUNTER_TYPE, IO_COUNTERS, JOBOBJECTINFOCLASS,
JOBOBJECT_BASIC_ACCOUNTING_INFORMATION, LDT_ENTRY, MAX_HW_COUNTERS, PCONTEXT, PJOB_SET_ARRAY,
PROCESS_MITIGATION_ASLR_POLICY, PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY,
PROCESS_MITIGATION_CHILD_PROCESS_POLICY, PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY,
PROCESS_MITIGATION_DYNAMIC_CODE_POLICY, PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY,
PROCESS_MITIGATION_FONT_DISABLE_POLICY, PROCESS_MITIGATION_IMAGE_LOAD_POLICY,
PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY, PROCESS_MITIGATION_POLICY,
PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY, PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY,
PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY, PSECURITY_QUALITY_OF_SERVICE,
};
#[cfg(all(feature = "beta", not(target_arch = "aarch64")))]
use crate::winapi_local::um::winnt::NtCurrentTeb;
pub const GDI_HANDLE_BUFFER_SIZE32: usize = 34;
pub const GDI_HANDLE_BUFFER_SIZE64: usize = 60;
#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
pub const GDI_HANDLE_BUFFER_SIZE: usize = GDI_HANDLE_BUFFER_SIZE64;
#[cfg(target_arch = "x86")]
pub const GDI_HANDLE_BUFFER_SIZE: usize = GDI_HANDLE_BUFFER_SIZE32;
pub type GDI_HANDLE_BUFFER = [ULONG; GDI_HANDLE_BUFFER_SIZE];
pub type GDI_HANDLE_BUFFER32 = [ULONG; GDI_HANDLE_BUFFER_SIZE32];
pub type GDI_HANDLE_BUFFER64 = [ULONG; GDI_HANDLE_BUFFER_SIZE];
pub const TLS_EXPANSION_SLOTS: usize = 1024;
STRUCT!{struct PEB_LDR_DATA {
Length: ULONG,
Initialized: BOOLEAN,
SsHandle: HANDLE,
InLoadOrderModuleList: LIST_ENTRY,
InMemoryOrderModuleList: LIST_ENTRY,
InInitializationOrderModuleList: LIST_ENTRY,
EntryInProgress: PVOID,
ShutdownInProgress: BOOLEAN,
ShutdownThreadId: HANDLE,
}}
pub type PPEB_LDR_DATA = *mut PEB_LDR_DATA;
STRUCT!{struct INITIAL_TEB_OldInitialTeb {
OldStackBase: PVOID,
OldStackLimit: PVOID,
}}
STRUCT!{struct INITIAL_TEB {
OldInitialTeb: INITIAL_TEB_OldInitialTeb,
StackBase: PVOID,
StackLimit: PVOID,
StackAllocationBase: PVOID,
}}
pub type PINITIAL_TEB = *mut INITIAL_TEB;
STRUCT!{struct WOW64_PROCESS {
Wow64: PVOID,
}}
pub type PWOW64_PROCESS = *mut WOW64_PROCESS;
ENUM!{enum PROCESSINFOCLASS {
ProcessBasicInformation = 0,
ProcessQuotaLimits = 1,
ProcessIoCounters = 2,
ProcessVmCounters = 3,
ProcessTimes = 4,
ProcessBasePriority = 5,
ProcessRaisePriority = 6,
ProcessDebugPort = 7,
ProcessExceptionPort = 8,
ProcessAccessToken = 9,
ProcessLdtInformation = 10,
ProcessLdtSize = 11,
ProcessDefaultHardErrorMode = 12,
ProcessIoPortHandlers = 13,
ProcessPooledUsageAndLimits = 14,
ProcessWorkingSetWatch = 15,
ProcessUserModeIOPL = 16,
ProcessEnableAlignmentFaultFixup = 17,
ProcessPriorityClass = 18,
ProcessWx86Information = 19,
ProcessHandleCount = 20,
ProcessAffinityMask = 21,
ProcessPriorityBoost = 22,
ProcessDeviceMap = 23,
ProcessSessionInformation = 24,
ProcessForegroundInformation = 25,
ProcessWow64Information = 26,
ProcessImageFileName = 27,
ProcessLUIDDeviceMapsEnabled = 28,
ProcessBreakOnTermination = 29,
ProcessDebugObjectHandle = 30,
ProcessDebugFlags = 31,
ProcessHandleTracing = 32,
ProcessIoPriority = 33,
ProcessExecuteFlags = 34,
ProcessResourceManagement = 35,
ProcessCookie = 36,
ProcessImageInformation = 37,
ProcessCycleTime = 38,
ProcessPagePriority = 39,
ProcessInstrumentationCallback = 40,
ProcessThreadStackAllocation = 41,
ProcessWorkingSetWatchEx = 42,
ProcessImageFileNameWin32 = 43,
ProcessImageFileMapping = 44,
ProcessAffinityUpdateMode = 45,
ProcessMemoryAllocationMode = 46,
ProcessGroupInformation = 47,
ProcessTokenVirtualizationEnabled = 48,
ProcessConsoleHostProcess = 49,
ProcessWindowInformation = 50,
ProcessHandleInformation = 51,
ProcessMitigationPolicy = 52,
ProcessDynamicFunctionTableInformation = 53,
ProcessHandleCheckingMode = 54,
ProcessKeepAliveCount = 55,
ProcessRevokeFileHandles = 56,
ProcessWorkingSetControl = 57,
ProcessHandleTable = 58,
ProcessCheckStackExtentsMode = 59,
ProcessCommandLineInformation = 60,
ProcessProtectionInformation = 61,
ProcessMemoryExhaustion = 62,
ProcessFaultInformation = 63,
ProcessTelemetryIdInformation = 64,
ProcessCommitReleaseInformation = 65,
ProcessDefaultCpuSetsInformation = 66,
ProcessAllowedCpuSetsInformation = 67,
ProcessSubsystemProcess = 68,
ProcessJobMemoryInformation = 69,
ProcessInPrivate = 70,
ProcessRaiseUMExceptionOnInvalidHandleClose = 71,
ProcessIumChallengeResponse = 72,
ProcessChildProcessInformation = 73,
ProcessHighGraphicsPriorityInformation = 74,
ProcessSubsystemInformation = 75,
ProcessEnergyValues = 76,
ProcessActivityThrottleState = 77,
ProcessActivityThrottlePolicy = 78,
ProcessWin32kSyscallFilterInformation = 79,
ProcessDisableSystemAllowedCpuSets = 80,
ProcessWakeInformation = 81,
ProcessEnergyTrackingState = 82,
ProcessManageWritesToExecutableMemory = 83,
ProcessCaptureTrustletLiveDump = 84,
ProcessTelemetryCoverage = 85,
ProcessEnclaveInformation = 86,
ProcessEnableReadWriteVmLogging = 87,
ProcessUptimeInformation = 88,
ProcessImageSection = 89,
ProcessDebugAuthInformation = 90,
ProcessSystemResourceManagement = 91,
ProcessSequenceNumber = 92,
ProcessLoaderDetour = 93,
ProcessSecurityDomainInformation = 94,
ProcessCombineSecurityDomainsInformation = 95,
ProcessEnableLogging = 96,
ProcessLeapSecondInformation = 97,
MaxProcessInfoClass = 98,
}}
ENUM!{enum THREADINFOCLASS {
ThreadBasicInformation = 0,
ThreadTimes = 1,
ThreadPriority = 2,
ThreadBasePriority = 3,
ThreadAffinityMask = 4,
ThreadImpersonationToken = 5,
ThreadDescriptorTableEntry = 6,
ThreadEnableAlignmentFaultFixup = 7,
ThreadEventPair = 8,
ThreadQuerySetWin32StartAddress = 9,
ThreadZeroTlsCell = 10,
ThreadPerformanceCount = 11,
ThreadAmILastThread = 12,
ThreadIdealProcessor = 13,
ThreadPriorityBoost = 14,
ThreadSetTlsArrayAddress = 15,
ThreadIsIoPending = 16,
ThreadHideFromDebugger = 17,
ThreadBreakOnTermination = 18,
ThreadSwitchLegacyState = 19,
ThreadIsTerminated = 20,
ThreadLastSystemCall = 21,
ThreadIoPriority = 22,
ThreadCycleTime = 23,
ThreadPagePriority = 24,
ThreadActualBasePriority = 25,
ThreadTebInformation = 26,
ThreadCSwitchMon = 27,
ThreadCSwitchPmu = 28,
ThreadWow64Context = 29,
ThreadGroupInformation = 30,
ThreadUmsInformation = 31,
ThreadCounterProfiling = 32,
ThreadIdealProcessorEx = 33,
ThreadCpuAccountingInformation = 34,
ThreadSuspendCount = 35,
ThreadHeterogeneousCpuPolicy = 36,
ThreadContainerId = 37,
ThreadNameInformation = 38,
ThreadSelectedCpuSets = 39,
ThreadSystemThreadInformation = 40,
ThreadActualGroupAffinity = 41,
ThreadDynamicCodePolicyInfo = 42,
ThreadExplicitCaseSensitivity = 43,
ThreadWorkOnBehalfTicket = 44,
ThreadSubsystemInformation = 45,
ThreadDbgkWerReportActive = 46,
ThreadAttachContainer = 47,
ThreadManageWritesToExecutableMemory = 48,
ThreadPowerThrottlingState = 49,
ThreadWorkloadClass = 50,
MaxThreadInfoClass = 51,
}}
STRUCT!{struct PAGE_PRIORITY_INFORMATION {
PagePriority: ULONG,
}}
pub type PPAGE_PRIORITY_INFORMATION = *mut PAGE_PRIORITY_INFORMATION;
STRUCT!{struct PROCESS_BASIC_INFORMATION {
ExitStatus: NTSTATUS,
PebBaseAddress: PPEB,
AffinityMask: ULONG_PTR,
BasePriority: KPRIORITY,
UniqueProcessId: HANDLE,
InheritedFromUniqueProcessId: HANDLE,
}}
pub type PPROCESS_BASIC_INFORMATION = *mut PROCESS_BASIC_INFORMATION;
STRUCT!{struct PROCESS_EXTENDED_BASIC_INFORMATION {
Size: SIZE_T,
BasicInfo: PROCESS_BASIC_INFORMATION,
Flags: ULONG,
}}
BITFIELD!{PROCESS_EXTENDED_BASIC_INFORMATION Flags: ULONG [
IsProtectedProcess set_IsProtectedProcess[0..1],
IsWow64Process set_IsWow64Process[1..2],
IsProcessDeleting set_IsProcessDeleting[2..3],
IsCrossSessionCreate set_IsCrossSessionCreate[3..4],
IsFrozen set_IsFrozen[4..5],
IsBackground set_IsBackground[5..6],
IsStronglyNamed set_IsStronglyNamed[6..7],
IsSecureProcess set_IsSecureProcess[7..8],
IsSubsystemProcess set_IsSubsystemProcess[8..9],
SpareBits set_SpareBits[9..32],
]}
pub type PPROCESS_EXTENDED_BASIC_INFORMATION = *mut PROCESS_EXTENDED_BASIC_INFORMATION;
STRUCT!{struct VM_COUNTERS {
PeakVirtualSize: SIZE_T,
VirtualSize: SIZE_T,
PageFaultCount: ULONG,
PeakWorkingSetSize: SIZE_T,
WorkingSetSize: SIZE_T,
QuotaPeakPagedPoolUsage: SIZE_T,
QuotaPagedPoolUsage: SIZE_T,
QuotaPeakNonPagedPoolUsage: SIZE_T,
QuotaNonPagedPoolUsage: SIZE_T,
PagefileUsage: SIZE_T,
PeakPagefileUsage: SIZE_T,
}}
pub type PVM_COUNTERS = *mut VM_COUNTERS;
STRUCT!{struct VM_COUNTERS_EX {
PeakVirtualSize: SIZE_T,
VirtualSize: SIZE_T,
PageFaultCount: ULONG,
PeakWorkingSetSize: SIZE_T,
WorkingSetSize: SIZE_T,
QuotaPeakPagedPoolUsage: SIZE_T,
QuotaPagedPoolUsage: SIZE_T,
QuotaPeakNonPagedPoolUsage: SIZE_T,
QuotaNonPagedPoolUsage: SIZE_T,
PagefileUsage: SIZE_T,
PeakPagefileUsage: SIZE_T,
PrivateUsage: SIZE_T,
}}
pub type PVM_COUNTERS_EX = *mut VM_COUNTERS_EX;
STRUCT!{struct VM_COUNTERS_EX2 {
CountersEx: VM_COUNTERS_EX,
PrivateWorkingSetSize: SIZE_T,
SharedCommitUsage: SIZE_T,
}}
pub type PVM_COUNTERS_EX2 = *mut VM_COUNTERS_EX2;
STRUCT!{struct KERNEL_USER_TIMES {
CreateTime: LARGE_INTEGER,
ExitTime: LARGE_INTEGER,
KernelTime: LARGE_INTEGER,
UserTime: LARGE_INTEGER,
}}
pub type PKERNEL_USER_TIMES = *mut KERNEL_USER_TIMES;
STRUCT!{struct POOLED_USAGE_AND_LIMITS {
PeakPagedPoolUsage: SIZE_T,
PagedPoolUsage: SIZE_T,
PagedPoolLimit: SIZE_T,
PeakNonPagedPoolUsage: SIZE_T,
NonPagedPoolUsage: SIZE_T,
NonPagedPoolLimit: SIZE_T,
PeakPagefileUsage: SIZE_T,
PagefileUsage: SIZE_T,
PagefileLimit: SIZE_T,
}}
pub type PPOOLED_USAGE_AND_LIMITS = *mut POOLED_USAGE_AND_LIMITS;
pub const PROCESS_EXCEPTION_PORT_ALL_STATE_BITS: ULONG_PTR = 0x00000003;
pub const PROCESS_EXCEPTION_PORT_ALL_STATE_FLAGS: ULONG_PTR =
(1 << PROCESS_EXCEPTION_PORT_ALL_STATE_BITS) - 1;
STRUCT!{struct PROCESS_EXCEPTION_PORT {
ExceptionPortHandle: HANDLE,
StateFlags: ULONG,
}}
pub type PPROCESS_EXCEPTION_PORT = *mut PROCESS_EXCEPTION_PORT;
STRUCT!{struct PROCESS_ACCESS_TOKEN {
Token: HANDLE,
Thread: HANDLE,
}}
pub type PPROCESS_ACCESS_TOKEN = *mut PROCESS_ACCESS_TOKEN;
STRUCT!{struct PROCESS_LDT_INFORMATION {
Start: ULONG,
Length: ULONG,
LdtEntries: [LDT_ENTRY; 1],
}}
pub type PPROCESS_LDT_INFORMATION = *mut PROCESS_LDT_INFORMATION;
STRUCT!{struct PROCESS_LDT_SIZE {
Length: ULONG,
}}
pub type PPROCESS_LDT_SIZE = *mut PROCESS_LDT_SIZE;
STRUCT!{struct PROCESS_WS_WATCH_INFORMATION {
FaultingPc: PVOID,
FaultingVa: PVOID,
}}
pub type PPROCESS_WS_WATCH_INFORMATION = *mut PROCESS_WS_WATCH_INFORMATION;
STRUCT!{struct PROCESS_WS_WATCH_INFORMATION_EX {
BasicInfo: PROCESS_WS_WATCH_INFORMATION,
FaultingThreadId: ULONG_PTR,
Flags: ULONG_PTR,
}}
pub type PPROCESS_WS_WATCH_INFORMATION_EX = *mut PROCESS_WS_WATCH_INFORMATION_EX;
pub const PROCESS_PRIORITY_CLASS_UNKNOWN: u32 = 0;
pub const PROCESS_PRIORITY_CLASS_IDLE: u32 = 1;
pub const PROCESS_PRIORITY_CLASS_NORMAL: u32 = 2;
pub const PROCESS_PRIORITY_CLASS_HIGH: u32 = 3;
pub const PROCESS_PRIORITY_CLASS_REALTIME: u32 = 4;
pub const PROCESS_PRIORITY_CLASS_BELOW_NORMAL: u32 = 5;
pub const PROCESS_PRIORITY_CLASS_ABOVE_NORMAL: u32 = 6;
STRUCT!{struct PROCESS_PRIORITY_CLASS {
Foreground: BOOLEAN,
PriorityClass: UCHAR,
}}
pub type PPROCESS_PRIORITY_CLASS = *mut PROCESS_PRIORITY_CLASS;
STRUCT!{struct PROCESS_FOREGROUND_BACKGROUND {
Foreground: BOOLEAN,
}}
pub type PPROCESS_FOREGROUND_BACKGROUND = *mut PROCESS_FOREGROUND_BACKGROUND;
STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_Set {
DirectoryHandle: HANDLE,
}}
STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_Query {
DriveMap: ULONG,
DriveType: [UCHAR; 32],
}}
UNION!{union PROCESS_DEVICEMAP_INFORMATION {
Set: PROCESS_DEVICEMAP_INFORMATION_Set,
Query: PROCESS_DEVICEMAP_INFORMATION_Query,
}}
pub type PPROCESS_DEVICEMAP_INFORMATION = *mut PROCESS_DEVICEMAP_INFORMATION;
pub const PROCESS_LUID_DOSDEVICES_ONLY: ULONG = 0x00000001;
STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_EX_u_Set {
DirectoryHandle: HANDLE,
}}
STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_EX_u_Query {
DriveMap: ULONG,
DriveType: [UCHAR; 32],
}}
UNION!{union PROCESS_DEVICEMAP_INFORMATION_EX_u {
Set: PROCESS_DEVICEMAP_INFORMATION_EX_u_Set,
Query: PROCESS_DEVICEMAP_INFORMATION_EX_u_Query,
}}
STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_EX {
u: PROCESS_DEVICEMAP_INFORMATION_EX_u,
Flags: ULONG,
}}
pub type PPROCESS_DEVICEMAP_INFORMATION_EX = *mut PROCESS_DEVICEMAP_INFORMATION_EX;
STRUCT!{struct PROCESS_SESSION_INFORMATION {
SessionId: ULONG,
}}
pub type PPROCESS_SESSION_INFORMATION = *mut PROCESS_SESSION_INFORMATION;
pub const PROCESS_HANDLE_EXCEPTIONS_ENABLED: ULONG = 0x00000001;
pub const PROCESS_HANDLE_RAISE_EXCEPTION_ON_INVALID_HANDLE_CLOSE_DISABLED: ULONG = 0x00000000;
pub const PROCESS_HANDLE_RAISE_EXCEPTION_ON_INVALID_HANDLE_CLOSE_ENABLED: ULONG = 0x00000001;
STRUCT!{struct PROCESS_HANDLE_TRACING_ENABLE {
Flags: ULONG,
}}
pub type PPROCESS_HANDLE_TRACING_ENABLE = *mut PROCESS_HANDLE_TRACING_ENABLE;
pub const PROCESS_HANDLE_TRACING_MAX_SLOTS: ULONG = 0x20000;
STRUCT!{struct PROCESS_HANDLE_TRACING_ENABLE_EX {
Flags: ULONG,
TotalSlots: ULONG,
}}
pub type PPROCESS_HANDLE_TRACING_ENABLE_EX = *mut PROCESS_HANDLE_TRACING_ENABLE_EX;
pub const PROCESS_HANDLE_TRACING_MAX_STACKS: usize = 16;
pub const PROCESS_HANDLE_TRACE_TYPE_OPEN: ULONG = 1;
pub const PROCESS_HANDLE_TRACE_TYPE_CLOSE: ULONG = 2;
pub const PROCESS_HANDLE_TRACE_TYPE_BADREF: ULONG = 3;
STRUCT!{struct PROCESS_HANDLE_TRACING_ENTRY {
Handle: HANDLE,
ClientId: CLIENT_ID,
Type: ULONG,
Stacks: [PVOID; PROCESS_HANDLE_TRACING_MAX_STACKS],
}}
pub type PPROCESS_HANDLE_TRACING_ENTRY = *mut PROCESS_HANDLE_TRACING_ENTRY;
STRUCT!{struct PROCESS_HANDLE_TRACING_QUERY {
Handle: HANDLE,
TotalTraces: ULONG,
HandleTrace: [PROCESS_HANDLE_TRACING_ENTRY; 1],
}}
pub type PPROCESS_HANDLE_TRACING_QUERY = *mut PROCESS_HANDLE_TRACING_QUERY;
STRUCT!{struct THREAD_TLS_INFORMATION {
Flags: ULONG,
NewTlsData: PVOID,
OldTlsData: PVOID,
ThreadId: HANDLE,
}}
pub type PTHREAD_TLS_INFORMATION = *mut THREAD_TLS_INFORMATION;
ENUM!{enum PROCESS_TLS_INFORMATION_TYPE {
ProcessTlsReplaceIndex = 0,
ProcessTlsReplaceVector = 1,
MaxProcessTlsOperation = 2,
}}
pub type PPROCESS_TLS_INFORMATION_TYPE = *mut PROCESS_TLS_INFORMATION_TYPE;
STRUCT!{struct PROCESS_TLS_INFORMATION {
Flags: ULONG,
OperationType: ULONG,
ThreadDataCount: ULONG,
TlsIndex: ULONG,
PreviousCount: ULONG,
ThreadData: [THREAD_TLS_INFORMATION; 1],
}}
pub type PPROCESS_TLS_INFORMATION = *mut PROCESS_TLS_INFORMATION;
STRUCT!{struct PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION {
Version: ULONG,
Reserved: ULONG,
Callback: PVOID,
}}
pub type PPROCESS_INSTRUMENTATION_CALLBACK_INFORMATION =
*mut PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION;
STRUCT!{struct PROCESS_STACK_ALLOCATION_INFORMATION {
ReserveSize: SIZE_T,
ZeroBits: SIZE_T,
StackBase: PVOID,
}}
pub type PPROCESS_STACK_ALLOCATION_INFORMATION = *mut PROCESS_STACK_ALLOCATION_INFORMATION;
STRUCT!{struct PROCESS_STACK_ALLOCATION_INFORMATION_EX {
PreferredNode: ULONG,
Reserved0: ULONG,
Reserved1: ULONG,
Reserved2: ULONG,
AllocInfo: PROCESS_STACK_ALLOCATION_INFORMATION,
}}
pub type PPROCESS_STACK_ALLOCATION_INFORMATION_EX = *mut PROCESS_STACK_ALLOCATION_INFORMATION_EX;
STRUCT!{struct PROCESS_AFFINITY_UPDATE_MODE {
Flags: ULONG,
}}
BITFIELD!{PROCESS_AFFINITY_UPDATE_MODE Flags: ULONG [
EnableAutoUpdate set_EnableAutoUpdate[0..1],
Permanent set_Permanent[1..2],
Reserved set_Reserved[2..32],
]}
pub type PPROCESS_AFFINITY_UPDATE_MODE = *mut PROCESS_AFFINITY_UPDATE_MODE;
STRUCT!{struct PROCESS_MEMORY_ALLOCATION_MODE {
Flags: ULONG,
}}
BITFIELD!{PROCESS_MEMORY_ALLOCATION_MODE Flags: ULONG [
TopDown set_TopDown[0..1],
Reserved set_Reserved[1..32],
]}
pub type PPROCESS_MEMORY_ALLOCATION_MODE = *mut PROCESS_MEMORY_ALLOCATION_MODE;
STRUCT!{struct PROCESS_HANDLE_INFORMATION {
HandleCount: ULONG,
HandleCountHighWatermark: ULONG,
}}
pub type PPROCESS_HANDLE_INFORMATION = *mut PROCESS_HANDLE_INFORMATION;
STRUCT!{struct PROCESS_CYCLE_TIME_INFORMATION {
AccumulatedCycles: ULONGLONG,
CurrentCycleCount: ULONGLONG,
}}
pub type PPROCESS_CYCLE_TIME_INFORMATION = *mut PROCESS_CYCLE_TIME_INFORMATION;
STRUCT!{struct PROCESS_WINDOW_INFORMATION {
WindowFlags: ULONG,
WindowTitleLength: USHORT,
WindowTitle: [WCHAR; 1],
}}
pub type PPROCESS_WINDOW_INFORMATION = *mut PROCESS_WINDOW_INFORMATION;
STRUCT!{struct PROCESS_HANDLE_TABLE_ENTRY_INFO {
HandleValue: HANDLE,
HandleCount: ULONG_PTR,
PointerCount: ULONG_PTR,
GrantedAccess: ULONG,
ObjectTypeIndex: ULONG,
HandleAttributes: ULONG,
Reserved: ULONG,
}}
pub type PPROCESS_HANDLE_TABLE_ENTRY_INFO = *mut PROCESS_HANDLE_TABLE_ENTRY_INFO;
STRUCT!{struct PROCESS_HANDLE_SNAPSHOT_INFORMATION {
NumberOfHandles: ULONG_PTR,
Reserved: ULONG_PTR,
Handles: [PROCESS_HANDLE_TABLE_ENTRY_INFO; 1],
}}
pub type PPROCESS_HANDLE_SNAPSHOT_INFORMATION = *mut PROCESS_HANDLE_SNAPSHOT_INFORMATION;
UNION!{union PROCESS_MITIGATION_POLICY_INFORMATION_u {
ASLRPolicy: PROCESS_MITIGATION_ASLR_POLICY,
StrictHandleCheckPolicy: PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY,
SystemCallDisablePolicy: PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY,
ExtensionPointDisablePolicy: PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY,
DynamicCodePolicy: PROCESS_MITIGATION_DYNAMIC_CODE_POLICY,
ControlFlowGuardPolicy: PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY,
SignaturePolicy: PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY,
FontDisablePolicy: PROCESS_MITIGATION_FONT_DISABLE_POLICY,
ImageLoadPolicy: PROCESS_MITIGATION_IMAGE_LOAD_POLICY,
SystemCallFilterPolicy: PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY,
PayloadRestrictionPolicy: PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY,
ChildProcessPolicy: PROCESS_MITIGATION_CHILD_PROCESS_POLICY,
// SideChannelIsolationPolicy: PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY, //TODO
}}
STRUCT!{struct PROCESS_MITIGATION_POLICY_INFORMATION {
Policy: PROCESS_MITIGATION_POLICY,
u: PROCESS_MITIGATION_POLICY_INFORMATION_u,
}}
pub type PPROCESS_MITIGATION_POLICY_INFORMATION = *mut PROCESS_MITIGATION_POLICY_INFORMATION;
STRUCT!{struct PROCESS_KEEPALIVE_COUNT_INFORMATION {
WakeCount: ULONG,
NoWakeCount: ULONG,
}}
pub type PPROCESS_KEEPALIVE_COUNT_INFORMATION = *mut PROCESS_KEEPALIVE_COUNT_INFORMATION;
STRUCT!{struct PROCESS_REVOKE_FILE_HANDLES_INFORMATION {
TargetDevicePath: UNICODE_STRING,
}}
pub type PPROCESS_REVOKE_FILE_HANDLES_INFORMATION = *mut PROCESS_REVOKE_FILE_HANDLES_INFORMATION;
ENUM!{enum PROCESS_WORKING_SET_OPERATION {
ProcessWorkingSetSwap = 0,
ProcessWorkingSetEmpty = 1,
ProcessWorkingSetOperationMax = 2,
}}
STRUCT!{struct PROCESS_WORKING_SET_CONTROL {
Version: ULONG,
Operation: PROCESS_WORKING_SET_OPERATION,
Flags: ULONG,
}}
pub type PPROCESS_WORKING_SET_CONTROL = *mut PROCESS_WORKING_SET_CONTROL;
ENUM!{enum PS_PROTECTED_TYPE {
PsProtectedTypeNone = 0,
PsProtectedTypeProtectedLight = 1,
PsProtectedTypeProtected = 2,
PsProtectedTypeMax = 3,
}}
ENUM!{enum PS_PROTECTED_SIGNER {
PsProtectedSignerNone = 0,
PsProtectedSignerAuthenticode = 1,
PsProtectedSignerCodeGen = 2,
PsProtectedSignerAntimalware = 3,
PsProtectedSignerLsa = 4,
PsProtectedSignerWindows = 5,
PsProtectedSignerWinTcb = 6,
PsProtectedSignerWinSystem = 7,
PsProtectedSignerApp = 8,
PsProtectedSignerMax = 9,
}}
pub const PS_PROTECTED_SIGNER_MASK: UCHAR = 0xFF;
pub const PS_PROTECTED_AUDIT_MASK: UCHAR = 0x08;
pub const PS_PROTECTED_TYPE_MASK: UCHAR = 0x07;
#[inline]
pub const fn PsProtectedValue(
aSigner: PS_PROTECTED_SIGNER,
aAudit: u8,
aType: PS_PROTECTED_TYPE,
) -> UCHAR {
(aSigner as u8 & PS_PROTECTED_SIGNER_MASK) << 4 | (aAudit & PS_PROTECTED_AUDIT_MASK) << 3
| (aType as u8 & PS_PROTECTED_TYPE_MASK)
}
#[inline]
pub fn InitializePsProtection(
aProtectionLevelPtr: &mut PS_PROTECTION,
aSigner: PS_PROTECTED_SIGNER,
aAudit: u8,
aType: PS_PROTECTED_TYPE,
) {
aProtectionLevelPtr.set_Signer(aSigner as u8);
aProtectionLevelPtr.set_Audit(aAudit);
aProtectionLevelPtr.set_Type(aType as u8);
}
STRUCT!{struct PS_PROTECTION {
Level: UCHAR,
}}
pub type PPS_PROTECTION = *mut PS_PROTECTION;
BITFIELD!{PS_PROTECTION Level: UCHAR [
Type set_Type[0..3],
Audit set_Audit[3..4],
Signer set_Signer[4..8],
]}
STRUCT!{struct PROCESS_FAULT_INFORMATION {
FaultFlags: ULONG,
AdditionalInfo: ULONG,
}}
pub type PPROCESS_FAULT_INFORMATION = *mut PROCESS_FAULT_INFORMATION;
STRUCT!{struct PROCESS_TELEMETRY_ID_INFORMATION {
HeaderSize: ULONG,
ProcessId: ULONG,
ProcessStartKey: ULONGLONG,
CreateTime: ULONGLONG,
CreateInterruptTime: ULONGLONG,
CreateUnbiasedInterruptTime: ULONGLONG,
ProcessSequenceNumber: ULONGLONG,
SessionCreateTime: ULONGLONG,
SessionId: ULONG,
BootId: ULONG,
ImageChecksum: ULONG,
ImageTimeDateStamp: ULONG,
UserSidOffset: ULONG,
ImagePathOffset: ULONG,
PackageNameOffset: ULONG,
RelativeAppNameOffset: ULONG,
CommandLineOffset: ULONG,
}}
pub type PPROCESS_TELEMETRY_ID_INFORMATION = *mut PROCESS_TELEMETRY_ID_INFORMATION;
STRUCT!{struct PROCESS_COMMIT_RELEASE_INFORMATION {
Version: ULONG,
s: ULONG,
CommitDebt: SIZE_T,
CommittedMemResetSize: SIZE_T,
RepurposedMemResetSize: SIZE_T,
}}
BITFIELD!{PROCESS_COMMIT_RELEASE_INFORMATION s: ULONG [
Eligible set_Eligible[0..1],
ReleaseRepurposedMemResetCommit set_ReleaseRepurposedMemResetCommit[1..2],
ForceReleaseMemResetCommit set_ForceReleaseMemResetCommit[2..3],
Spare set_Spare[3..32],
]}
pub type PPROCESS_COMMIT_RELEASE_INFORMATION = *mut PROCESS_COMMIT_RELEASE_INFORMATION;
STRUCT!{struct PROCESS_JOB_MEMORY_INFO {
SharedCommitUsage: ULONGLONG,
PrivateCommitUsage: ULONGLONG,
PeakPrivateCommitUsage: ULONGLONG,
PrivateCommitLimit: ULONGLONG,
TotalCommitLimit: ULONGLONG,
}}
pub type PPROCESS_JOB_MEMORY_INFO = *mut PROCESS_JOB_MEMORY_INFO;
STRUCT!{struct PROCESS_CHILD_PROCESS_INFORMATION {
ProhibitChildProcesses: BOOLEAN,
AlwaysAllowSecureChildProcess: BOOLEAN,
AuditProhibitChildProcesses: BOOLEAN,
}}
pub type PPROCESS_CHILD_PROCESS_INFORMATION = *mut PROCESS_CHILD_PROCESS_INFORMATION;
STRUCT!{struct PROCESS_WAKE_INFORMATION {
NotificationChannel: ULONGLONG,
WakeCounters: [ULONG; 7],
WakeFilter: *mut JOBOBJECT_WAKE_FILTER,
}}
pub type PPROCESS_WAKE_INFORMATION = *mut PROCESS_WAKE_INFORMATION;
STRUCT!{struct PROCESS_ENERGY_TRACKING_STATE {
StateUpdateMask: ULONG,
StateDesiredValue: ULONG,
StateSequence: ULONG,
UpdateTag: ULONG,
Tag: [WCHAR; 64],
}}
pub type PPROCESS_ENERGY_TRACKING_STATE = *mut PROCESS_ENERGY_TRACKING_STATE;
BITFIELD!{PROCESS_ENERGY_TRACKING_STATE UpdateTag: ULONG [
UpdateTag set_UpdateTag[0..1],
]}
STRUCT!{struct MANAGE_WRITES_TO_EXECUTABLE_MEMORY {
BitFields: ULONG,
}}
BITFIELD!{MANAGE_WRITES_TO_EXECUTABLE_MEMORY BitFields: ULONG [
Machine set_Machine[0..16],
KernelMode set_KernelMode[16..17],
UserMode set_UserMode[17..18],
Native set_Native[18..19],
Process set_Process[19..20],
ReservedZero0 set_ReservedZero0[20..32],
]}
pub type PMANAGE_WRITES_TO_EXECUTABLE_MEMORY = *mut MANAGE_WRITES_TO_EXECUTABLE_MEMORY;
pub const PROCESS_READWRITEVM_LOGGING_ENABLE_READVM: UCHAR = 1;
pub const PROCESS_READWRITEVM_LOGGING_ENABLE_WRITEVM: UCHAR = 2;
pub const PROCESS_READWRITEVM_LOGGING_ENABLE_READVM_V: UCHAR = 1;
pub const PROCESS_READWRITEVM_LOGGING_ENABLE_WRITEVM_V: UCHAR = 2;
STRUCT!{struct PROCESS_READWRITEVM_LOGGING_INFORMATION {
Flags: UCHAR,
}}
BITFIELD!{PROCESS_READWRITEVM_LOGGING_INFORMATION Flags: UCHAR [
EnableReadVmLogging set_EnableReadVmLogging[0..1],
EnableWriteVmLogging set_EnableWriteVmLogging[1..2],
Unused set_Unused[2..8],
]}
UNION!{union PROCESS_UPTIME_INFORMATION_u {
HangCount: ULONG,
GhostCount: ULONG,
Crashed: ULONG,
Terminated: ULONG,
}}
pub type PPROCESS_READWRITEVM_LOGGING_INFORMATION = *mut PROCESS_READWRITEVM_LOGGING_INFORMATION;
STRUCT!{struct PROCESS_UPTIME_INFORMATION {
QueryInterruptTime: ULONGLONG,
QueryUnbiasedTime: ULONGLONG,
EndInterruptTime: ULONGLONG,
TimeSinceCreation: ULONGLONG,
Uptime: ULONGLONG,
SuspendedTime: ULONGLONG,
u: PROCESS_UPTIME_INFORMATION_u,
}}
pub type PPROCESS_UPTIME_INFORMATION = *mut PROCESS_UPTIME_INFORMATION;
STRUCT!{struct PROCESS_SYSTEM_RESOURCE_MANAGEMENT {
Flags: ULONG,
}}
pub type PPROCESS_SYSTEM_RESOURCE_MANAGEMENT = *mut PROCESS_SYSTEM_RESOURCE_MANAGEMENT;
BITFIELD!{PROCESS_SYSTEM_RESOURCE_MANAGEMENT Flags: ULONG [
Foreground set_Foreground[0..1],
Reserved set_Reserved[1..32],
]}
STRUCT!{struct PROCESS_SECURITY_DOMAIN_INFORMATION {
SecurityDomain: ULONGLONG,
}}
pub type PPROCESS_SECURITY_DOMAIN_INFORMATION = *mut PROCESS_SECURITY_DOMAIN_INFORMATION;
STRUCT!{struct PROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION {
ProcessHandle: HANDLE,
}}
pub type PPROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION =
*mut PROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION;
STRUCT!{struct PROCESS_LOGGING_INFORMATION {
Flags: ULONG,
BitFields: ULONG,
}}
BITFIELD!{PROCESS_LOGGING_INFORMATION BitFields: ULONG [
EnableReadVmLogging set_EnableReadVmLogging[0..1],
EnableWriteVmLogging set_EnableWriteVmLogging[1..2],
EnableProcessSuspendResumeLogging set_EnableProcessSuspendResumeLogging[2..3],
EnableThreadSuspendResumeLogging set_EnableThreadSuspendResumeLogging[3..4],
Reserved set_Reserved[4..32],
]}
pub type PPROCESS_LOGGING_INFORMATION = *mut PROCESS_LOGGING_INFORMATION;
STRUCT!{struct PROCESS_LEAP_SECOND_INFORMATION {
Flags: ULONG,
Reserved: ULONG,
}}
pub type PPROCESS_LEAP_SECOND_INFORMATION = *mut PROCESS_LEAP_SECOND_INFORMATION;
STRUCT!{struct THREAD_BASIC_INFORMATION {
ExitStatus: NTSTATUS,
TebBaseAddress: PTEB,
ClientId: CLIENT_ID,
AffinityMask: ULONG_PTR,
Priority: KPRIORITY,
BasePriority: LONG,
}}
pub type PTHREAD_BASIC_INFORMATION = *mut THREAD_BASIC_INFORMATION;
STRUCT!{struct THREAD_LAST_SYSCALL_INFORMATION {
FirstArgument: PVOID,
SystemCallNumber: USHORT,
Pad: [USHORT; 1],
WaitTime: ULONG64,
}}
pub type PTHREAD_LAST_SYSCALL_INFORMATION = *mut THREAD_LAST_SYSCALL_INFORMATION;
STRUCT!{struct THREAD_CYCLE_TIME_INFORMATION {
AccumulatedCycles: ULONGLONG,
CurrentCycleCount: ULONGLONG,
}}
pub type PTHREAD_CYCLE_TIME_INFORMATION = *mut THREAD_CYCLE_TIME_INFORMATION;
STRUCT!{struct THREAD_TEB_INFORMATION {
TebInformation: PVOID,
TebOffset: ULONG,
BytesToRead: ULONG,
}}
pub type PTHREAD_TEB_INFORMATION = *mut THREAD_TEB_INFORMATION;
STRUCT!{struct COUNTER_READING {
Type: HARDWARE_COUNTER_TYPE,
Index: ULONG,
Start: ULONG64,
Total: ULONG64,
}}
pub type PCOUNTER_READING = *mut COUNTER_READING;
STRUCT!{struct THREAD_PERFORMANCE_DATA {
Size: USHORT,
Version: USHORT,
ProcessorNumber: PROCESSOR_NUMBER,
ContextSwitches: ULONG,
HwCountersCount: ULONG,
UpdateCount: ULONG64,
WaitReasonBitMap: ULONG64,
HardwareCounters: ULONG64,
CycleTime: COUNTER_READING,
HwCounters: [COUNTER_READING; MAX_HW_COUNTERS],
}}
pub type PTHREAD_PERFORMANCE_DATA = *mut THREAD_PERFORMANCE_DATA;
STRUCT!{struct THREAD_PROFILING_INFORMATION {
HardwareCounters: ULONG64,
Flags: ULONG,
Enable: ULONG,
PerformanceData: PTHREAD_PERFORMANCE_DATA,
}}
pub type PTHREAD_PROFILING_INFORMATION = *mut THREAD_PROFILING_INFORMATION;
#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
STRUCT!{#[repr(align(16))] struct RTL_UMS_CONTEXT {
Link: SINGLE_LIST_ENTRY,
__padding: u64,
Context: CONTEXT,
Teb: PVOID,
UserContext: PVOID,
ScheduledThread: ULONG,
Suspended: ULONG,
VolatileContext: ULONG,
Terminated: ULONG,
DebugActive: ULONG,
RunningOnSelfThread: ULONG,
DenyRunningOnSelfThread: ULONG,
Flags: LONG,
KernelUpdateLock: ULONG64,
PrimaryClientID: ULONG64,
ContextLock: ULONG64,
PrimaryUmsContext: *mut RTL_UMS_CONTEXT,
SwitchCount: ULONG,
KernelYieldCount: ULONG,
MixedYieldCount: ULONG,
YieldCount: ULONG,
}}
#[cfg(target_arch = "x86")]
STRUCT!{struct RTL_UMS_CONTEXT {
Link: SINGLE_LIST_ENTRY,
Context: CONTEXT,
Teb: PVOID,
UserContext: PVOID,
ScheduledThread: ULONG,
Suspended: ULONG,
VolatileContext: ULONG,
Terminated: ULONG,
DebugActive: ULONG,
RunningOnSelfThread: ULONG,
DenyRunningOnSelfThread: ULONG,
Flags: LONG,
KernelUpdateLock: ULONG64,
PrimaryClientID: ULONG64,
ContextLock: ULONG64,
PrimaryUmsContext: *mut RTL_UMS_CONTEXT,
SwitchCount: ULONG,
KernelYieldCount: ULONG,
MixedYieldCount: ULONG,
YieldCount: ULONG,
__padding: u32,
}}
pub type PRTL_UMS_CONTEXT = *mut RTL_UMS_CONTEXT;
ENUM!{enum THREAD_UMS_INFORMATION_COMMAND {
UmsInformationCommandInvalid = 0,
UmsInformationCommandAttach = 1,
UmsInformationCommandDetach = 2,
UmsInformationCommandQuery = 3,
}}
STRUCT!{struct RTL_UMS_COMPLETION_LIST {
ThreadListHead: PSINGLE_LIST_ENTRY,
CompletionEvent: PVOID,
CompletionFlags: ULONG,
InternalListHead: SINGLE_LIST_ENTRY,
}}
pub type PRTL_UMS_COMPLETION_LIST = *mut RTL_UMS_COMPLETION_LIST;
STRUCT!{struct THREAD_UMS_INFORMATION {
Command: THREAD_UMS_INFORMATION_COMMAND,
CompletionList: PRTL_UMS_COMPLETION_LIST,
UmsContext: PRTL_UMS_CONTEXT,
Flags: ULONG,
}}
BITFIELD!{THREAD_UMS_INFORMATION Flags: ULONG [
IsUmsSchedulerThread set_IsUmsSchedulerThread[0..1],
IsUmsWorkerThread set_IsUmsWorkerThread[1..2],
SpareBits set_SpareBits[2..32],
]}
pub type PTHREAD_UMS_INFORMATION = *mut THREAD_UMS_INFORMATION;
STRUCT!{struct THREAD_NAME_INFORMATION {
ThreadName: UNICODE_STRING,
}}
pub type PTHREAD_NAME_INFORMATION = *mut THREAD_NAME_INFORMATION;
ENUM!{enum SUBSYSTEM_INFORMATION_TYPE {
SubsystemInformationTypeWin32 = 0,
SubsystemInformationTypeWSL = 1,
MaxSubsystemInformationType = 2,
}}
ENUM!{enum THREAD_WORKLOAD_CLASS {
ThreadWorkloadClassDefault = 0,
ThreadWorkloadClassGraphics = 1,
MaxThreadWorkloadClass = 2,
}}
EXTERN!{extern "system" {
fn NtCreateProcess(
ProcessHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
ParentProcess: HANDLE,
InheritObjectTable: BOOLEAN,
SectionHandle: HANDLE,
DebugPort: HANDLE,
ExceptionPort: HANDLE,
) -> NTSTATUS;
}}
pub const PROCESS_CREATE_FLAGS_BREAKAWAY: ULONG = 0x00000001;
pub const PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT: ULONG = 0x00000002;
pub const PROCESS_CREATE_FLAGS_INHERIT_HANDLES: ULONG = 0x00000004;
pub const PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE: ULONG = 0x00000008;
pub const PROCESS_CREATE_FLAGS_LARGE_PAGES: ULONG = 0x00000010;
EXTERN!{extern "system" {
fn NtCreateProcessEx(
ProcessHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
ParentProcess: HANDLE,
Flags: ULONG,
SectionHandle: HANDLE,
DebugPort: HANDLE,
ExceptionPort: HANDLE,
JobMemberLevel: ULONG,
) -> NTSTATUS;
fn NtOpenProcess(
ProcessHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
ClientId: PCLIENT_ID,
) -> NTSTATUS;
fn NtTerminateProcess(
ProcessHandle: HANDLE,
ExitStatus: NTSTATUS,
) -> NTSTATUS;
fn NtSuspendProcess(
ProcessHandle: HANDLE,
) -> NTSTATUS;
fn NtResumeProcess(
ProcessHandle: HANDLE,
) -> NTSTATUS;
}}
pub const NtCurrentProcess: HANDLE = -1isize as *mut c_void;
pub const ZwCurrentProcess: HANDLE = NtCurrentProcess;
pub const NtCurrentThread: HANDLE = -2isize as *mut c_void;
pub const ZwCurrentThread: HANDLE = NtCurrentThread;
pub const NtCurrentSession: HANDLE = -3isize as *mut c_void;
pub const ZwCurrentSession: HANDLE = NtCurrentSession;
#[inline] #[cfg(all(feature = "beta", not(target_arch = "aarch64")))]
pub unsafe fn NtCurrentPeb() -> PPEB {
(*NtCurrentTeb()).ProcessEnvironmentBlock
}
pub const NtCurrentProcessToken: HANDLE = -4isize as *mut c_void;
pub const NtCurrentThreadToken: HANDLE = -5isize as *mut c_void;
pub const NtCurrentEffectiveToken: HANDLE = -6isize as *mut c_void;
pub const NtCurrentSilo: HANDLE = -1isize as *mut c_void;
#[inline] #[cfg(all(feature = "beta", not(target_arch = "aarch64")))]
pub unsafe fn NtCurrentProcessId() -> HANDLE {
(*NtCurrentTeb()).ClientId.UniqueProcess
}
#[inline] #[cfg(all(feature = "beta", not(target_arch = "aarch64")))]
pub unsafe fn NtCurrentThreadId() -> HANDLE {
(*NtCurrentTeb()).ClientId.UniqueThread
}
EXTERN!{extern "system" {
fn NtQueryInformationProcess(
ProcessHandle: HANDLE,
ProcessInformationClass: PROCESSINFOCLASS,
ProcessInformation: PVOID,
ProcessInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn NtGetNextProcess(
ProcessHandle: HANDLE,
DesiredAccess: ACCESS_MASK,
HandleAttributes: ULONG,
Flags: ULONG,
NewProcessHandle: PHANDLE,
) -> NTSTATUS;
fn NtGetNextThread(
ProcessHandle: HANDLE,
ThreadHandle: HANDLE,
DesiredAccess: ACCESS_MASK,
HandleAttributes: ULONG,
Flags: ULONG,
NewThreadHandle: PHANDLE,
) -> NTSTATUS;
fn NtSetInformationProcess(
ProcessHandle: HANDLE,
ProcessInformationClass: PROCESSINFOCLASS,
ProcessInformation: PVOID,
ProcessInformationLength: ULONG,
) -> NTSTATUS;
fn NtQueryPortInformationProcess() -> NTSTATUS;
fn NtCreateThread(
ThreadHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
ProcessHandle: HANDLE,
ClientId: PCLIENT_ID,
ThreadContext: PCONTEXT,
InitialTeb: PINITIAL_TEB,
CreateSuspended: BOOLEAN,
) -> NTSTATUS;
fn NtOpenThread(
ThreadHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
ClientId: PCLIENT_ID,
) -> NTSTATUS;
fn NtTerminateThread(
ThreadHandle: HANDLE,
ExitStatus: NTSTATUS,
) -> NTSTATUS;
fn NtSuspendThread(
ThreadHandle: HANDLE,
PreviousSuspendCount: PULONG,
) -> NTSTATUS;
fn NtResumeThread(
ThreadHandle: HANDLE,
PreviousSuspendCount: PULONG,
) -> NTSTATUS;
fn NtGetCurrentProcessorNumber() -> ULONG;
fn NtGetContextThread(
ThreadHandle: HANDLE,
ThreadContext: PCONTEXT,
) -> NTSTATUS;
fn NtSetContextThread(
ThreadHandle: HANDLE,
ThreadContext: PCONTEXT,
) -> NTSTATUS;
fn NtQueryInformationThread(
ThreadHandle: HANDLE,
ThreadInformationClass: THREADINFOCLASS,
ThreadInformation: PVOID,
ThreadInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn NtSetInformationThread(
ThreadHandle: HANDLE,
ThreadInformationClass: THREADINFOCLASS,
ThreadInformation: PVOID,
ThreadInformationLength: ULONG,
) -> NTSTATUS;
fn NtAlertThread(
ThreadHandle: HANDLE,
) -> NTSTATUS;
fn NtAlertResumeThread(
ThreadHandle: HANDLE,
PreviousSuspendCount: PULONG,
) -> NTSTATUS;
fn NtTestAlert() -> NTSTATUS;
fn NtImpersonateThread(
ServerThreadHandle: HANDLE,
ClientThreadHandle: HANDLE,
SecurityQos: PSECURITY_QUALITY_OF_SERVICE,
) -> NTSTATUS;
fn NtRegisterThreadTerminatePort(
PortHandle: HANDLE,
) -> NTSTATUS;
fn NtSetLdtEntries(
Selector0: ULONG,
Entry0Low: ULONG,
Entry0Hi: ULONG,
Selector1: ULONG,
Entry1Low: ULONG,
Entry1Hi: ULONG,
) -> NTSTATUS;
}}
FN!{cdecl PPS_APC_ROUTINE(
ApcArgument1: PVOID,
ApcArgument2: PVOID,
ApcArgument3: PVOID,
) -> ()}
EXTERN!{extern "system" {
fn NtQueueApcThread(
ThreadHandle: HANDLE,
ApcRoutine: PPS_APC_ROUTINE,
ApcArgument1: PVOID,
ApcArgument2: PVOID,
ApcArgument3: PVOID,
) -> NTSTATUS;
}}
pub const APC_FORCE_THREAD_SIGNAL: HANDLE = 1 as *mut c_void;
EXTERN!{extern "system" {
fn NtQueueApcThreadEx(
ThreadHandle: HANDLE,
UserApcReserveHandle: HANDLE,
ApcRoutine: PPS_APC_ROUTINE,
ApcArgument1: PVOID,
ApcArgument2: PVOID,
ApcArgument3: PVOID,
) -> NTSTATUS;
fn NtAlertThreadByThreadId(
ThreadId: HANDLE,
) -> NTSTATUS;
fn NtWaitForAlertByThreadId(
Address: PVOID,
Timeout: PLARGE_INTEGER,
) -> NTSTATUS;
}}
pub const PS_ATTRIBUTE_NUMBER_MASK: u32 = 0x0000ffff;
pub const PS_ATTRIBUTE_THREAD: u32 = 0x00010000;
pub const PS_ATTRIBUTE_INPUT: u32 = 0x00020000;
pub const PS_ATTRIBUTE_ADDITIVE: u32 = 0x00040000;
ENUM!{enum PS_ATTRIBUTE_NUM {
PsAttributeParentProcess = 0,
PsAttributeDebugPort = 1,
PsAttributeToken = 2,
PsAttributeClientId = 3,
PsAttributeTebAddress = 4,
PsAttributeImageName = 5,
PsAttributeImageInfo = 6,
PsAttributeMemoryReserve = 7,
PsAttributePriorityClass = 8,
PsAttributeErrorMode = 9,
PsAttributeStdHandleInfo = 10,
PsAttributeHandleList = 11,
PsAttributeGroupAffinity = 12,
PsAttributePreferredNode = 13,
PsAttributeIdealProcessor = 14,
PsAttributeUmsThread = 15,
PsAttributeMitigationOptions = 16,
PsAttributeProtectionLevel = 17,
PsAttributeSecureProcess = 18,
PsAttributeJobList = 19,
PsAttributeChildProcessPolicy = 20,
PsAttributeAllApplicationPackagesPolicy = 21,
PsAttributeWin32kFilter = 22,
PsAttributeSafeOpenPromptOriginClaim = 23,
PsAttributeBnoIsolation = 24,
PsAttributeDesktopAppPolicy = 25,
PsAttributeChpe = 26,
PsAttributeMax = 27,
}}
#[inline]
pub const fn PsAttributeValue(
Number: PS_ATTRIBUTE_NUM,
Thread: bool,
Input: bool,
Additive: bool,
) -> ULONG_PTR { //fixme
(Number & PS_ATTRIBUTE_NUMBER_MASK | [0, PS_ATTRIBUTE_THREAD][Thread as usize]
| [0, PS_ATTRIBUTE_INPUT][Input as usize] | [0, PS_ATTRIBUTE_ADDITIVE][Additive as usize]
) as usize
}
pub const PS_ATTRIBUTE_PARENT_PROCESS: ULONG_PTR = 0x00060000;
pub const PS_ATTRIBUTE_DEBUG_PORT: ULONG_PTR = 0x00060001;
pub const PS_ATTRIBUTE_TOKEN: ULONG_PTR = 0x00060002;
pub const PS_ATTRIBUTE_CLIENT_ID: ULONG_PTR = 0x00010003;
pub const PS_ATTRIBUTE_TEB_ADDRESS: ULONG_PTR = 0x00010004;
pub const PS_ATTRIBUTE_IMAGE_NAME: ULONG_PTR = 0x00020005;
pub const PS_ATTRIBUTE_IMAGE_INFO: ULONG_PTR = 0x00000006;
pub const PS_ATTRIBUTE_MEMORY_RESERVE: ULONG_PTR = 0x00020007;
pub const PS_ATTRIBUTE_PRIORITY_CLASS: ULONG_PTR = 0x00020008;
pub const PS_ATTRIBUTE_ERROR_MODE: ULONG_PTR = 0x00020009;
pub const PS_ATTRIBUTE_STD_HANDLE_INFO: ULONG_PTR = 0x0002000a;
pub const PS_ATTRIBUTE_HANDLE_LIST: ULONG_PTR = 0x0002000b;
pub const PS_ATTRIBUTE_GROUP_AFFINITY: ULONG_PTR = 0x0003000c;
pub const PS_ATTRIBUTE_PREFERRED_NODE: ULONG_PTR = 0x0002000d;
pub const PS_ATTRIBUTE_IDEAL_PROCESSOR: ULONG_PTR = 0x0003000e;
pub const PS_ATTRIBUTE_UMS_THREAD: ULONG_PTR = 0x0003000f;
pub const PS_ATTRIBUTE_MITIGATION_OPTIONS: ULONG_PTR = 0x00060010;
pub const PS_ATTRIBUTE_PROTECTION_LEVEL: ULONG_PTR = 0x00060011;
pub const PS_ATTRIBUTE_SECURE_PROCESS: ULONG_PTR = 0x00020012;
pub const PS_ATTRIBUTE_JOB_LIST: ULONG_PTR = 0x00020013;
pub const PS_ATTRIBUTE_CHILD_PROCESS_POLICY: ULONG_PTR = 0x00020014;
pub const PS_ATTRIBUTE_ALL_APPLICATION_PACKAGES_POLICY: ULONG_PTR = 0x00020015;
pub const PS_ATTRIBUTE_WIN32K_FILTER: ULONG_PTR = 0x00020016;
pub const PS_ATTRIBUTE_SAFE_OPEN_PROMPT_ORIGIN_CLAIM: ULONG_PTR = 0x00020017;
pub const PS_ATTRIBUTE_BNO_ISOLATION: ULONG_PTR = 0x00020018;
pub const PS_ATTRIBUTE_DESKTOP_APP_POLICY: ULONG_PTR = 0x00020019;
UNION!{union PS_ATTRIBUTE_u {
Value: ULONG_PTR,
ValuePtr: PVOID,
}}
STRUCT!{struct PS_ATTRIBUTE {
Attribute: ULONG_PTR,
Size: SIZE_T,
u: PS_ATTRIBUTE_u,
ReturnLength: PSIZE_T,
}}
pub type PPS_ATTRIBUTE = *mut PS_ATTRIBUTE;
STRUCT!{struct PS_ATTRIBUTE_LIST {
TotalLength: SIZE_T,
Attributes: [PS_ATTRIBUTE; 1],
}}
pub type PPS_ATTRIBUTE_LIST = *mut PS_ATTRIBUTE_LIST;
STRUCT!{struct PS_MEMORY_RESERVE {
ReserveAddress: PVOID,
ReserveSize: SIZE_T,
}}
pub type PPS_MEMORY_RESERVE = *mut PS_MEMORY_RESERVE;
ENUM!{enum PS_STD_HANDLE_STATE {
PsNeverDuplicate = 0,
PsRequestDuplicate = 1,
PsAlwaysDuplicate = 2,
PsMaxStdHandleStates = 3,
}}
pub const PS_STD_INPUT_HANDLE: u32 = 0x1;
pub const PS_STD_OUTPUT_HANDLE: u32 = 0x2;
pub const PS_STD_ERROR_HANDLE: u32 = 0x4;
STRUCT!{struct PS_STD_HANDLE_INFO {
Flags: ULONG,
StdHandleSubsystemType: ULONG,
}}
pub type PPS_STD_HANDLE_INFO = *mut PS_STD_HANDLE_INFO;
BITFIELD!{PS_STD_HANDLE_INFO Flags: ULONG [
StdHandleState set_StdHandleState[0..2],
PseudoHandleMask set_PseudoHandleMask[2..5],
]}
STRUCT!{struct PS_BNO_ISOLATION_PARAMETERS {
IsolationPrefix: UNICODE_STRING,
HandleCount: ULONG,
Handles: *mut PVOID,
IsolationEnabled: BOOLEAN,
}}
pub type PPS_BNO_ISOLATION_PARAMETERS = *mut PS_BNO_ISOLATION_PARAMETERS;
ENUM!{enum PS_MITIGATION_OPTION {
PS_MITIGATION_OPTION_NX = 0,
PS_MITIGATION_OPTION_SEHOP = 1,
PS_MITIGATION_OPTION_FORCE_RELOCATE_IMAGES = 2,
PS_MITIGATION_OPTION_HEAP_TERMINATE = 3,
PS_MITIGATION_OPTION_BOTTOM_UP_ASLR = 4,
PS_MITIGATION_OPTION_HIGH_ENTROPY_ASLR = 5,
PS_MITIGATION_OPTION_STRICT_HANDLE_CHECKS = 6,
PS_MITIGATION_OPTION_WIN32K_SYSTEM_CALL_DISABLE = 7,
PS_MITIGATION_OPTION_EXTENSION_POINT_DISABLE = 8,
PS_MITIGATION_OPTION_PROHIBIT_DYNAMIC_CODE = 9,
PS_MITIGATION_OPTION_CONTROL_FLOW_GUARD = 10,
PS_MITIGATION_OPTION_BLOCK_NON_MICROSOFT_BINARIES = 11,
PS_MITIGATION_OPTION_FONT_DISABLE = 12,
PS_MITIGATION_OPTION_IMAGE_LOAD_NO_REMOTE = 13,
PS_MITIGATION_OPTION_IMAGE_LOAD_NO_LOW_LABEL = 14,
PS_MITIGATION_OPTION_IMAGE_LOAD_PREFER_SYSTEM32 = 15,
PS_MITIGATION_OPTION_RETURN_FLOW_GUARD = 16,
PS_MITIGATION_OPTION_LOADER_INTEGRITY_CONTINUITY = 17,
PS_MITIGATION_OPTION_STRICT_CONTROL_FLOW_GUARD = 18,
PS_MITIGATION_OPTION_RESTRICT_SET_THREAD_CONTEXT = 19,
PS_MITIGATION_OPTION_ROP_STACKPIVOT = 20,
PS_MITIGATION_OPTION_ROP_CALLER_CHECK = 21,
PS_MITIGATION_OPTION_ROP_SIMEXEC = 22,
PS_MITIGATION_OPTION_EXPORT_ADDRESS_FILTER = 23,
PS_MITIGATION_OPTION_EXPORT_ADDRESS_FILTER_PLUS = 24,
PS_MITIGATION_OPTION_RESTRICT_CHILD_PROCESS_CREATION = 25,
PS_MITIGATION_OPTION_IMPORT_ADDRESS_FILTER = 26,
PS_MITIGATION_OPTION_MODULE_TAMPERING_PROTECTION = 27,
PS_MITIGATION_OPTION_RESTRICT_INDIRECT_BRANCH_PREDICTION = 28,
PS_MITIGATION_OPTION_SPECULATIVE_STORE_BYPASS_DISABLE = 29,
PS_MITIGATION_OPTION_ALLOW_DOWNGRADE_DYNAMIC_CODE_POLICY = 30,
PS_MITIGATION_OPTION_CET_SHADOW_STACKS = 31,
}}
ENUM!{enum PS_CREATE_STATE {
PsCreateInitialState = 0,
PsCreateFailOnFileOpen = 1,
PsCreateFailOnSectionCreate = 2,
PsCreateFailExeFormat = 3,
PsCreateFailMachineMismatch = 4,
PsCreateFailExeName = 5,
PsCreateSuccess = 6,
PsCreateMaximumStates = 7,
}}
STRUCT!{struct PS_CREATE_INFO_u_InitState {
InitFlags: ULONG,
AdditionalFileAccess: ACCESS_MASK,
}}
BITFIELD!{PS_CREATE_INFO_u_InitState InitFlags: ULONG [
WriteOutputOnExit set_WriteOutputOnExit[0..1],
DetectManifest set_DetectManifest[1..2],
IFEOSkipDebugger set_IFEOSkipDebugger[2..3],
IFEODoNotPropagateKeyState set_IFEODoNotPropagateKeyState[3..4],
SpareBits1 set_SpareBits1[4..8],
SpareBits2 set_SpareBits2[8..16],
ProhibitedImageCharacteristics set_ProhibitedImageCharacteristics[16..32],
]}
STRUCT!{struct PS_CREATE_INFO_u_SuccessState {
OutputFlags: ULONG,
FileHandle: HANDLE,
SectionHandle: HANDLE,
UserProcessParametersNative: ULONGLONG,
UserProcessParametersWow64: ULONG,
CurrentParameterFlags: ULONG,
PebAddressNative: ULONGLONG,
PebAddressWow64: ULONG,
ManifestAddress: ULONGLONG,
ManifestSize: ULONG,
}}
BITFIELD!{PS_CREATE_INFO_u_SuccessState OutputFlags: ULONG [
ProtectedProcess set_ProtectedProcess[0..1],
AddressSpaceOverride set_AddressSpaceOverride[1..2],
DevOverrideEnabled set_DevOverrideEnabled[2..3],
ManifestDetected set_ManifestDetected[3..4],
ProtectedProcessLight set_ProtectedProcessLight[4..5],
SpareBits1 set_SpareBits1[5..8],
SpareBits2 set_SpareBits2[8..16],
SpareBits3 set_SpareBits3[16..32],
]}
UNION!{union PS_CREATE_INFO_u {
InitState: PS_CREATE_INFO_u_InitState,
FileHandle: HANDLE,
DllCharacteristics: USHORT,
IFEOKey: HANDLE,
SuccessState: PS_CREATE_INFO_u_SuccessState,
}}
STRUCT!{struct PS_CREATE_INFO {
Size: SIZE_T,
State: PS_CREATE_STATE,
u: PS_CREATE_INFO_u,
}}
pub type PPS_CREATE_INFO = *mut PS_CREATE_INFO;
pub const PROCESS_CREATE_FLAGS_LARGE_PAGE_SYSTEM_DLL: ULONG = 0x00000020;
pub const PROCESS_CREATE_FLAGS_PROTECTED_PROCESS: ULONG = 0x00000040;
pub const PROCESS_CREATE_FLAGS_CREATE_SESSION: ULONG = 0x00000080;
pub const PROCESS_CREATE_FLAGS_INHERIT_FROM_PARENT: ULONG = 0x00000100;
pub const PROCESS_CREATE_FLAGS_SUSPENDED: ULONG = 0x00000200;
pub const PROCESS_CREATE_FLAGS_EXTENDED_UNKNOWN: ULONG = 0x00000400;
EXTERN!{extern "system" {
fn NtCreateUserProcess(
ProcessHandle: PHANDLE,
ThreadHandle: PHANDLE,
ProcessDesiredAccess: ACCESS_MASK,
ThreadDesiredAccess: ACCESS_MASK,
ProcessObjectAttributes: POBJECT_ATTRIBUTES,
ThreadObjectAttributes: POBJECT_ATTRIBUTES,
ProcessFlags: ULONG,
ThreadFlags: ULONG,
ProcessParameters: PVOID,
CreateInfo: PPS_CREATE_INFO,
AttributeList: PPS_ATTRIBUTE_LIST,
) -> NTSTATUS;
}}
pub const THREAD_CREATE_FLAGS_CREATE_SUSPENDED: ULONG = 0x00000001;
pub const THREAD_CREATE_FLAGS_SKIP_THREAD_ATTACH: ULONG = 0x00000002;
pub const THREAD_CREATE_FLAGS_HIDE_FROM_DEBUGGER: ULONG = 0x00000004;
pub const THREAD_CREATE_FLAGS_HAS_SECURITY_DESCRIPTOR: ULONG = 0x00000010;
pub const THREAD_CREATE_FLAGS_ACCESS_CHECK_IN_TARGET: ULONG = 0x00000020;
pub const THREAD_CREATE_FLAGS_INITIAL_THREAD: ULONG = 0x00000080;
EXTERN!{extern "system" {
fn NtCreateThreadEx(
ThreadHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
ProcessHandle: HANDLE,
StartRoutine: PVOID,
Argument: PVOID,
CreateFlags: ULONG,
ZeroBits: SIZE_T,
StackSize: SIZE_T,
MaximumStackSize: SIZE_T,
AttributeList: PPS_ATTRIBUTE_LIST,
) -> NTSTATUS;
}}
STRUCT!{struct JOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION {
BasicInfo: JOBOBJECT_BASIC_ACCOUNTING_INFORMATION,
IoInfo: IO_COUNTERS,
DiskIoInfo: PROCESS_DISK_COUNTERS,
ContextSwitches: ULONG64,
TotalCycleTime: LARGE_INTEGER,
ReadyTime: ULONG64,
EnergyValues: PROCESS_ENERGY_VALUES,
}}
pub type PJOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION =
*mut JOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION;
STRUCT!{struct JOBOBJECT_WAKE_INFORMATION {
NotificationChannel: HANDLE,
WakeCounters: [ULONG64; 7],
}}
pub type PJOBOBJECT_WAKE_INFORMATION = *mut JOBOBJECT_WAKE_INFORMATION;
STRUCT!{struct JOBOBJECT_WAKE_INFORMATION_V1 {
NotificationChannel: HANDLE,
WakeCounters: [ULONG64; 4],
}}
pub type PJOBOBJECT_WAKE_INFORMATION_V1 = *mut JOBOBJECT_WAKE_INFORMATION_V1;
STRUCT!{struct JOBOBJECT_INTERFERENCE_INFORMATION {
Count: ULONG64,
}}
pub type PJOBOBJECT_INTERFERENCE_INFORMATION = *mut JOBOBJECT_INTERFERENCE_INFORMATION;
STRUCT!{struct JOBOBJECT_WAKE_FILTER {
HighEdgeFilter: ULONG,
LowEdgeFilter: ULONG,
}}
pub type PJOBOBJECT_WAKE_FILTER = *mut JOBOBJECT_WAKE_FILTER;
STRUCT!{struct JOBOBJECT_FREEZE_INFORMATION {
Flags: ULONG,
Freeze: BOOLEAN,
Swap: BOOLEAN,
Reserved0: [UCHAR; 2],
WakeFilter: JOBOBJECT_WAKE_FILTER,
}}
pub type PJOBOBJECT_FREEZE_INFORMATION = *mut JOBOBJECT_FREEZE_INFORMATION;
BITFIELD!{JOBOBJECT_FREEZE_INFORMATION Flags: ULONG [
FreezeOperation set_FreezeOperation[0..1],
FilterOperation set_FilterOperation[1..2],
SwapOperation set_SwapOperation[2..3],
Reserved set_Reserved[3..32],
]}
STRUCT!{struct JOBOBJECT_MEMORY_USAGE_INFORMATION {
JobMemory: ULONG64,
PeakJobMemoryUsed: ULONG64,
}}
pub type PJOBOBJECT_MEMORY_USAGE_INFORMATION = *mut JOBOBJECT_MEMORY_USAGE_INFORMATION;
STRUCT!{struct JOBOBJECT_MEMORY_USAGE_INFORMATION_V2 {
BasicInfo: JOBOBJECT_MEMORY_USAGE_INFORMATION,
JobSharedMemory: ULONG64,
Reserved: [ULONG64; 2],
}}
pub type PJOBOBJECT_MEMORY_USAGE_INFORMATION_V2 = *mut JOBOBJECT_MEMORY_USAGE_INFORMATION_V2;
STRUCT!{struct SILO_USER_SHARED_DATA {
ServiceSessionId: ULONG64,
ActiveConsoleId: ULONG,
ConsoleSessionForegroundProcessId: LONGLONG,
NtProductType: NT_PRODUCT_TYPE,
SuiteMask: ULONG,
SharedUserSessionId: ULONG,
IsMultiSessionSku: BOOLEAN,
NtSystemRoot: [WCHAR; 260],
UserModeGlobalLogger: [USHORT; 16],
}}
pub type PSILO_USER_SHARED_DATA = *mut SILO_USER_SHARED_DATA;
STRUCT!{struct SILOOBJECT_ROOT_DIRECTORY {
ControlFlags: ULONG,
Path: UNICODE_STRING,
}}
pub type PSILOOBJECT_ROOT_DIRECTORY = *mut SILOOBJECT_ROOT_DIRECTORY;
STRUCT!{struct JOBOBJECT_ENERGY_TRACKING_STATE {
Value: ULONG64,
UpdateMask: ULONG,
DesiredState: ULONG,
}}
pub type PJOBOBJECT_ENERGY_TRACKING_STATE = *mut JOBOBJECT_ENERGY_TRACKING_STATE;
EXTERN!{extern "system" {
fn NtCreateJobObject(
JobHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn NtOpenJobObject(
JobHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn NtAssignProcessToJobObject(
JobHandle: HANDLE,
ProcessHandle: HANDLE,
) -> NTSTATUS;
fn NtTerminateJobObject(
JobHandle: HANDLE,
ExitStatus: NTSTATUS,
) -> NTSTATUS;
fn NtIsProcessInJob(
ProcessHandle: HANDLE,
JobHandle: HANDLE,
) -> NTSTATUS;
fn NtQueryInformationJobObject(
JobHandle: HANDLE,
JobObjectInformationClass: JOBOBJECTINFOCLASS,
JobObjectInformation: PVOID,
JobObjectInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn NtSetInformationJobObject(
JobHandle: HANDLE,
JobObjectInformationClass: JOBOBJECTINFOCLASS,
JobObjectInformation: PVOID,
JobObjectInformationLength: ULONG,
) -> NTSTATUS;
fn NtCreateJobSet(
NumJob: ULONG,
UserJobSet: PJOB_SET_ARRAY,
Flags: ULONG,
) -> NTSTATUS;
fn NtRevertContainerImpersonation() -> NTSTATUS;
}}
ENUM!{enum MEMORY_RESERVE_TYPE {
MemoryReserveUserApc = 0,
MemoryReserveIoCompletion = 1,
MemoryReserveTypeMax = 2,
}}
EXTERN!{extern "system" {
fn NtAllocateReserveObject(
MemoryReserveHandle: PHANDLE,
ObjectAttributes: POBJECT_ATTRIBUTES,
Type: MEMORY_RESERVE_TYPE,
) -> NTSTATUS;
}}