1use core::mem::MaybeUninit;
2#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
3use core::ptr::addr_of;
4use core::ptr::read_volatile;
5#[cfg(target_arch = "x86")]
6use core::hint::spin_loop;
7use crate::ntapi_base::{CLIENT_ID, KPRIORITY, KSYSTEM_TIME, PRTL_ATOM, RTL_ATOM};
8use crate::ntioapi::{BUS_DATA_TYPE, FILE_IO_COMPLETION_INFORMATION, INTERFACE_TYPE};
9use crate::ntkeapi::{KPROFILE_SOURCE, KTHREAD_STATE, KWAIT_REASON};
10use crate::ntldr::RTL_PROCESS_MODULE_INFORMATION_EX;
11use crate::ntpebteb::PTEB;
12use crate::ntpoapi::COUNTED_REASON_CONTEXT;
13use winapi::shared::basetsd::{KAFFINITY, PULONG64, PULONG_PTR, SIZE_T, ULONG64, ULONG_PTR};
14use winapi::shared::evntrace::PROFILE_SOURCE_INFO;
15use winapi::shared::guiddef::{GUID, LPGUID};
16use winapi::shared::ntdef::{
17 BOOLEAN, CCHAR, EVENT_TYPE, HANDLE, LANGID, LARGE_INTEGER, LCID, LOGICAL, LONG, LONGLONG,
18 NTSTATUS, NT_PRODUCT_TYPE, PBOOLEAN, PCHAR, PCWNF_STATE_NAME, PGROUP_AFFINITY, PHANDLE,
19 PHYSICAL_ADDRESS, PLARGE_INTEGER, PLCID, PLONG, PLUID, POBJECT_ATTRIBUTES, PUCHAR,
20 PULARGE_INTEGER, PULONG, PUNICODE_STRING, PUSHORT, PVOID, PWNF_STATE_NAME, PWSTR, TIMER_TYPE,
21 UCHAR, ULARGE_INTEGER, ULONG, ULONGLONG, UNICODE_STRING, USHORT, VOID, WCHAR, WNF_STATE_NAME,
22};
23use winapi::um::winnt::{
24 ACCESS_MASK, ANYSIZE_ARRAY, FIRMWARE_TYPE, GENERIC_MAPPING, PSECURITY_DESCRIPTOR,
25 STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE, XSTATE_CONFIGURATION,
26};
27use crate::winapi_local::um::winnt::UInt32x32To64;
28EXTERN!{extern "system" {
29 fn NtDelayExecution(
30 Alertable: BOOLEAN,
31 DelayInterval: PLARGE_INTEGER,
32 ) -> NTSTATUS;
33 fn NtQuerySystemEnvironmentValue(
34 VariableName: PUNICODE_STRING,
35 VariableValue: PWSTR,
36 ValueLength: USHORT,
37 ReturnLength: PUSHORT,
38 ) -> NTSTATUS;
39 fn NtSetSystemEnvironmentValue(
40 VariableName: PUNICODE_STRING,
41 VariableValue: PUNICODE_STRING,
42 ) -> NTSTATUS;
43 fn NtQuerySystemEnvironmentValueEx(
44 VariableName: PUNICODE_STRING,
45 VendorGuid: LPGUID,
46 Value: PVOID,
47 ValueLength: PULONG,
48 Attributes: PULONG,
49 ) -> NTSTATUS;
50 fn NtSetSystemEnvironmentValueEx(
51 VariableName: PUNICODE_STRING,
52 VendorGuid: LPGUID,
53 Value: PVOID,
54 ValueLength: ULONG,
55 Attributes: ULONG,
56 ) -> NTSTATUS;
57 fn NtEnumerateSystemEnvironmentValuesEx(
58 InformationClass: ULONG,
59 Buffer: PVOID,
60 BufferLength: PULONG,
61 ) -> NTSTATUS;
62}}
63STRUCT!{struct BOOT_ENTRY {
64 Version: ULONG,
65 Length: ULONG,
66 Id: ULONG,
67 Attributes: ULONG,
68 FriendlyNameOffset: ULONG,
69 BootFilePathOffset: ULONG,
70 OsOptionsLength: ULONG,
71 OsOptions: [UCHAR; 1],
72}}
73pub type PBOOT_ENTRY = *mut BOOT_ENTRY;
74STRUCT!{struct BOOT_ENTRY_LIST {
75 NextEntryOffset: ULONG,
76 BootEntry: BOOT_ENTRY,
77}}
78pub type PBOOT_ENTRY_LIST = *mut BOOT_ENTRY_LIST;
79STRUCT!{struct BOOT_OPTIONS {
80 Version: ULONG,
81 Length: ULONG,
82 Timeout: ULONG,
83 CurrentBootEntryId: ULONG,
84 NextBootEntryId: ULONG,
85 HeadlessRedirection: [WCHAR; 1],
86}}
87pub type PBOOT_OPTIONS = *mut BOOT_OPTIONS;
88STRUCT!{struct FILE_PATH {
89 Version: ULONG,
90 Length: ULONG,
91 Type: ULONG,
92 FilePath: [UCHAR; 1],
93}}
94pub type PFILE_PATH = *mut FILE_PATH;
95STRUCT!{struct EFI_DRIVER_ENTRY {
96 Version: ULONG,
97 Length: ULONG,
98 Id: ULONG,
99 FriendlyNameOffset: ULONG,
100 DriverFilePathOffset: ULONG,
101}}
102pub type PEFI_DRIVER_ENTRY = *mut EFI_DRIVER_ENTRY;
103STRUCT!{struct EFI_DRIVER_ENTRY_LIST {
104 NextEntryOffset: ULONG,
105 DriverEntry: EFI_DRIVER_ENTRY,
106}}
107pub type PEFI_DRIVER_ENTRY_LIST = *mut EFI_DRIVER_ENTRY_LIST;
108EXTERN!{extern "system" {
109 fn NtAddBootEntry(
110 BootEntry: PBOOT_ENTRY,
111 Id: PULONG,
112 ) -> NTSTATUS;
113 fn NtDeleteBootEntry(
114 Id: ULONG,
115 ) -> NTSTATUS;
116 fn NtModifyBootEntry(
117 BootEntry: PBOOT_ENTRY,
118 ) -> NTSTATUS;
119 fn NtEnumerateBootEntries(
120 Buffer: PVOID,
121 BufferLength: PULONG,
122 ) -> NTSTATUS;
123 fn NtQueryBootEntryOrder(
124 Ids: PULONG,
125 Count: PULONG,
126 ) -> NTSTATUS;
127 fn NtSetBootEntryOrder(
128 Ids: PULONG,
129 Count: ULONG,
130 ) -> NTSTATUS;
131 fn NtQueryBootOptions(
132 BootOptions: PBOOT_OPTIONS,
133 BootOptionsLength: PULONG,
134 ) -> NTSTATUS;
135 fn NtSetBootOptions(
136 BootOptions: PBOOT_OPTIONS,
137 FieldsToChange: ULONG,
138 ) -> NTSTATUS;
139 fn NtTranslateFilePath(
140 InputFilePath: PFILE_PATH,
141 OutputType: ULONG,
142 OutputFilePath: PFILE_PATH,
143 OutputFilePathLength: PULONG,
144 ) -> NTSTATUS;
145 fn NtAddDriverEntry(
146 DriverEntry: PEFI_DRIVER_ENTRY,
147 Id: PULONG,
148 ) -> NTSTATUS;
149 fn NtDeleteDriverEntry(
150 Id: ULONG,
151 ) -> NTSTATUS;
152 fn NtModifyDriverEntry(
153 DriverEntry: PEFI_DRIVER_ENTRY,
154 ) -> NTSTATUS;
155 fn NtEnumerateDriverEntries(
156 Buffer: PVOID,
157 BufferLength: PULONG,
158 ) -> NTSTATUS;
159 fn NtQueryDriverEntryOrder(
160 Ids: PULONG,
161 Count: PULONG,
162 ) -> NTSTATUS;
163 fn NtSetDriverEntryOrder(
164 Ids: PULONG,
165 Count: ULONG,
166 ) -> NTSTATUS;
167}}
168ENUM!{enum FILTER_BOOT_OPTION_OPERATION {
169 FilterBootOptionOperationOpenSystemStore = 0,
170 FilterBootOptionOperationSetElement = 1,
171 FilterBootOptionOperationDeleteElement = 2,
172 FilterBootOptionOperationMax = 3,
173}}
174EXTERN!{extern "system" {
175 fn NtFilterBootOption(
176 FilterOperation: FILTER_BOOT_OPTION_OPERATION,
177 ObjectType: ULONG,
178 ElementType: ULONG,
179 Data: PVOID,
180 DataSize: ULONG,
181 ) -> NTSTATUS;
182}}
183pub const EVENT_QUERY_STATE: u32 = 0x0001;
184ENUM!{enum EVENT_INFORMATION_CLASS {
185 EventBasicInformation = 0,
186}}
187STRUCT!{struct EVENT_BASIC_INFORMATION {
188 EventType: EVENT_TYPE,
189 EventState: LONG,
190}}
191pub type PEVENT_BASIC_INFORMATION = *mut EVENT_BASIC_INFORMATION;
192EXTERN!{extern "system" {
193 fn NtCreateEvent(
194 EventHandle: PHANDLE,
195 DesiredAccess: ACCESS_MASK,
196 ObjectAttributes: POBJECT_ATTRIBUTES,
197 EventType: EVENT_TYPE,
198 InitialState: BOOLEAN,
199 ) -> NTSTATUS;
200 fn NtOpenEvent(
201 EventHandle: PHANDLE,
202 DesiredAccess: ACCESS_MASK,
203 ObjectAttributes: POBJECT_ATTRIBUTES,
204 ) -> NTSTATUS;
205 fn NtSetEvent(
206 EventHandle: HANDLE,
207 PreviousState: PLONG,
208 ) -> NTSTATUS;
209 fn NtSetEventBoostPriority(
210 EventHandle: HANDLE,
211 ) -> NTSTATUS;
212 fn NtClearEvent(
213 EventHandle: HANDLE,
214 ) -> NTSTATUS;
215 fn NtResetEvent(
216 EventHandle: HANDLE,
217 PreviousState: PLONG,
218 ) -> NTSTATUS;
219 fn NtPulseEvent(
220 EventHandle: HANDLE,
221 PreviousState: PLONG,
222 ) -> NTSTATUS;
223 fn NtQueryEvent(
224 EventHandle: HANDLE,
225 EventInformationClass: EVENT_INFORMATION_CLASS,
226 EventInformation: PVOID,
227 EventInformationLength: ULONG,
228 ReturnLength: PULONG,
229 ) -> NTSTATUS;
230}}
231pub const EVENT_PAIR_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE;
232EXTERN!{extern "system" {
233 fn NtCreateEventPair(
234 EventPairHandle: PHANDLE,
235 DesiredAccess: ACCESS_MASK,
236 ObjectAttributes: POBJECT_ATTRIBUTES,
237 ) -> NTSTATUS;
238 fn NtOpenEventPair(
239 EventPairHandle: PHANDLE,
240 DesiredAccess: ACCESS_MASK,
241 ObjectAttributes: POBJECT_ATTRIBUTES,
242 ) -> NTSTATUS;
243 fn NtSetLowEventPair(
244 EventPairHandle: HANDLE,
245 ) -> NTSTATUS;
246 fn NtSetHighEventPair(
247 EventPairHandle: HANDLE,
248 ) -> NTSTATUS;
249 fn NtWaitLowEventPair(
250 EventPairHandle: HANDLE,
251 ) -> NTSTATUS;
252 fn NtWaitHighEventPair(
253 EventPairHandle: HANDLE,
254 ) -> NTSTATUS;
255 fn NtSetLowWaitHighEventPair(
256 EventPairHandle: HANDLE,
257 ) -> NTSTATUS;
258 fn NtSetHighWaitLowEventPair(
259 EventPairHandle: HANDLE,
260 ) -> NTSTATUS;
261}}
262ENUM!{enum MUTANT_INFORMATION_CLASS {
263 MutantBasicInformation = 0,
264 MutantOwnerInformation = 1,
265}}
266STRUCT!{struct MUTANT_BASIC_INFORMATION {
267 CurrentCount: LONG,
268 OwnedByCaller: BOOLEAN,
269 AbandonedState: BOOLEAN,
270}}
271pub type PMUTANT_BASIC_INFORMATION = *mut MUTANT_BASIC_INFORMATION;
272STRUCT!{struct MUTANT_OWNER_INFORMATION {
273 ClientId: CLIENT_ID,
274}}
275pub type PMUTANT_OWNER_INFORMATION = *mut MUTANT_OWNER_INFORMATION;
276EXTERN!{extern "system" {
277 fn NtCreateMutant(
278 MutantHandle: PHANDLE,
279 DesiredAccess: ACCESS_MASK,
280 ObjectAttributes: POBJECT_ATTRIBUTES,
281 InitialOwner: BOOLEAN,
282 ) -> NTSTATUS;
283 fn NtOpenMutant(
284 MutantHandle: PHANDLE,
285 DesiredAccess: ACCESS_MASK,
286 ObjectAttributes: POBJECT_ATTRIBUTES,
287 ) -> NTSTATUS;
288 fn NtReleaseMutant(
289 MutantHandle: HANDLE,
290 PreviousCount: PLONG,
291 ) -> NTSTATUS;
292 fn NtQueryMutant(
293 MutantHandle: HANDLE,
294 MutantInformationClass: MUTANT_INFORMATION_CLASS,
295 MutantInformation: PVOID,
296 MutantInformationLength: ULONG,
297 ReturnLength: PULONG,
298 ) -> NTSTATUS;
299}}
300pub const SEMAPHORE_QUERY_STATE: u32 = 0x0001;
301ENUM!{enum SEMAPHORE_INFORMATION_CLASS {
302 SemaphoreBasicInformation = 0,
303}}
304STRUCT!{struct SEMAPHORE_BASIC_INFORMATION {
305 CurrentCount: LONG,
306 MaximumCount: LONG,
307}}
308pub type PSEMAPHORE_BASIC_INFORMATION = *mut SEMAPHORE_BASIC_INFORMATION;
309EXTERN!{extern "system" {
310 fn NtCreateSemaphore(
311 SemaphoreHandle: PHANDLE,
312 DesiredAccess: ACCESS_MASK,
313 ObjectAttributes: POBJECT_ATTRIBUTES,
314 InitialCount: LONG,
315 MaximumCount: LONG,
316 ) -> NTSTATUS;
317 fn NtOpenSemaphore(
318 SemaphoreHandle: PHANDLE,
319 DesiredAccess: ACCESS_MASK,
320 ObjectAttributes: POBJECT_ATTRIBUTES,
321 ) -> NTSTATUS;
322 fn NtReleaseSemaphore(
323 SemaphoreHandle: HANDLE,
324 ReleaseCount: LONG,
325 PreviousCount: PLONG,
326 ) -> NTSTATUS;
327 fn NtQuerySemaphore(
328 SemaphoreHandle: HANDLE,
329 SemaphoreInformationClass: SEMAPHORE_INFORMATION_CLASS,
330 SemaphoreInformation: PVOID,
331 SemaphoreInformationLength: ULONG,
332 ReturnLength: PULONG,
333 ) -> NTSTATUS;
334}}
335ENUM!{enum TIMER_INFORMATION_CLASS {
336 TimerBasicInformation = 0,
337}}
338STRUCT!{struct TIMER_BASIC_INFORMATION {
339 RemainingTime: LARGE_INTEGER,
340 TimerState: BOOLEAN,
341}}
342pub type PTIMER_BASIC_INFORMATION = *mut TIMER_BASIC_INFORMATION;
343FN!{stdcall PTIMER_APC_ROUTINE(
344 TimerContext: PVOID,
345 TimerLowValue: ULONG,
346 TimerHighValue: LONG,
347) -> ()}
348ENUM!{enum TIMER_SET_INFORMATION_CLASS {
349 TimerSetCoalescableTimer = 0,
350 MaxTimerInfoClass = 1,
351}}
352STRUCT!{struct TIMER_SET_COALESCABLE_TIMER_INFO {
353 DueTime: LARGE_INTEGER,
354 TimerApcRoutine: PTIMER_APC_ROUTINE,
355 TimerContext: PVOID,
356 WakeContext: *mut COUNTED_REASON_CONTEXT,
357 Period: ULONG,
358 TolerableDelay: ULONG,
359 PreviousState: PBOOLEAN,
360}}
361pub type PTIMER_SET_COALESCABLE_TIMER_INFO = *mut TIMER_SET_COALESCABLE_TIMER_INFO;
362EXTERN!{extern "system" {
363 fn NtCreateTimer(
364 TimerHandle: PHANDLE,
365 DesiredAccess: ACCESS_MASK,
366 ObjectAttributes: POBJECT_ATTRIBUTES,
367 TimerType: TIMER_TYPE,
368 ) -> NTSTATUS;
369 fn NtOpenTimer(
370 TimerHandle: PHANDLE,
371 DesiredAccess: ACCESS_MASK,
372 ObjectAttributes: POBJECT_ATTRIBUTES,
373 ) -> NTSTATUS;
374 fn NtSetTimer(
375 TimerHandle: HANDLE,
376 DueTime: PLARGE_INTEGER,
377 TimerApcRoutine: PTIMER_APC_ROUTINE,
378 TimerContext: PVOID,
379 ResumeTimer: BOOLEAN,
380 Period: LONG,
381 PreviousState: PBOOLEAN,
382 ) -> NTSTATUS;
383 fn NtSetTimerEx(
384 TimerHandle: HANDLE,
385 TimerSetInformationClass: TIMER_SET_INFORMATION_CLASS,
386 TimerSetInformation: PVOID,
387 TimerSetInformationLength: ULONG,
388 ) -> NTSTATUS;
389 fn NtCancelTimer(
390 TimerHandle: HANDLE,
391 CurrentState: PBOOLEAN,
392 ) -> NTSTATUS;
393 fn NtQueryTimer(
394 TimerHandle: HANDLE,
395 TimerInformationClass: TIMER_INFORMATION_CLASS,
396 TimerInformation: PVOID,
397 TimerInformationLength: ULONG,
398 ReturnLength: PULONG,
399 ) -> NTSTATUS;
400 fn NtCreateIRTimer(
401 TimerHandle: PHANDLE,
402 DesiredAccess: ACCESS_MASK,
403 ) -> NTSTATUS;
404 fn NtSetIRTimer(
405 TimerHandle: HANDLE,
406 DueTime: PLARGE_INTEGER,
407 ) -> NTSTATUS;
408}}
409STRUCT!{struct T2_SET_PARAMETERS {
410 Version: ULONG,
411 Reserved: ULONG,
412 NoWakeTolerance: LONGLONG,
413}}
414pub type PT2_SET_PARAMETERS = *mut T2_SET_PARAMETERS;
415pub type PT2_CANCEL_PARAMETERS = PVOID;
416EXTERN!{extern "system" {
417 fn NtCreateTimer2(
418 TimerHandle: PHANDLE,
419 Reserved1: PVOID,
420 Reserved2: PVOID,
421 Attributes: ULONG,
422 DesiredAccess: ACCESS_MASK,
423 ) -> NTSTATUS;
424 fn NtSetTimer2(
425 TimerHandle: HANDLE,
426 DueTime: PLARGE_INTEGER,
427 Period: PLARGE_INTEGER,
428 Parameters: PT2_SET_PARAMETERS,
429 ) -> NTSTATUS;
430 fn NtCancelTimer2(
431 TimerHandle: HANDLE,
432 Parameters: PT2_CANCEL_PARAMETERS,
433 ) -> NTSTATUS;
434}}
435pub const PROFILE_CONTROL: u32 = 0x0001;
436pub const PROFILE_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | PROFILE_CONTROL;
437EXTERN!{extern "system" {
438 fn NtCreateProfile(
439 ProfileHandle: PHANDLE,
440 Process: HANDLE,
441 ProfileBase: PVOID,
442 ProfileSize: SIZE_T,
443 BucketSize: ULONG,
444 Buffer: PULONG,
445 BufferSize: ULONG,
446 ProfileSource: KPROFILE_SOURCE,
447 Affinity: KAFFINITY,
448 ) -> NTSTATUS;
449 fn NtCreateProfileEx(
450 ProfileHandle: PHANDLE,
451 Process: HANDLE,
452 ProfileBase: PVOID,
453 ProfileSize: SIZE_T,
454 BucketSize: ULONG,
455 Buffer: PULONG,
456 BufferSize: ULONG,
457 ProfileSource: KPROFILE_SOURCE,
458 GroupCount: USHORT,
459 GroupAffinity: PGROUP_AFFINITY,
460 ) -> NTSTATUS;
461 fn NtStartProfile(
462 ProfileHandle: HANDLE,
463 ) -> NTSTATUS;
464 fn NtStopProfile(
465 ProfileHandle: HANDLE,
466 ) -> NTSTATUS;
467 fn NtQueryIntervalProfile(
468 ProfileSource: KPROFILE_SOURCE,
469 Interval: PULONG,
470 ) -> NTSTATUS;
471 fn NtSetIntervalProfile(
472 Interval: ULONG,
473 Source: KPROFILE_SOURCE,
474 ) -> NTSTATUS;
475}}
476pub const KEYEDEVENT_WAIT: ULONG = 0x0001;
477pub const KEYEDEVENT_WAKE: ULONG = 0x0002;
478pub const KEYEDEVENT_ALL_ACCESS: ACCESS_MASK =
479 STANDARD_RIGHTS_REQUIRED | KEYEDEVENT_WAIT | KEYEDEVENT_WAKE;
480EXTERN!{extern "system" {
481 fn NtCreateKeyedEvent(
482 KeyedEventHandle: PHANDLE,
483 DesiredAccess: ACCESS_MASK,
484 ObjectAttributes: POBJECT_ATTRIBUTES,
485 Flags: ULONG,
486 ) -> NTSTATUS;
487 fn NtOpenKeyedEvent(
488 KeyedEventHandle: PHANDLE,
489 DesiredAccess: ACCESS_MASK,
490 ObjectAttributes: POBJECT_ATTRIBUTES,
491 ) -> NTSTATUS;
492 fn NtReleaseKeyedEvent(
493 KeyedEventHandle: HANDLE,
494 KeyValue: PVOID,
495 Alertable: BOOLEAN,
496 Timeout: PLARGE_INTEGER,
497 ) -> NTSTATUS;
498 fn NtWaitForKeyedEvent(
499 KeyedEventHandle: HANDLE,
500 KeyValue: PVOID,
501 Alertable: BOOLEAN,
502 Timeout: PLARGE_INTEGER,
503 ) -> NTSTATUS;
504 fn NtUmsThreadYield(
505 SchedulerParam: PVOID,
506 ) -> NTSTATUS;
507}}
508ENUM!{enum WNF_STATE_NAME_LIFETIME {
509 WnfWellKnownStateName = 0,
510 WnfPermanentStateName = 1,
511 WnfPersistentStateName = 2,
512 WnfTemporaryStateName = 3,
513}}
514ENUM!{enum WNF_STATE_NAME_INFORMATION {
515 WnfInfoStateNameExist = 0,
516 WnfInfoSubscribersPresent = 1,
517 WnfInfoIsQuiescent = 2,
518}}
519ENUM!{enum WNF_DATA_SCOPE {
520 WnfDataScopeSystem = 0,
521 WnfDataScopeSession = 1,
522 WnfDataScopeUser = 2,
523 WnfDataScopeProcess = 3,
524 WnfDataScopeMachine = 4,
525}}
526STRUCT!{struct WNF_TYPE_ID {
527 TypeId: GUID,
528}}
529pub type PWNF_TYPE_ID = *mut WNF_TYPE_ID;
530pub type PCWNF_TYPE_ID = *const WNF_TYPE_ID;
531pub type PWNF_CHANGE_STAMP = *mut ULONG;
532pub type WNF_CHANGE_STAMP = ULONG;
533STRUCT!{struct WNF_DELIVERY_DESCRIPTOR {
534 SubscriptionId: ULONGLONG,
535 StateName: WNF_STATE_NAME,
536 ChangeStamp: WNF_CHANGE_STAMP,
537 StateDataSize: ULONG,
538 EventMask: ULONG,
539 TypeId: WNF_TYPE_ID,
540 StateDataOffset: ULONG,
541}}
542pub type PWNF_DELIVERY_DESCRIPTOR = *mut WNF_DELIVERY_DESCRIPTOR;
543EXTERN!{extern "system" {
544 fn NtCreateWnfStateName(
545 StateName: PWNF_STATE_NAME,
546 NameLifetime: WNF_STATE_NAME_LIFETIME,
547 DataScope: WNF_DATA_SCOPE,
548 PersistData: BOOLEAN,
549 TypeId: PCWNF_TYPE_ID,
550 MaximumStateSize: ULONG,
551 SecurityDescriptor: PSECURITY_DESCRIPTOR,
552 ) -> NTSTATUS;
553 fn NtDeleteWnfStateName(
554 StateName: PCWNF_STATE_NAME,
555 ) -> NTSTATUS;
556 fn NtUpdateWnfStateData(
557 StateName: PCWNF_STATE_NAME,
558 Buffer: *const VOID,
559 Length: ULONG,
560 TypeId: PCWNF_TYPE_ID,
561 ExplicitScope: *const VOID,
562 MatchingChangeStamp: WNF_CHANGE_STAMP,
563 CheckStamp: LOGICAL,
564 ) -> NTSTATUS;
565 fn NtDeleteWnfStateData(
566 StateName: PCWNF_STATE_NAME,
567 ExplicitScope: *const VOID,
568 ) -> NTSTATUS;
569 fn NtQueryWnfStateData(
570 StateName: PCWNF_STATE_NAME,
571 TypeId: PCWNF_TYPE_ID,
572 ExplicitScope: *const VOID,
573 ChangeStamp: PWNF_CHANGE_STAMP,
574 Buffer: PVOID,
575 BufferSize: PULONG,
576 ) -> NTSTATUS;
577 fn NtQueryWnfStateNameInformation(
578 StateName: PCWNF_STATE_NAME,
579 NameInfoClass: WNF_STATE_NAME_INFORMATION,
580 ExplicitScope: *const VOID,
581 InfoBuffer: PVOID,
582 InfoBufferSize: ULONG,
583 ) -> NTSTATUS;
584 fn NtSubscribeWnfStateChange(
585 StateName: PCWNF_STATE_NAME,
586 ChangeStamp: WNF_CHANGE_STAMP,
587 EventMask: ULONG,
588 SubscriptionId: PULONG64,
589 ) -> NTSTATUS;
590 fn NtUnsubscribeWnfStateChange(
591 StateName: PCWNF_STATE_NAME,
592 ) -> NTSTATUS;
593 fn NtGetCompleteWnfStateSubscription(
594 OldDescriptorStateName: PWNF_STATE_NAME,
595 OldSubscriptionId: *mut ULONG64,
596 OldDescriptorEventMask: ULONG,
597 OldDescriptorStatus: ULONG,
598 NewDeliveryDescriptor: PWNF_DELIVERY_DESCRIPTOR,
599 DescriptorSize: ULONG,
600 ) -> NTSTATUS;
601 fn NtSetWnfProcessNotificationEvent(
602 NotificationEvent: HANDLE,
603 ) -> NTSTATUS;
604}}
605pub const WORKER_FACTORY_RELEASE_WORKER: u32 = 0x0001;
606pub const WORKER_FACTORY_WAIT: u32 = 0x0002;
607pub const WORKER_FACTORY_SET_INFORMATION: u32 = 0x0004;
608pub const WORKER_FACTORY_QUERY_INFORMATION: u32 = 0x0008;
609pub const WORKER_FACTORY_READY_WORKER: u32 = 0x0010;
610pub const WORKER_FACTORY_SHUTDOWN: u32 = 0x0020;
611pub const WORKER_FACTORY_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED
612 | WORKER_FACTORY_RELEASE_WORKER | WORKER_FACTORY_WAIT | WORKER_FACTORY_SET_INFORMATION
613 | WORKER_FACTORY_QUERY_INFORMATION | WORKER_FACTORY_READY_WORKER | WORKER_FACTORY_SHUTDOWN;
614ENUM!{enum WORKERFACTORYINFOCLASS {
615 WorkerFactoryTimeout = 0,
616 WorkerFactoryRetryTimeout = 1,
617 WorkerFactoryIdleTimeout = 2,
618 WorkerFactoryBindingCount = 3,
619 WorkerFactoryThreadMinimum = 4,
620 WorkerFactoryThreadMaximum = 5,
621 WorkerFactoryPaused = 6,
622 WorkerFactoryBasicInformation = 7,
623 WorkerFactoryAdjustThreadGoal = 8,
624 WorkerFactoryCallbackType = 9,
625 WorkerFactoryStackInformation = 10,
626 WorkerFactoryThreadBasePriority = 11,
627 WorkerFactoryTimeoutWaiters = 12,
628 WorkerFactoryFlags = 13,
629 WorkerFactoryThreadSoftMaximum = 14,
630 MaxWorkerFactoryInfoClass = 15,
631}}
632pub type PWORKERFACTORYINFOCLASS = *mut WORKERFACTORYINFOCLASS;
633STRUCT!{struct WORKER_FACTORY_BASIC_INFORMATION {
634 Timeout: LARGE_INTEGER,
635 RetryTimeout: LARGE_INTEGER,
636 IdleTimeout: LARGE_INTEGER,
637 Paused: BOOLEAN,
638 TimerSet: BOOLEAN,
639 QueuedToExWorker: BOOLEAN,
640 MayCreate: BOOLEAN,
641 CreateInProgress: BOOLEAN,
642 InsertedIntoQueue: BOOLEAN,
643 Shutdown: BOOLEAN,
644 BindingCount: ULONG,
645 ThreadMinimum: ULONG,
646 ThreadMaximum: ULONG,
647 PendingWorkerCount: ULONG,
648 WaitingWorkerCount: ULONG,
649 TotalWorkerCount: ULONG,
650 ReleaseCount: ULONG,
651 InfiniteWaitGoal: LONGLONG,
652 StartRoutine: PVOID,
653 StartParameter: PVOID,
654 ProcessId: HANDLE,
655 StackReserve: SIZE_T,
656 StackCommit: SIZE_T,
657 LastThreadCreationStatus: NTSTATUS,
658}}
659pub type PWORKER_FACTORY_BASIC_INFORMATION = *mut WORKER_FACTORY_BASIC_INFORMATION;
660EXTERN!{extern "system" {
661 fn NtCreateWorkerFactory(
662 WorkerFactoryHandleReturn: PHANDLE,
663 DesiredAccess: ACCESS_MASK,
664 ObjectAttributes: POBJECT_ATTRIBUTES,
665 CompletionPortHandle: HANDLE,
666 WorkerProcessHandle: HANDLE,
667 StartRoutine: PVOID,
668 StartParameter: PVOID,
669 MaxThreadCount: ULONG,
670 StackReserve: SIZE_T,
671 StackCommit: SIZE_T,
672 ) -> NTSTATUS;
673 fn NtQueryInformationWorkerFactory(
674 WorkerFactoryHandle: HANDLE,
675 WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS,
676 WorkerFactoryInformation: PVOID,
677 WorkerFactoryInformationLength: ULONG,
678 ReturnLength: PULONG,
679 ) -> NTSTATUS;
680 fn NtSetInformationWorkerFactory(
681 WorkerFactoryHandle: HANDLE,
682 WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS,
683 WorkerFactoryInformation: PVOID,
684 WorkerFactoryInformationLength: ULONG,
685 ) -> NTSTATUS;
686 fn NtShutdownWorkerFactory(
687 WorkerFactoryHandle: HANDLE,
688 PendingWorkerCount: *mut LONG,
689 ) -> NTSTATUS;
690 fn NtReleaseWorkerFactoryWorker(
691 WorkerFactoryHandle: HANDLE,
692 ) -> NTSTATUS;
693 fn NtWorkerFactoryWorkerReady(
694 WorkerFactoryHandle: HANDLE,
695 ) -> NTSTATUS;
696 fn NtWaitForWorkViaWorkerFactory(
697 WorkerFactoryHandle: HANDLE,
698 MiniPacket: *mut FILE_IO_COMPLETION_INFORMATION,
699 ) -> NTSTATUS;
700 fn NtQuerySystemTime(
701 SystemTime: PLARGE_INTEGER,
702 ) -> NTSTATUS;
703 fn NtSetSystemTime(
704 SystemTime: PLARGE_INTEGER,
705 PreviousTime: PLARGE_INTEGER,
706 ) -> NTSTATUS;
707 fn NtQueryTimerResolution(
708 MaximumTime: PULONG,
709 MinimumTime: PULONG,
710 CurrentTime: PULONG,
711 ) -> NTSTATUS;
712 fn NtSetTimerResolution(
713 DesiredTime: ULONG,
714 SetResolution: BOOLEAN,
715 ActualTime: PULONG,
716 ) -> NTSTATUS;
717 fn NtQueryPerformanceCounter(
718 PerformanceCounter: PLARGE_INTEGER,
719 PerformanceFrequency: PLARGE_INTEGER,
720 ) -> NTSTATUS;
721 fn NtAllocateLocallyUniqueId(
722 Luid: PLUID,
723 ) -> NTSTATUS;
724 fn NtSetUuidSeed(
725 Seed: PCHAR,
726 ) -> NTSTATUS;
727 fn NtAllocateUuids(
728 Time: PULARGE_INTEGER,
729 Range: PULONG,
730 Sequence: PULONG,
731 Seed: PCHAR,
732 ) -> NTSTATUS;
733}}
734ENUM!{enum SYSTEM_INFORMATION_CLASS {
735 SystemBasicInformation = 0,
736 SystemProcessorInformation = 1,
737 SystemPerformanceInformation = 2,
738 SystemTimeOfDayInformation = 3,
739 SystemPathInformation = 4,
740 SystemProcessInformation = 5,
741 SystemCallCountInformation = 6,
742 SystemDeviceInformation = 7,
743 SystemProcessorPerformanceInformation = 8,
744 SystemFlagsInformation = 9,
745 SystemCallTimeInformation = 10,
746 SystemModuleInformation = 11,
747 SystemLocksInformation = 12,
748 SystemStackTraceInformation = 13,
749 SystemPagedPoolInformation = 14,
750 SystemNonPagedPoolInformation = 15,
751 SystemHandleInformation = 16,
752 SystemObjectInformation = 17,
753 SystemPageFileInformation = 18,
754 SystemVdmInstemulInformation = 19,
755 SystemVdmBopInformation = 20,
756 SystemFileCacheInformation = 21,
757 SystemPoolTagInformation = 22,
758 SystemInterruptInformation = 23,
759 SystemDpcBehaviorInformation = 24,
760 SystemFullMemoryInformation = 25,
761 SystemLoadGdiDriverInformation = 26,
762 SystemUnloadGdiDriverInformation = 27,
763 SystemTimeAdjustmentInformation = 28,
764 SystemSummaryMemoryInformation = 29,
765 SystemMirrorMemoryInformation = 30,
766 SystemPerformanceTraceInformation = 31,
767 SystemObsolete0 = 32,
768 SystemExceptionInformation = 33,
769 SystemCrashDumpStateInformation = 34,
770 SystemKernelDebuggerInformation = 35,
771 SystemContextSwitchInformation = 36,
772 SystemRegistryQuotaInformation = 37,
773 SystemExtendServiceTableInformation = 38,
774 SystemPrioritySeperation = 39,
775 SystemVerifierAddDriverInformation = 40,
776 SystemVerifierRemoveDriverInformation = 41,
777 SystemProcessorIdleInformation = 42,
778 SystemLegacyDriverInformation = 43,
779 SystemCurrentTimeZoneInformation = 44,
780 SystemLookasideInformation = 45,
781 SystemTimeSlipNotification = 46,
782 SystemSessionCreate = 47,
783 SystemSessionDetach = 48,
784 SystemSessionInformation = 49,
785 SystemRangeStartInformation = 50,
786 SystemVerifierInformation = 51,
787 SystemVerifierThunkExtend = 52,
788 SystemSessionProcessInformation = 53,
789 SystemLoadGdiDriverInSystemSpace = 54,
790 SystemNumaProcessorMap = 55,
791 SystemPrefetcherInformation = 56,
792 SystemExtendedProcessInformation = 57,
793 SystemRecommendedSharedDataAlignment = 58,
794 SystemComPlusPackage = 59,
795 SystemNumaAvailableMemory = 60,
796 SystemProcessorPowerInformation = 61,
797 SystemEmulationBasicInformation = 62,
798 SystemEmulationProcessorInformation = 63,
799 SystemExtendedHandleInformation = 64,
800 SystemLostDelayedWriteInformation = 65,
801 SystemBigPoolInformation = 66,
802 SystemSessionPoolTagInformation = 67,
803 SystemSessionMappedViewInformation = 68,
804 SystemHotpatchInformation = 69,
805 SystemObjectSecurityMode = 70,
806 SystemWatchdogTimerHandler = 71,
807 SystemWatchdogTimerInformation = 72,
808 SystemLogicalProcessorInformation = 73,
809 SystemWow64SharedInformationObsolete = 74,
810 SystemRegisterFirmwareTableInformationHandler = 75,
811 SystemFirmwareTableInformation = 76,
812 SystemModuleInformationEx = 77,
813 SystemVerifierTriageInformation = 78,
814 SystemSuperfetchInformation = 79,
815 SystemMemoryListInformation = 80,
816 SystemFileCacheInformationEx = 81,
817 SystemThreadPriorityClientIdInformation = 82,
818 SystemProcessorIdleCycleTimeInformation = 83,
819 SystemVerifierCancellationInformation = 84,
820 SystemProcessorPowerInformationEx = 85,
821 SystemRefTraceInformation = 86,
822 SystemSpecialPoolInformation = 87,
823 SystemProcessIdInformation = 88,
824 SystemErrorPortInformation = 89,
825 SystemBootEnvironmentInformation = 90,
826 SystemHypervisorInformation = 91,
827 SystemVerifierInformationEx = 92,
828 SystemTimeZoneInformation = 93,
829 SystemImageFileExecutionOptionsInformation = 94,
830 SystemCoverageInformation = 95,
831 SystemPrefetchPatchInformation = 96,
832 SystemVerifierFaultsInformation = 97,
833 SystemSystemPartitionInformation = 98,
834 SystemSystemDiskInformation = 99,
835 SystemProcessorPerformanceDistribution = 100,
836 SystemNumaProximityNodeInformation = 101,
837 SystemDynamicTimeZoneInformation = 102,
838 SystemCodeIntegrityInformation = 103,
839 SystemProcessorMicrocodeUpdateInformation = 104,
840 SystemProcessorBrandString = 105,
841 SystemVirtualAddressInformation = 106,
842 SystemLogicalProcessorAndGroupInformation = 107,
843 SystemProcessorCycleTimeInformation = 108,
844 SystemStoreInformation = 109,
845 SystemRegistryAppendString = 110,
846 SystemAitSamplingValue = 111,
847 SystemVhdBootInformation = 112,
848 SystemCpuQuotaInformation = 113,
849 SystemNativeBasicInformation = 114,
850 SystemSpare1 = 115,
851 SystemLowPriorityIoInformation = 116,
852 SystemTpmBootEntropyInformation = 117,
853 SystemVerifierCountersInformation = 118,
854 SystemPagedPoolInformationEx = 119,
855 SystemSystemPtesInformationEx = 120,
856 SystemNodeDistanceInformation = 121,
857 SystemAcpiAuditInformation = 122,
858 SystemBasicPerformanceInformation = 123,
859 SystemQueryPerformanceCounterInformation = 124,
860 SystemSessionBigPoolInformation = 125,
861 SystemBootGraphicsInformation = 126,
862 SystemScrubPhysicalMemoryInformation = 127,
863 SystemBadPageInformation = 128,
864 SystemProcessorProfileControlArea = 129,
865 SystemCombinePhysicalMemoryInformation = 130,
866 SystemEntropyInterruptTimingCallback = 131,
867 SystemConsoleInformation = 132,
868 SystemPlatformBinaryInformation = 133,
869 SystemThrottleNotificationInformation = 134,
870 SystemHypervisorProcessorCountInformation = 135,
871 SystemDeviceDataInformation = 136,
872 SystemDeviceDataEnumerationInformation = 137,
873 SystemMemoryTopologyInformation = 138,
874 SystemMemoryChannelInformation = 139,
875 SystemBootLogoInformation = 140,
876 SystemProcessorPerformanceInformationEx = 141,
877 SystemSpare0 = 142,
878 SystemSecureBootPolicyInformation = 143,
879 SystemPageFileInformationEx = 144,
880 SystemSecureBootInformation = 145,
881 SystemEntropyInterruptTimingRawInformation = 146,
882 SystemPortableWorkspaceEfiLauncherInformation = 147,
883 SystemFullProcessInformation = 148,
884 SystemKernelDebuggerInformationEx = 149,
885 SystemBootMetadataInformation = 150,
886 SystemSoftRebootInformation = 151,
887 SystemElamCertificateInformation = 152,
888 SystemOfflineDumpConfigInformation = 153,
889 SystemProcessorFeaturesInformation = 154,
890 SystemRegistryReconciliationInformation = 155,
891 SystemEdidInformation = 156,
892 SystemManufacturingInformation = 157,
893 SystemEnergyEstimationConfigInformation = 158,
894 SystemHypervisorDetailInformation = 159,
895 SystemProcessorCycleStatsInformation = 160,
896 SystemVmGenerationCountInformation = 161,
897 SystemTrustedPlatformModuleInformation = 162,
898 SystemKernelDebuggerFlags = 163,
899 SystemCodeIntegrityPolicyInformation = 164,
900 SystemIsolatedUserModeInformation = 165,
901 SystemHardwareSecurityTestInterfaceResultsInformation = 166,
902 SystemSingleModuleInformation = 167,
903 SystemAllowedCpuSetsInformation = 168,
904 SystemVsmProtectionInformation = 169,
905 SystemInterruptCpuSetsInformation = 170,
906 SystemSecureBootPolicyFullInformation = 171,
907 SystemCodeIntegrityPolicyFullInformation = 172,
908 SystemAffinitizedInterruptProcessorInformation = 173,
909 SystemRootSiloInformation = 174,
910 SystemCpuSetInformation = 175,
911 SystemCpuSetTagInformation = 176,
912 SystemWin32WerStartCallout = 177,
913 SystemSecureKernelProfileInformation = 178,
914 SystemCodeIntegrityPlatformManifestInformation = 179,
915 SystemInterruptSteeringInformation = 180,
916 SystemSupportedProcessorArchitectures = 181,
917 SystemMemoryUsageInformation = 182,
918 SystemCodeIntegrityCertificateInformation = 183,
919 SystemPhysicalMemoryInformation = 184,
920 SystemControlFlowTransition = 185,
921 SystemKernelDebuggingAllowed = 186,
922 SystemActivityModerationExeState = 187,
923 SystemActivityModerationUserSettings = 188,
924 SystemCodeIntegrityPoliciesFullInformation = 189,
925 SystemCodeIntegrityUnlockInformation = 190,
926 SystemIntegrityQuotaInformation = 191,
927 SystemFlushInformation = 192,
928 SystemProcessorIdleMaskInformation = 193,
929 SystemSecureDumpEncryptionInformation = 194,
930 SystemWriteConstraintInformation = 195,
931 SystemKernelVaShadowInformation = 196,
932 SystemHypervisorSharedPageInformation = 197,
933 SystemFirmwareBootPerformanceInformation = 198,
934 SystemCodeIntegrityVerificationInformation = 199,
935 SystemFirmwarePartitionInformation = 200,
936 SystemSpeculationControlInformation = 201,
937 SystemDmaGuardPolicyInformation = 202,
938 SystemEnclaveLaunchControlInformation = 203,
939 SystemWorkloadAllowedCpuSetsInformation = 204,
940 SystemCodeIntegrityUnlockModeInformation = 205,
941 SystemLeapSecondInformation = 206,
942 SystemFlags2Information = 207,
943 MaxSystemInfoClass = 208,
944}}
945STRUCT!{struct SYSTEM_BASIC_INFORMATION {
946 Reserved: ULONG,
947 TimerResolution: ULONG,
948 PageSize: ULONG,
949 NumberOfPhysicalPages: ULONG,
950 LowestPhysicalPageNumber: ULONG,
951 HighestPhysicalPageNumber: ULONG,
952 AllocationGranularity: ULONG,
953 MinimumUserModeAddress: ULONG_PTR,
954 MaximumUserModeAddress: ULONG_PTR,
955 ActiveProcessorsAffinityMask: ULONG_PTR,
956 NumberOfProcessors: CCHAR,
957}}
958pub type PSYSTEM_BASIC_INFORMATION = *mut SYSTEM_BASIC_INFORMATION;
959STRUCT!{struct SYSTEM_PROCESSOR_INFORMATION {
960 ProcessorArchitecture: USHORT,
961 ProcessorLevel: USHORT,
962 ProcessorRevision: USHORT,
963 MaximumProcessors: USHORT,
964 ProcessorFeatureBits: ULONG,
965}}
966pub type PSYSTEM_PROCESSOR_INFORMATION = *mut SYSTEM_PROCESSOR_INFORMATION;
967STRUCT!{struct SYSTEM_PERFORMANCE_INFORMATION {
968 IdleProcessTime: LARGE_INTEGER,
969 IoReadTransferCount: LARGE_INTEGER,
970 IoWriteTransferCount: LARGE_INTEGER,
971 IoOtherTransferCount: LARGE_INTEGER,
972 IoReadOperationCount: ULONG,
973 IoWriteOperationCount: ULONG,
974 IoOtherOperationCount: ULONG,
975 AvailablePages: ULONG,
976 CommittedPages: ULONG,
977 CommitLimit: ULONG,
978 PeakCommitment: ULONG,
979 PageFaultCount: ULONG,
980 CopyOnWriteCount: ULONG,
981 TransitionCount: ULONG,
982 CacheTransitionCount: ULONG,
983 DemandZeroCount: ULONG,
984 PageReadCount: ULONG,
985 PageReadIoCount: ULONG,
986 CacheReadCount: ULONG,
987 CacheIoCount: ULONG,
988 DirtyPagesWriteCount: ULONG,
989 DirtyWriteIoCount: ULONG,
990 MappedPagesWriteCount: ULONG,
991 MappedWriteIoCount: ULONG,
992 PagedPoolPages: ULONG,
993 NonPagedPoolPages: ULONG,
994 PagedPoolAllocs: ULONG,
995 PagedPoolFrees: ULONG,
996 NonPagedPoolAllocs: ULONG,
997 NonPagedPoolFrees: ULONG,
998 FreeSystemPtes: ULONG,
999 ResidentSystemCodePage: ULONG,
1000 TotalSystemDriverPages: ULONG,
1001 TotalSystemCodePages: ULONG,
1002 NonPagedPoolLookasideHits: ULONG,
1003 PagedPoolLookasideHits: ULONG,
1004 AvailablePagedPoolPages: ULONG,
1005 ResidentSystemCachePage: ULONG,
1006 ResidentPagedPoolPage: ULONG,
1007 ResidentSystemDriverPage: ULONG,
1008 CcFastReadNoWait: ULONG,
1009 CcFastReadWait: ULONG,
1010 CcFastReadResourceMiss: ULONG,
1011 CcFastReadNotPossible: ULONG,
1012 CcFastMdlReadNoWait: ULONG,
1013 CcFastMdlReadWait: ULONG,
1014 CcFastMdlReadResourceMiss: ULONG,
1015 CcFastMdlReadNotPossible: ULONG,
1016 CcMapDataNoWait: ULONG,
1017 CcMapDataWait: ULONG,
1018 CcMapDataNoWaitMiss: ULONG,
1019 CcMapDataWaitMiss: ULONG,
1020 CcPinMappedDataCount: ULONG,
1021 CcPinReadNoWait: ULONG,
1022 CcPinReadWait: ULONG,
1023 CcPinReadNoWaitMiss: ULONG,
1024 CcPinReadWaitMiss: ULONG,
1025 CcCopyReadNoWait: ULONG,
1026 CcCopyReadWait: ULONG,
1027 CcCopyReadNoWaitMiss: ULONG,
1028 CcCopyReadWaitMiss: ULONG,
1029 CcMdlReadNoWait: ULONG,
1030 CcMdlReadWait: ULONG,
1031 CcMdlReadNoWaitMiss: ULONG,
1032 CcMdlReadWaitMiss: ULONG,
1033 CcReadAheadIos: ULONG,
1034 CcLazyWriteIos: ULONG,
1035 CcLazyWritePages: ULONG,
1036 CcDataFlushes: ULONG,
1037 CcDataPages: ULONG,
1038 ContextSwitches: ULONG,
1039 FirstLevelTbFills: ULONG,
1040 SecondLevelTbFills: ULONG,
1041 SystemCalls: ULONG,
1042 CcTotalDirtyPages: ULONGLONG,
1043 CcDirtyPageThreshold: ULONGLONG,
1044 ResidentAvailablePages: LONGLONG,
1045 SharedCommittedPages: ULONGLONG,
1046}}
1047pub type PSYSTEM_PERFORMANCE_INFORMATION = *mut SYSTEM_PERFORMANCE_INFORMATION;
1048STRUCT!{struct SYSTEM_TIMEOFDAY_INFORMATION {
1049 BootTime: LARGE_INTEGER,
1050 CurrentTime: LARGE_INTEGER,
1051 TimeZoneBias: LARGE_INTEGER,
1052 TimeZoneId: ULONG,
1053 Reserved: ULONG,
1054 BootTimeBias: ULONGLONG,
1055 SleepTimeBias: ULONGLONG,
1056}}
1057pub type PSYSTEM_TIMEOFDAY_INFORMATION = *mut SYSTEM_TIMEOFDAY_INFORMATION;
1058STRUCT!{struct SYSTEM_THREAD_INFORMATION {
1059 KernelTime: LARGE_INTEGER,
1060 UserTime: LARGE_INTEGER,
1061 CreateTime: LARGE_INTEGER,
1062 WaitTime: ULONG,
1063 StartAddress: PVOID,
1064 ClientId: CLIENT_ID,
1065 Priority: KPRIORITY,
1066 BasePriority: LONG,
1067 ContextSwitches: ULONG,
1068 ThreadState: KTHREAD_STATE,
1069 WaitReason: KWAIT_REASON,
1070}}
1071pub type PSYSTEM_THREAD_INFORMATION = *mut SYSTEM_THREAD_INFORMATION;
1072STRUCT!{struct SYSTEM_EXTENDED_THREAD_INFORMATION {
1073 ThreadInfo: SYSTEM_THREAD_INFORMATION,
1074 StackBase: PVOID,
1075 StackLimit: PVOID,
1076 Win32StartAddress: PVOID,
1077 TebBase: PTEB,
1078 Reserved2: ULONG_PTR,
1079 Reserved3: ULONG_PTR,
1080 Reserved4: ULONG_PTR,
1081}}
1082pub type PSYSTEM_EXTENDED_THREAD_INFORMATION = *mut SYSTEM_EXTENDED_THREAD_INFORMATION;
1083STRUCT!{struct SYSTEM_PROCESS_INFORMATION {
1084 NextEntryOffset: ULONG,
1085 NumberOfThreads: ULONG,
1086 WorkingSetPrivateSize: LARGE_INTEGER,
1087 HardFaultCount: ULONG,
1088 NumberOfThreadsHighWatermark: ULONG,
1089 CycleTime: ULONGLONG,
1090 CreateTime: LARGE_INTEGER,
1091 UserTime: LARGE_INTEGER,
1092 KernelTime: LARGE_INTEGER,
1093 ImageName: UNICODE_STRING,
1094 BasePriority: KPRIORITY,
1095 UniqueProcessId: HANDLE,
1096 InheritedFromUniqueProcessId: HANDLE,
1097 HandleCount: ULONG,
1098 SessionId: ULONG,
1099 UniqueProcessKey: ULONG_PTR,
1100 PeakVirtualSize: SIZE_T,
1101 VirtualSize: SIZE_T,
1102 PageFaultCount: ULONG,
1103 PeakWorkingSetSize: SIZE_T,
1104 WorkingSetSize: SIZE_T,
1105 QuotaPeakPagedPoolUsage: SIZE_T,
1106 QuotaPagedPoolUsage: SIZE_T,
1107 QuotaPeakNonPagedPoolUsage: SIZE_T,
1108 QuotaNonPagedPoolUsage: SIZE_T,
1109 PagefileUsage: SIZE_T,
1110 PeakPagefileUsage: SIZE_T,
1111 PrivatePageCount: SIZE_T,
1112 ReadOperationCount: LARGE_INTEGER,
1113 WriteOperationCount: LARGE_INTEGER,
1114 OtherOperationCount: LARGE_INTEGER,
1115 ReadTransferCount: LARGE_INTEGER,
1116 WriteTransferCount: LARGE_INTEGER,
1117 OtherTransferCount: LARGE_INTEGER,
1118 Threads: [SYSTEM_THREAD_INFORMATION; 1],
1119}}
1120pub type PSYSTEM_PROCESS_INFORMATION = *mut SYSTEM_PROCESS_INFORMATION;
1121STRUCT!{struct SYSTEM_CALL_COUNT_INFORMATION {
1122 Length: ULONG,
1123 NumberOfTables: ULONG,
1124}}
1125pub type PSYSTEM_CALL_COUNT_INFORMATION = *mut SYSTEM_CALL_COUNT_INFORMATION;
1126STRUCT!{struct SYSTEM_DEVICE_INFORMATION {
1127 NumberOfDisks: ULONG,
1128 NumberOfFloppies: ULONG,
1129 NumberOfCdRoms: ULONG,
1130 NumberOfTapes: ULONG,
1131 NumberOfSerialPorts: ULONG,
1132 NumberOfParallelPorts: ULONG,
1133}}
1134pub type PSYSTEM_DEVICE_INFORMATION = *mut SYSTEM_DEVICE_INFORMATION;
1135STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION {
1136 IdleTime: LARGE_INTEGER,
1137 KernelTime: LARGE_INTEGER,
1138 UserTime: LARGE_INTEGER,
1139 DpcTime: LARGE_INTEGER,
1140 InterruptTime: LARGE_INTEGER,
1141 InterruptCount: ULONG,
1142}}
1143pub type PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION = *mut SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION;
1144STRUCT!{struct SYSTEM_FLAGS_INFORMATION {
1145 Flags: ULONG,
1146}}
1147pub type PSYSTEM_FLAGS_INFORMATION = *mut SYSTEM_FLAGS_INFORMATION;
1148STRUCT!{struct SYSTEM_CALL_TIME_INFORMATION {
1149 Length: ULONG,
1150 TotalCalls: ULONG,
1151 TimeOfCalls: [LARGE_INTEGER; 1],
1152}}
1153pub type PSYSTEM_CALL_TIME_INFORMATION = *mut SYSTEM_CALL_TIME_INFORMATION;
1154STRUCT!{struct RTL_PROCESS_LOCK_INFORMATION {
1155 Address: PVOID,
1156 Type: USHORT,
1157 CreatorBackTraceIndex: USHORT,
1158 OwningThread: HANDLE,
1159 LockCount: LONG,
1160 ContentionCount: ULONG,
1161 EntryCount: ULONG,
1162 RecursionCount: LONG,
1163 NumberOfWaitingShared: ULONG,
1164 NumberOfWaitingExclusive: ULONG,
1165}}
1166pub type PRTL_PROCESS_LOCK_INFORMATION = *mut RTL_PROCESS_LOCK_INFORMATION;
1167STRUCT!{struct RTL_PROCESS_LOCKS {
1168 NumberOfLocks: ULONG,
1169 Locks: [RTL_PROCESS_LOCK_INFORMATION; 1],
1170}}
1171pub type PRTL_PROCESS_LOCKS = *mut RTL_PROCESS_LOCKS;
1172STRUCT!{struct RTL_PROCESS_BACKTRACE_INFORMATION {
1173 SymbolicBackTrace: PCHAR,
1174 TraceCount: ULONG,
1175 Index: USHORT,
1176 Depth: USHORT,
1177 BackTrace: [PVOID; 32],
1178}}
1179pub type PRTL_PROCESS_BACKTRACE_INFORMATION = *mut RTL_PROCESS_BACKTRACE_INFORMATION;
1180STRUCT!{struct RTL_PROCESS_BACKTRACES {
1181 CommittedMemory: ULONG,
1182 ReservedMemory: ULONG,
1183 NumberOfBackTraceLookups: ULONG,
1184 NumberOfBackTraces: ULONG,
1185 BackTraces: [RTL_PROCESS_BACKTRACE_INFORMATION; 1],
1186}}
1187pub type PRTL_PROCESS_BACKTRACES = *mut RTL_PROCESS_BACKTRACES;
1188STRUCT!{struct SYSTEM_HANDLE_TABLE_ENTRY_INFO {
1189 UniqueProcessId: USHORT,
1190 CreatorBackTraceIndex: USHORT,
1191 ObjectTypeIndex: UCHAR,
1192 HandleAttributes: UCHAR,
1193 HandleValue: USHORT,
1194 Object: PVOID,
1195 GrantedAccess: ULONG,
1196}}
1197pub type PSYSTEM_HANDLE_TABLE_ENTRY_INFO = *mut SYSTEM_HANDLE_TABLE_ENTRY_INFO;
1198STRUCT!{struct SYSTEM_HANDLE_INFORMATION {
1199 NumberOfHandles: ULONG,
1200 Handles: [SYSTEM_HANDLE_TABLE_ENTRY_INFO; 1],
1201}}
1202pub type PSYSTEM_HANDLE_INFORMATION = *mut SYSTEM_HANDLE_INFORMATION;
1203STRUCT!{struct SYSTEM_OBJECTTYPE_INFORMATION {
1204 NextEntryOffset: ULONG,
1205 NumberOfObjects: ULONG,
1206 NumberOfHandles: ULONG,
1207 TypeIndex: ULONG,
1208 InvalidAttributes: ULONG,
1209 GenericMapping: GENERIC_MAPPING,
1210 ValidAccessMask: ULONG,
1211 PoolType: ULONG,
1212 SecurityRequired: BOOLEAN,
1213 WaitableObject: BOOLEAN,
1214 TypeName: UNICODE_STRING,
1215}}
1216pub type PSYSTEM_OBJECTTYPE_INFORMATION = *mut SYSTEM_OBJECTTYPE_INFORMATION;
1217STRUCT!{struct SYSTEM_OBJECT_INFORMATION {
1218 NextEntryOffset: ULONG,
1219 Object: PVOID,
1220 CreatorUniqueProcess: HANDLE,
1221 CreatorBackTraceIndex: USHORT,
1222 Flags: USHORT,
1223 PointerCount: LONG,
1224 HandleCount: LONG,
1225 PagedPoolCharge: ULONG,
1226 NonPagedPoolCharge: ULONG,
1227 ExclusiveProcessId: HANDLE,
1228 SecurityDescriptor: PVOID,
1229 NameInfo: UNICODE_STRING,
1230}}
1231pub type PSYSTEM_OBJECT_INFORMATION = *mut SYSTEM_OBJECT_INFORMATION;
1232STRUCT!{struct SYSTEM_PAGEFILE_INFORMATION {
1233 NextEntryOffset: ULONG,
1234 TotalSize: ULONG,
1235 TotalInUse: ULONG,
1236 PeakUsage: ULONG,
1237 PageFileName: UNICODE_STRING,
1238}}
1239pub type PSYSTEM_PAGEFILE_INFORMATION = *mut SYSTEM_PAGEFILE_INFORMATION;
1240pub const MM_WORKING_SET_MAX_HARD_ENABLE: ULONG = 0x1;
1241pub const MM_WORKING_SET_MAX_HARD_DISABLE: ULONG = 0x2;
1242pub const MM_WORKING_SET_MIN_HARD_ENABLE: ULONG = 0x4;
1243pub const MM_WORKING_SET_MIN_HARD_DISABLE: ULONG = 0x8;
1244STRUCT!{struct SYSTEM_FILECACHE_INFORMATION {
1245 CurrentSize: SIZE_T,
1246 PeakSize: SIZE_T,
1247 PageFaultCount: ULONG,
1248 MinimumWorkingSet: SIZE_T,
1249 MaximumWorkingSet: SIZE_T,
1250 CurrentSizeIncludingTransitionInPages: SIZE_T,
1251 PeakSizeIncludingTransitionInPages: SIZE_T,
1252 TransitionRePurposeCount: ULONG,
1253 Flags: ULONG,
1254}}
1255pub type PSYSTEM_FILECACHE_INFORMATION = *mut SYSTEM_FILECACHE_INFORMATION;
1256STRUCT!{struct SYSTEM_BASIC_WORKING_SET_INFORMATION {
1257 CurrentSize: SIZE_T,
1258 PeakSize: SIZE_T,
1259 PageFaultCount: ULONG,
1260}}
1261pub type PSYSTEM_BASIC_WORKING_SET_INFORMATION = *mut SYSTEM_BASIC_WORKING_SET_INFORMATION;
1262UNION!{union SYSTEM_POOLTAG_u {
1263 Tag: [UCHAR; 4],
1264 TagUlong: ULONG,
1265}}
1266STRUCT!{struct SYSTEM_POOLTAG {
1267 u: SYSTEM_POOLTAG_u,
1268 PagedAllocs: ULONG,
1269 PagedFrees: ULONG,
1270 PagedUsed: SIZE_T,
1271 NonPagedAllocs: ULONG,
1272 NonPagedFrees: ULONG,
1273 NonPagedUsed: SIZE_T,
1274}}
1275pub type PSYSTEM_POOLTAG = *mut SYSTEM_POOLTAG;
1276STRUCT!{struct SYSTEM_POOLTAG_INFORMATION {
1277 Count: ULONG,
1278 TagInfo: [SYSTEM_POOLTAG; 1],
1279}}
1280pub type PSYSTEM_POOLTAG_INFORMATION = *mut SYSTEM_POOLTAG_INFORMATION;
1281STRUCT!{struct SYSTEM_INTERRUPT_INFORMATION {
1282 ContextSwitches: ULONG,
1283 DpcCount: ULONG,
1284 DpcRate: ULONG,
1285 TimeIncrement: ULONG,
1286 DpcBypassCount: ULONG,
1287 ApcBypassCount: ULONG,
1288}}
1289pub type PSYSTEM_INTERRUPT_INFORMATION = *mut SYSTEM_INTERRUPT_INFORMATION;
1290STRUCT!{struct SYSTEM_DPC_BEHAVIOR_INFORMATION {
1291 Spare: ULONG,
1292 DpcQueueDepth: ULONG,
1293 MinimumDpcRate: ULONG,
1294 AdjustDpcThreshold: ULONG,
1295 IdealDpcRate: ULONG,
1296}}
1297pub type PSYSTEM_DPC_BEHAVIOR_INFORMATION = *mut SYSTEM_DPC_BEHAVIOR_INFORMATION;
1298STRUCT!{struct SYSTEM_QUERY_TIME_ADJUST_INFORMATION {
1299 TimeAdjustment: ULONG,
1300 TimeIncrement: ULONG,
1301 Enable: BOOLEAN,
1302}}
1303pub type PSYSTEM_QUERY_TIME_ADJUST_INFORMATION = *mut SYSTEM_QUERY_TIME_ADJUST_INFORMATION;
1304STRUCT!{struct SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE {
1305 TimeAdjustment: ULONGLONG,
1306 TimeIncrement: ULONGLONG,
1307 Enable: BOOLEAN,
1308}}
1309pub type PSYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE =
1310 *mut SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE;
1311STRUCT!{struct SYSTEM_SET_TIME_ADJUST_INFORMATION {
1312 TimeAdjustment: ULONG,
1313 Enable: BOOLEAN,
1314}}
1315pub type PSYSTEM_SET_TIME_ADJUST_INFORMATION = *mut SYSTEM_SET_TIME_ADJUST_INFORMATION;
1316STRUCT!{struct SYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE {
1317 TimeAdjustment: ULONGLONG,
1318 Enable: BOOLEAN,
1319}}
1320pub type PSYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE =
1321 *mut SYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE;
1322ENUM!{enum EVENT_TRACE_INFORMATION_CLASS {
1323 EventTraceKernelVersionInformation = 0,
1324 EventTraceGroupMaskInformation = 1,
1325 EventTracePerformanceInformation = 2,
1326 EventTraceTimeProfileInformation = 3,
1327 EventTraceSessionSecurityInformation = 4,
1328 EventTraceSpinlockInformation = 5,
1329 EventTraceStackTracingInformation = 6,
1330 EventTraceExecutiveResourceInformation = 7,
1331 EventTraceHeapTracingInformation = 8,
1332 EventTraceHeapSummaryTracingInformation = 9,
1333 EventTracePoolTagFilterInformation = 10,
1334 EventTracePebsTracingInformation = 11,
1335 EventTraceProfileConfigInformation = 12,
1336 EventTraceProfileSourceListInformation = 13,
1337 EventTraceProfileEventListInformation = 14,
1338 EventTraceProfileCounterListInformation = 15,
1339 EventTraceStackCachingInformation = 16,
1340 EventTraceObjectTypeFilterInformation = 17,
1341 EventTraceSoftRestartInformation = 18,
1342 EventTraceLastBranchConfigurationInformation = 19,
1343 EventTraceLastBranchEventListInformation = 20,
1344 EventTraceProfileSourceAddInformation = 21,
1345 EventTraceProfileSourceRemoveInformation = 22,
1346 EventTraceProcessorTraceConfigurationInformation = 23,
1347 EventTraceProcessorTraceEventListInformation = 24,
1348 EventTraceCoverageSamplerInformation = 25,
1349 MaxEventTraceInfoClass = 26,
1350}}
1351STRUCT!{struct EVENT_TRACE_VERSION_INFORMATION {
1352 EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
1353 EventTraceKernelVersion: ULONG,
1354}}
1355pub type PEVENT_TRACE_VERSION_INFORMATION = *mut EVENT_TRACE_VERSION_INFORMATION;
1356STRUCT!{struct PERFINFO_GROUPMASK {
1357 Masks: [ULONG; 8],
1358}}
1359pub type PPERFINFO_GROUPMASK = *mut PERFINFO_GROUPMASK;
1360STRUCT!{struct EVENT_TRACE_GROUPMASK_INFORMATION {
1361 EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
1362 TraceHandle: HANDLE,
1363 EventTraceGroupMasks: PERFINFO_GROUPMASK,
1364}}
1365pub type PEVENT_TRACE_GROUPMASK_INFORMATION = *mut EVENT_TRACE_GROUPMASK_INFORMATION;
1366STRUCT!{struct EVENT_TRACE_PERFORMANCE_INFORMATION {
1367 EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
1368 LogfileBytesWritten: LARGE_INTEGER,
1369}}
1370pub type PEVENT_TRACE_PERFORMANCE_INFORMATION = *mut EVENT_TRACE_PERFORMANCE_INFORMATION;
1371STRUCT!{struct EVENT_TRACE_TIME_PROFILE_INFORMATION {
1372 EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
1373 ProfileInterval: ULONG,
1374}}
1375pub type PEVENT_TRACE_TIME_PROFILE_INFORMATION = *mut EVENT_TRACE_TIME_PROFILE_INFORMATION;
1376STRUCT!{struct EVENT_TRACE_SESSION_SECURITY_INFORMATION {
1377 EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
1378 SecurityInformation: ULONG,
1379 TraceHandle: HANDLE,
1380 SecurityDescriptor: [UCHAR; 1],
1381}}
1382pub type PEVENT_TRACE_SESSION_SECURITY_INFORMATION = *mut EVENT_TRACE_SESSION_SECURITY_INFORMATION;
1383STRUCT!{struct EVENT_TRACE_SPINLOCK_INFORMATION {
1384 EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
1385 SpinLockSpinThreshold: ULONG,
1386 SpinLockAcquireSampleRate: ULONG,
1387 SpinLockContentionSampleRate: ULONG,
1388 SpinLockHoldThreshold: ULONG,
1389}}
1390pub type PEVENT_TRACE_SPINLOCK_INFORMATION = *mut EVENT_TRACE_SPINLOCK_INFORMATION;
1391STRUCT!{struct EVENT_TRACE_SYSTEM_EVENT_INFORMATION {
1392 EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
1393 TraceHandle: HANDLE,
1394 HookId: [ULONG; 1],
1395}}
1396pub type PEVENT_TRACE_SYSTEM_EVENT_INFORMATION = *mut EVENT_TRACE_SYSTEM_EVENT_INFORMATION;
1397STRUCT!{struct EVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION {
1398 EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
1399 ReleaseSamplingRate: ULONG,
1400 ContentionSamplingRate: ULONG,
1401 NumberOfExcessiveTimeouts: ULONG,
1402}}
1403pub type PEVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION =
1404 *mut EVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION;
1405STRUCT!{struct EVENT_TRACE_HEAP_TRACING_INFORMATION {
1406 EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
1407 ProcessId: ULONG,
1408}}
1409pub type PEVENT_TRACE_HEAP_TRACING_INFORMATION = *mut EVENT_TRACE_HEAP_TRACING_INFORMATION;
1410STRUCT!{struct EVENT_TRACE_TAG_FILTER_INFORMATION {
1411 EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
1412 TraceHandle: HANDLE,
1413 Filter: [ULONG; 1],
1414}}
1415pub type PEVENT_TRACE_TAG_FILTER_INFORMATION = *mut EVENT_TRACE_TAG_FILTER_INFORMATION;
1416STRUCT!{struct EVENT_TRACE_PROFILE_COUNTER_INFORMATION {
1417 EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
1418 TraceHandle: HANDLE,
1419 ProfileSource: [ULONG; 1],
1420}}
1421pub type PEVENT_TRACE_PROFILE_COUNTER_INFORMATION = *mut EVENT_TRACE_PROFILE_COUNTER_INFORMATION;
1422STRUCT!{struct EVENT_TRACE_PROFILE_LIST_INFORMATION {
1423 EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
1424 Spare: ULONG,
1425 Profile: [*mut PROFILE_SOURCE_INFO; 1],
1426}}
1427pub type PEVENT_TRACE_PROFILE_LIST_INFORMATION = *mut EVENT_TRACE_PROFILE_LIST_INFORMATION;
1428STRUCT!{struct EVENT_TRACE_STACK_CACHING_INFORMATION {
1429 EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
1430 TraceHandle: HANDLE,
1431 Enabled: BOOLEAN,
1432 Reserved: [UCHAR; 3],
1433 CacheSize: ULONG,
1434 BucketCount: ULONG,
1435}}
1436pub type PEVENT_TRACE_STACK_CACHING_INFORMATION = *mut EVENT_TRACE_STACK_CACHING_INFORMATION;
1437STRUCT!{struct EVENT_TRACE_SOFT_RESTART_INFORMATION {
1438 EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
1439 TraceHandle: HANDLE,
1440 PersistTraceBuffers: BOOLEAN,
1441 FileName: [WCHAR; 1],
1442}}
1443pub type PEVENT_TRACE_SOFT_RESTART_INFORMATION = *mut EVENT_TRACE_SOFT_RESTART_INFORMATION;
1444STRUCT!{struct EVENT_TRACE_PROFILE_ADD_INFORMATION {
1445 EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
1446 PerfEvtEventSelect: BOOLEAN,
1447 PerfEvtUnitSelect: BOOLEAN,
1448 PerfEvtType: ULONG,
1449 CpuInfoHierarchy: [ULONG; 3],
1450 InitialInterval: ULONG,
1451 AllowsHalt: BOOLEAN,
1452 Persist: BOOLEAN,
1453 ProfileSourceDescription: [WCHAR; 1],
1454}}
1455pub type PEVENT_TRACE_PROFILE_ADD_INFORMATION = *mut EVENT_TRACE_PROFILE_ADD_INFORMATION;
1456STRUCT!{struct EVENT_TRACE_PROFILE_REMOVE_INFORMATION {
1457 EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
1458 ProfileSource: KPROFILE_SOURCE,
1459 CpuInfoHierarchy: [ULONG; 3],
1460}}
1461pub type PEVENT_TRACE_PROFILE_REMOVE_INFORMATION = *mut EVENT_TRACE_PROFILE_REMOVE_INFORMATION;
1462STRUCT!{struct EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION {
1463 EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
1464 CoverageSamplerInformationClass: BOOLEAN,
1465 MajorVersion: UCHAR,
1466 MinorVersion: UCHAR,
1467 Reserved: UCHAR,
1468 SamplerHandle: HANDLE,
1469}}
1470pub type PEVENT_TRACE_COVERAGE_SAMPLER_INFORMATION = *mut EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION;
1471STRUCT!{struct SYSTEM_EXCEPTION_INFORMATION {
1472 AlignmentFixupCount: ULONG,
1473 ExceptionDispatchCount: ULONG,
1474 FloatingEmulationCount: ULONG,
1475 ByteWordEmulationCount: ULONG,
1476}}
1477pub type PSYSTEM_EXCEPTION_INFORMATION = *mut SYSTEM_EXCEPTION_INFORMATION;
1478STRUCT!{struct SYSTEM_KERNEL_DEBUGGER_INFORMATION {
1479 KernelDebuggerEnabled: BOOLEAN,
1480 KernelDebuggerNotPresent: BOOLEAN,
1481}}
1482pub type PSYSTEM_KERNEL_DEBUGGER_INFORMATION = *mut SYSTEM_KERNEL_DEBUGGER_INFORMATION;
1483STRUCT!{struct SYSTEM_CONTEXT_SWITCH_INFORMATION {
1484 ContextSwitches: ULONG,
1485 FindAny: ULONG,
1486 FindLast: ULONG,
1487 FindIdeal: ULONG,
1488 IdleAny: ULONG,
1489 IdleCurrent: ULONG,
1490 IdleLast: ULONG,
1491 IdleIdeal: ULONG,
1492 PreemptAny: ULONG,
1493 PreemptCurrent: ULONG,
1494 PreemptLast: ULONG,
1495 SwitchToIdle: ULONG,
1496}}
1497pub type PSYSTEM_CONTEXT_SWITCH_INFORMATION = *mut SYSTEM_CONTEXT_SWITCH_INFORMATION;
1498STRUCT!{struct SYSTEM_REGISTRY_QUOTA_INFORMATION {
1499 RegistryQuotaAllowed: ULONG,
1500 RegistryQuotaUsed: ULONG,
1501 PagedPoolSize: SIZE_T,
1502}}
1503pub type PSYSTEM_REGISTRY_QUOTA_INFORMATION = *mut SYSTEM_REGISTRY_QUOTA_INFORMATION;
1504STRUCT!{struct SYSTEM_PROCESSOR_IDLE_INFORMATION {
1505 IdleTime: ULONGLONG,
1506 C1Time: ULONGLONG,
1507 C2Time: ULONGLONG,
1508 C3Time: ULONGLONG,
1509 C1Transitions: ULONG,
1510 C2Transitions: ULONG,
1511 C3Transitions: ULONG,
1512 Padding: ULONG,
1513}}
1514pub type PSYSTEM_PROCESSOR_IDLE_INFORMATION = *mut SYSTEM_PROCESSOR_IDLE_INFORMATION;
1515STRUCT!{struct SYSTEM_LEGACY_DRIVER_INFORMATION {
1516 VetoType: ULONG,
1517 VetoList: UNICODE_STRING,
1518}}
1519pub type PSYSTEM_LEGACY_DRIVER_INFORMATION = *mut SYSTEM_LEGACY_DRIVER_INFORMATION;
1520STRUCT!{struct SYSTEM_LOOKASIDE_INFORMATION {
1521 CurrentDepth: USHORT,
1522 MaximumDepth: USHORT,
1523 TotalAllocates: ULONG,
1524 AllocateMisses: ULONG,
1525 TotalFrees: ULONG,
1526 FreeMisses: ULONG,
1527 Type: ULONG,
1528 Tag: ULONG,
1529 Size: ULONG,
1530}}
1531pub type PSYSTEM_LOOKASIDE_INFORMATION = *mut SYSTEM_LOOKASIDE_INFORMATION;
1532STRUCT!{struct SYSTEM_RANGE_START_INFORMATION {
1533 SystemRangeStart: PVOID,
1534}}
1535pub type PSYSTEM_RANGE_START_INFORMATION = *mut SYSTEM_RANGE_START_INFORMATION;
1536STRUCT!{struct SYSTEM_VERIFIER_INFORMATION {
1537 NextEntryOffset: ULONG,
1538 Level: ULONG,
1539 DriverName: UNICODE_STRING,
1540 RaiseIrqls: ULONG,
1541 AcquireSpinLocks: ULONG,
1542 SynchronizeExecutions: ULONG,
1543 AllocationsAttempted: ULONG,
1544 AllocationsSucceeded: ULONG,
1545 AllocationsSucceededSpecialPool: ULONG,
1546 AllocationsWithNoTag: ULONG,
1547 TrimRequests: ULONG,
1548 Trims: ULONG,
1549 AllocationsFailed: ULONG,
1550 AllocationsFailedDeliberately: ULONG,
1551 Loads: ULONG,
1552 Unloads: ULONG,
1553 UnTrackedPool: ULONG,
1554 CurrentPagedPoolAllocations: ULONG,
1555 CurrentNonPagedPoolAllocations: ULONG,
1556 PeakPagedPoolAllocations: ULONG,
1557 PeakNonPagedPoolAllocations: ULONG,
1558 PagedPoolUsageInBytes: SIZE_T,
1559 NonPagedPoolUsageInBytes: SIZE_T,
1560 PeakPagedPoolUsageInBytes: SIZE_T,
1561 PeakNonPagedPoolUsageInBytes: SIZE_T,
1562}}
1563pub type PSYSTEM_VERIFIER_INFORMATION = *mut SYSTEM_VERIFIER_INFORMATION;
1564STRUCT!{struct SYSTEM_SESSION_PROCESS_INFORMATION {
1565 SessionId: ULONG,
1566 SizeOfBuf: ULONG,
1567 Buffer: PVOID,
1568}}
1569pub type PSYSTEM_SESSION_PROCESS_INFORMATION = *mut SYSTEM_SESSION_PROCESS_INFORMATION;
1570STRUCT!{struct SYSTEM_PROCESSOR_POWER_INFORMATION {
1571 CurrentFrequency: UCHAR,
1572 ThermalLimitFrequency: UCHAR,
1573 ConstantThrottleFrequency: UCHAR,
1574 DegradedThrottleFrequency: UCHAR,
1575 LastBusyFrequency: UCHAR,
1576 LastC3Frequency: UCHAR,
1577 LastAdjustedBusyFrequency: UCHAR,
1578 ProcessorMinThrottle: UCHAR,
1579 ProcessorMaxThrottle: UCHAR,
1580 NumberOfFrequencies: ULONG,
1581 PromotionCount: ULONG,
1582 DemotionCount: ULONG,
1583 ErrorCount: ULONG,
1584 RetryCount: ULONG,
1585 CurrentFrequencyTime: ULONGLONG,
1586 CurrentProcessorTime: ULONGLONG,
1587 CurrentProcessorIdleTime: ULONGLONG,
1588 LastProcessorTime: ULONGLONG,
1589 LastProcessorIdleTime: ULONGLONG,
1590 Energy: ULONGLONG,
1591}}
1592pub type PSYSTEM_PROCESSOR_POWER_INFORMATION = *mut SYSTEM_PROCESSOR_POWER_INFORMATION;
1593STRUCT!{struct SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX {
1594 Object: PVOID,
1595 UniqueProcessId: ULONG_PTR,
1596 HandleValue: ULONG_PTR,
1597 GrantedAccess: ULONG,
1598 CreatorBackTraceIndex: USHORT,
1599 ObjectTypeIndex: USHORT,
1600 HandleAttributes: ULONG,
1601 Reserved: ULONG,
1602}}
1603pub type PSYSTEM_HANDLE_TABLE_ENTRY_INFO_EX = *mut SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX;
1604STRUCT!{struct SYSTEM_HANDLE_INFORMATION_EX {
1605 NumberOfHandles: ULONG_PTR,
1606 Reserved: ULONG_PTR,
1607 Handles: [SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX; 1],
1608}}
1609pub type PSYSTEM_HANDLE_INFORMATION_EX = *mut SYSTEM_HANDLE_INFORMATION_EX;
1610UNION!{union SYSTEM_BIGPOOL_ENTRY_u1 {
1611 VirtualAddress: PVOID,
1612 Bitfields: ULONG_PTR,
1613}}
1614UNION!{union SYSTEM_BIGPOOL_ENTRY_u2 {
1615 Tag: [UCHAR; 4],
1616 TagUlong: ULONG,
1617}}
1618BITFIELD!{unsafe SYSTEM_BIGPOOL_ENTRY_u1 Bitfields: ULONG_PTR [
1619 NonPaged set_NonPaged[0..1],
1620]}
1621STRUCT!{struct SYSTEM_BIGPOOL_ENTRY {
1622 u1: SYSTEM_BIGPOOL_ENTRY_u1,
1623 SizeInBytes: SIZE_T,
1624 u2: SYSTEM_BIGPOOL_ENTRY_u2,
1625}}
1626pub type PSYSTEM_BIGPOOL_ENTRY = *mut SYSTEM_BIGPOOL_ENTRY;
1627STRUCT!{struct SYSTEM_BIGPOOL_INFORMATION {
1628 Count: ULONG,
1629 AllocatedInfo: [SYSTEM_BIGPOOL_ENTRY; 1],
1630}}
1631pub type PSYSTEM_BIGPOOL_INFORMATION = *mut SYSTEM_BIGPOOL_INFORMATION;
1632UNION!{union SYSTEM_POOL_ENTRY_u {
1633 Tag: [UCHAR; 4],
1634 TagUlong: ULONG,
1635 ProcessChargedQuota: PVOID,
1636}}
1637STRUCT!{struct SYSTEM_POOL_ENTRY {
1638 Allocated: BOOLEAN,
1639 Spare0: BOOLEAN,
1640 AllocatorBackTraceIndex: USHORT,
1641 Size: ULONG,
1642 u: SYSTEM_POOL_ENTRY_u,
1643}}
1644pub type PSYSTEM_POOL_ENTRY = *mut SYSTEM_POOL_ENTRY;
1645STRUCT!{struct SYSTEM_POOL_INFORMATION {
1646 TotalSize: SIZE_T,
1647 FirstEntry: PVOID,
1648 EntryOverhead: USHORT,
1649 PoolTagPresent: BOOLEAN,
1650 Spare0: BOOLEAN,
1651 NumberOfEntries: ULONG,
1652 Entries: [SYSTEM_POOL_ENTRY; 1],
1653}}
1654pub type PSYSTEM_POOL_INFORMATION = *mut SYSTEM_POOL_INFORMATION;
1655STRUCT!{struct SYSTEM_SESSION_POOLTAG_INFORMATION {
1656 NextEntryOffset: SIZE_T,
1657 SessionId: ULONG,
1658 Count: ULONG,
1659 TagInfo: [SYSTEM_POOLTAG; 1],
1660}}
1661pub type PSYSTEM_SESSION_POOLTAG_INFORMATION = *mut SYSTEM_SESSION_POOLTAG_INFORMATION;
1662STRUCT!{struct SYSTEM_SESSION_MAPPED_VIEW_INFORMATION {
1663 NextEntryOffset: SIZE_T,
1664 SessionId: ULONG,
1665 ViewFailures: ULONG,
1666 NumberOfBytesAvailable: SIZE_T,
1667 NumberOfBytesAvailableContiguous: SIZE_T,
1668}}
1669pub type PSYSTEM_SESSION_MAPPED_VIEW_INFORMATION = *mut SYSTEM_SESSION_MAPPED_VIEW_INFORMATION;
1670ENUM!{enum SYSTEM_FIRMWARE_TABLE_ACTION {
1671 SystemFirmwareTableEnumerate = 0,
1672 SystemFirmwareTableGet = 1,
1673 SystemFirmwareTableMax = 2,
1674}}
1675STRUCT!{struct SYSTEM_FIRMWARE_TABLE_INFORMATION {
1676 ProviderSignature: ULONG,
1677 Action: SYSTEM_FIRMWARE_TABLE_ACTION,
1678 TableID: ULONG,
1679 TableBufferLength: ULONG,
1680 TableBuffer: [UCHAR; 1],
1681}}
1682pub type PSYSTEM_FIRMWARE_TABLE_INFORMATION = *mut SYSTEM_FIRMWARE_TABLE_INFORMATION;
1683STRUCT!{struct SYSTEM_MEMORY_LIST_INFORMATION {
1684 ZeroPageCount: ULONG_PTR,
1685 FreePageCount: ULONG_PTR,
1686 ModifiedPageCount: ULONG_PTR,
1687 ModifiedNoWritePageCount: ULONG_PTR,
1688 BadPageCount: ULONG_PTR,
1689 PageCountByPriority: [ULONG_PTR; 8],
1690 RepurposedPagesByPriority: [ULONG_PTR; 8],
1691 ModifiedPageCountPageFile: ULONG_PTR,
1692}}
1693pub type PSYSTEM_MEMORY_LIST_INFORMATION = *mut SYSTEM_MEMORY_LIST_INFORMATION;
1694ENUM!{enum SYSTEM_MEMORY_LIST_COMMAND {
1695 MemoryCaptureAccessedBits = 0,
1696 MemoryCaptureAndResetAccessedBits = 1,
1697 MemoryEmptyWorkingSets = 2,
1698 MemoryFlushModifiedList = 3,
1699 MemoryPurgeStandbyList = 4,
1700 MemoryPurgeLowPriorityStandbyList = 5,
1701 MemoryCommandMax = 6,
1702}}
1703STRUCT!{struct SYSTEM_THREAD_CID_PRIORITY_INFORMATION {
1704 ClientId: CLIENT_ID,
1705 Priority: KPRIORITY,
1706}}
1707pub type PSYSTEM_THREAD_CID_PRIORITY_INFORMATION = *mut SYSTEM_THREAD_CID_PRIORITY_INFORMATION;
1708STRUCT!{struct SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION {
1709 CycleTime: ULONGLONG,
1710}}
1711pub type PSYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION =
1712 *mut SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION;
1713STRUCT!{struct SYSTEM_REF_TRACE_INFORMATION {
1714 TraceEnable: BOOLEAN,
1715 TracePermanent: BOOLEAN,
1716 TraceProcessName: UNICODE_STRING,
1717 TracePoolTags: UNICODE_STRING,
1718}}
1719pub type PSYSTEM_REF_TRACE_INFORMATION = *mut SYSTEM_REF_TRACE_INFORMATION;
1720STRUCT!{struct SYSTEM_PROCESS_ID_INFORMATION {
1721 ProcessId: HANDLE,
1722 ImageName: UNICODE_STRING,
1723}}
1724pub type PSYSTEM_PROCESS_ID_INFORMATION = *mut SYSTEM_PROCESS_ID_INFORMATION;
1725STRUCT!{struct SYSTEM_BOOT_ENVIRONMENT_INFORMATION {
1726 BootIdentifier: GUID,
1727 FirmwareType: FIRMWARE_TYPE,
1728 BootFlags: ULONGLONG,
1729}}
1730BITFIELD!{SYSTEM_BOOT_ENVIRONMENT_INFORMATION BootFlags: ULONGLONG [
1731 DbgMenuOsSelection set_DbgMenuOsSelection[0..1],
1732 DbgHiberBoot set_DbgHiberBoot[1..2],
1733 DbgSoftBoot set_DbgSoftBoot[2..3],
1734 DbgMeasuredLaunch set_DbgMeasuredLaunch[3..4],
1735]}
1736pub type PSYSTEM_BOOT_ENVIRONMENT_INFORMATION = *mut SYSTEM_BOOT_ENVIRONMENT_INFORMATION;
1737STRUCT!{struct SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION {
1738 FlagsToEnable: ULONG,
1739 FlagsToDisable: ULONG,
1740}}
1741pub type PSYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION =
1742 *mut SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION;
1743#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
1744STRUCT!{struct SYSTEM_VERIFIER_INFORMATION_EX {
1745 VerifyMode: ULONG,
1746 OptionChanges: ULONG,
1747 PreviousBucketName: UNICODE_STRING,
1748 IrpCancelTimeoutMsec: ULONG,
1749 VerifierExtensionEnabled: ULONG,
1750 Reserved: [ULONG; 1],
1751}}
1752#[cfg(target_arch = "x86")]
1753STRUCT!{struct SYSTEM_VERIFIER_INFORMATION_EX {
1754 VerifyMode: ULONG,
1755 OptionChanges: ULONG,
1756 PreviousBucketName: UNICODE_STRING,
1757 IrpCancelTimeoutMsec: ULONG,
1758 VerifierExtensionEnabled: ULONG,
1759 Reserved: [ULONG; 3],
1760}}
1761pub type PSYSTEM_VERIFIER_INFORMATION_EX = *mut SYSTEM_VERIFIER_INFORMATION_EX;
1762STRUCT!{struct SYSTEM_SYSTEM_PARTITION_INFORMATION {
1763 SystemPartition: UNICODE_STRING,
1764}}
1765pub type PSYSTEM_SYSTEM_PARTITION_INFORMATION = *mut SYSTEM_SYSTEM_PARTITION_INFORMATION;
1766STRUCT!{struct SYSTEM_SYSTEM_DISK_INFORMATION {
1767 SystemDisk: UNICODE_STRING,
1768}}
1769pub type PSYSTEM_SYSTEM_DISK_INFORMATION = *mut SYSTEM_SYSTEM_DISK_INFORMATION;
1770STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT {
1771 Hits: ULONGLONG,
1772 PercentFrequency: UCHAR,
1773}}
1774pub type PSYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT = *mut SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT;
1775STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8 {
1776 Hits: ULONG,
1777 PercentFrequency: UCHAR,
1778}}
1779pub type PSYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8 =
1780 *mut SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8;
1781STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION {
1782 ProcessorNumber: ULONG,
1783 StateCount: ULONG,
1784 States: [SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT; 1],
1785}}
1786pub type PSYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION =
1787 *mut SYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION;
1788STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION {
1789 ProcessorCount: ULONG,
1790 Offsets: [ULONG; 1],
1791}}
1792pub type PSYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION =
1793 *mut SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION;
1794STRUCT!{struct SYSTEM_CODEINTEGRITY_INFORMATION {
1795 Length: ULONG,
1796 CodeIntegrityOptions: ULONG,
1797}}
1798pub type PSYSTEM_CODEINTEGRITY_INFORMATION = *mut SYSTEM_CODEINTEGRITY_INFORMATION;
1799ENUM!{enum SYSTEM_VA_TYPE {
1800 SystemVaTypeAll = 0,
1801 SystemVaTypeNonPagedPool = 1,
1802 SystemVaTypePagedPool = 2,
1803 SystemVaTypeSystemCache = 3,
1804 SystemVaTypeSystemPtes = 4,
1805 SystemVaTypeSessionSpace = 5,
1806 SystemVaTypeMax = 6,
1807}}
1808pub type PSYSTEM_VA_TYPE = *mut SYSTEM_VA_TYPE;
1809STRUCT!{struct SYSTEM_VA_LIST_INFORMATION {
1810 VirtualSize: SIZE_T,
1811 VirtualPeak: SIZE_T,
1812 VirtualLimit: SIZE_T,
1813 AllocationFailures: SIZE_T,
1814}}
1815pub type PSYSTEM_VA_LIST_INFORMATION = *mut SYSTEM_VA_LIST_INFORMATION;
1816STRUCT!{struct SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS {
1817 KeyHandle: HANDLE,
1818 ValueNamePointer: PUNICODE_STRING,
1819 RequiredLengthPointer: PULONG,
1820 Buffer: PUCHAR,
1821 BufferLength: ULONG,
1822 Type: ULONG,
1823 AppendBuffer: PUCHAR,
1824 AppendBufferLength: ULONG,
1825 CreateIfDoesntExist: BOOLEAN,
1826 TruncateExistingValue: BOOLEAN,
1827}}
1828pub type PSYSTEM_REGISTRY_APPEND_STRING_PARAMETERS = *mut SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS;
1829STRUCT!{struct SYSTEM_VHD_BOOT_INFORMATION {
1830 OsDiskIsVhd: BOOLEAN,
1831 OsVhdFilePathOffset: ULONG,
1832 OsVhdParentVolume: [WCHAR; ANYSIZE_ARRAY],
1833}}
1834pub type PSYSTEM_VHD_BOOT_INFORMATION = *mut SYSTEM_VHD_BOOT_INFORMATION;
1835STRUCT!{struct SYSTEM_LOW_PRIORITY_IO_INFORMATION {
1836 LowPriReadOperations: ULONG,
1837 LowPriWriteOperations: ULONG,
1838 KernelBumpedToNormalOperations: ULONG,
1839 LowPriPagingReadOperations: ULONG,
1840 KernelPagingReadsBumpedToNormal: ULONG,
1841 LowPriPagingWriteOperations: ULONG,
1842 KernelPagingWritesBumpedToNormal: ULONG,
1843 BoostedIrpCount: ULONG,
1844 BoostedPagingIrpCount: ULONG,
1845 BlanketBoostCount: ULONG,
1846}}
1847pub type PSYSTEM_LOW_PRIORITY_IO_INFORMATION = *mut SYSTEM_LOW_PRIORITY_IO_INFORMATION;
1848ENUM!{enum TPM_BOOT_ENTROPY_RESULT_CODE {
1849 TpmBootEntropyStructureUninitialized = 0,
1850 TpmBootEntropyDisabledByPolicy = 1,
1851 TpmBootEntropyNoTpmFound = 2,
1852 TpmBootEntropyTpmError = 3,
1853 TpmBootEntropySuccess = 4,
1854}}
1855STRUCT!{struct TPM_BOOT_ENTROPY_NT_RESULT {
1856 Policy: ULONGLONG,
1857 ResultCode: TPM_BOOT_ENTROPY_RESULT_CODE,
1858 ResultStatus: NTSTATUS,
1859 Time: ULONGLONG,
1860 EntropyLength: ULONG,
1861 EntropyData: [UCHAR; 40],
1862}}
1863pub type PTPM_BOOT_ENTROPY_NT_RESULT = *mut TPM_BOOT_ENTROPY_NT_RESULT;
1864STRUCT!{struct SYSTEM_VERIFIER_COUNTERS_INFORMATION {
1865 Legacy: SYSTEM_VERIFIER_INFORMATION,
1866 RaiseIrqls: ULONG,
1867 AcquireSpinLocks: ULONG,
1868 SynchronizeExecutions: ULONG,
1869 AllocationsWithNoTag: ULONG,
1870 AllocationsFailed: ULONG,
1871 AllocationsFailedDeliberately: ULONG,
1872 LockedBytes: SIZE_T,
1873 PeakLockedBytes: SIZE_T,
1874 MappedLockedBytes: SIZE_T,
1875 PeakMappedLockedBytes: SIZE_T,
1876 MappedIoSpaceBytes: SIZE_T,
1877 PeakMappedIoSpaceBytes: SIZE_T,
1878 PagesForMdlBytes: SIZE_T,
1879 PeakPagesForMdlBytes: SIZE_T,
1880 ContiguousMemoryBytes: SIZE_T,
1881 PeakContiguousMemoryBytes: SIZE_T,
1882 ExecutePoolTypes: ULONG,
1883 ExecutePageProtections: ULONG,
1884 ExecutePageMappings: ULONG,
1885 ExecuteWriteSections: ULONG,
1886 SectionAlignmentFailures: ULONG,
1887 UnsupportedRelocs: ULONG,
1888 IATInExecutableSection: ULONG,
1889}}
1890pub type PSYSTEM_VERIFIER_COUNTERS_INFORMATION = *mut SYSTEM_VERIFIER_COUNTERS_INFORMATION;
1891STRUCT!{struct SYSTEM_ACPI_AUDIT_INFORMATION {
1892 RsdpCount: ULONG,
1893 Bitfields: ULONG,
1894}}
1895BITFIELD!{SYSTEM_ACPI_AUDIT_INFORMATION Bitfields: ULONG [
1896 SameRsdt set_SameRsdt[0..1],
1897 SlicPresent set_SlicPresent[1..2],
1898 SlicDifferent set_SlicDifferent[2..3],
1899]}
1900pub type PSYSTEM_ACPI_AUDIT_INFORMATION = *mut SYSTEM_ACPI_AUDIT_INFORMATION;
1901STRUCT!{struct SYSTEM_BASIC_PERFORMANCE_INFORMATION {
1902 AvailablePages: SIZE_T,
1903 CommittedPages: SIZE_T,
1904 CommitLimit: SIZE_T,
1905 PeakCommitment: SIZE_T,
1906}}
1907pub type PSYSTEM_BASIC_PERFORMANCE_INFORMATION = *mut SYSTEM_BASIC_PERFORMANCE_INFORMATION;
1908STRUCT!{struct QUERY_PERFORMANCE_COUNTER_FLAGS {
1909 ul: ULONG,
1910}}
1911BITFIELD!{QUERY_PERFORMANCE_COUNTER_FLAGS ul: ULONG [
1912 KernelTransition set_KernelTransition[0..1],
1913 Reserved set_Reserved[1..32],
1914]}
1915STRUCT!{struct SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION {
1916 Version: ULONG,
1917 Flags: QUERY_PERFORMANCE_COUNTER_FLAGS,
1918 ValidFlags: QUERY_PERFORMANCE_COUNTER_FLAGS,
1919}}
1920pub type PSYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION =
1921 *mut SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION;
1922ENUM!{enum SYSTEM_PIXEL_FORMAT {
1923 SystemPixelFormatUnknown = 0,
1924 SystemPixelFormatR8G8B8 = 1,
1925 SystemPixelFormatR8G8B8X8 = 2,
1926 SystemPixelFormatB8G8R8 = 3,
1927 SystemPixelFormatB8G8R8X8 = 4,
1928}}
1929STRUCT!{struct SYSTEM_BOOT_GRAPHICS_INFORMATION {
1930 FrameBuffer: LARGE_INTEGER,
1931 Width: ULONG,
1932 Height: ULONG,
1933 PixelStride: ULONG,
1934 Flags: ULONG,
1935 Format: SYSTEM_PIXEL_FORMAT,
1936 DisplayRotation: ULONG,
1937}}
1938pub type PSYSTEM_BOOT_GRAPHICS_INFORMATION = *mut SYSTEM_BOOT_GRAPHICS_INFORMATION;
1939STRUCT!{struct MEMORY_SCRUB_INFORMATION {
1940 Handle: HANDLE,
1941 PagesScrubbed: ULONG,
1942}}
1943pub type PMEMORY_SCRUB_INFORMATION = *mut MEMORY_SCRUB_INFORMATION;
1944STRUCT!{struct PEBS_DS_SAVE_AREA {
1945 BtsBufferBase: ULONGLONG,
1946 BtsIndex: ULONGLONG,
1947 BtsAbsoluteMaximum: ULONGLONG,
1948 BtsInterruptThreshold: ULONGLONG,
1949 PebsBufferBase: ULONGLONG,
1950 PebsIndex: ULONGLONG,
1951 PebsAbsoluteMaximum: ULONGLONG,
1952 PebsInterruptThreshold: ULONGLONG,
1953 PebsCounterReset0: ULONGLONG,
1954 PebsCounterReset1: ULONGLONG,
1955 PebsCounterReset2: ULONGLONG,
1956 PebsCounterReset3: ULONGLONG,
1957}}
1958pub type PPEBS_DS_SAVE_AREA = *mut PEBS_DS_SAVE_AREA;
1959STRUCT!{struct PROCESSOR_PROFILE_CONTROL_AREA {
1960 PebsDsSaveArea: PEBS_DS_SAVE_AREA,
1961}}
1962pub type PPROCESSOR_PROFILE_CONTROL_AREA = *mut PROCESSOR_PROFILE_CONTROL_AREA;
1963STRUCT!{struct SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA {
1964 ProcessorProfileControlArea: PROCESSOR_PROFILE_CONTROL_AREA,
1965 Allocate: BOOLEAN,
1966}}
1967pub type PSYSTEM_PROCESSOR_PROFILE_CONTROL_AREA = *mut SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA;
1968STRUCT!{struct MEMORY_COMBINE_INFORMATION {
1969 Handle: HANDLE,
1970 PagesCombined: ULONG_PTR,
1971}}
1972pub type PMEMORY_COMBINE_INFORMATION = *mut MEMORY_COMBINE_INFORMATION;
1973pub const MEMORY_COMBINE_FLAGS_COMMON_PAGES_ONLY: ULONG = 0x4;
1974STRUCT!{struct MEMORY_COMBINE_INFORMATION_EX {
1975 Handle: HANDLE,
1976 PagesCombined: ULONG_PTR,
1977 Flags: ULONG,
1978}}
1979pub type PMEMORY_COMBINE_INFORMATION_EX = *mut MEMORY_COMBINE_INFORMATION_EX;
1980STRUCT!{struct MEMORY_COMBINE_INFORMATION_EX2 {
1981 Handle: HANDLE,
1982 PagesCombined: ULONG_PTR,
1983 Flags: ULONG,
1984 ProcessHandle: HANDLE,
1985}}
1986pub type PMEMORY_COMBINE_INFORMATION_EX2 = *mut MEMORY_COMBINE_INFORMATION_EX2;
1987STRUCT!{struct SYSTEM_CONSOLE_INFORMATION {
1988 Bitfields: ULONG,
1989}}
1990BITFIELD!{SYSTEM_CONSOLE_INFORMATION Bitfields: ULONG [
1991 DriverLoaded set_DriverLoaded[0..1],
1992 Spare set_Spare[1..32],
1993]}
1994pub type PSYSTEM_CONSOLE_INFORMATION = *mut SYSTEM_CONSOLE_INFORMATION;
1995STRUCT!{struct SYSTEM_PLATFORM_BINARY_INFORMATION {
1996 PhysicalAddress: ULONG64,
1997 HandoffBuffer: PVOID,
1998 CommandLineBuffer: PVOID,
1999 HandoffBufferSize: ULONG,
2000 CommandLineBufferSize: ULONG,
2001}}
2002pub type PSYSTEM_PLATFORM_BINARY_INFORMATION = *mut SYSTEM_PLATFORM_BINARY_INFORMATION;
2003STRUCT!{struct SYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION {
2004 NumberOfLogicalProcessors: ULONG,
2005 NumberOfCores: ULONG,
2006}}
2007pub type PSYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION =
2008 *mut SYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION;
2009STRUCT!{struct SYSTEM_DEVICE_DATA_INFORMATION {
2010 DeviceId: UNICODE_STRING,
2011 DataName: UNICODE_STRING,
2012 DataType: ULONG,
2013 DataBufferLength: ULONG,
2014 DataBuffer: PVOID,
2015}}
2016pub type PSYSTEM_DEVICE_DATA_INFORMATION = *mut SYSTEM_DEVICE_DATA_INFORMATION;
2017STRUCT!{struct PHYSICAL_CHANNEL_RUN {
2018 NodeNumber: ULONG,
2019 ChannelNumber: ULONG,
2020 BasePage: ULONGLONG,
2021 PageCount: ULONGLONG,
2022 Flags: ULONG,
2023}}
2024pub type PPHYSICAL_CHANNEL_RUN = *mut PHYSICAL_CHANNEL_RUN;
2025STRUCT!{struct SYSTEM_MEMORY_TOPOLOGY_INFORMATION {
2026 NumberOfRuns: ULONGLONG,
2027 NumberOfNodes: ULONG,
2028 NumberOfChannels: ULONG,
2029 Run: [PHYSICAL_CHANNEL_RUN; 1],
2030}}
2031pub type PSYSTEM_MEMORY_TOPOLOGY_INFORMATION = *mut SYSTEM_MEMORY_TOPOLOGY_INFORMATION;
2032STRUCT!{struct SYSTEM_MEMORY_CHANNEL_INFORMATION {
2033 ChannelNumber: ULONG,
2034 ChannelHeatIndex: ULONG,
2035 TotalPageCount: ULONGLONG,
2036 ZeroPageCount: ULONGLONG,
2037 FreePageCount: ULONGLONG,
2038 StandbyPageCount: ULONGLONG,
2039}}
2040pub type PSYSTEM_MEMORY_CHANNEL_INFORMATION = *mut SYSTEM_MEMORY_CHANNEL_INFORMATION;
2041STRUCT!{struct SYSTEM_BOOT_LOGO_INFORMATION {
2042 Flags: ULONG,
2043 BitmapOffset: ULONG,
2044}}
2045pub type PSYSTEM_BOOT_LOGO_INFORMATION = *mut SYSTEM_BOOT_LOGO_INFORMATION;
2046STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX {
2047 IdleTime: LARGE_INTEGER,
2048 KernelTime: LARGE_INTEGER,
2049 UserTime: LARGE_INTEGER,
2050 DpcTime: LARGE_INTEGER,
2051 InterruptTime: LARGE_INTEGER,
2052 InterruptCount: ULONG,
2053 Spare0: ULONG,
2054 AvailableTime: LARGE_INTEGER,
2055 Spare1: LARGE_INTEGER,
2056 Spare2: LARGE_INTEGER,
2057}}
2058pub type PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX =
2059 *mut SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX;
2060STRUCT!{struct SYSTEM_SECUREBOOT_POLICY_INFORMATION {
2061 PolicyPublisher: GUID,
2062 PolicyVersion: ULONG,
2063 PolicyOptions: ULONG,
2064}}
2065pub type PSYSTEM_SECUREBOOT_POLICY_INFORMATION = *mut SYSTEM_SECUREBOOT_POLICY_INFORMATION;
2066STRUCT!{struct SYSTEM_PAGEFILE_INFORMATION_EX {
2067 Info: SYSTEM_PAGEFILE_INFORMATION,
2068 MinimumSize: ULONG,
2069 MaximumSize: ULONG,
2070}}
2071pub type PSYSTEM_PAGEFILE_INFORMATION_EX = *mut SYSTEM_PAGEFILE_INFORMATION_EX;
2072STRUCT!{struct SYSTEM_SECUREBOOT_INFORMATION {
2073 SecureBootEnabled: BOOLEAN,
2074 SecureBootCapable: BOOLEAN,
2075}}
2076pub type PSYSTEM_SECUREBOOT_INFORMATION = *mut SYSTEM_SECUREBOOT_INFORMATION;
2077STRUCT!{struct PROCESS_DISK_COUNTERS {
2078 BytesRead: ULONGLONG,
2079 BytesWritten: ULONGLONG,
2080 ReadOperationCount: ULONGLONG,
2081 WriteOperationCount: ULONGLONG,
2082 FlushOperationCount: ULONGLONG,
2083}}
2084pub type PPROCESS_DISK_COUNTERS = *mut PROCESS_DISK_COUNTERS;
2085UNION!{union ENERGY_STATE_DURATION_u {
2086 Value: ULONGLONG,
2087 LastChangeTime: ULONG,
2088}}
2089UNION!{union ENERGY_STATE_DURATION {
2090 u: ENERGY_STATE_DURATION_u,
2091 BitFields: ULONG,
2092}}
2093pub type PENERGY_STATE_DURATION = *mut ENERGY_STATE_DURATION;
2094BITFIELD!{unsafe ENERGY_STATE_DURATION BitFields: ULONG [
2095 Duration set_Duration[0..31],
2096 IsInState set_IsInState[31..32],
2097]}
2098STRUCT!{struct PROCESS_ENERGY_VALUES {
2099 Cycles: [[ULONGLONG; 4]; 2],
2100 DiskEnergy: ULONGLONG,
2101 NetworkTailEnergy: ULONGLONG,
2102 MBBTailEnergy: ULONGLONG,
2103 NetworkTxRxBytes: ULONGLONG,
2104 MBBTxRxBytes: ULONGLONG,
2105 ForegroundDuration: ENERGY_STATE_DURATION,
2106 DesktopVisibleDuration: ENERGY_STATE_DURATION,
2107 PSMForegroundDuration: ENERGY_STATE_DURATION,
2108 CompositionRendered: ULONG,
2109 CompositionDirtyGenerated: ULONG,
2110 CompositionDirtyPropagated: ULONG,
2111 Reserved1: ULONG,
2112 AttributedCycles: [[ULONGLONG; 2]; 4],
2113 WorkOnBehalfCycles: [[ULONGLONG; 2]; 4],
2114}}
2115pub type PPROCESS_ENERGY_VALUES = *mut PROCESS_ENERGY_VALUES;
2116STRUCT!{struct TIMELINE_BITMAP {
2117 Value: ULONGLONG,
2118 EndTime: ULONG,
2119 Bitmap: ULONG,
2120}}
2121pub type PTIMELINE_BITMAP = *mut TIMELINE_BITMAP;
2122STRUCT!{struct PROCESS_ENERGY_VALUES_EXTENSION_Timelines {
2123 CpuTimeline: TIMELINE_BITMAP,
2124 DiskTimeline: TIMELINE_BITMAP,
2125 NetworkTimeline: TIMELINE_BITMAP,
2126 MBBTimeline: TIMELINE_BITMAP,
2127 ForegroundTimeline: TIMELINE_BITMAP,
2128 DesktopVisibleTimeline: TIMELINE_BITMAP,
2129 CompositionRenderedTimeline: TIMELINE_BITMAP,
2130 CompositionDirtyGeneratedTimeline: TIMELINE_BITMAP,
2131 CompositionDirtyPropagatedTimeline: TIMELINE_BITMAP,
2132 InputTimeline: TIMELINE_BITMAP,
2133 AudioInTimeline: TIMELINE_BITMAP,
2134 AudioOutTimeline: TIMELINE_BITMAP,
2135 DisplayRequiredTimeline: TIMELINE_BITMAP,
2136 KeyboardInputTimeline: TIMELINE_BITMAP,
2137}}
2138STRUCT!{struct PROCESS_ENERGY_VALUES_EXTENSION_Durations {
2139 InputDuration: ENERGY_STATE_DURATION,
2140 AudioInDuration: ENERGY_STATE_DURATION,
2141 AudioOutDuration: ENERGY_STATE_DURATION,
2142 DisplayRequiredDuration: ENERGY_STATE_DURATION,
2143 PSMBackgroundDuration: ENERGY_STATE_DURATION,
2144}}
2145STRUCT!{struct PROCESS_ENERGY_VALUES_EXTENSION {
2146 Timelines: PROCESS_ENERGY_VALUES_EXTENSION_Timelines,
2147 Durations: PROCESS_ENERGY_VALUES_EXTENSION_Durations,
2148 KeyboardInput: ULONG,
2149 MouseInput: ULONG,
2150}}
2151pub type PPROCESS_ENERGY_VALUES_EXTENSION = *mut PROCESS_ENERGY_VALUES_EXTENSION;
2152STRUCT!{struct PROCESS_EXTENDED_ENERGY_VALUES {
2153 Base: PROCESS_ENERGY_VALUES,
2154 Extension: PROCESS_ENERGY_VALUES_EXTENSION,
2155}}
2156pub type PPROCESS_EXTENDED_ENERGY_VALUES = *mut PROCESS_EXTENDED_ENERGY_VALUES;
2157ENUM!{enum SYSTEM_PROCESS_CLASSIFICATION {
2158 SystemProcessClassificationNormal = 0,
2159 SystemProcessClassificationSystem = 1,
2160 SystemProcessClassificationSecureSystem = 2,
2161 SystemProcessClassificationMemCompression = 3,
2162 SystemProcessClassificationRegistry = 4,
2163 SystemProcessClassificationMaximum = 5,
2164}}
2165STRUCT!{struct SYSTEM_PROCESS_INFORMATION_EXTENSION {
2166 DiskCounters: PROCESS_DISK_COUNTERS,
2167 ContextSwitches: ULONGLONG,
2168 Flags: ULONG,
2169 UserSidOffset: ULONG,
2170 PackageFullNameOffset: ULONG,
2171 EnergyValues: PROCESS_ENERGY_VALUES,
2172 AppIdOffset: ULONG,
2173 SharedCommitCharge: SIZE_T,
2174 JobObjectId: ULONG,
2175 SpareUlong: ULONG,
2176 ProcessSequenceNumber: ULONGLONG,
2177}}
2178BITFIELD!{SYSTEM_PROCESS_INFORMATION_EXTENSION Flags: ULONG [
2179 HasStrongId set_HasStrongId[0..1],
2180 Classification set_Classification[1..5],
2181 BackgroundActivityModerated set_BackgroundActivityModerated[5..6],
2182 Spare set_Spare[6..32],
2183]}
2184pub type PSYSTEM_PROCESS_INFORMATION_EXTENSION = *mut SYSTEM_PROCESS_INFORMATION_EXTENSION;
2185STRUCT!{struct SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION {
2186 EfiLauncherEnabled: BOOLEAN,
2187}}
2188pub type PSYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION =
2189 *mut SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION;
2190STRUCT!{struct SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX {
2191 DebuggerAllowed: BOOLEAN,
2192 DebuggerEnabled: BOOLEAN,
2193 DebuggerPresent: BOOLEAN,
2194}}
2195pub type PSYSTEM_KERNEL_DEBUGGER_INFORMATION_EX = *mut SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX;
2196STRUCT!{struct SYSTEM_ELAM_CERTIFICATE_INFORMATION {
2197 ElamDriverFile: HANDLE,
2198}}
2199pub type PSYSTEM_ELAM_CERTIFICATE_INFORMATION = *mut SYSTEM_ELAM_CERTIFICATE_INFORMATION;
2200STRUCT!{struct SYSTEM_PROCESSOR_FEATURES_INFORMATION {
2201 ProcessorFeatureBits: ULONGLONG,
2202 Reserved: [ULONGLONG; 3],
2203}}
2204pub type PSYSTEM_PROCESSOR_FEATURES_INFORMATION = *mut SYSTEM_PROCESSOR_FEATURES_INFORMATION;
2205STRUCT!{struct SYSTEM_MANUFACTURING_INFORMATION {
2206 Options: ULONG,
2207 ProfileName: UNICODE_STRING,
2208}}
2209pub type PSYSTEM_MANUFACTURING_INFORMATION = *mut SYSTEM_MANUFACTURING_INFORMATION;
2210STRUCT!{struct SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION {
2211 Enabled: BOOLEAN,
2212}}
2213pub type PSYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION =
2214 *mut SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION;
2215STRUCT!{struct HV_DETAILS {
2216 Data: [ULONG; 4],
2217}}
2218pub type PHV_DETAILS = *mut HV_DETAILS;
2219STRUCT!{struct SYSTEM_HYPERVISOR_DETAIL_INFORMATION {
2220 HvVendorAndMaxFunction: HV_DETAILS,
2221 HypervisorInterface: HV_DETAILS,
2222 HypervisorVersion: HV_DETAILS,
2223 HvFeatures: HV_DETAILS,
2224 HwFeatures: HV_DETAILS,
2225 EnlightenmentInfo: HV_DETAILS,
2226 ImplementationLimits: HV_DETAILS,
2227}}
2228pub type PSYSTEM_HYPERVISOR_DETAIL_INFORMATION = *mut SYSTEM_HYPERVISOR_DETAIL_INFORMATION;
2229STRUCT!{struct SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION {
2230 Cycles: [[ULONGLONG; 4]; 2],
2231}}
2232pub type PSYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION = *mut SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION;
2233STRUCT!{struct SYSTEM_TPM_INFORMATION {
2234 Flags: ULONG,
2235}}
2236pub type PSYSTEM_TPM_INFORMATION = *mut SYSTEM_TPM_INFORMATION;
2237STRUCT!{struct SYSTEM_VSM_PROTECTION_INFORMATION {
2238 DmaProtectionsAvailable: BOOLEAN,
2239 DmaProtectionsInUse: BOOLEAN,
2240 HardwareMbecAvailable: BOOLEAN,
2241}}
2242pub type PSYSTEM_VSM_PROTECTION_INFORMATION = *mut SYSTEM_VSM_PROTECTION_INFORMATION;
2243STRUCT!{struct SYSTEM_CODEINTEGRITYPOLICY_INFORMATION {
2244 Options: ULONG,
2245 HVCIOptions: ULONG,
2246 Version: ULONGLONG,
2247 PolicyGuid: GUID,
2248}}
2249pub type PSYSTEM_CODEINTEGRITYPOLICY_INFORMATION = *mut SYSTEM_CODEINTEGRITYPOLICY_INFORMATION;
2250STRUCT!{struct SYSTEM_ISOLATED_USER_MODE_INFORMATION {
2251 Bitfields1: BOOLEAN,
2252 Bitfields2: BOOLEAN,
2253 Spare0: [BOOLEAN; 6],
2254 Spare1: ULONGLONG,
2255}}
2256BITFIELD!{SYSTEM_ISOLATED_USER_MODE_INFORMATION Bitfields1: BOOLEAN [
2257 SecureKernelRunning set_SecureKernelRunning[0..1],
2258 HvciEnabled set_HvciEnabled[1..2],
2259 HvciStrictMode set_HvciStrictMode[2..3],
2260 DebugEnabled set_DebugEnabled[3..4],
2261 FirmwarePageProtection set_FirmwarePageProtection[4..5],
2262 EncryptionKeyAvailable set_EncryptionKeyAvailable[5..6],
2263 SpareFlags set_SpareFlags[6..7],
2264 TrustletRunning set_TrustletRunning[7..8],
2265]}
2266BITFIELD!{SYSTEM_ISOLATED_USER_MODE_INFORMATION Bitfields2: BOOLEAN [
2267 SpareFlags2 set_SpareFlags2[0..1],
2268]}
2269pub type PSYSTEM_ISOLATED_USER_MODE_INFORMATION = *mut SYSTEM_ISOLATED_USER_MODE_INFORMATION;
2270STRUCT!{struct SYSTEM_SINGLE_MODULE_INFORMATION {
2271 TargetModuleAddress: PVOID,
2272 ExInfo: RTL_PROCESS_MODULE_INFORMATION_EX,
2273}}
2274pub type PSYSTEM_SINGLE_MODULE_INFORMATION = *mut SYSTEM_SINGLE_MODULE_INFORMATION;
2275STRUCT!{struct SYSTEM_INTERRUPT_CPU_SET_INFORMATION {
2276 Gsiv: ULONG,
2277 Group: USHORT,
2278 CpuSets: ULONGLONG,
2279}}
2280pub type PSYSTEM_INTERRUPT_CPU_SET_INFORMATION = *mut SYSTEM_INTERRUPT_CPU_SET_INFORMATION;
2281STRUCT!{struct SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION {
2282 PolicyInformation: SYSTEM_SECUREBOOT_POLICY_INFORMATION,
2283 PolicySize: ULONG,
2284 Policy: [UCHAR; 1],
2285}}
2286pub type PSYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION =
2287 *mut SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION;
2288STRUCT!{struct SYSTEM_ROOT_SILO_INFORMATION {
2289 NumberOfSilos: ULONG,
2290 SiloIdList: [ULONG; 1],
2291}}
2292pub type PSYSTEM_ROOT_SILO_INFORMATION = *mut SYSTEM_ROOT_SILO_INFORMATION;
2293STRUCT!{struct SYSTEM_CPU_SET_TAG_INFORMATION {
2294 Tag: ULONGLONG,
2295 CpuSets: [ULONGLONG; 1],
2296}}
2297pub type PSYSTEM_CPU_SET_TAG_INFORMATION = *mut SYSTEM_CPU_SET_TAG_INFORMATION;
2298STRUCT!{struct SYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION {
2299 ExtentCount: ULONG,
2300 ValidStructureSize: ULONG,
2301 NextExtentIndex: ULONG,
2302 ExtentRestart: ULONG,
2303 CycleCount: ULONG,
2304 TimeoutCount: ULONG,
2305 CycleTime: ULONGLONG,
2306 CycleTimeMax: ULONGLONG,
2307 ExtentTime: ULONGLONG,
2308 ExtentTimeIndex: ULONG,
2309 ExtentTimeMaxIndex: ULONG,
2310 ExtentTimeMax: ULONGLONG,
2311 HyperFlushTimeMax: ULONGLONG,
2312 TranslateVaTimeMax: ULONGLONG,
2313 DebugExemptionCount: ULONGLONG,
2314 TbHitCount: ULONGLONG,
2315 TbMissCount: ULONGLONG,
2316 VinaPendingYield: ULONGLONG,
2317 HashCycles: ULONGLONG,
2318 HistogramOffset: ULONG,
2319 HistogramBuckets: ULONG,
2320 HistogramShift: ULONG,
2321 Reserved1: ULONG,
2322 PageNotPresentCount: ULONGLONG,
2323}}
2324pub type PSYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION =
2325 *mut SYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION;
2326STRUCT!{struct SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION {
2327 PlatformManifestSize: ULONG,
2328 PlatformManifest: [UCHAR; 1],
2329}}
2330pub type PSYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION =
2331 *mut SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION;
2332STRUCT!{struct SYSTEM_MEMORY_USAGE_INFORMATION {
2333 TotalPhysicalBytes: ULONGLONG,
2334 AvailableBytes: ULONGLONG,
2335 ResidentAvailableBytes: LONGLONG,
2336 CommittedBytes: ULONGLONG,
2337 SharedCommittedBytes: ULONGLONG,
2338 CommitLimitBytes: ULONGLONG,
2339 PeakCommitmentBytes: ULONGLONG,
2340}}
2341pub type PSYSTEM_MEMORY_USAGE_INFORMATION = *mut SYSTEM_MEMORY_USAGE_INFORMATION;
2342STRUCT!{struct SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION {
2343 ImageFile: HANDLE,
2344 Type: ULONG,
2345}}
2346pub type PSYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION =
2347 *mut SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION;
2348STRUCT!{struct SYSTEM_PHYSICAL_MEMORY_INFORMATION {
2349 TotalPhysicalBytes: ULONGLONG,
2350 LowestPhysicalAddress: ULONGLONG,
2351 HighestPhysicalAddress: ULONGLONG,
2352}}
2353pub type PSYSTEM_PHYSICAL_MEMORY_INFORMATION = *mut SYSTEM_PHYSICAL_MEMORY_INFORMATION;
2354ENUM!{enum SYSTEM_ACTIVITY_MODERATION_STATE {
2355 SystemActivityModerationStateSystemManaged = 0,
2356 SystemActivityModerationStateUserManagedAllowThrottling = 1,
2357 SystemActivityModerationStateUserManagedDisableThrottling = 2,
2358 MaxSystemActivityModerationState = 3,
2359}}
2360ENUM!{enum SYSTEM_ACTIVITY_MODERATION_APP_TYPE {
2361 SystemActivityModerationAppTypeClassic = 0,
2362 SystemActivityModerationAppTypePackaged = 1,
2363 MaxSystemActivityModerationAppType = 2,
2364}}
2365STRUCT!{struct SYSTEM_ACTIVITY_MODERATION_INFO {
2366 Identifier: UNICODE_STRING,
2367 ModerationState: SYSTEM_ACTIVITY_MODERATION_STATE,
2368 AppType: SYSTEM_ACTIVITY_MODERATION_APP_TYPE,
2369}}
2370pub type PSYSTEM_ACTIVITY_MODERATION_INFO = *mut SYSTEM_ACTIVITY_MODERATION_INFO;
2371STRUCT!{struct SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS {
2372 UserKeyHandle: HANDLE,
2373}}
2374pub type PSYSTEM_ACTIVITY_MODERATION_USER_SETTINGS = *mut SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS;
2375STRUCT!{struct SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION {
2376 Flags: ULONG,
2377 UnlockId: [UCHAR; 32],
2378}}
2379BITFIELD!{SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION Flags: ULONG [
2380 Locked set_Locked[0..1],
2381 Unlockable set_Unlockable[1..2],
2382 UnlockApplied set_UnlockApplied[2..3],
2383 UnlockIdValid set_UnlockIdValid[3..4],
2384 Reserved set_Reserved[4..32],
2385]}
2386pub type PSYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION = *mut SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION;
2387STRUCT!{struct SYSTEM_FLUSH_INFORMATION {
2388 SupportedFlushMethods: ULONG,
2389 ProcessorCacheFlushSize: ULONG,
2390 SystemFlushCapabilities: ULONGLONG,
2391 Reserved: [ULONGLONG; 2],
2392}}
2393pub type PSYSTEM_FLUSH_INFORMATION = *mut SYSTEM_FLUSH_INFORMATION;
2394STRUCT!{struct SYSTEM_WRITE_CONSTRAINT_INFORMATION {
2395 WriteConstraintPolicy: ULONG,
2396 Reserved: ULONG,
2397}}
2398pub type PSYSTEM_WRITE_CONSTRAINT_INFORMATION = *mut SYSTEM_WRITE_CONSTRAINT_INFORMATION;
2399STRUCT!{struct SYSTEM_KERNEL_VA_SHADOW_INFORMATION {
2400 Flags: ULONG,
2401}}
2402BITFIELD!{SYSTEM_KERNEL_VA_SHADOW_INFORMATION Flags: ULONG [
2403 KvaShadowEnabled set_KvaShadowEnabled[0..1],
2404 KvaShadowUserGlobal set_KvaShadowUserGlobal[1..2],
2405 KvaShadowPcid set_KvaShadowPcid[2..3],
2406 KvaShadowInvpcid set_KvaShadowInvpcid[3..4],
2407 KvaShadowRequired set_KvaShadowRequired[4..5],
2408 KvaShadowRequiredAvailable set_KvaShadowRequiredAvailable[5..6],
2409 InvalidPteBit set_InvalidPteBit[6..12],
2410 L1DataCacheFlushSupported set_L1DataCacheFlushSupported[12..13],
2411 L1TerminalFaultMitigationPresent set_L1TerminalFaultMitigationPresent[13..14],
2412 Reserved set_Reserved[14..32],
2413]}
2414pub type PSYSTEM_KERNEL_VA_SHADOW_INFORMATION = *mut SYSTEM_KERNEL_VA_SHADOW_INFORMATION;
2415STRUCT!{struct SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION {
2416 FileHandle: HANDLE,
2417 ImageSize: ULONG,
2418 Image: PVOID,
2419}}
2420pub type PSYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION =
2421 *mut SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION;
2422STRUCT!{struct SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION {
2423 HypervisorSharedUserVa: PVOID,
2424}}
2425pub type PSYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION =
2426 *mut SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION;
2427STRUCT!{struct SYSTEM_SPECULATION_CONTROL_INFORMATION {
2428 Flags: ULONG,
2429}}
2430BITFIELD!{SYSTEM_SPECULATION_CONTROL_INFORMATION Flags: ULONG [
2431 BpbEnabled set_BpbEnabled[0..1],
2432 BpbDisabledSystemPolicy set_BpbDisabledSystemPolicy[1..2],
2433 BpbDisabledNoHardwareSupport set_BpbDisabledNoHardwareSupport[2..3],
2434 SpecCtrlEnumerated set_SpecCtrlEnumerated[3..4],
2435 SpecCmdEnumerated set_SpecCmdEnumerated[4..5],
2436 IbrsPresent set_IbrsPresent[5..6],
2437 StibpPresent set_StibpPresent[6..7],
2438 SmepPresent set_SmepPresent[7..8],
2439 SpeculativeStoreBypassDisableAvailable set_SpeculativeStoreBypassDisableAvailable[8..9],
2440 SpeculativeStoreBypassDisableSupported set_SpeculativeStoreBypassDisableSupported[9..10],
2441 SpeculativeStoreBypassDisabledSystemWide set_SpeculativeStoreBypassDisabledSystemWide[10..11],
2442 SpeculativeStoreBypassDisabledKernel set_SpeculativeStoreBypassDisabledKernel[11..12],
2443 SpeculativeStoreBypassDisableRequired set_SpeculativeStoreBypassDisableRequired[12..13],
2444 BpbDisabledKernelToUser set_BpbDisabledKernelToUser[13..14],
2445 SpecCtrlRetpolineEnabled set_SpecCtrlRetpolineEnabled[14..15],
2446 SpecCtrlImportOptimizationEnabled set_SpecCtrlImportOptimizationEnabled[15..16],
2447 Reserved set_Reserved[16..32],
2448]}
2449pub type PSYSTEM_SPECULATION_CONTROL_INFORMATION = *mut SYSTEM_SPECULATION_CONTROL_INFORMATION;
2450STRUCT!{struct SYSTEM_DMA_GUARD_POLICY_INFORMATION {
2451 DmaGuardPolicyEnabled: BOOLEAN,
2452}}
2453pub type PSYSTEM_DMA_GUARD_POLICY_INFORMATION = *mut SYSTEM_DMA_GUARD_POLICY_INFORMATION;
2454STRUCT!{struct SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION {
2455 EnclaveLaunchSigner: [UCHAR; 32],
2456}}
2457pub type PSYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION =
2458 *mut SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION;
2459STRUCT!{struct SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION {
2460 WorkloadClass: ULONGLONG,
2461 CpuSets: [ULONGLONG; 1],
2462}}
2463pub type PSYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION =
2464 *mut SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION;
2465EXTERN!{extern "system" {
2466 fn NtQuerySystemInformation(
2467 SystemInformationClass: SYSTEM_INFORMATION_CLASS,
2468 SystemInformation: PVOID,
2469 SystemInformationLength: ULONG,
2470 ReturnLength: PULONG,
2471 ) -> NTSTATUS;
2472 fn NtQuerySystemInformationEx(
2473 SystemInformationClass: SYSTEM_INFORMATION_CLASS,
2474 InputBuffer: PVOID,
2475 InputBufferLength: ULONG,
2476 SystemInformation: PVOID,
2477 SystemInformationLength: ULONG,
2478 ReturnLength: PULONG,
2479 ) -> NTSTATUS;
2480 fn NtSetSystemInformation(
2481 SystemInformationClass: SYSTEM_INFORMATION_CLASS,
2482 SystemInformation: PVOID,
2483 SystemInformationLength: ULONG,
2484 ) -> NTSTATUS;
2485}}
2486ENUM!{enum SYSDBG_COMMAND {
2487 SysDbgQueryModuleInformation = 0,
2488 SysDbgQueryTraceInformation = 1,
2489 SysDbgSetTracepoint = 2,
2490 SysDbgSetSpecialCall = 3,
2491 SysDbgClearSpecialCalls = 4,
2492 SysDbgQuerySpecialCalls = 5,
2493 SysDbgBreakPoint = 6,
2494 SysDbgQueryVersion = 7,
2495 SysDbgReadVirtual = 8,
2496 SysDbgWriteVirtual = 9,
2497 SysDbgReadPhysical = 10,
2498 SysDbgWritePhysical = 11,
2499 SysDbgReadControlSpace = 12,
2500 SysDbgWriteControlSpace = 13,
2501 SysDbgReadIoSpace = 14,
2502 SysDbgWriteIoSpace = 15,
2503 SysDbgReadMsr = 16,
2504 SysDbgWriteMsr = 17,
2505 SysDbgReadBusData = 18,
2506 SysDbgWriteBusData = 19,
2507 SysDbgCheckLowMemory = 20,
2508 SysDbgEnableKernelDebugger = 21,
2509 SysDbgDisableKernelDebugger = 22,
2510 SysDbgGetAutoKdEnable = 23,
2511 SysDbgSetAutoKdEnable = 24,
2512 SysDbgGetPrintBufferSize = 25,
2513 SysDbgSetPrintBufferSize = 26,
2514 SysDbgGetKdUmExceptionEnable = 27,
2515 SysDbgSetKdUmExceptionEnable = 28,
2516 SysDbgGetTriageDump = 29,
2517 SysDbgGetKdBlockEnable = 30,
2518 SysDbgSetKdBlockEnable = 31,
2519 SysDbgRegisterForUmBreakInfo = 32,
2520 SysDbgGetUmBreakPid = 33,
2521 SysDbgClearUmBreakPid = 34,
2522 SysDbgGetUmAttachPid = 35,
2523 SysDbgClearUmAttachPid = 36,
2524 SysDbgGetLiveKernelDump = 37,
2525}}
2526pub type PSYSDBG_COMMAND = *mut SYSDBG_COMMAND;
2527STRUCT!{struct SYSDBG_VIRTUAL {
2528 Address: PVOID,
2529 Buffer: PVOID,
2530 Request: ULONG,
2531}}
2532pub type PSYSDBG_VIRTUAL = *mut SYSDBG_VIRTUAL;
2533STRUCT!{struct SYSDBG_PHYSICAL {
2534 Address: PHYSICAL_ADDRESS,
2535 Buffer: PVOID,
2536 Request: ULONG,
2537}}
2538pub type PSYSDBG_PHYSICAL = *mut SYSDBG_PHYSICAL;
2539STRUCT!{struct SYSDBG_CONTROL_SPACE {
2540 Address: ULONG64,
2541 Buffer: PVOID,
2542 Request: ULONG,
2543 Processor: ULONG,
2544}}
2545pub type PSYSDBG_CONTROL_SPACE = *mut SYSDBG_CONTROL_SPACE;
2546STRUCT!{struct SYSDBG_IO_SPACE {
2547 Address: ULONG64,
2548 Buffer: PVOID,
2549 Request: ULONG,
2550 InterfaceType: INTERFACE_TYPE,
2551 BusNumber: ULONG,
2552 AddressSpace: ULONG,
2553}}
2554pub type PSYSDBG_IO_SPACE = *mut SYSDBG_IO_SPACE;
2555STRUCT!{struct SYSDBG_MSR {
2556 Msr: ULONG,
2557 Data: ULONG64,
2558}}
2559pub type PSYSDBG_MSR = *mut SYSDBG_MSR;
2560STRUCT!{struct SYSDBG_BUS_DATA {
2561 Address: ULONG,
2562 Buffer: PVOID,
2563 Request: ULONG,
2564 BusDataType: BUS_DATA_TYPE,
2565 BusNumber: ULONG,
2566 SlotNumber: ULONG,
2567}}
2568pub type PSYSDBG_BUS_DATA = *mut SYSDBG_BUS_DATA;
2569STRUCT!{struct SYSDBG_TRIAGE_DUMP {
2570 Flags: ULONG,
2571 BugCheckCode: ULONG,
2572 BugCheckParam1: ULONG_PTR,
2573 BugCheckParam2: ULONG_PTR,
2574 BugCheckParam3: ULONG_PTR,
2575 BugCheckParam4: ULONG_PTR,
2576 ProcessHandles: ULONG,
2577 ThreadHandles: ULONG,
2578 Handles: PHANDLE,
2579}}
2580pub type PSYSDBG_TRIAGE_DUMP = *mut SYSDBG_TRIAGE_DUMP;
2581STRUCT!{struct SYSDBG_LIVEDUMP_CONTROL_FLAGS {
2582 AsUlong: ULONG,
2583}}
2584BITFIELD!{SYSDBG_LIVEDUMP_CONTROL_FLAGS AsUlong: ULONG [
2585 UseDumpStorageStack set_UseDumpStorageStack[0..1],
2586 CompressMemoryPagesData set_CompressMemoryPagesData[1..2],
2587 IncludeUserSpaceMemoryPages set_IncludeUserSpaceMemoryPages[2..3],
2588 AbortIfMemoryPressure set_AbortIfMemoryPressure[3..4],
2589 Reserved set_Reserved[4..32],
2590]}
2591pub type PSYSDBG_LIVEDUMP_CONTROL_FLAGS = *mut SYSDBG_LIVEDUMP_CONTROL_FLAGS;
2592STRUCT!{struct SYSDBG_LIVEDUMP_CONTROL_ADDPAGES {
2593 AsUlong: ULONG,
2594}}
2595BITFIELD!{SYSDBG_LIVEDUMP_CONTROL_ADDPAGES AsUlong: ULONG [
2596 HypervisorPages set_HypervisorPages[0..1],
2597 Reserved set_Reserved[1..32],
2598]}
2599pub type PSYSDBG_LIVEDUMP_CONTROL_ADDPAGES = *mut SYSDBG_LIVEDUMP_CONTROL_ADDPAGES;
2600pub const SYSDBG_LIVEDUMP_CONTROL_VERSION: ULONG = 1;
2601STRUCT!{struct SYSDBG_LIVEDUMP_CONTROL {
2602 Version: ULONG,
2603 BugCheckCode: ULONG,
2604 BugCheckParam1: ULONG_PTR,
2605 BugCheckParam2: ULONG_PTR,
2606 BugCheckParam3: ULONG_PTR,
2607 BugCheckParam4: ULONG_PTR,
2608 DumpFileHandle: HANDLE,
2609 CancelEventHandle: HANDLE,
2610 Flags: SYSDBG_LIVEDUMP_CONTROL_FLAGS,
2611 AddPagesControl: SYSDBG_LIVEDUMP_CONTROL_ADDPAGES,
2612}}
2613pub type PSYSDBG_LIVEDUMP_CONTROL = *mut SYSDBG_LIVEDUMP_CONTROL;
2614EXTERN!{extern "system" {
2615 fn NtSystemDebugControl(
2616 Command: SYSDBG_COMMAND,
2617 InputBuffer: PVOID,
2618 InputBufferLength: ULONG,
2619 OutputBuffer: PVOID,
2620 OutputBufferLength: ULONG,
2621 ReturnLength: PULONG,
2622 ) -> NTSTATUS;
2623}}
2624ENUM!{enum HARDERROR_RESPONSE_OPTION {
2625 OptionAbortRetryIgnore = 0,
2626 OptionOk = 1,
2627 OptionOkCancel = 2,
2628 OptionRetryCancel = 3,
2629 OptionYesNo = 4,
2630 OptionYesNoCancel = 5,
2631 OptionShutdownSystem = 6,
2632 OptionOkNoWait = 7,
2633 OptionCancelTryContinue = 8,
2634}}
2635ENUM!{enum HARDERROR_RESPONSE {
2636 ResponseReturnToCaller = 0,
2637 ResponseNotHandled = 1,
2638 ResponseAbort = 2,
2639 ResponseCancel = 3,
2640 ResponseIgnore = 4,
2641 ResponseNo = 5,
2642 ResponseOk = 6,
2643 ResponseRetry = 7,
2644 ResponseYes = 8,
2645 ResponseTryAgain = 9,
2646 ResponseContinue = 10,
2647}}
2648pub const HARDERROR_OVERRIDE_ERRORMODE: ULONG = 0x10000000;
2649EXTERN!{extern "system" {
2650 fn NtRaiseHardError(
2651 ErrorStatus: NTSTATUS,
2652 NumberOfParameters: ULONG,
2653 UnicodeStringParameterMask: ULONG,
2654 Parameters: PULONG_PTR,
2655 ValidResponseOptions: ULONG,
2656 Response: PULONG,
2657 ) -> NTSTATUS;
2658}}
2659ENUM!{enum ALTERNATIVE_ARCHITECTURE_TYPE {
2660 StandardDesign = 0,
2661 NEC98x86 = 1,
2662 EndAlternatives = 2,
2663}}
2664pub const PROCESSOR_FEATURE_MAX: usize = 64;
2665pub const MAX_WOW64_SHARED_ENTRIES: u32 = 16;
2666pub const NX_SUPPORT_POLICY_ALWAYSOFF: u32 = 0;
2667pub const NX_SUPPORT_POLICY_ALWAYSON: u32 = 1;
2668pub const NX_SUPPORT_POLICY_OPTIN: u32 = 2;
2669pub const NX_SUPPORT_POLICY_OPTOUT: u32 = 3;
2670UNION!{union KUSER_SHARED_DATA_u {
2671 TickCount: KSYSTEM_TIME,
2672 TickCountQuad: ULONG64,
2673 ReservedTickCountOverlay: [ULONG; 3],
2674}}
2675STRUCT!{#[repr(packed(4))] struct KUSER_SHARED_DATA {
2676 TickCountLowDeprecated: ULONG,
2677 TickCountMultiplier: ULONG,
2678 InterruptTime: KSYSTEM_TIME,
2679 SystemTime: KSYSTEM_TIME,
2680 TimeZoneBias: KSYSTEM_TIME,
2681 ImageNumberLow: USHORT,
2682 ImageNumberHigh: USHORT,
2683 NtSystemRoot: [WCHAR; 260],
2684 MaxStackTraceDepth: ULONG,
2685 CryptoExponent: ULONG,
2686 TimeZoneId: ULONG,
2687 LargePageMinimum: ULONG,
2688 AitSamplingValue: ULONG,
2689 AppCompatFlag: ULONG,
2690 RNGSeedVersion: ULONGLONG,
2691 GlobalValidationRunlevel: ULONG,
2692 TimeZoneBiasStamp: LONG,
2693 NtBuildNumber: ULONG,
2694 NtProductType: NT_PRODUCT_TYPE,
2695 ProductTypeIsValid: BOOLEAN,
2696 Reserved0: [UCHAR; 1],
2697 NativeProcessorArchitecture: USHORT,
2698 NtMajorVersion: ULONG,
2699 NtMinorVersion: ULONG,
2700 ProcessorFeatures: [BOOLEAN; PROCESSOR_FEATURE_MAX],
2701 Reserved1: ULONG,
2702 Reserved3: ULONG,
2703 TimeSlip: ULONG,
2704 AlternativeArchitecture: ALTERNATIVE_ARCHITECTURE_TYPE,
2705 BootId: ULONG,
2706 SystemExpirationDate: LARGE_INTEGER,
2707 SuiteMask: ULONG,
2708 KdDebuggerEnabled: BOOLEAN,
2709 MitigationPolicies: UCHAR,
2710 Reserved6: [UCHAR; 2],
2711 ActiveConsoleId: ULONG,
2712 DismountCount: ULONG,
2713 ComPlusPackage: ULONG,
2714 LastSystemRITEventTickCount: ULONG,
2715 NumberOfPhysicalPages: ULONG,
2716 SafeBootMode: BOOLEAN,
2717 VirtualizationFlags: UCHAR,
2718 Reserved12: [UCHAR; 2],
2719 SharedDataFlags: ULONG,
2720 DataFlagsPad: [ULONG; 1],
2721 TestRetInstruction: ULONGLONG,
2722 QpcFrequency: LONGLONG,
2723 SystemCall: ULONG,
2724 SystemCallPad0: ULONG,
2725 SystemCallPad: [ULONGLONG; 2],
2726 u: KUSER_SHARED_DATA_u,
2727 Cookie: ULONG,
2729 CookiePad: [ULONG; 1],
2730 ConsoleSessionForegroundProcessId: LONGLONG,
2731 TimeUpdateLock: ULONGLONG,
2732 BaselineSystemTimeQpc: ULONGLONG,
2733 BaselineInterruptTimeQpc: ULONGLONG,
2734 QpcSystemTimeIncrement: ULONGLONG,
2735 QpcInterruptTimeIncrement: ULONGLONG,
2736 QpcSystemTimeIncrementShift: UCHAR,
2737 QpcInterruptTimeIncrementShift: UCHAR,
2738 UnparkedProcessorCount: USHORT,
2739 EnclaveFeatureMask: [ULONG; 4],
2740 TelemetryCoverageRound: ULONG,
2741 UserModeGlobalLogger: [USHORT; 16],
2742 ImageFileExecutionOptions: ULONG,
2743 LangGenerationCount: ULONG,
2744 Reserved4: ULONGLONG,
2745 InterruptTimeBias: ULONG64,
2746 QpcBias: ULONG64,
2747 ActiveProcessorCount: ULONG,
2748 ActiveGroupCount: UCHAR,
2749 Reserved9: UCHAR,
2750 QpcData: UCHAR,
2751 TimeZoneBiasEffectiveStart: LARGE_INTEGER,
2752 TimeZoneBiasEffectiveEnd: LARGE_INTEGER,
2753 XState: XSTATE_CONFIGURATION,
2754}}
2755BITFIELD!{KUSER_SHARED_DATA MitigationPolicies: UCHAR [
2756 NXSupportPolicy set_NXSupportPolicy[0..2],
2757 SEHValidationPolicy set_SEHValidationPolicy[2..4],
2758 CurDirDevicesSkippedForDlls set_CurDirDevicesSkippedForDlls[4..6],
2759 Reserved set_Reserved[6..8],
2760]}
2761BITFIELD!{KUSER_SHARED_DATA SharedDataFlags: ULONG [
2762 DbgErrorPortPresent set_DbgErrorPortPresent[0..1],
2763 DbgElevationEnabled set_DbgElevationEnabled[1..2],
2764 DbgVirtEnabled set_DbgVirtEnabled[2..3],
2765 DbgInstallerDetectEnabled set_DbgInstallerDetectEnabled[3..4],
2766 DbgLkgEnabled set_DbgLkgEnabled[4..5],
2767 DbgDynProcessorEnabled set_DbgDynProcessorEnabled[5..6],
2768 DbgConsoleBrokerEnabled set_DbgConsoleBrokerEnabled[6..7],
2769 DbgSecureBootEnabled set_DbgSecureBootEnabled[7..8],
2770 DbgMultiSessionSku set_DbgMultiSessionSku[8..9],
2771 DbgMultiUsersInSessionSku set_DbgMultiUsersInSessionSku[9..10],
2772 DbgStateSeparationEnabled set_DbgStateSeparationEnabled[10..11],
2773 SpareBits set_SpareBits[11..32],
2774]}
2775BITFIELD!{KUSER_SHARED_DATA QpcData: UCHAR [
2776 QpcBypassEnabled set_QpcBypassEnabled[0..1],
2777 QpcShift set_QpcShift[1..2],
2778]}
2779pub type PKUSER_SHARED_DATA = *mut KUSER_SHARED_DATA;
2780pub const USER_SHARED_DATA: *const KUSER_SHARED_DATA = 0x7ffe0000 as *const _;
2781#[inline]
2782pub unsafe fn NtGetTickCount64() -> ULONGLONG {
2783 let mut tick_count: ULARGE_INTEGER = MaybeUninit::zeroed().assume_init();
2784 #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] {
2785 *tick_count.QuadPart_mut() = read_volatile(addr_of!((*USER_SHARED_DATA).u.TickCountQuad));
2786 }
2787 #[cfg(target_arch = "x86")] {
2788 loop {
2789 tick_count.s_mut().HighPart =
2790 read_volatile(&(*USER_SHARED_DATA).u.TickCount.High1Time) as u32;
2791 tick_count.s_mut().LowPart = read_volatile(&(*USER_SHARED_DATA).u.TickCount.LowPart);
2792 if tick_count.s().HighPart == read_volatile(&(*USER_SHARED_DATA).u.TickCount.High2Time)
2793 as u32
2794 {
2795 break;
2796 }
2797 spin_loop();
2798 }
2799 }
2800 (UInt32x32To64(tick_count.s().LowPart, (*USER_SHARED_DATA).TickCountMultiplier) >> 24)
2801 + (UInt32x32To64(
2802 tick_count.s().HighPart as u32,
2803 (*USER_SHARED_DATA).TickCountMultiplier,
2804 ) << 8)
2805}
2806#[inline]
2807pub unsafe fn NtGetTickCount() -> ULONG {
2808 #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] {
2809 ((read_volatile(addr_of!((*USER_SHARED_DATA).u.TickCountQuad))
2810 * (*USER_SHARED_DATA).TickCountMultiplier as u64) >> 24) as u32
2811 }
2812 #[cfg(target_arch = "x86")] {
2813 let mut tick_count: ULARGE_INTEGER = MaybeUninit::zeroed().assume_init();
2814 loop {
2815 tick_count.s_mut().HighPart = read_volatile(&(*USER_SHARED_DATA).u.TickCount.High1Time)
2816 as u32;
2817 tick_count.s_mut().LowPart = read_volatile(&(*USER_SHARED_DATA).u.TickCount.LowPart);
2818 if tick_count.s().HighPart == read_volatile(&(*USER_SHARED_DATA).u.TickCount.High2Time)
2819 as u32
2820 {
2821 break;
2822 }
2823 spin_loop();
2824 }
2825 ((UInt32x32To64(tick_count.s().LowPart, (*USER_SHARED_DATA).TickCountMultiplier) >> 24)
2826 + UInt32x32To64(
2827 (tick_count.s().HighPart as u32) << 8,
2828 (*USER_SHARED_DATA).TickCountMultiplier,
2829 )) as u32
2830 }
2831}
2832EXTERN!{extern "system" {
2833 fn NtQueryDefaultLocale(
2834 UserProfile: BOOLEAN,
2835 DefaultLocaleId: PLCID,
2836 ) -> NTSTATUS;
2837 fn NtSetDefaultLocale(
2838 UserProfile: BOOLEAN,
2839 DefaultLocaleId: LCID,
2840 ) -> NTSTATUS;
2841 fn NtQueryInstallUILanguage(
2842 InstallUILanguageId: *mut LANGID,
2843 ) -> NTSTATUS;
2844 fn NtFlushInstallUILanguage(
2845 InstallUILanguage: LANGID,
2846 SetComittedFlag: ULONG,
2847 ) -> NTSTATUS;
2848 fn NtQueryDefaultUILanguage(
2849 DefaultUILanguageId: *mut LANGID,
2850 ) -> NTSTATUS;
2851 fn NtSetDefaultUILanguage(
2852 DefaultUILanguageId: LANGID,
2853 ) -> NTSTATUS;
2854 fn NtIsUILanguageComitted() -> NTSTATUS;
2855 fn NtInitializeNlsFiles(
2856 BaseAddress: *mut PVOID,
2857 DefaultLocaleId: PLCID,
2858 DefaultCasingTableSize: PLARGE_INTEGER,
2859 ) -> NTSTATUS;
2860 fn NtGetNlsSectionPtr(
2861 SectionType: ULONG,
2862 SectionData: ULONG,
2863 ContextData: PVOID,
2864 SectionPointer: *mut PVOID,
2865 SectionSize: PULONG,
2866 ) -> NTSTATUS;
2867 fn NtMapCMFModule(
2868 What: ULONG,
2869 Index: ULONG,
2870 CacheIndexOut: PULONG,
2871 CacheFlagsOut: PULONG,
2872 ViewSizeOut: PULONG,
2873 BaseAddress: *mut PVOID,
2874 ) -> NTSTATUS;
2875 fn NtGetMUIRegistryInfo(
2876 Flags: ULONG,
2877 DataSize: PULONG,
2878 Data: PVOID,
2879 ) -> NTSTATUS;
2880 fn NtAddAtom(
2881 AtomName: PWSTR,
2882 Length: ULONG,
2883 Atom: PRTL_ATOM,
2884 ) -> NTSTATUS;
2885}}
2886pub const ATOM_FLAG_GLOBAL: ULONG = 0x2;
2887EXTERN!{extern "system" {
2888 fn NtAddAtomEx(
2889 AtomName: PWSTR,
2890 Length: ULONG,
2891 Atom: PRTL_ATOM,
2892 Flags: ULONG,
2893 ) -> NTSTATUS;
2894 fn NtFindAtom(
2895 AtomName: PWSTR,
2896 Length: ULONG,
2897 Atom: PRTL_ATOM,
2898 ) -> NTSTATUS;
2899 fn NtDeleteAtom(
2900 Atom: RTL_ATOM,
2901 ) -> NTSTATUS;
2902}}
2903ENUM!{enum ATOM_INFORMATION_CLASS {
2904 AtomBasicInformation = 0,
2905 AtomTableInformation = 1,
2906}}
2907STRUCT!{struct ATOM_BASIC_INFORMATION {
2908 UsageCount: USHORT,
2909 Flags: USHORT,
2910 NameLength: USHORT,
2911 Name: [WCHAR; 1],
2912}}
2913pub type PATOM_BASIC_INFORMATION = *mut ATOM_BASIC_INFORMATION;
2914STRUCT!{struct ATOM_TABLE_INFORMATION {
2915 NumberOfAtoms: ULONG,
2916 Atoms: [RTL_ATOM; 1],
2917}}
2918pub type PATOM_TABLE_INFORMATION = *mut ATOM_TABLE_INFORMATION;
2919EXTERN!{extern "system" {
2920 fn NtQueryInformationAtom(
2921 Atom: RTL_ATOM,
2922 AtomInformationClass: ATOM_INFORMATION_CLASS,
2923 AtomInformation: PVOID,
2924 AtomInformationLength: ULONG,
2925 ReturnLength: PULONG,
2926 ) -> NTSTATUS;
2927}}
2928pub const FLG_STOP_ON_EXCEPTION: u32 = 0x00000001;
2929pub const FLG_SHOW_LDR_SNAPS: u32 = 0x00000002;
2930pub const FLG_DEBUG_INITIAL_COMMAND: u32 = 0x00000004;
2931pub const FLG_STOP_ON_HUNG_GUI: u32 = 0x00000008;
2932pub const FLG_HEAP_ENABLE_TAIL_CHECK: u32 = 0x00000010;
2933pub const FLG_HEAP_ENABLE_FREE_CHECK: u32 = 0x00000020;
2934pub const FLG_HEAP_VALIDATE_PARAMETERS: u32 = 0x00000040;
2935pub const FLG_HEAP_VALIDATE_ALL: u32 = 0x00000080;
2936pub const FLG_APPLICATION_VERIFIER: u32 = 0x00000100;
2937pub const FLG_POOL_ENABLE_TAGGING: u32 = 0x00000400;
2938pub const FLG_HEAP_ENABLE_TAGGING: u32 = 0x00000800;
2939pub const FLG_USER_STACK_TRACE_DB: u32 = 0x00001000;
2940pub const FLG_KERNEL_STACK_TRACE_DB: u32 = 0x00002000;
2941pub const FLG_MAINTAIN_OBJECT_TYPELIST: u32 = 0x00004000;
2942pub const FLG_HEAP_ENABLE_TAG_BY_DLL: u32 = 0x00008000;
2943pub const FLG_DISABLE_STACK_EXTENSION: u32 = 0x00010000;
2944pub const FLG_ENABLE_CSRDEBUG: u32 = 0x00020000;
2945pub const FLG_ENABLE_KDEBUG_SYMBOL_LOAD: u32 = 0x00040000;
2946pub const FLG_DISABLE_PAGE_KERNEL_STACKS: u32 = 0x00080000;
2947pub const FLG_ENABLE_SYSTEM_CRIT_BREAKS: u32 = 0x00100000;
2948pub const FLG_HEAP_DISABLE_COALESCING: u32 = 0x00200000;
2949pub const FLG_ENABLE_CLOSE_EXCEPTIONS: u32 = 0x00400000;
2950pub const FLG_ENABLE_EXCEPTION_LOGGING: u32 = 0x00800000;
2951pub const FLG_ENABLE_HANDLE_TYPE_TAGGING: u32 = 0x01000000;
2952pub const FLG_HEAP_PAGE_ALLOCS: u32 = 0x02000000;
2953pub const FLG_DEBUG_INITIAL_COMMAND_EX: u32 = 0x04000000;
2954pub const FLG_DISABLE_DBGPRINT: u32 = 0x08000000;
2955pub const FLG_CRITSEC_EVENT_CREATION: u32 = 0x10000000;
2956pub const FLG_LDR_TOP_DOWN: u32 = 0x20000000;
2957pub const FLG_ENABLE_HANDLE_EXCEPTIONS: u32 = 0x40000000;
2958pub const FLG_DISABLE_PROTDLLS: u32 = 0x80000000;
2959pub const FLG_VALID_BITS: u32 = 0xfffffdff;
2960pub const FLG_USERMODE_VALID_BITS: u32 = FLG_STOP_ON_EXCEPTION | FLG_SHOW_LDR_SNAPS
2961 | FLG_HEAP_ENABLE_TAIL_CHECK | FLG_HEAP_ENABLE_FREE_CHECK | FLG_HEAP_VALIDATE_PARAMETERS
2962 | FLG_HEAP_VALIDATE_ALL | FLG_APPLICATION_VERIFIER | FLG_HEAP_ENABLE_TAGGING
2963 | FLG_USER_STACK_TRACE_DB | FLG_HEAP_ENABLE_TAG_BY_DLL | FLG_DISABLE_STACK_EXTENSION
2964 | FLG_ENABLE_SYSTEM_CRIT_BREAKS | FLG_HEAP_DISABLE_COALESCING | FLG_DISABLE_PROTDLLS
2965 | FLG_HEAP_PAGE_ALLOCS | FLG_CRITSEC_EVENT_CREATION | FLG_LDR_TOP_DOWN;
2966pub const FLG_BOOTONLY_VALID_BITS: u32 = FLG_KERNEL_STACK_TRACE_DB | FLG_MAINTAIN_OBJECT_TYPELIST
2967 | FLG_ENABLE_CSRDEBUG | FLG_DEBUG_INITIAL_COMMAND | FLG_DEBUG_INITIAL_COMMAND_EX
2968 | FLG_DISABLE_PAGE_KERNEL_STACKS;
2969pub const FLG_KERNELMODE_VALID_BITS: u32 = FLG_STOP_ON_EXCEPTION | FLG_SHOW_LDR_SNAPS
2970 | FLG_STOP_ON_HUNG_GUI | FLG_POOL_ENABLE_TAGGING | FLG_ENABLE_KDEBUG_SYMBOL_LOAD
2971 | FLG_ENABLE_CLOSE_EXCEPTIONS | FLG_ENABLE_EXCEPTION_LOGGING | FLG_ENABLE_HANDLE_TYPE_TAGGING
2972 | FLG_DISABLE_DBGPRINT | FLG_ENABLE_HANDLE_EXCEPTIONS;
2973EXTERN!{extern "system" {
2974 fn NtQueryLicenseValue(
2975 ValueName: PUNICODE_STRING,
2976 Type: PULONG,
2977 Data: PVOID,
2978 DataSize: ULONG,
2979 ResultDataSize: PULONG,
2980 ) -> NTSTATUS;
2981 fn NtSetDefaultHardErrorPort(
2982 DefaultHardErrorPort: HANDLE,
2983 ) -> NTSTATUS;
2984}}
2985ENUM!{enum SHUTDOWN_ACTION {
2986 ShutdownNoReboot = 0,
2987 ShutdownReboot = 1,
2988 ShutdownPowerOff = 2,
2989}}
2990EXTERN!{extern "system" {
2991 fn NtShutdownSystem(
2992 Action: SHUTDOWN_ACTION,
2993 ) -> NTSTATUS;
2994 fn NtDisplayString(
2995 String: PUNICODE_STRING,
2996 ) -> NTSTATUS;
2997 fn NtDrawText(
2998 Text: PUNICODE_STRING,
2999 ) -> NTSTATUS;
3000}}