ari 0.0.6

ari. the extras library.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293

#![allow(
    dead_code,
    non_camel_case_types,
    non_snake_case,
    non_upper_case_globals
)]

use winapi::shared::basetsd::SIZE_T;
use winapi::shared::ntdef::{HANDLE, LARGE_INTEGER, LONG, NTSTATUS, PCWSTR, PULONG};
use winapi::shared::ntdef::{PUNICODE_STRING, PVOID, UCHAR, ULONG, ULONGLONG};
use winapi::shared::ntdef::{UNICODE_STRING, USHORT};

#[link(name = "ntdll")]
extern "system" {
    pub fn NtLoadDriver(DriverServiceName: PUNICODE_STRING) -> NTSTATUS;

    pub fn NtUnloadDriver(DriverServiceName: PUNICODE_STRING) -> NTSTATUS;

    pub fn NtQuerySystemInformation(
        SystemInformationClass: u32,
        SystemInformation: PVOID,
        SystemInformationLength: ULONG,
        ReturnLength: PULONG,
    ) -> NTSTATUS;

    pub fn RtlInitUnicodeString(DestinationString: PUNICODE_STRING, SourceString: PCWSTR);
}

#[repr(C)]
#[derive(Clone)]
pub struct RTL_PROCESS_MODULE_INFORMATION {
    pub Section: HANDLE,
    pub MappedBase: PVOID,
    pub ImageBase: PVOID,
    pub ImageSize: ULONG,
    pub Flags: ULONG,
    pub LoadOrderIndex: USHORT,
    pub InitOrderIndex: USHORT,
    pub LoadCount: USHORT,
    pub OffsetToFileName: USHORT,
    pub FullPathName: [UCHAR; 256],
}

#[repr(C)]
#[derive(Clone)]
pub struct RTL_PROCESS_MODULES {
    pub NumberOfModules: ULONG,
    pub Modules: [RTL_PROCESS_MODULE_INFORMATION; 0],
}

pub type KPRIORITY = ULONG;
pub type PRTL_PROCESS_MODULE_INFORMATION = *mut RTL_PROCESS_MODULE_INFORMATION;
pub type PRTL_PROCESS_MODULES = *mut RTL_PROCESS_MODULES;

#[repr(C)]
#[derive(Clone)]
pub struct SYSTEM_PROCESS_INFORMATION {
    pub NextEntryOffset: ULONG,
    pub NumberOfThreads: ULONG,
    pub WorkingSetPrivateSize: LARGE_INTEGER,
    pub HardFaultCount: ULONG,
    pub NumberOfThreadsHighWatermark: ULONG,
    pub CycleTime: ULONGLONG,
    pub CreateTime: LARGE_INTEGER,
    pub UserTime: LARGE_INTEGER,
    pub KernelTime: LARGE_INTEGER,
    pub ImageName: UNICODE_STRING,
    pub BasePriority: KPRIORITY,
    pub UniqueProcessId: HANDLE,
    pub InheritedFromUniqueProcessId: PVOID,
    pub HandleCount: ULONG,
    pub SessionId: ULONG,
    pub UniqueProcessKey: ULONG,
    pub PeakVirtualSize: SIZE_T,
    pub VirtualSize: SIZE_T,
    pub PageFaultCount: ULONG,
    pub PeakWorkingSetSize: SIZE_T,
    pub WorkingSetSize: SIZE_T,
    pub Reserved5: PVOID,
    pub QuotaPagedPoolUsage: SIZE_T,
    pub Reserved6: PVOID,
    pub QuotaNonPagedPoolUsage: SIZE_T,
    pub PagefileUsage: SIZE_T,
    pub PeakPagefileUsage: SIZE_T,
    pub PrivatePageCount: SIZE_T,
    pub ReadOperationCount: LARGE_INTEGER,
    pub WriteOperationCount: LARGE_INTEGER,
    pub OtherOperationCount: LARGE_INTEGER,
    pub ReadTransferCount: LARGE_INTEGER,
    pub WriteTransferCount: LARGE_INTEGER,
    pub OtherTransferCount: LARGE_INTEGER,
}

#[repr(C)]
#[derive(Clone)]
pub struct CLIENT_ID {
    pub UniqueProcess: HANDLE,
    pub UniqueThread: HANDLE,
}

#[repr(C)]
#[derive(Clone)]
pub struct SYSTEM_THREAD_INFORMATION {
    pub KernelTime: LARGE_INTEGER,
    pub UserTime: LARGE_INTEGER,
    pub CreateTime: LARGE_INTEGER,
    pub WaitTime: ULONG,
    pub StartAddress: PVOID,
    pub ClientId: CLIENT_ID,
    pub Priority: KPRIORITY,
    pub BasePriority: LONG,
    pub ContextSwitches: ULONG,
    pub ThreadState: ULONG,
    pub WaitReason: ULONG,
}

pub const SystemBasicInformation: u32 = 0x00;
pub const SystemProcessorInformation: u32 = 0x01;
pub const SystemPerformanceInformation: u32 = 0x02;
pub const SystemTimeOfDayInformation: u32 = 0x03;
pub const SystemPathInformation: u32 = 0x04;
pub const SystemProcessInformation: u32 = 0x05;
pub const SystemCallCountInformation: u32 = 0x06;
pub const SystemDeviceInformation: u32 = 0x07;
pub const SystemProcessorPerformanceInformation: u32 = 0x08;
pub const SystemFlagsInformation: u32 = 0x09;
pub const SystemCallTimeInformation: u32 = 0x0A;
pub const SystemModuleInformation: u32 = 0x0B;
pub const SystemLocksInformation: u32 = 0x0C;
pub const SystemStackTraceInformation: u32 = 0x0D;
pub const SystemPagedPoolInformation: u32 = 0x0E;
pub const SystemNonPagedPoolInformation: u32 = 0x0F;
pub const SystemHandleInformation: u32 = 0x10;
pub const SystemObjectInformation: u32 = 0x11;
pub const SystemPageFileInformation: u32 = 0x12;
pub const SystemVdmInstemulInformation: u32 = 0x13;
pub const SystemVdmBopInformation: u32 = 0x14;
pub const SystemFileCacheInformation: u32 = 0x15;
pub const SystemPoolTagInformation: u32 = 0x16;
pub const SystemInterruptInformation: u32 = 0x17;
pub const SystemDpcBehaviorInformation: u32 = 0x18;
pub const SystemFullMemoryInformation: u32 = 0x19;
pub const SystemLoadGdiDriverInformation: u32 = 0x1A;
pub const SystemUnloadGdiDriverInformation: u32 = 0x1B;
pub const SystemTimeAdjustmentInformation: u32 = 0x1C;
pub const SystemSummaryMemoryInformation: u32 = 0x1D;
pub const SystemMirrorMemoryInformation: u32 = 0x1E;
pub const SystemPerformanceTraceInformation: u32 = 0x1F;
pub const SystemObsolete0: u32 = 0x20;
pub const SystemExceptionInformation: u32 = 0x21;
pub const SystemCrashDumpStateInformation: u32 = 0x22;
pub const SystemKernelDebuggerInformation: u32 = 0x23;
pub const SystemContextSwitchInformation: u32 = 0x24;
pub const SystemRegistryQuotaInformation: u32 = 0x25;
pub const SystemExtendedServiceTableInformation: u32 = 0x26;
pub const SystemPrioritySeparation: u32 = 0x27;
pub const SystemVerifierAddDriverInformation: u32 = 0x28;
pub const SystemVerifierRemoveDriverInformation: u32 = 0x29;
pub const SystemProcessorIdleInformation: u32 = 0x2A;
pub const SystemLegacyDriverInformation: u32 = 0x2B;
pub const SystemCurrentTimeZoneInformation: u32 = 0x2C;
pub const SystemLookasideInformation: u32 = 0x2D;
pub const SystemTimeSlipNotification: u32 = 0x2E;
pub const SystemSessionCreate: u32 = 0x2F;
pub const SystemSessionDetach: u32 = 0x30;
pub const SystemSessionInformation: u32 = 0x31;
pub const SystemRangeStartInformation: u32 = 0x32;
pub const SystemVerifierInformation: u32 = 0x33;
pub const SystemVerifierThunkExtend: u32 = 0x34;
pub const SystemSessionProcessInformation: u32 = 0x35;
pub const SystemLoadGdiDriverInSystemSpace: u32 = 0x36;
pub const SystemNumaProcessorMap: u32 = 0x37;
pub const SystemPrefetcherInformation: u32 = 0x38;
pub const SystemExtendedProcessInformation: u32 = 0x39;
pub const SystemRecommendedSharedDataAlignment: u32 = 0x3A;
pub const SystemComPlusPackage: u32 = 0x3B;
pub const SystemNumaAvailableMemory: u32 = 0x3C;
pub const SystemProcessorPowerInformation: u32 = 0x3D;
pub const SystemEmulationBasicInformation: u32 = 0x3E;
pub const SystemEmulationProcessorInformation: u32 = 0x3F;
pub const SystemExtendedHandleInformation: u32 = 0x40;
pub const SystemLostDelayedWriteInformation: u32 = 0x41;
pub const SystemBigPoolInformation: u32 = 0x42;
pub const SystemSessionPoolTagInformation: u32 = 0x43;
pub const SystemSessionMappedViewInformation: u32 = 0x44;
pub const SystemHotpatchInformation: u32 = 0x45;
pub const SystemObjectSecurityMode: u32 = 0x46;
pub const SystemWatchdogTimerHandler: u32 = 0x47;
pub const SystemWatchdogTimerInformation: u32 = 0x48;
pub const SystemLogicalProcessorInformation: u32 = 0x49;
pub const SystemWow64SharedInformationObsolete: u32 = 0x4A;
pub const SystemRegisterFirmwareTableInformationHandler: u32 = 0x4B;
pub const SystemFirmwareTableInformation: u32 = 0x4C;
pub const SystemModuleInformationEx: u32 = 0x4D;
pub const SystemVerifierTriageInformation: u32 = 0x4E;
pub const SystemSuperfetchInformation: u32 = 0x4F;
pub const SystemMemoryListInformation: u32 = 0x50;
pub const SystemFileCacheInformationEx: u32 = 0x51;
pub const SystemThreadPriorityClientIdInformation: u32 = 0x52;
pub const SystemProcessorIdleCycleTimeInformation: u32 = 0x53;
pub const SystemVerifierCancellationInformation: u32 = 0x54;
pub const SystemProcessorPowerInformationEx: u32 = 0x55;
pub const SystemRefTraceInformation: u32 = 0x56;
pub const SystemSpecialPoolInformation: u32 = 0x57;
pub const SystemProcessIdInformation: u32 = 0x58;
pub const SystemErrorPortInformation: u32 = 0x59;
pub const SystemBootEnvironmentInformation: u32 = 0x5A;
pub const SystemHypervisorInformation: u32 = 0x5B;
pub const SystemVerifierInformationEx: u32 = 0x5C;
pub const SystemTimeZoneInformation: u32 = 0x5D;
pub const SystemImageFileExecutionOptionsInformation: u32 = 0x5E;
pub const SystemCoverageInformation: u32 = 0x5F;
pub const SystemPrefetchPatchInformation: u32 = 0x60;
pub const SystemVerifierFaultsInformation: u32 = 0x61;
pub const SystemSystemPartitionInformation: u32 = 0x62;
pub const SystemSystemDiskInformation: u32 = 0x63;
pub const SystemProcessorPerformanceDistribution: u32 = 0x64;
pub const SystemNumaProximityNodeInformation: u32 = 0x65;
pub const SystemDynamicTimeZoneInformation: u32 = 0x66;
pub const SystemCodeIntegrityInformation: u32 = 0x67;
pub const SystemProcessorMicrocodeUpdateInformation: u32 = 0x68;
pub const SystemProcessorBrandString: u32 = 0x69;
pub const SystemVirtualAddressInformation: u32 = 0x6A;
pub const SystemLogicalProcessorAndGroupInformation: u32 = 0x6B;
pub const SystemProcessorCycleTimeInformation: u32 = 0x6C;
pub const SystemStoreInformation: u32 = 0x6D;
pub const SystemRegistryAppendString: u32 = 0x6E;
pub const SystemAitSamplingValue: u32 = 0x6F;
pub const SystemVhdBootInformation: u32 = 0x70;
pub const SystemCpuQuotaInformation: u32 = 0x71;
pub const SystemNativeBasicInformation: u32 = 0x72;
pub const SystemErrorPortTimeouts: u32 = 0x73;
pub const SystemLowPriorityIoInformation: u32 = 0x74;
pub const SystemBootEntropyInformation: u32 = 0x75;
pub const SystemVerifierCountersInformation: u32 = 0x76;
pub const SystemPagedPoolInformationEx: u32 = 0x77;
pub const SystemSystemPtesInformationEx: u32 = 0x78;
pub const SystemNodeDistanceInformation: u32 = 0x79;
pub const SystemAcpiAuditInformation: u32 = 0x7A;
pub const SystemBasicPerformanceInformation: u32 = 0x7B;
pub const SystemQueryPerformanceCounterInformation: u32 = 0x7C;
pub const SystemSessionBigPoolInformation: u32 = 0x7D;
pub const SystemBootGraphicsInformation: u32 = 0x7E;
pub const SystemScrubPhysicalMemoryInformation: u32 = 0x7F;
pub const SystemBadPageInformation: u32 = 0x80;
pub const SystemProcessorProfileControlArea: u32 = 0x81;
pub const SystemCombinePhysicalMemoryInformation: u32 = 0x82;
pub const SystemEntropyInterruptTimingInformation: u32 = 0x83;
pub const SystemConsoleInformation: u32 = 0x84;
pub const SystemPlatformBinaryInformation: u32 = 0x85;
pub const SystemPolicyInformation: u32 = 0x86;
pub const SystemHypervisorProcessorCountInformation: u32 = 0x87;
pub const SystemDeviceDataInformation: u32 = 0x88;
pub const SystemDeviceDataEnumerationInformation: u32 = 0x89;
pub const SystemMemoryTopologyInformation: u32 = 0x8A;
pub const SystemMemoryChannelInformation: u32 = 0x8B;
pub const SystemBootLogoInformation: u32 = 0x8C;
pub const SystemProcessorPerformanceInformationEx: u32 = 0x8D;
pub const SystemSpare0: u32 = 0x8E;
pub const SystemSecureBootPolicyInformation: u32 = 0x8F;
pub const SystemPageFileInformationEx: u32 = 0x90;
pub const SystemSecureBootInformation: u32 = 0x91;
pub const SystemEntropyInterruptTimingRawInformation: u32 = 0x92;
pub const SystemPortableWorkspaceEfiLauncherInformation: u32 = 0x93;
pub const SystemFullProcessInformation: u32 = 0x94;
pub const SystemKernelDebuggerInformationEx: u32 = 0x95;
pub const SystemBootMetadataInformation: u32 = 0x96;
pub const SystemSoftRebootInformation: u32 = 0x97;
pub const SystemElamCertificateInformation: u32 = 0x98;
pub const SystemOfflineDumpConfigInformation: u32 = 0x99;
pub const SystemProcessorFeaturesInformation: u32 = 0x9A;
pub const SystemRegistryReconciliationInformation: u32 = 0x9B;
pub const SystemEdidInformation: u32 = 0x9C;
pub const SystemManufacturingInformation: u32 = 0x9D;
pub const SystemEnergyEstimationConfigInformation: u32 = 0x9E;
pub const SystemHypervisorDetailInformation: u32 = 0x9F;
pub const SystemProcessorCycleStatsInformation: u32 = 0xA0;
pub const SystemVmGenerationCountInformation: u32 = 0xA1;
pub const SystemTrustedPlatformModuleInformation: u32 = 0xA2;
pub const SystemKernelDebuggerFlags: u32 = 0xA3;
pub const SystemCodeIntegrityPolicyInformation: u32 = 0xA4;
pub const SystemIsolatedUserModeInformation: u32 = 0xA5;
pub const SystemHardwareSecurityTestInterfaceResultsInformation: u32 = 0xA6;
pub const SystemSingleModuleInformation: u32 = 0xA7;
pub const SystemAllowedCpuSetsInformation: u32 = 0xA8;
pub const SystemDmaProtectionInformation: u32 = 0xA9;
pub const SystemInterruptCpuSetsInformation: u32 = 0xAA;
pub const SystemSecureBootPolicyFullInformation: u32 = 0xAB;
pub const SystemCodeIntegrityPolicyFullInformation: u32 = 0xAC;
pub const SystemAffinitizedInterruptProcessorInformation: u32 = 0xAD;
pub const SystemRootSiloInformation: u32 = 0xAE;
pub const SystemCpuSetInformation: u32 = 0xAF;
pub const SystemCpuSetTagInformation: u32 = 0xB0;