1use core::ptr::null_mut;
2use crate::ntapi_base::{CLIENT_ID, PCLIENT_ID};
3use crate::ntexapi::{RTL_PROCESS_BACKTRACES, RTL_PROCESS_LOCKS};
4use crate::ntioapi::FILE_INFORMATION_CLASS;
5use crate::ntldr::{RTL_PROCESS_MODULES, RTL_PROCESS_MODULE_INFORMATION_EX};
6use crate::ntmmapi::SECTION_IMAGE_INFORMATION;
7use crate::ntnls::{PCPTABLEINFO, PNLSTABLEINFO};
8use crate::ntpebteb::{PPEB, PTEB_ACTIVE_FRAME};
9use crate::ntpsapi::{PINITIAL_TEB, PPS_APC_ROUTINE, PS_PROTECTION};
10use crate::ntapi_base::{PRTL_ATOM, RTL_ATOM};
11use crate::string::UTF16Const;
12use winapi::ctypes::c_void;
13use winapi::shared::basetsd::{PULONG64, ULONG32, ULONG64, PSIZE_T, PULONG_PTR, SIZE_T, ULONG_PTR};
14use winapi::shared::guiddef::GUID;
15use winapi::shared::in6addr::in6_addr;
16use winapi::shared::inaddr::in_addr;
17use winapi::shared::minwindef::{BOOL, DWORD, PBOOL};
18#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
19use winapi::shared::ntdef::{LARGE_INTEGER, RTL_BALANCED_NODE};
20use winapi::shared::ntdef::{
21 BOOLEAN, CCHAR, CHAR, CLONG, CSHORT, HANDLE, LCID, LIST_ENTRY, LOGICAL, LONG, LUID, NTSTATUS,
22 PANSI_STRING, PBOOLEAN, PCANSI_STRING, PCCH, PCH, PCHAR, PCOEM_STRING, PCSZ, PCUNICODE_STRING,
23 PCWCH, PCWSTR, PHANDLE, PLARGE_INTEGER, PLCID, PLIST_ENTRY, PLONG, PLUID, PNT_PRODUCT_TYPE,
24 POEM_STRING, PPROCESSOR_NUMBER, PRTL_BALANCED_NODE, PSINGLE_LIST_ENTRY, PSTR, PSTRING, PUCHAR,
25 PULONG, PULONGLONG, PUNICODE_STRING, PUSHORT, PVOID, PWCH, PWCHAR, PWSTR, SINGLE_LIST_ENTRY,
26 STRING, UCHAR, ULONG, ULONGLONG, UNICODE_STRING, USHORT, VOID, WCHAR,
27};
28use winapi::um::minwinbase::PTHREAD_START_ROUTINE;
29#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
30use winapi::um::winnt::{PGET_RUNTIME_FUNCTION_CALLBACK, PRUNTIME_FUNCTION, PWOW64_CONTEXT};
31use winapi::um::winnt::{
32 ACCESS_MASK, ACL_INFORMATION_CLASS, APC_CALLBACK_FUNCTION, HEAP_INFORMATION_CLASS,
33 HEAP_REALLOC_IN_PLACE_ONLY, HEAP_ZERO_MEMORY, OS_DEPLOYEMENT_STATE_VALUES, PACCESS_MASK, PACL,
34 PCONTEXT, PEXCEPTION_POINTERS, PEXCEPTION_RECORD, PFLS_CALLBACK_FUNCTION, PGENERIC_MAPPING,
35 PIMAGE_NT_HEADERS, PIMAGE_SECTION_HEADER, PLUID_AND_ATTRIBUTES, PMESSAGE_RESOURCE_ENTRY,
36 PPERFORMANCE_DATA, PRTL_BARRIER, PRTL_CONDITION_VARIABLE, PRTL_CRITICAL_SECTION,
37 PRTL_OSVERSIONINFOEXW, PRTL_OSVERSIONINFOW, PRTL_RESOURCE_DEBUG, PRTL_SRWLOCK,
38 PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR_CONTROL, PSID, PSID_AND_ATTRIBUTES,
39 PSID_AND_ATTRIBUTES_HASH, PSID_IDENTIFIER_AUTHORITY, PVECTORED_EXCEPTION_HANDLER,
40 PXSAVE_AREA_HEADER, RTL_CRITICAL_SECTION, RTL_SRWLOCK, SECURITY_DESCRIPTOR_CONTROL,
41 SECURITY_IMPERSONATION_LEVEL, SECURITY_INFORMATION, WAITORTIMERCALLBACKFUNC,
42 WORKERCALLBACKFUNC,
43};
44use winapi::vc::vadefs::va_list;
45#[inline]
46pub fn InitializeListHead(ListHead: &mut LIST_ENTRY) {
47 ListHead.Flink = ListHead;
48 ListHead.Blink = ListHead;
49}
50#[inline]
51pub fn IsListEmpty(ListHead: &LIST_ENTRY) -> bool {
52 ListHead.Flink as *const _ == ListHead as *const _
53}
54#[inline]
55pub unsafe fn RemoveEntryList(Entry: &mut LIST_ENTRY) -> bool {
56 let (Blink, Flink) = (Entry.Blink, Entry.Flink);
57 (*Blink).Flink = Flink;
58 (*Flink).Blink = Blink;
59 Flink == Blink
60}
61#[inline]
62pub unsafe fn RemoveHeadList(ListHead: &mut LIST_ENTRY) -> PLIST_ENTRY {
63 let Entry = ListHead.Flink;
64 let Flink = (*Entry).Flink;
65 ListHead.Flink = Flink;
66 (*Flink).Blink = ListHead;
67 Entry
68}
69#[inline]
70pub unsafe fn RemoveTailList(ListHead: &mut LIST_ENTRY) -> PLIST_ENTRY {
71 let Entry = ListHead.Blink;
72 let Blink = (*Entry).Blink;
73 ListHead.Blink = Blink;
74 (*Blink).Flink = ListHead;
75 Entry
76}
77#[inline]
78pub unsafe fn InsertTailList(ListHead: &mut LIST_ENTRY, Entry: &mut LIST_ENTRY) {
79 let Blink = ListHead.Blink;
80 Entry.Flink = ListHead;
81 Entry.Blink = Blink;
82 (*Blink).Flink = Entry;
83 ListHead.Blink = Entry;
84}
85#[inline]
86pub unsafe fn InsertHeadList(ListHead: &mut LIST_ENTRY, Entry: &mut LIST_ENTRY) {
87 let Flink = ListHead.Flink;
88 Entry.Flink = Flink;
89 Entry.Blink = ListHead;
90 (*Flink).Blink = Entry;
91 ListHead.Flink = Entry;
92}
93#[inline]
94pub unsafe fn AppendTailList(ListHead: &mut LIST_ENTRY, ListToAppend: &mut LIST_ENTRY) {
95 let ListEnd = ListHead.Blink;
96 (*ListHead.Blink).Flink = ListToAppend;
97 ListHead.Blink = ListToAppend.Blink;
98 (*ListToAppend.Blink).Flink = ListHead;
99 ListToAppend.Blink = ListEnd;
100}
101#[inline]
102pub unsafe fn PopEntryList(ListHead: &mut SINGLE_LIST_ENTRY) -> PSINGLE_LIST_ENTRY {
103 let FirstEntry = ListHead.Next;
104 if !FirstEntry.is_null() {
105 ListHead.Next = (*FirstEntry).Next;
106 }
107 FirstEntry
108}
109#[inline]
110pub fn PushEntryList(ListHead: &mut SINGLE_LIST_ENTRY, Entry: &mut SINGLE_LIST_ENTRY) {
111 Entry.Next = ListHead.Next;
112 ListHead.Next = Entry;
113}
114ENUM!{enum TABLE_SEARCH_RESULT {
115 TableEmptyTree = 0,
116 TableFoundNode = 1,
117 TableInsertAsLeft = 2,
118 TableInsertAsRight = 3,
119}}
120ENUM!{enum RTL_GENERIC_COMPARE_RESULTS {
121 GenericLessThan = 0,
122 GenericGreaterThan = 1,
123 GenericEqual = 2,
124}}
125FN!{stdcall PRTL_AVL_COMPARE_ROUTINE(
126 Table: *mut RTL_AVL_TABLE,
127 FirstStruct: PVOID,
128 SecondStruct: PVOID,
129) -> RTL_GENERIC_COMPARE_RESULTS}
130FN!{stdcall PRTL_AVL_ALLOCATE_ROUTINE(
131 Table: *mut RTL_AVL_TABLE,
132 ByteSize: CLONG,
133) -> PVOID}
134FN!{stdcall PRTL_AVL_FREE_ROUTINE(
135 Table: *mut RTL_AVL_TABLE,
136 Buffer: PVOID,
137) -> ()}
138FN!{stdcall PRTL_AVL_MATCH_FUNCTION(
139 Table: *mut RTL_AVL_TABLE,
140 UserData: PVOID,
141 MatchData: PVOID,
142) -> NTSTATUS}
143STRUCT!{struct RTL_BALANCED_LINKS {
144 Parent: *mut RTL_BALANCED_LINKS,
145 LeftChild: *mut RTL_BALANCED_LINKS,
146 RightChild: *mut RTL_BALANCED_LINKS,
147 Balance: CHAR,
148 Reserved: [UCHAR; 3],
149}}
150pub type PRTL_BALANCED_LINKS = *mut RTL_BALANCED_LINKS;
151STRUCT!{struct RTL_AVL_TABLE {
152 BalancedRoot: RTL_BALANCED_LINKS,
153 OrderedPointer: PVOID,
154 WhichOrderedElement: ULONG,
155 NumberGenericTableElements: ULONG,
156 DepthOfTree: ULONG,
157 RestartKey: PRTL_BALANCED_LINKS,
158 DeleteCount: ULONG,
159 CompareRoutine: PRTL_AVL_COMPARE_ROUTINE,
160 AllocateRoutine: PRTL_AVL_ALLOCATE_ROUTINE,
161 FreeRoutine: PRTL_AVL_FREE_ROUTINE,
162 TableContext: PVOID,
163}}
164pub type PRTL_AVL_TABLE = *mut RTL_AVL_TABLE;
165EXTERN!{extern "system" {
166 fn RtlInitializeGenericTableAvl(
167 Table: PRTL_AVL_TABLE,
168 CompareRoutine: PRTL_AVL_COMPARE_ROUTINE,
169 AllocateRoutine: PRTL_AVL_ALLOCATE_ROUTINE,
170 FreeRoutine: PRTL_AVL_FREE_ROUTINE,
171 TableContext: PVOID,
172 );
173 fn RtlInsertElementGenericTableAvl(
174 Table: PRTL_AVL_TABLE,
175 Buffer: PVOID,
176 BufferSize: CLONG,
177 NewElement: PBOOLEAN,
178 ) -> PVOID;
179 fn RtlInsertElementGenericTableFullAvl(
180 Table: PRTL_AVL_TABLE,
181 Buffer: PVOID,
182 BufferSize: CLONG,
183 NewElement: PBOOLEAN,
184 NodeOrParent: PVOID,
185 SearchResult: TABLE_SEARCH_RESULT,
186 ) -> PVOID;
187 fn RtlDeleteElementGenericTableAvl(
188 Table: PRTL_AVL_TABLE,
189 Buffer: PVOID,
190 ) -> BOOLEAN;
191 fn RtlLookupElementGenericTableAvl(
192 Table: PRTL_AVL_TABLE,
193 Buffer: PVOID,
194 ) -> PVOID;
195 fn RtlLookupElementGenericTableFullAvl(
196 Table: PRTL_AVL_TABLE,
197 Buffer: PVOID,
198 NodeOrParent: *mut PVOID,
199 SearchResult: *mut TABLE_SEARCH_RESULT,
200 ) -> PVOID;
201 fn RtlEnumerateGenericTableAvl(
202 Table: PRTL_AVL_TABLE,
203 Restart: BOOLEAN,
204 ) -> PVOID;
205 fn RtlEnumerateGenericTableWithoutSplayingAvl(
206 Table: PRTL_AVL_TABLE,
207 RestartKey: *mut PVOID,
208 ) -> PVOID;
209 fn RtlLookupFirstMatchingElementGenericTableAvl(
210 Table: PRTL_AVL_TABLE,
211 Buffer: PVOID,
212 RestartKey: *mut PVOID,
213 ) -> PVOID;
214 fn RtlEnumerateGenericTableLikeADirectory(
215 Table: PRTL_AVL_TABLE,
216 MatchFunction: PRTL_AVL_MATCH_FUNCTION,
217 MatchData: PVOID,
218 NextFlag: ULONG,
219 RestartKey: *mut PVOID,
220 DeleteCount: PULONG,
221 Buffer: PVOID,
222 ) -> PVOID;
223 fn RtlGetElementGenericTableAvl(
224 Table: PRTL_AVL_TABLE,
225 I: ULONG,
226 ) -> PVOID;
227 fn RtlNumberGenericTableElementsAvl(
228 Table: PRTL_AVL_TABLE,
229 ) -> ULONG;
230 fn RtlIsGenericTableEmptyAvl(
231 Table: PRTL_AVL_TABLE,
232 ) -> BOOLEAN;
233}}
234STRUCT!{struct RTL_SPLAY_LINKS {
235 Parent: *mut RTL_SPLAY_LINKS,
236 LeftChild: *mut RTL_SPLAY_LINKS,
237 RightChild: *mut RTL_SPLAY_LINKS,
238}}
239pub type PRTL_SPLAY_LINKS = *mut RTL_SPLAY_LINKS;
240#[inline]
241pub fn RtlInitializeSplayLinks(Links: &mut RTL_SPLAY_LINKS) {
242 Links.Parent = Links;
243 Links.LeftChild = null_mut();
244 Links.RightChild = null_mut();
245}
246#[inline]
247pub const fn RtlParent(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS {
248 Links.Parent
249}
250#[inline]
251pub const fn RtlLeftChild(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS {
252 Links.LeftChild
253}
254#[inline]
255pub const fn RtlRightChild(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS {
256 Links.RightChild
257}
258#[inline]
259pub unsafe fn RtlIsRoot(Links: *const RTL_SPLAY_LINKS) -> bool {
260 (*Links).Parent as *const _ == Links
261}
262#[inline]
263pub unsafe fn RtlIsLeftChild(Links: *const RTL_SPLAY_LINKS) -> bool {
264 RtlLeftChild(&*RtlParent(&*Links)) as *const _ == Links
265}
266#[inline]
267pub unsafe fn RtlIsRightChild(Links: *const RTL_SPLAY_LINKS) -> bool {
268 RtlRightChild(&*RtlParent(&*Links)) as *const _ == Links
269}
270#[inline]
271pub fn RtlInsertAsLeftChild(
272 ParentLinks: &mut RTL_SPLAY_LINKS,
273 ChildLinks: &mut RTL_SPLAY_LINKS,
274) {
275 ParentLinks.LeftChild = ChildLinks;
276 ChildLinks.Parent = ParentLinks;
277}
278#[inline]
279pub fn RtlInsertAsRightChild(
280 ParentLinks: &mut RTL_SPLAY_LINKS,
281 ChildLinks: &mut RTL_SPLAY_LINKS,
282) {
283 ParentLinks.RightChild = ChildLinks;
284 ChildLinks.Parent = ParentLinks;
285}
286EXTERN!{extern "system" {
287 fn RtlSplay(
288 Links: PRTL_SPLAY_LINKS,
289 ) -> PRTL_SPLAY_LINKS;
290 fn RtlDelete(
291 Links: PRTL_SPLAY_LINKS,
292 ) -> PRTL_SPLAY_LINKS;
293 fn RtlDeleteNoSplay(
294 Links: PRTL_SPLAY_LINKS,
295 Root: *mut PRTL_SPLAY_LINKS,
296 );
297 fn RtlSubtreeSuccessor(
298 Links: PRTL_SPLAY_LINKS,
299 ) -> PRTL_SPLAY_LINKS;
300 fn RtlSubtreePredecessor(
301 Links: PRTL_SPLAY_LINKS,
302 ) -> PRTL_SPLAY_LINKS;
303 fn RtlRealSuccessor(
304 Links: PRTL_SPLAY_LINKS,
305 ) -> PRTL_SPLAY_LINKS;
306 fn RtlRealPredecessor(
307 Links: PRTL_SPLAY_LINKS,
308 ) -> PRTL_SPLAY_LINKS;
309}}
310FN!{stdcall PRTL_GENERIC_COMPARE_ROUTINE(
311 Table: *mut RTL_GENERIC_TABLE,
312 FirstStruct: PVOID,
313 SecondStruct: PVOID,
314) -> RTL_GENERIC_COMPARE_RESULTS}
315FN!{stdcall PRTL_GENERIC_ALLOCATE_ROUTINE(
316 Table: *mut RTL_GENERIC_TABLE,
317 ByteSize: CLONG,
318) -> PVOID}
319FN!{stdcall PRTL_GENERIC_FREE_ROUTINE(
320 Table: *mut RTL_GENERIC_TABLE,
321 Buffer: PVOID,
322) -> ()}
323STRUCT!{struct RTL_GENERIC_TABLE {
324 TableRoot: PRTL_SPLAY_LINKS,
325 InsertOrderList: LIST_ENTRY,
326 OrderedPointer: PLIST_ENTRY,
327 WhichOrderedElement: ULONG,
328 NumberGenericTableElements: ULONG,
329 CompareRoutine: PRTL_GENERIC_COMPARE_ROUTINE,
330 AllocateRoutine: PRTL_GENERIC_ALLOCATE_ROUTINE,
331 FreeRoutine: PRTL_GENERIC_FREE_ROUTINE,
332 TableContext: PVOID,
333}}
334pub type PRTL_GENERIC_TABLE = *mut RTL_GENERIC_TABLE;
335EXTERN!{extern "system" {
336 fn RtlInitializeGenericTable(
337 Table: PRTL_GENERIC_TABLE,
338 CompareRoutine: PRTL_GENERIC_COMPARE_ROUTINE,
339 AllocateRoutine: PRTL_GENERIC_ALLOCATE_ROUTINE,
340 FreeRoutine: PRTL_GENERIC_FREE_ROUTINE,
341 TableContext: PVOID,
342 );
343 fn RtlInsertElementGenericTable(
344 Table: PRTL_GENERIC_TABLE,
345 Buffer: PVOID,
346 BufferSize: CLONG,
347 NewElement: PBOOLEAN,
348 ) -> PVOID;
349 fn RtlInsertElementGenericTableFull(
350 Table: PRTL_GENERIC_TABLE,
351 Buffer: PVOID,
352 BufferSize: CLONG,
353 NewElement: PBOOLEAN,
354 NodeOrParent: PVOID,
355 SearchResult: TABLE_SEARCH_RESULT,
356 ) -> PVOID;
357 fn RtlDeleteElementGenericTable(
358 Table: PRTL_GENERIC_TABLE,
359 Buffer: PVOID,
360 ) -> BOOLEAN;
361 fn RtlLookupElementGenericTable(
362 Table: PRTL_GENERIC_TABLE,
363 Buffer: PVOID,
364 ) -> PVOID;
365 fn RtlLookupElementGenericTableFull(
366 Table: PRTL_GENERIC_TABLE,
367 Buffer: PVOID,
368 NodeOrParent: *mut PVOID,
369 SearchResult: *mut TABLE_SEARCH_RESULT,
370 ) -> PVOID;
371 fn RtlEnumerateGenericTable(
372 Table: PRTL_GENERIC_TABLE,
373 Restart: BOOLEAN,
374 ) -> PVOID;
375 fn RtlEnumerateGenericTableWithoutSplaying(
376 Table: PRTL_GENERIC_TABLE,
377 RestartKey: *mut PVOID,
378 ) -> PVOID;
379 fn RtlGetElementGenericTable(
380 Table: PRTL_GENERIC_TABLE,
381 I: ULONG,
382 ) -> PVOID;
383 fn RtlNumberGenericTableElements(
384 Table: PRTL_GENERIC_TABLE,
385 ) -> ULONG;
386 fn RtlIsGenericTableEmpty(
387 Table: PRTL_GENERIC_TABLE,
388 ) -> BOOLEAN;
389}}
390STRUCT!{struct RTL_RB_TREE {
391 Root: PRTL_BALANCED_NODE,
392 Min: PRTL_BALANCED_NODE,
393}}
394pub type PRTL_RB_TREE = *mut RTL_RB_TREE;
395EXTERN!{extern "system" {
396 fn RtlRbInsertNodeEx(
397 Tree: PRTL_RB_TREE,
398 Parent: PRTL_BALANCED_NODE,
399 Right: BOOLEAN,
400 Node: PRTL_BALANCED_NODE,
401 );
402 fn RtlRbRemoveNode(
403 Tree: PRTL_RB_TREE,
404 Node: PRTL_BALANCED_NODE,
405 );
406}}
407pub const RTL_HASH_ALLOCATED_HEADER: u32 = 0x00000001;
408pub const RTL_HASH_RESERVED_SIGNATURE: u32 = 0;
409STRUCT!{struct RTL_DYNAMIC_HASH_TABLE_ENTRY {
410 Linkage: LIST_ENTRY,
411 Signature: ULONG_PTR,
412}}
413pub type PRTL_DYNAMIC_HASH_TABLE_ENTRY = *mut RTL_DYNAMIC_HASH_TABLE_ENTRY;
414#[inline]
415pub const fn HASH_ENTRY_KEY(x: &RTL_DYNAMIC_HASH_TABLE_ENTRY) -> ULONG_PTR {
416 x.Signature
417}
418STRUCT!{struct RTL_DYNAMIC_HASH_TABLE_CONTEXT {
419 ChainHead: PLIST_ENTRY,
420 PrevLinkage: PLIST_ENTRY,
421 Signature: ULONG_PTR,
422}}
423pub type PRTL_DYNAMIC_HASH_TABLE_CONTEXT = *mut RTL_DYNAMIC_HASH_TABLE_CONTEXT;
424STRUCT!{struct RTL_DYNAMIC_HASH_TABLE_ENUMERATOR {
425 HashEntry: RTL_DYNAMIC_HASH_TABLE_ENTRY,
426 ChainHead: PLIST_ENTRY,
427 BucketIndex: ULONG,
428}}
429pub type PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR = *mut RTL_DYNAMIC_HASH_TABLE_ENUMERATOR;
430STRUCT!{struct RTL_DYNAMIC_HASH_TABLE {
431 Flags: ULONG,
432 Shift: ULONG,
433 TableSize: ULONG,
434 Pivot: ULONG,
435 DivisorMask: ULONG,
436 NumEntries: ULONG,
437 NonEmptyBuckets: ULONG,
438 NumEnumerators: ULONG,
439 Directory: PVOID,
440}}
441pub type PRTL_DYNAMIC_HASH_TABLE = *mut RTL_DYNAMIC_HASH_TABLE;
442#[inline]
443pub fn RtlInitHashTableContext(Context: &mut RTL_DYNAMIC_HASH_TABLE_CONTEXT) {
444 Context.ChainHead = null_mut();
445 Context.PrevLinkage = null_mut();
446}
447#[inline]
448pub fn RtlInitHashTableContextFromEnumerator(
449 Context: &mut RTL_DYNAMIC_HASH_TABLE_CONTEXT,
450 Enumerator: &RTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
451) {
452 Context.ChainHead = Enumerator.ChainHead;
453 Context.PrevLinkage = Enumerator.HashEntry.Linkage.Blink;
454}
455#[inline]
457pub const fn RtlTotalBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG {
458 HashTable.TableSize
459}
460#[inline]
461pub const fn RtlNonEmptyBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG {
462 HashTable.NonEmptyBuckets
463}
464#[inline]
465pub const fn RtlEmptyBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG {
466 HashTable.TableSize - HashTable.NonEmptyBuckets
467}
468#[inline]
469pub const fn RtlTotalEntriesHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG {
470 HashTable.NumEntries
471}
472#[inline]
473pub const fn RtlActiveEnumeratorsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG {
474 HashTable.NumEnumerators
475}
476EXTERN!{extern "system" {
477 fn RtlCreateHashTable(
478 HashTable: *mut PRTL_DYNAMIC_HASH_TABLE,
479 Shift: ULONG,
480 Flags: ULONG,
481 ) -> BOOLEAN;
482 fn RtlDeleteHashTable(
483 HashTable: PRTL_DYNAMIC_HASH_TABLE,
484 );
485 fn RtlInsertEntryHashTable(
486 HashTable: PRTL_DYNAMIC_HASH_TABLE,
487 Entry: PRTL_DYNAMIC_HASH_TABLE_ENTRY,
488 Signature: ULONG_PTR,
489 Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT,
490 ) -> BOOLEAN;
491 fn RtlRemoveEntryHashTable(
492 HashTable: PRTL_DYNAMIC_HASH_TABLE,
493 Entry: PRTL_DYNAMIC_HASH_TABLE_ENTRY,
494 Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT,
495 ) -> BOOLEAN;
496 fn RtlLookupEntryHashTable(
497 HashTable: PRTL_DYNAMIC_HASH_TABLE,
498 Signature: ULONG_PTR,
499 Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT,
500 ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY;
501 fn RtlGetNextEntryHashTable(
502 HashTable: PRTL_DYNAMIC_HASH_TABLE,
503 Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT,
504 ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY;
505 fn RtlInitEnumerationHashTable(
506 HashTable: PRTL_DYNAMIC_HASH_TABLE,
507 Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
508 ) -> BOOLEAN;
509 fn RtlEnumerateEntryHashTable(
510 HashTable: PRTL_DYNAMIC_HASH_TABLE,
511 Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
512 ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY;
513 fn RtlEndEnumerationHashTable(
514 HashTable: PRTL_DYNAMIC_HASH_TABLE,
515 Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
516 );
517 fn RtlInitWeakEnumerationHashTable(
518 HashTable: PRTL_DYNAMIC_HASH_TABLE,
519 Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
520 ) -> BOOLEAN;
521 fn RtlWeaklyEnumerateEntryHashTable(
522 HashTable: PRTL_DYNAMIC_HASH_TABLE,
523 Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
524 ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY;
525 fn RtlEndWeakEnumerationHashTable(
526 HashTable: PRTL_DYNAMIC_HASH_TABLE,
527 Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
528 );
529 fn RtlExpandHashTable(
530 HashTable: PRTL_DYNAMIC_HASH_TABLE,
531 ) -> BOOLEAN;
532 fn RtlContractHashTable(
533 HashTable: PRTL_DYNAMIC_HASH_TABLE,
534 ) -> BOOLEAN;
535 fn RtlInitStrongEnumerationHashTable(
536 HashTable: PRTL_DYNAMIC_HASH_TABLE,
537 Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
538 ) -> BOOLEAN;
539 fn RtlStronglyEnumerateEntryHashTable(
540 HashTable: PRTL_DYNAMIC_HASH_TABLE,
541 Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
542 ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY;
543 fn RtlEndStrongEnumerationHashTable(
544 HashTable: PRTL_DYNAMIC_HASH_TABLE,
545 Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
546 );
547 fn RtlInitializeCriticalSection(
548 CriticalSection: PRTL_CRITICAL_SECTION,
549 ) -> NTSTATUS;
550 fn RtlInitializeCriticalSectionAndSpinCount(
551 CriticalSection: PRTL_CRITICAL_SECTION,
552 SpinCount: ULONG,
553 ) -> NTSTATUS;
554 fn RtlDeleteCriticalSection(
555 CriticalSection: PRTL_CRITICAL_SECTION,
556 ) -> NTSTATUS;
557 fn RtlEnterCriticalSection(
558 CriticalSection: PRTL_CRITICAL_SECTION,
559 ) -> NTSTATUS;
560 fn RtlLeaveCriticalSection(
561 CriticalSection: PRTL_CRITICAL_SECTION,
562 ) -> NTSTATUS;
563 fn RtlTryEnterCriticalSection(
564 CriticalSection: PRTL_CRITICAL_SECTION,
565 ) -> LOGICAL;
566 fn RtlIsCriticalSectionLocked(
567 CriticalSection: PRTL_CRITICAL_SECTION,
568 ) -> LOGICAL;
569 fn RtlIsCriticalSectionLockedByThread(
570 CriticalSection: PRTL_CRITICAL_SECTION,
571 ) -> LOGICAL;
572 fn RtlGetCriticalSectionRecursionCount(
573 CriticalSection: PRTL_CRITICAL_SECTION,
574 ) -> ULONG;
575 fn RtlSetCriticalSectionSpinCount(
576 CriticalSection: PRTL_CRITICAL_SECTION,
577 SpinCount: ULONG,
578 ) -> ULONG;
579 fn RtlQueryCriticalSectionOwner(
580 EventHandle: HANDLE,
581 ) -> HANDLE;
582 fn RtlCheckForOrphanedCriticalSections(
583 ThreadHandle: HANDLE,
584 );
585}}
586STRUCT!{struct RTL_RESOURCE {
587 CriticalSection: RTL_CRITICAL_SECTION,
588 SharedSemaphore: HANDLE,
589 NumberOfWaitingShared: ULONG,
590 ExclusiveSemaphore: HANDLE,
591 NumberOfWaitingExclusive: ULONG,
592 NumberOfActive: LONG,
593 ExclusiveOwnerThread: HANDLE,
594 Flags: ULONG,
595 DebugInfo: PRTL_RESOURCE_DEBUG,
596}}
597pub type PRTL_RESOURCE = *mut RTL_RESOURCE;
598pub const RTL_RESOURCE_FLAG_LONG_TERM: ULONG = 0x00000001;
599EXTERN!{extern "system" {
600 fn RtlInitializeResource(
601 Resource: PRTL_RESOURCE,
602 );
603 fn RtlDeleteResource(
604 Resource: PRTL_RESOURCE,
605 );
606 fn RtlAcquireResourceShared(
607 Resource: PRTL_RESOURCE,
608 Wait: BOOLEAN,
609 ) -> BOOLEAN;
610 fn RtlAcquireResourceExclusive(
611 Resource: PRTL_RESOURCE,
612 Wait: BOOLEAN,
613 ) -> BOOLEAN;
614 fn RtlReleaseResource(
615 Resource: PRTL_RESOURCE,
616 );
617 fn RtlConvertSharedToExclusive(
618 Resource: PRTL_RESOURCE,
619 );
620 fn RtlConvertExclusiveToShared(
621 Resource: PRTL_RESOURCE,
622 );
623 fn RtlInitializeSRWLock(
624 SRWLock: PRTL_SRWLOCK,
625 );
626 fn RtlAcquireSRWLockExclusive(
627 SRWLock: PRTL_SRWLOCK,
628 );
629 fn RtlAcquireSRWLockShared(
630 SRWLock: PRTL_SRWLOCK,
631 );
632 fn RtlReleaseSRWLockExclusive(
633 SRWLock: PRTL_SRWLOCK,
634 );
635 fn RtlReleaseSRWLockShared(
636 SRWLock: PRTL_SRWLOCK,
637 );
638 fn RtlTryAcquireSRWLockExclusive(
639 SRWLock: PRTL_SRWLOCK,
640 ) -> BOOLEAN;
641 fn RtlTryAcquireSRWLockShared(
642 SRWLock: PRTL_SRWLOCK,
643 ) -> BOOLEAN;
644 fn RtlAcquireReleaseSRWLockExclusive(
645 SRWLock: PRTL_SRWLOCK,
646 );
647 fn RtlInitializeConditionVariable(
648 ConditionVariable: PRTL_CONDITION_VARIABLE,
649 );
650 fn RtlSleepConditionVariableCS(
651 ConditionVariable: PRTL_CONDITION_VARIABLE,
652 CriticalSection: PRTL_CRITICAL_SECTION,
653 Timeout: PLARGE_INTEGER,
654 ) -> NTSTATUS;
655 fn RtlSleepConditionVariableSRW(
656 ConditionVariable: PRTL_CONDITION_VARIABLE,
657 SRWLock: PRTL_SRWLOCK,
658 Timeout: PLARGE_INTEGER,
659 Flags: ULONG,
660 ) -> NTSTATUS;
661 fn RtlWakeConditionVariable(
662 ConditionVariable: PRTL_CONDITION_VARIABLE,
663 );
664 fn RtlWakeAllConditionVariable(
665 ConditionVariable: PRTL_CONDITION_VARIABLE,
666 );
667}}
668pub const RTL_BARRIER_FLAGS_SPIN_ONLY: ULONG = 0x00000001;
669pub const RTL_BARRIER_FLAGS_BLOCK_ONLY: ULONG = 0x00000002;
670pub const RTL_BARRIER_FLAGS_NO_DELETE: ULONG = 0x00000004;
671EXTERN!{extern "system" {
672 fn RtlInitBarrier(
673 Barrier: PRTL_BARRIER,
674 TotalThreads: ULONG,
675 SpinCount: ULONG,
676 ) -> NTSTATUS;
677 fn RtlDeleteBarrier(
678 Barrier: PRTL_BARRIER,
679 ) -> NTSTATUS;
680 fn RtlBarrier(
681 Barrier: PRTL_BARRIER,
682 Flags: ULONG,
683 ) -> BOOLEAN;
684 fn RtlBarrierForDelete(
685 Barrier: PRTL_BARRIER,
686 Flags: ULONG,
687 ) -> BOOLEAN;
688 fn RtlWaitOnAddress(
689 Address: *mut VOID,
690 CompareAddress: PVOID,
691 AddressSize: SIZE_T,
692 Timeout: PLARGE_INTEGER,
693 ) -> NTSTATUS;
694 fn RtlWakeAddressAll(
695 Address: PVOID,
696 );
697 fn RtlWakeAddressSingle(
698 Address: PVOID,
699 );
700 fn RtlInitString(
701 DestinationString: PSTRING,
702 SourceString: PCSZ,
703 );
704 fn RtlInitStringEx(
705 DestinationString: PSTRING,
706 SourceString: PCSZ,
707 ) -> NTSTATUS;
708 fn RtlInitAnsiString(
709 DestinationString: PANSI_STRING,
710 SourceString: PCSZ,
711 );
712 fn RtlInitAnsiStringEx(
713 DestinationString: PANSI_STRING,
714 SourceString: PCSZ,
715 ) -> NTSTATUS;
716 fn RtlFreeAnsiString(
717 AnsiString: PANSI_STRING,
718 );
719 fn RtlFreeOemString(
720 OemString: POEM_STRING,
721 );
722 fn RtlCopyString(
723 DestinationString: PSTRING,
724 SourceString: *const STRING,
725 );
726 fn RtlUpperChar(
727 Character: CHAR,
728 ) -> CHAR;
729 fn RtlCompareString(
730 String1: *const STRING,
731 String2: *const STRING,
732 CaseInSensitive: BOOLEAN,
733 ) -> LONG;
734 fn RtlEqualString(
735 String1: *const STRING,
736 String2: *const STRING,
737 CaseInSensitive: BOOLEAN,
738 ) -> BOOLEAN;
739 fn RtlPrefixString(
740 String1: *const STRING,
741 String2: *const STRING,
742 CaseInSensitive: BOOLEAN,
743 ) -> BOOLEAN;
744 fn RtlAppendStringToString(
745 Destination: PSTRING,
746 Source: *const STRING,
747 ) -> NTSTATUS;
748 fn RtlAppendAsciizToString(
749 Destination: PSTRING,
750 Source: PSTR,
751 ) -> NTSTATUS;
752 fn RtlUpperString(
753 DestinationString: PSTRING,
754 SourceString: *const STRING,
755 );
756}}
757#[inline]
758pub unsafe fn RtlIsNullOrEmptyUnicodeString(String: PUNICODE_STRING) -> bool {
759 String.is_null() || (*String).Length == 0
760}
761#[inline]
762pub fn RtlInitEmptyUnicodeString(
763 UnicodeString: &mut UNICODE_STRING,
764 Buffer: PWCHAR,
765 MaximumLength: USHORT,
766) {
767 UnicodeString.Buffer = Buffer;
768 UnicodeString.MaximumLength = MaximumLength;
769 UnicodeString.Length = 0;
770}
771EXTERN!{extern "system" {
772 fn RtlInitUnicodeString(
773 DestinationString: PUNICODE_STRING,
774 SourceString: PCWSTR,
775 );
776 fn RtlInitUnicodeStringEx(
777 DestinationString: PUNICODE_STRING,
778 SourceString: PCWSTR,
779 ) -> NTSTATUS;
780 fn RtlCreateUnicodeString(
781 DestinationString: PUNICODE_STRING,
782 SourceString: PCWSTR,
783 ) -> BOOLEAN;
784 fn RtlCreateUnicodeStringFromAsciiz(
785 DestinationString: PUNICODE_STRING,
786 SourceString: PSTR,
787 ) -> BOOLEAN;
788 fn RtlFreeUnicodeString(
789 UnicodeString: PUNICODE_STRING,
790 );
791}}
792pub const RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE: ULONG = 0x00000001;
793pub const RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING: ULONG = 0x00000002;
794EXTERN!{extern "system" {
795 fn RtlDuplicateUnicodeString(
796 Flags: ULONG,
797 StringIn: PCUNICODE_STRING,
798 StringOut: PUNICODE_STRING,
799 ) -> NTSTATUS;
800 fn RtlCopyUnicodeString(
801 DestinationString: PUNICODE_STRING,
802 SourceString: PCUNICODE_STRING,
803 );
804 fn RtlUpcaseUnicodeChar(
805 SourceCharacter: WCHAR,
806 ) -> WCHAR;
807 fn RtlDowncaseUnicodeChar(
808 SourceCharacter: WCHAR,
809 ) -> WCHAR;
810 fn RtlCompareUnicodeString(
811 String1: PCUNICODE_STRING,
812 String2: PCUNICODE_STRING,
813 CaseInSensitive: BOOLEAN,
814 ) -> LONG;
815 fn RtlCompareUnicodeStrings(
816 String1: PCWCH,
817 String1Length: SIZE_T,
818 String2: PCWCH,
819 String2Length: SIZE_T,
820 CaseInSensitive: BOOLEAN,
821 ) -> LONG;
822 fn RtlEqualUnicodeString(
823 String1: PCUNICODE_STRING,
824 String2: PCUNICODE_STRING,
825 CaseInSensitive: BOOLEAN,
826 ) -> BOOLEAN;
827}}
828pub const HASH_STRING_ALGORITHM_DEFAULT: ULONG = 0;
829pub const HASH_STRING_ALGORITHM_X65599: ULONG = 1;
830pub const HASH_STRING_ALGORITHM_INVALID: ULONG = 0xffffffff;
831EXTERN!{extern "system" {
832 fn RtlHashUnicodeString(
833 String: PCUNICODE_STRING,
834 CaseInSensitive: BOOLEAN,
835 HashAlgorithm: ULONG,
836 HashValue: PULONG,
837 ) -> NTSTATUS;
838 fn RtlValidateUnicodeString(
839 Flags: ULONG,
840 String: PCUNICODE_STRING,
841 ) -> NTSTATUS;
842 fn RtlPrefixUnicodeString(
843 String1: PCUNICODE_STRING,
844 String2: PCUNICODE_STRING,
845 CaseInSensitive: BOOLEAN,
846 ) -> BOOLEAN;
847 fn RtlSuffixUnicodeString(
848 String1: PUNICODE_STRING,
849 String2: PUNICODE_STRING,
850 CaseInSensitive: BOOLEAN,
851 ) -> BOOLEAN;
852 fn RtlFindUnicodeSubstring(
853 FullString: PUNICODE_STRING,
854 SearchString: PUNICODE_STRING,
855 CaseInSensitive: BOOLEAN,
856 ) -> PWCHAR;
857}}
858pub const RTL_FIND_CHAR_IN_UNICODE_STRING_START_AT_END: ULONG = 0x00000001;
859pub const RTL_FIND_CHAR_IN_UNICODE_STRING_COMPLEMENT_CHAR_SET: ULONG = 0x00000002;
860pub const RTL_FIND_CHAR_IN_UNICODE_STRING_CASE_INSENSITIVE: ULONG = 0x00000004;
861EXTERN!{extern "system" {
862 fn RtlFindCharInUnicodeString(
863 Flags: ULONG,
864 StringToSearch: PUNICODE_STRING,
865 CharSet: PUNICODE_STRING,
866 NonInclusivePrefixLength: PUSHORT,
867 ) -> NTSTATUS;
868 fn RtlAppendUnicodeStringToString(
869 Destination: PUNICODE_STRING,
870 Source: PCUNICODE_STRING,
871 ) -> NTSTATUS;
872 fn RtlAppendUnicodeToString(
873 Destination: PUNICODE_STRING,
874 Source: PCWSTR,
875 ) -> NTSTATUS;
876 fn RtlUpcaseUnicodeString(
877 DestinationString: PUNICODE_STRING,
878 SourceString: PCUNICODE_STRING,
879 AllocateDestinationString: BOOLEAN,
880 ) -> NTSTATUS;
881 fn RtlDowncaseUnicodeString(
882 DestinationString: PUNICODE_STRING,
883 SourceString: PCUNICODE_STRING,
884 AllocateDestinationString: BOOLEAN,
885 ) -> NTSTATUS;
886 fn RtlEraseUnicodeString(
887 String: PUNICODE_STRING,
888 );
889 fn RtlAnsiStringToUnicodeString(
890 DestinationString: PUNICODE_STRING,
891 SourceString: PCANSI_STRING,
892 AllocateDestinationString: BOOLEAN,
893 ) -> NTSTATUS;
894 fn RtlUnicodeStringToAnsiString(
895 DestinationString: PANSI_STRING,
896 SourceString: PCUNICODE_STRING,
897 AllocateDestinationString: BOOLEAN,
898 ) -> NTSTATUS;
899 fn RtlAnsiCharToUnicodeChar(
900 SourceCharacter: *mut PUCHAR,
901 ) -> WCHAR;
902 fn RtlUpcaseUnicodeStringToAnsiString(
903 DestinationString: PANSI_STRING,
904 SourceString: PUNICODE_STRING,
905 AllocateDestinationString: BOOLEAN,
906 ) -> NTSTATUS;
907 fn RtlOemStringToUnicodeString(
908 DestinationString: PUNICODE_STRING,
909 SourceString: PCOEM_STRING,
910 AllocateDestinationString: BOOLEAN,
911 ) -> NTSTATUS;
912 fn RtlUnicodeStringToOemString(
913 DestinationString: POEM_STRING,
914 SourceString: PCUNICODE_STRING,
915 AllocateDestinationString: BOOLEAN,
916 ) -> NTSTATUS;
917 fn RtlUpcaseUnicodeStringToOemString(
918 DestinationString: POEM_STRING,
919 SourceString: PUNICODE_STRING,
920 AllocateDestinationString: BOOLEAN,
921 ) -> NTSTATUS;
922 fn RtlUnicodeStringToCountedOemString(
923 DestinationString: POEM_STRING,
924 SourceString: PCUNICODE_STRING,
925 AllocateDestinationString: BOOLEAN,
926 ) -> NTSTATUS;
927 fn RtlUpcaseUnicodeStringToCountedOemString(
928 DestinationString: POEM_STRING,
929 SourceString: PCUNICODE_STRING,
930 AllocateDestinationString: BOOLEAN,
931 ) -> NTSTATUS;
932 fn RtlMultiByteToUnicodeN(
933 UnicodeString: PWCH,
934 MaxBytesInUnicodeString: ULONG,
935 BytesInUnicodeString: PULONG,
936 MultiByteString: *const CHAR,
937 BytesInMultiByteString: ULONG,
938 ) -> NTSTATUS;
939 fn RtlMultiByteToUnicodeSize(
940 BytesInUnicodeString: PULONG,
941 MultiByteString: *const CHAR,
942 BytesInMultiByteString: ULONG,
943 ) -> NTSTATUS;
944 fn RtlUnicodeToMultiByteN(
945 MultiByteString: PCHAR,
946 MaxBytesInMultiByteString: ULONG,
947 BytesInMultiByteString: PULONG,
948 UnicodeString: PCWCH,
949 BytesInUnicodeString: ULONG,
950 ) -> NTSTATUS;
951 fn RtlUnicodeToMultiByteSize(
952 BytesInMultiByteString: PULONG,
953 UnicodeString: PCWCH,
954 BytesInUnicodeString: ULONG,
955 ) -> NTSTATUS;
956 fn RtlUpcaseUnicodeToMultiByteN(
957 MultiByteString: PCHAR,
958 MaxBytesInMultiByteString: ULONG,
959 BytesInMultiByteString: PULONG,
960 UnicodeString: PCWCH,
961 BytesInUnicodeString: ULONG,
962 ) -> NTSTATUS;
963 fn RtlOemToUnicodeN(
964 UnicodeString: PWCH,
965 MaxBytesInUnicodeString: ULONG,
966 BytesInUnicodeString: PULONG,
967 OemString: PCCH,
968 BytesInOemString: ULONG,
969 ) -> NTSTATUS;
970 fn RtlUnicodeToOemN(
971 OemString: PCHAR,
972 MaxBytesInOemString: ULONG,
973 BytesInOemString: PULONG,
974 UnicodeString: PCWCH,
975 BytesInUnicodeString: ULONG,
976 ) -> NTSTATUS;
977 fn RtlUpcaseUnicodeToOemN(
978 OemString: PCHAR,
979 MaxBytesInOemString: ULONG,
980 BytesInOemString: PULONG,
981 UnicodeString: PCWCH,
982 BytesInUnicodeString: ULONG,
983 ) -> NTSTATUS;
984 fn RtlConsoleMultiByteToUnicodeN(
985 UnicodeString: PWCH,
986 MaxBytesInUnicodeString: ULONG,
987 BytesInUnicodeString: PULONG,
988 MultiByteString: PCH,
989 BytesInMultiByteString: ULONG,
990 pdwSpecialChar: PULONG,
991 ) -> NTSTATUS;
992 fn RtlUTF8ToUnicodeN(
993 UnicodeStringDestination: PWSTR,
994 UnicodeStringMaxByteCount: ULONG,
995 UnicodeStringActualByteCount: PULONG,
996 UTF8StringSource: PCCH,
997 UTF8StringByteCount: ULONG,
998 ) -> NTSTATUS;
999 fn RtlUnicodeToUTF8N(
1000 UTF8StringDestination: PCHAR,
1001 UTF8StringMaxByteCount: ULONG,
1002 UTF8StringActualByteCount: PULONG,
1003 UnicodeStringSource: PCWCH,
1004 UnicodeStringByteCount: ULONG,
1005 ) -> NTSTATUS;
1006 fn RtlCustomCPToUnicodeN(
1007 CustomCP: PCPTABLEINFO,
1008 UnicodeString: PWCH,
1009 MaxBytesInUnicodeString: ULONG,
1010 BytesInUnicodeString: PULONG,
1011 CustomCPString: PCH,
1012 BytesInCustomCPString: ULONG,
1013 ) -> NTSTATUS;
1014 fn RtlUnicodeToCustomCPN(
1015 CustomCP: PCPTABLEINFO,
1016 CustomCPString: PCH,
1017 MaxBytesInCustomCPString: ULONG,
1018 BytesInCustomCPString: PULONG,
1019 UnicodeString: PWCH,
1020 BytesInUnicodeString: ULONG,
1021 ) -> NTSTATUS;
1022 fn RtlUpcaseUnicodeToCustomCPN(
1023 CustomCP: PCPTABLEINFO,
1024 CustomCPString: PCH,
1025 MaxBytesInCustomCPString: ULONG,
1026 BytesInCustomCPString: PULONG,
1027 UnicodeString: PWCH,
1028 BytesInUnicodeString: ULONG,
1029 ) -> NTSTATUS;
1030 fn RtlInitCodePageTable(
1031 TableBase: PUSHORT,
1032 CodePageTable: PCPTABLEINFO,
1033 );
1034 fn RtlInitNlsTables(
1035 AnsiNlsBase: PUSHORT,
1036 OemNlsBase: PUSHORT,
1037 LanguageNlsBase: PUSHORT,
1038 TableInfo: PNLSTABLEINFO,
1039 );
1040 fn RtlResetRtlTranslations(
1041 TableInfo: PNLSTABLEINFO,
1042 );
1043 fn RtlIsTextUnicode(
1044 Buffer: PVOID,
1045 Size: ULONG,
1046 Result: PULONG,
1047 ) -> BOOLEAN;
1048}}
1049ENUM!{enum RTL_NORM_FORM {
1050 NormOther = 0x0,
1051 NormC = 0x1,
1052 NormD = 0x2,
1053 NormKC = 0x5,
1054 NormKD = 0x6,
1055 NormIdna = 0xd,
1056 DisallowUnassigned = 0x100,
1057 NormCDisallowUnassigned = 0x101,
1058 NormDDisallowUnassigned = 0x102,
1059 NormKCDisallowUnassigned = 0x105,
1060 NormKDDisallowUnassigned = 0x106,
1061 NormIdnaDisallowUnassigned = 0x10d,
1062}}
1063EXTERN!{extern "system" {
1064 fn RtlNormalizeString(
1065 NormForm: ULONG,
1066 SourceString: PCWSTR,
1067 SourceStringLength: LONG,
1068 DestinationString: PWSTR,
1069 DestinationStringLength: PLONG,
1070 ) -> NTSTATUS;
1071 fn RtlIsNormalizedString(
1072 NormForm: ULONG,
1073 SourceString: PCWSTR,
1074 SourceStringLength: LONG,
1075 Normalized: PBOOLEAN,
1076 ) -> NTSTATUS;
1077 fn RtlIsNameInExpression(
1078 Expression: PUNICODE_STRING,
1079 Name: PUNICODE_STRING,
1080 IgnoreCase: BOOLEAN,
1081 UpcaseTable: PWCH,
1082 ) -> BOOLEAN;
1083 fn RtlIsNameInUnUpcasedExpression(
1084 Expression: PUNICODE_STRING,
1085 Name: PUNICODE_STRING,
1086 IgnoreCase: BOOLEAN,
1087 UpcaseTable: PWCH,
1088 ) -> BOOLEAN;
1089 fn RtlEqualDomainName(
1090 String1: PUNICODE_STRING,
1091 String2: PUNICODE_STRING,
1092 ) -> BOOLEAN;
1093 fn RtlEqualComputerName(
1094 String1: PUNICODE_STRING,
1095 String2: PUNICODE_STRING,
1096 ) -> BOOLEAN;
1097 fn RtlDnsHostNameToComputerName(
1098 ComputerNameString: PUNICODE_STRING,
1099 DnsHostNameString: PUNICODE_STRING,
1100 AllocateComputerNameString: BOOLEAN,
1101 ) -> NTSTATUS;
1102 fn RtlStringFromGUID(
1103 Guid: *const GUID,
1104 GuidString: PUNICODE_STRING,
1105 ) -> NTSTATUS;
1106 fn RtlStringFromGUIDEx(
1107 Guid: *mut GUID,
1108 GuidString: PUNICODE_STRING,
1109 AllocateGuidString: BOOLEAN,
1110 ) -> NTSTATUS;
1111 fn RtlGUIDFromString(
1112 GuidString: PCUNICODE_STRING,
1113 Guid: *mut GUID,
1114 ) -> NTSTATUS;
1115 fn RtlCompareAltitudes(
1116 Altitude1: PCUNICODE_STRING,
1117 Altitude2: PCUNICODE_STRING,
1118 ) -> LONG;
1119 fn RtlIdnToAscii(
1120 Flags: ULONG,
1121 SourceString: PCWSTR,
1122 SourceStringLength: LONG,
1123 DestinationString: PWSTR,
1124 DestinationStringLength: PLONG,
1125 ) -> NTSTATUS;
1126 fn RtlIdnToUnicode(
1127 Flags: ULONG,
1128 SourceString: PCWSTR,
1129 SourceStringLength: LONG,
1130 DestinationString: PWSTR,
1131 DestinationStringLength: PLONG,
1132 ) -> NTSTATUS;
1133 fn RtlIdnToNameprepUnicode(
1134 Flags: ULONG,
1135 SourceString: PCWSTR,
1136 SourceStringLength: LONG,
1137 DestinationString: PWSTR,
1138 DestinationStringLength: PLONG,
1139 ) -> NTSTATUS;
1140}}
1141STRUCT!{struct PREFIX_TABLE_ENTRY {
1142 NodeTypeCode: CSHORT,
1143 NameLength: CSHORT,
1144 NextPrefixTree: *mut PREFIX_TABLE_ENTRY,
1145 Links: RTL_SPLAY_LINKS,
1146 Prefix: PSTRING,
1147}}
1148pub type PPREFIX_TABLE_ENTRY = *mut PREFIX_TABLE_ENTRY;
1149STRUCT!{struct PREFIX_TABLE {
1150 NodeTypeCode: CSHORT,
1151 NameLength: CSHORT,
1152 NextPrefixTree: PPREFIX_TABLE_ENTRY,
1153}}
1154pub type PPREFIX_TABLE = *mut PREFIX_TABLE;
1155EXTERN!{extern "system" {
1156 fn PfxInitialize(
1157 PrefixTable: PPREFIX_TABLE,
1158 );
1159 fn PfxInsertPrefix(
1160 PrefixTable: PPREFIX_TABLE,
1161 Prefix: PSTRING,
1162 PrefixTableEntry: PPREFIX_TABLE_ENTRY,
1163 ) -> BOOLEAN;
1164 fn PfxRemovePrefix(
1165 PrefixTable: PPREFIX_TABLE,
1166 PrefixTableEntry: PPREFIX_TABLE_ENTRY,
1167 );
1168 fn PfxFindPrefix(
1169 PrefixTable: PPREFIX_TABLE,
1170 FullName: PSTRING,
1171 ) -> PPREFIX_TABLE_ENTRY;
1172}}
1173STRUCT!{struct UNICODE_PREFIX_TABLE_ENTRY {
1174 NodeTypeCode: CSHORT,
1175 NameLength: CSHORT,
1176 NextPrefixTree: *mut UNICODE_PREFIX_TABLE_ENTRY,
1177 CaseMatch: *mut UNICODE_PREFIX_TABLE_ENTRY,
1178 Links: RTL_SPLAY_LINKS,
1179 Prefix: PUNICODE_STRING,
1180}}
1181pub type PUNICODE_PREFIX_TABLE_ENTRY = *mut UNICODE_PREFIX_TABLE_ENTRY;
1182STRUCT!{struct UNICODE_PREFIX_TABLE {
1183 NodeTypeCode: CSHORT,
1184 NameLength: CSHORT,
1185 NextPrefixTree: PUNICODE_PREFIX_TABLE_ENTRY,
1186 LastNextEntry: PUNICODE_PREFIX_TABLE_ENTRY,
1187}}
1188pub type PUNICODE_PREFIX_TABLE = *mut UNICODE_PREFIX_TABLE;
1189EXTERN!{extern "system" {
1190 fn RtlInitializeUnicodePrefix(
1191 PrefixTable: PUNICODE_PREFIX_TABLE,
1192 );
1193 fn RtlInsertUnicodePrefix(
1194 PrefixTable: PUNICODE_PREFIX_TABLE,
1195 Prefix: PUNICODE_STRING,
1196 PrefixTableEntry: PUNICODE_PREFIX_TABLE_ENTRY,
1197 ) -> BOOLEAN;
1198 fn RtlRemoveUnicodePrefix(
1199 PrefixTable: PUNICODE_PREFIX_TABLE,
1200 PrefixTableEntry: PUNICODE_PREFIX_TABLE_ENTRY,
1201 );
1202 fn RtlFindUnicodePrefix(
1203 PrefixTable: PUNICODE_PREFIX_TABLE,
1204 FullName: PCUNICODE_STRING,
1205 CaseInsensitiveIndex: ULONG,
1206 ) -> PUNICODE_PREFIX_TABLE_ENTRY;
1207 fn RtlNextUnicodePrefix(
1208 PrefixTable: PUNICODE_PREFIX_TABLE,
1209 Restart: BOOLEAN,
1210 ) -> PUNICODE_PREFIX_TABLE_ENTRY;
1211}}
1212STRUCT!{struct COMPRESSED_DATA_INFO {
1213 CompressionFormatAndEngine: USHORT,
1214 CompressionUnitShift: UCHAR,
1215 ChunkShift: UCHAR,
1216 ClusterShift: UCHAR,
1217 Reserved: UCHAR,
1218 NumberOfChunks: USHORT,
1219 CompressedChunkSizes: [ULONG; 1],
1220}}
1221pub type PCOMPRESSED_DATA_INFO = *mut COMPRESSED_DATA_INFO;
1222EXTERN!{extern "system" {
1223 fn RtlGetCompressionWorkSpaceSize(
1224 CompressionFormatAndEngine: USHORT,
1225 CompressBufferWorkSpaceSize: PULONG,
1226 CompressFragmentWorkSpaceSize: PULONG,
1227 ) -> NTSTATUS;
1228 fn RtlCompressBuffer(
1229 CompressionFormatAndEngine: USHORT,
1230 UncompressedBuffer: PUCHAR,
1231 UncompressedBufferSize: ULONG,
1232 CompressedBuffer: PUCHAR,
1233 CompressedBufferSize: ULONG,
1234 UncompressedChunkSize: ULONG,
1235 FinalCompressedSize: PULONG,
1236 WorkSpace: PVOID,
1237 ) -> NTSTATUS;
1238 fn RtlDecompressBuffer(
1239 CompressionFormat: USHORT,
1240 UncompressedBuffer: PUCHAR,
1241 UncompressedBufferSize: ULONG,
1242 CompressedBuffer: PUCHAR,
1243 CompressedBufferSize: ULONG,
1244 FinalUncompressedSize: PULONG,
1245 ) -> NTSTATUS;
1246 fn RtlDecompressBufferEx(
1247 CompressionFormat: USHORT,
1248 UncompressedBuffer: PUCHAR,
1249 UncompressedBufferSize: ULONG,
1250 CompressedBuffer: PUCHAR,
1251 CompressedBufferSize: ULONG,
1252 FinalUncompressedSize: PULONG,
1253 WorkSpace: PVOID,
1254 ) -> NTSTATUS;
1255 fn RtlDecompressFragment(
1256 CompressionFormat: USHORT,
1257 UncompressedFragment: PUCHAR,
1258 UncompressedFragmentSize: ULONG,
1259 CompressedBuffer: PUCHAR,
1260 CompressedBufferSize: ULONG,
1261 FragmentOffset: ULONG,
1262 FinalUncompressedSize: PULONG,
1263 WorkSpace: PVOID,
1264 ) -> NTSTATUS;
1265 fn RtlDescribeChunk(
1266 CompressionFormat: USHORT,
1267 CompressedBuffer: *mut PUCHAR,
1268 EndOfCompressedBufferPlus1: PUCHAR,
1269 ChunkBuffer: *mut PUCHAR,
1270 ChunkSize: PULONG,
1271 ) -> NTSTATUS;
1272 fn RtlReserveChunk(
1273 CompressionFormat: USHORT,
1274 CompressedBuffer: *mut PUCHAR,
1275 EndOfCompressedBufferPlus1: PUCHAR,
1276 ChunkBuffer: *mut PUCHAR,
1277 ChunkSize: ULONG,
1278 ) -> NTSTATUS;
1279 fn RtlDecompressChunks(
1280 UncompressedBuffer: PUCHAR,
1281 UncompressedBufferSize: ULONG,
1282 CompressedBuffer: PUCHAR,
1283 CompressedBufferSize: ULONG,
1284 CompressedTail: PUCHAR,
1285 CompressedTailSize: ULONG,
1286 CompressedDataInfo: PCOMPRESSED_DATA_INFO,
1287 ) -> NTSTATUS;
1288 fn RtlCompressChunks(
1289 UncompressedBuffer: PUCHAR,
1290 UncompressedBufferSize: ULONG,
1291 CompressedBuffer: PUCHAR,
1292 CompressedBufferSize: ULONG,
1293 CompressedDataInfo: PCOMPRESSED_DATA_INFO,
1294 CompressedDataInfoLength: ULONG,
1295 WorkSpace: PVOID,
1296 ) -> NTSTATUS;
1297 fn RtlConvertLCIDToString(
1298 LcidValue: LCID,
1299 Base: ULONG,
1300 Padding: ULONG,
1301 pResultBuf: PWSTR,
1302 Size: ULONG,
1303 ) -> NTSTATUS;
1304 fn RtlIsValidLocaleName(
1305 LocaleName: PWSTR,
1306 Flags: ULONG,
1307 ) -> BOOLEAN;
1308 fn RtlGetParentLocaleName(
1309 LocaleName: PWSTR,
1310 ParentLocaleName: PUNICODE_STRING,
1311 Flags: ULONG,
1312 AllocateDestinationString: BOOLEAN,
1313 ) -> NTSTATUS;
1314 fn RtlLcidToLocaleName(
1315 lcid: LCID,
1316 LocaleName: PUNICODE_STRING,
1317 Flags: ULONG,
1318 AllocateDestinationString: BOOLEAN,
1319 ) -> NTSTATUS;
1320 fn RtlLocaleNameToLcid(
1321 LocaleName: PWSTR,
1322 lcid: PLCID,
1323 Flags: ULONG,
1324 ) -> NTSTATUS;
1325 fn RtlLCIDToCultureName(
1326 Lcid: LCID,
1327 String: PUNICODE_STRING,
1328 ) -> BOOLEAN;
1329 fn RtlCultureNameToLCID(
1330 String: PUNICODE_STRING,
1331 Lcid: PLCID,
1332 ) -> BOOLEAN;
1333 fn RtlCleanUpTEBLangLists();
1334 fn RtlGetLocaleFileMappingAddress(
1335 BaseAddress: *mut PVOID,
1336 DefaultLocaleId: PLCID,
1337 DefaultCasingTableSize: PLARGE_INTEGER,
1338 ) -> NTSTATUS;
1339 fn RtlGetCurrentPeb() -> PPEB;
1340 fn RtlAcquirePebLock();
1341 fn RtlReleasePebLock();
1342 fn RtlTryAcquirePebLock() -> LOGICAL;
1343 fn RtlAllocateFromPeb(
1344 Size: ULONG,
1345 Block: *mut PVOID,
1346 ) -> NTSTATUS;
1347 fn RtlFreeToPeb(
1348 Block: PVOID,
1349 Size: ULONG,
1350 ) -> NTSTATUS;
1351}}
1352pub const DOS_MAX_COMPONENT_LENGTH: u32 = 255;
1353pub const DOS_MAX_PATH_LENGTH: u32 = DOS_MAX_COMPONENT_LENGTH + 5;
1354STRUCT!{struct CURDIR {
1355 DosPath: UNICODE_STRING,
1356 Handle: HANDLE,
1357}}
1358pub type PCURDIR = *mut CURDIR;
1359pub const RTL_USER_PROC_CURDIR_CLOSE: u32 = 0x00000002;
1360pub const RTL_USER_PROC_CURDIR_INHERIT: u32 = 0x00000003;
1361STRUCT!{struct RTL_DRIVE_LETTER_CURDIR {
1362 Flags: USHORT,
1363 Length: USHORT,
1364 TimeStamp: ULONG,
1365 DosPath: STRING,
1366}}
1367pub type PRTL_DRIVE_LETTER_CURDIR = *mut RTL_DRIVE_LETTER_CURDIR;
1368pub const RTL_MAX_DRIVE_LETTERS: usize = 32;
1369pub const RTL_DRIVE_LETTER_VALID: USHORT = 0x0001;
1370STRUCT!{struct RTL_USER_PROCESS_PARAMETERS {
1371 MaximumLength: ULONG,
1372 Length: ULONG,
1373 Flags: ULONG,
1374 DebugFlags: ULONG,
1375 ConsoleHandle: HANDLE,
1376 ConsoleFlags: ULONG,
1377 StandardInput: HANDLE,
1378 StandardOutput: HANDLE,
1379 StandardError: HANDLE,
1380 CurrentDirectory: CURDIR,
1381 DllPath: UNICODE_STRING,
1382 ImagePathName: UNICODE_STRING,
1383 CommandLine: UNICODE_STRING,
1384 Environment: PVOID,
1385 StartingX: ULONG,
1386 StartingY: ULONG,
1387 CountX: ULONG,
1388 CountY: ULONG,
1389 CountCharsX: ULONG,
1390 CountCharsY: ULONG,
1391 FillAttribute: ULONG,
1392 WindowFlags: ULONG,
1393 ShowWindowFlags: ULONG,
1394 WindowTitle: UNICODE_STRING,
1395 DesktopInfo: UNICODE_STRING,
1396 ShellInfo: UNICODE_STRING,
1397 RuntimeData: UNICODE_STRING,
1398 CurrentDirectories: [RTL_DRIVE_LETTER_CURDIR; RTL_MAX_DRIVE_LETTERS],
1399 EnvironmentSize: ULONG_PTR,
1400 EnvironmentVersion: ULONG_PTR,
1401 PackageDependencyData: PVOID,
1402 ProcessGroupId: ULONG,
1403 LoaderThreads: ULONG,
1404}}
1405pub type PRTL_USER_PROCESS_PARAMETERS = *mut RTL_USER_PROCESS_PARAMETERS;
1406pub const RTL_USER_PROC_PARAMS_NORMALIZED: ULONG = 0x00000001;
1407pub const RTL_USER_PROC_PROFILE_USER: ULONG = 0x00000002;
1408pub const RTL_USER_PROC_PROFILE_KERNEL: ULONG = 0x00000004;
1409pub const RTL_USER_PROC_PROFILE_SERVER: ULONG = 0x00000008;
1410pub const RTL_USER_PROC_RESERVE_1MB: ULONG = 0x00000020;
1411pub const RTL_USER_PROC_RESERVE_16MB: ULONG = 0x00000040;
1412pub const RTL_USER_PROC_CASE_SENSITIVE: ULONG = 0x00000080;
1413pub const RTL_USER_PROC_DISABLE_HEAP_DECOMMIT: ULONG = 0x00000100;
1414pub const RTL_USER_PROC_DLL_REDIRECTION_LOCAL: ULONG = 0x00001000;
1415pub const RTL_USER_PROC_APP_MANIFEST_PRESENT: ULONG = 0x00002000;
1416pub const RTL_USER_PROC_IMAGE_KEY_MISSING: ULONG = 0x00004000;
1417pub const RTL_USER_PROC_OPTIN_PROCESS: ULONG = 0x00020000;
1418EXTERN!{extern "system" {
1419 fn RtlCreateProcessParameters(
1420 pProcessParameters: *mut PRTL_USER_PROCESS_PARAMETERS,
1421 ImagePathName: PUNICODE_STRING,
1422 DllPath: PUNICODE_STRING,
1423 CurrentDirectory: PUNICODE_STRING,
1424 CommandLine: PUNICODE_STRING,
1425 Environment: PVOID,
1426 WindowTitle: PUNICODE_STRING,
1427 DesktopInfo: PUNICODE_STRING,
1428 ShellInfo: PUNICODE_STRING,
1429 RuntimeData: PUNICODE_STRING,
1430 ) -> NTSTATUS;
1431 fn RtlCreateProcessParametersEx(
1432 pProcessParameters: *mut PRTL_USER_PROCESS_PARAMETERS,
1433 ImagePathName: PUNICODE_STRING,
1434 DllPath: PUNICODE_STRING,
1435 CurrentDirectory: PUNICODE_STRING,
1436 CommandLine: PUNICODE_STRING,
1437 Environment: PVOID,
1438 WindowTitle: PUNICODE_STRING,
1439 DesktopInfo: PUNICODE_STRING,
1440 ShellInfo: PUNICODE_STRING,
1441 RuntimeData: PUNICODE_STRING,
1442 Flags: ULONG,
1443 ) -> NTSTATUS;
1444 fn RtlDestroyProcessParameters(
1445 ProcessParameters: PRTL_USER_PROCESS_PARAMETERS,
1446 ) -> NTSTATUS;
1447 fn RtlNormalizeProcessParams(
1448 ProcessParameters: PRTL_USER_PROCESS_PARAMETERS,
1449 ) -> PRTL_USER_PROCESS_PARAMETERS;
1450 fn RtlDeNormalizeProcessParams(
1451 ProcessParameters: PRTL_USER_PROCESS_PARAMETERS,
1452 ) -> PRTL_USER_PROCESS_PARAMETERS;
1453}}
1454STRUCT!{struct RTL_USER_PROCESS_INFORMATION {
1455 Length: ULONG,
1456 Process: HANDLE,
1457 Thread: HANDLE,
1458 ClientId: CLIENT_ID,
1459 ImageInformation: SECTION_IMAGE_INFORMATION,
1460}}
1461pub type PRTL_USER_PROCESS_INFORMATION = *mut RTL_USER_PROCESS_INFORMATION;
1462EXTERN!{extern "system" {
1463 fn RtlCreateUserProcess(
1464 NtImagePathName: PUNICODE_STRING,
1465 AttributesDeprecated: ULONG,
1466 ProcessParameters: PRTL_USER_PROCESS_PARAMETERS,
1467 ProcessSecurityDescriptor: PSECURITY_DESCRIPTOR,
1468 ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR,
1469 ParentProcess: HANDLE,
1470 InheritHandles: BOOLEAN,
1471 DebugPort: HANDLE,
1472 TokenHandle: HANDLE,
1473 ProcessInformation: PRTL_USER_PROCESS_INFORMATION,
1474 ) -> NTSTATUS;
1475 fn RtlCreateUserProcessEx(
1476 NtImagePathName: PUNICODE_STRING,
1477 ProcessParameters: PRTL_USER_PROCESS_PARAMETERS,
1478 InheritHandles: BOOLEAN,
1479 Flags: ULONG,
1480 ProcessInformation: PRTL_USER_PROCESS_INFORMATION,
1481 ) -> NTSTATUS;
1482 fn RtlExitUserProcess(
1483 ExitStatus: NTSTATUS,
1484 );
1485}}
1486pub const RTL_CLONE_PROCESS_FLAGS_CREATE_SUSPENDED: ULONG = 0x00000001;
1487pub const RTL_CLONE_PROCESS_FLAGS_INHERIT_HANDLES: ULONG = 0x00000002;
1488pub const RTL_CLONE_PROCESS_FLAGS_NO_SYNCHRONIZE: ULONG = 0x00000004;
1489EXTERN!{extern "system" {
1490 fn RtlCloneUserProcess(
1491 ProcessFlags: ULONG,
1492 ProcessSecurityDescriptor: PSECURITY_DESCRIPTOR,
1493 ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR,
1494 DebugPort: HANDLE,
1495 ProcessInformation: PRTL_USER_PROCESS_INFORMATION,
1496 ) -> NTSTATUS;
1497 fn RtlUpdateClonedCriticalSection(
1498 CriticalSection: PRTL_CRITICAL_SECTION,
1499 );
1500 fn RtlUpdateClonedSRWLock(
1501 SRWLock: PRTL_SRWLOCK,
1502 Shared: LOGICAL,
1503 );
1504}}
1505STRUCT!{struct RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION {
1506 ReflectionProcessHandle: HANDLE,
1507 ReflectionThreadHandle: HANDLE,
1508 ReflectionClientId: CLIENT_ID,
1509}}
1510pub type PRTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION =
1511 *mut RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION;
1512EXTERN!{extern "system" {
1513 fn RtlCreateProcessReflection(
1514 ProcessHandle: HANDLE,
1515 Flags: ULONG,
1516 StartRoutine: PVOID,
1517 StartContext: PVOID,
1518 EventHandle: HANDLE,
1519 ReflectionInformation: PRTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION,
1520 ) -> NTSTATUS;
1521}}
1522EXTERN!{extern "C" {
1523 fn RtlSetProcessIsCritical(
1524 NewValue: BOOLEAN,
1525 OldValue: PBOOLEAN,
1526 CheckFlag: BOOLEAN,
1527 ) -> NTSTATUS;
1528 fn RtlSetThreadIsCritical(
1529 NewValue: BOOLEAN,
1530 OldValue: PBOOLEAN,
1531 CheckFlag: BOOLEAN,
1532 ) -> NTSTATUS;
1533}}
1534EXTERN!{extern "system" {
1535 fn RtlValidProcessProtection(
1536 ProcessProtection: PS_PROTECTION,
1537 ) -> BOOLEAN;
1538 fn RtlTestProtectedAccess(
1539 Source: PS_PROTECTION,
1540 Target: PS_PROTECTION,
1541 ) -> BOOLEAN;
1542 fn RtlIsCurrentProcess(
1543 ProcessHandle: HANDLE,
1544 ) -> BOOLEAN;
1545 fn RtlIsCurrentThread(
1546 ThreadHandle: HANDLE,
1547 ) -> BOOLEAN;
1548}}
1549FN!{stdcall PUSER_THREAD_START_ROUTINE(
1550 ThreadParameter: PVOID,
1551) -> NTSTATUS}
1552EXTERN!{extern "system" {
1553 fn RtlCreateUserThread(
1554 Process: HANDLE,
1555 ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR,
1556 CreateSuspended: BOOLEAN,
1557 ZeroBits: ULONG,
1558 MaximumStackSize: SIZE_T,
1559 CommittedStackSize: SIZE_T,
1560 StartAddress: PUSER_THREAD_START_ROUTINE,
1561 Parameter: PVOID,
1562 Thread: PHANDLE,
1563 ClientId: PCLIENT_ID,
1564 ) -> NTSTATUS;
1565 fn RtlExitUserThread(
1566 ExitStatus: NTSTATUS,
1567 );
1568 fn RtlIsCurrentThreadAttachExempt() -> BOOLEAN;
1569 fn RtlCreateUserStack(
1570 CommittedStackSize: SIZE_T,
1571 MaximumStackSize: SIZE_T,
1572 ZeroBits: ULONG_PTR,
1573 PageSize: SIZE_T,
1574 ReserveAlignment: ULONG_PTR,
1575 InitialTeb: PINITIAL_TEB,
1576 ) -> NTSTATUS;
1577 fn RtlFreeUserStack(
1578 AllocationBase: PVOID,
1579 ) -> NTSTATUS;
1580}}
1581STRUCT!{struct CONTEXT_CHUNK {
1582 Offset: LONG,
1583 Length: ULONG,
1584}}
1585pub type PCONTEXT_CHUNK = *mut CONTEXT_CHUNK;
1586STRUCT!{struct CONTEXT_EX {
1587 All: CONTEXT_CHUNK,
1588 Legacy: CONTEXT_CHUNK,
1589 XState: CONTEXT_CHUNK,
1590}}
1591pub type PCONTEXT_EX = *mut CONTEXT_EX;
1592pub const CONTEXT_EX_LENGTH: usize = 4096;
1593#[macro_export]
1594macro_rules! RTL_CONTEXT_EX_OFFSET {
1595 ($ContextEx:expr, $Chunk:ident) => {
1596 (*$ContextEx).$Chunk.Offset
1597 };
1598}
1599#[macro_export]
1600macro_rules! RTL_CONTEXT_EX_LENGTH {
1601 ($ContextEx:expr, $Chunk:ident) => {
1602 (*$ContextEx).$Chunk.Length
1603 };
1604}
1605#[macro_export]
1606macro_rules! RTL_CONTEXT_EX_CHUNK {
1607 ($Base:expr, $Layout:expr, $Chunk:ident) => {
1608 ($Base as usize + RTL_CONTEXT_EX_OFFSET!($Layout, $Chunk) as usize) as *mut c_void
1609 };
1610}
1611#[macro_export]
1612macro_rules! RTL_CONTEXT_OFFSET {
1613 ($Context:expr, $Chunk:ident) => {
1614 RTL_CONTEXT_EX_OFFSET!(($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1)
1615 as *const $crate::ntrtl::CONTEXT_EX, $Chunk)
1616 };
1617}
1618#[macro_export]
1619macro_rules! RTL_CONTEXT_LENGTH {
1620 ($Context:expr, $Chunk:ident) => {
1621 RTL_CONTEXT_EX_LENGTH!(($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1)
1622 as *const $crate::ntrtl::CONTEXT_EX, $Chunk)
1623 };
1624}
1625#[macro_export]
1626macro_rules! RTL_CONTEXT_CHUNK {
1627 ($Context:expr, $Chunk:ident) => {
1628 RTL_CONTEXT_EX_CHUNK!(
1629 ($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1)
1630 as *const $crate::ntrtl::CONTEXT_EX,
1631 ($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1)
1632 as *const $crate::ntrtl::CONTEXT_EX,
1633 $Chunk
1634 )
1635 };
1636}
1637EXTERN!{extern "system" {
1638 fn RtlInitializeContext(
1639 Process: HANDLE,
1640 Context: PCONTEXT,
1641 Parameter: PVOID,
1642 InitialPc: PVOID,
1643 InitialSp: PVOID,
1644 );
1645 fn RtlInitializeExtendedContext(
1646 Context: PCONTEXT,
1647 ContextFlags: ULONG,
1648 ContextEx: *mut PCONTEXT_EX,
1649 ) -> ULONG;
1650 fn RtlCopyExtendedContext(
1651 Destination: PCONTEXT_EX,
1652 ContextFlags: ULONG,
1653 Source: PCONTEXT_EX,
1654 ) -> ULONG;
1655 fn RtlGetExtendedContextLength(
1656 ContextFlags: ULONG,
1657 ContextLength: PULONG,
1658 ) -> ULONG;
1659 fn RtlGetExtendedFeaturesMask(
1660 ContextEx: PCONTEXT_EX,
1661 ) -> ULONG64;
1662 fn RtlLocateExtendedFeature(
1663 ContextEx: PCONTEXT_EX,
1664 FeatureId: ULONG,
1665 Length: PULONG,
1666 ) -> PVOID;
1667 fn RtlLocateLegacyContext(
1668 ContextEx: PCONTEXT_EX,
1669 Length: PULONG,
1670 ) -> PCONTEXT;
1671 fn RtlSetExtendedFeaturesMask(
1672 ContextEx: PCONTEXT_EX,
1673 FeatureMask: ULONG64,
1674 );
1675}}
1676#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
1677EXTERN!{extern "system" {
1678 fn RtlWow64GetThreadContext(
1679 ThreadHandle: HANDLE,
1680 ThreadContext: PWOW64_CONTEXT,
1681 ) -> NTSTATUS;
1682 fn RtlWow64SetThreadContext(
1683 ThreadHandle: HANDLE,
1684 ThreadContext: PWOW64_CONTEXT,
1685 ) -> NTSTATUS;
1686}}
1687EXTERN!{extern "system" {
1688 fn RtlRemoteCall(
1689 Process: HANDLE,
1690 Thread: HANDLE,
1691 CallSite: PVOID,
1692 ArgumentCount: ULONG,
1693 Arguments: PULONG_PTR,
1694 PassContext: BOOLEAN,
1695 AlreadySuspended: BOOLEAN,
1696 ) -> NTSTATUS;
1697 fn RtlAddVectoredExceptionHandler(
1698 First: ULONG,
1699 Handler: PVECTORED_EXCEPTION_HANDLER,
1700 ) -> PVOID;
1701 fn RtlRemoveVectoredExceptionHandler(
1702 Handle: PVOID,
1703 ) -> ULONG;
1704 fn RtlAddVectoredContinueHandler(
1705 First: ULONG,
1706 Handler: PVECTORED_EXCEPTION_HANDLER,
1707 ) -> PVOID;
1708 fn RtlRemoveVectoredContinueHandler(
1709 Handle: PVOID,
1710 ) -> ULONG;
1711}}
1712FN!{stdcall PRTLP_UNHANDLED_EXCEPTION_FILTER(
1713 ExceptionInfo: PEXCEPTION_POINTERS,
1714) -> ULONG}
1715EXTERN!{extern "system" {
1716 fn RtlSetUnhandledExceptionFilter(
1717 UnhandledExceptionFilter: PRTLP_UNHANDLED_EXCEPTION_FILTER,
1718 );
1719 fn RtlUnhandledExceptionFilter(
1720 ExceptionPointers: PEXCEPTION_POINTERS,
1721 ) -> LONG;
1722 fn RtlUnhandledExceptionFilter2(
1723 ExceptionPointers: PEXCEPTION_POINTERS,
1724 Flags: ULONG,
1725 ) -> LONG;
1726 fn RtlKnownExceptionFilter(
1727 ExceptionPointers: PEXCEPTION_POINTERS,
1728 ) -> LONG;
1729}}
1730#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
1731IFDEF!{
1732ENUM!{enum FUNCTION_TABLE_TYPE {
1733 RF_SORTED = 0,
1734 RF_UNSORTED = 1,
1735 RF_CALLBACK = 2,
1736 RF_KERNEL_DYNAMIC = 3,
1737}}
1738STRUCT!{struct DYNAMIC_FUNCTION_TABLE {
1739 ListEntry: LIST_ENTRY,
1740 FunctionTable: PRUNTIME_FUNCTION,
1741 TimeStamp: LARGE_INTEGER,
1742 MinimumAddress: ULONG64,
1743 MaximumAddress: ULONG64,
1744 BaseAddress: ULONG64,
1745 Callback: PGET_RUNTIME_FUNCTION_CALLBACK,
1746 Context: PVOID,
1747 OutOfProcessCallbackDll: PWSTR,
1748 Type: FUNCTION_TABLE_TYPE,
1749 EntryCount: ULONG,
1750 TreeNode: RTL_BALANCED_NODE,
1751}}
1752pub type PDYNAMIC_FUNCTION_TABLE = *mut DYNAMIC_FUNCTION_TABLE;
1753EXTERN!{extern "system" {
1754 fn RtlGetFunctionTableListHead() -> PLIST_ENTRY;
1755}}
1756}
1757EXTERN!{extern "system" {
1758 fn RtlImageNtHeader(
1759 BaseOfImage: PVOID,
1760 ) -> PIMAGE_NT_HEADERS;
1761}}
1762pub const RTL_IMAGE_NT_HEADER_EX_FLAG_NO_RANGE_CHECK: ULONG = 0x00000001;
1763EXTERN!{extern "system" {
1764 fn RtlImageNtHeaderEx(
1765 Flags: ULONG,
1766 BaseOfImage: PVOID,
1767 Size: ULONG64,
1768 OutHeaders: *mut PIMAGE_NT_HEADERS,
1769 ) -> NTSTATUS;
1770 fn RtlAddressInSectionTable(
1771 NtHeaders: PIMAGE_NT_HEADERS,
1772 BaseOfImage: PVOID,
1773 VirtualAddress: ULONG,
1774 ) -> PVOID;
1775 fn RtlSectionTableFromVirtualAddress(
1776 NtHeaders: PIMAGE_NT_HEADERS,
1777 BaseOfImage: PVOID,
1778 VirtualAddress: ULONG,
1779 ) -> PIMAGE_SECTION_HEADER;
1780 fn RtlImageDirectoryEntryToData(
1781 BaseOfImage: PVOID,
1782 MappedAsImage: BOOLEAN,
1783 DirectoryEntry: USHORT,
1784 Size: PULONG,
1785 ) -> PVOID;
1786 fn RtlImageRvaToSection(
1787 NtHeaders: PIMAGE_NT_HEADERS,
1788 BaseOfImage: PVOID,
1789 Rva: ULONG,
1790 ) -> PIMAGE_SECTION_HEADER;
1791 fn RtlImageRvaToVa(
1792 NtHeaders: PIMAGE_NT_HEADERS,
1793 BaseOfImage: PVOID,
1794 Rva: ULONG,
1795 LastRvaSection: *mut PIMAGE_SECTION_HEADER,
1796 ) -> PVOID;
1797 fn RtlFindExportedRoutineByName(
1798 BaseOfImage: PVOID,
1799 RoutineName: PSTR,
1800 ) -> PVOID;
1801 fn RtlGuardCheckLongJumpTarget(
1802 PcValue: PVOID,
1803 IsFastFail: BOOL,
1804 IsLongJumpTarget: PBOOL,
1805 ) -> NTSTATUS;
1806 fn RtlCompareMemoryUlong(
1807 Source: PVOID,
1808 Length: SIZE_T,
1809 Pattern: ULONG,
1810 ) -> SIZE_T;
1811 fn RtlFillMemoryUlong(
1812 Destination: PVOID,
1813 Length: SIZE_T,
1814 Pattern: ULONG,
1815 );
1816 fn RtlFillMemoryUlonglong(
1817 Destination: PVOID,
1818 Length: SIZE_T,
1819 Pattern: ULONGLONG,
1820 );
1821 fn RtlCreateEnvironment(
1822 CloneCurrentEnvironment: BOOLEAN,
1823 Environment: *mut PVOID,
1824 ) -> NTSTATUS;
1825}}
1826pub const RTL_CREATE_ENVIRONMENT_TRANSLATE: ULONG = 0x1;
1827pub const RTL_CREATE_ENVIRONMENT_TRANSLATE_FROM_OEM: ULONG = 0x2;
1828pub const RTL_CREATE_ENVIRONMENT_EMPTY: ULONG = 0x4;
1829EXTERN!{extern "system" {
1830 fn RtlCreateEnvironmentEx(
1831 SourceEnv: PVOID,
1832 Environment: *mut PVOID,
1833 Flags: ULONG,
1834 ) -> NTSTATUS;
1835 fn RtlDestroyEnvironment(
1836 Environment: PVOID,
1837 ) -> NTSTATUS;
1838 fn RtlSetCurrentEnvironment(
1839 Environment: PVOID,
1840 PreviousEnvironment: *mut PVOID,
1841 ) -> NTSTATUS;
1842 fn RtlSetEnvironmentVar(
1843 Environment: *mut PWSTR,
1844 Name: PWSTR,
1845 NameLength: SIZE_T,
1846 Value: PWSTR,
1847 ValueLength: SIZE_T,
1848 ) -> NTSTATUS;
1849 fn RtlSetEnvironmentVariable(
1850 Environment: *mut PVOID,
1851 Name: PUNICODE_STRING,
1852 Value: PUNICODE_STRING,
1853 ) -> NTSTATUS;
1854 fn RtlQueryEnvironmentVariable(
1855 Environment: PVOID,
1856 Name: PWSTR,
1857 NameLength: SIZE_T,
1858 Value: PWSTR,
1859 ValueLength: SIZE_T,
1860 ReturnLength: PSIZE_T,
1861 ) -> NTSTATUS;
1862 fn RtlQueryEnvironmentVariable_U(
1863 Environment: PVOID,
1864 Name: PUNICODE_STRING,
1865 Value: PUNICODE_STRING,
1866 ) -> NTSTATUS;
1867 fn RtlExpandEnvironmentStrings(
1868 Environment: PVOID,
1869 Src: PWSTR,
1870 SrcLength: SIZE_T,
1871 Dst: PWSTR,
1872 DstLength: SIZE_T,
1873 ReturnLength: PSIZE_T,
1874 ) -> NTSTATUS;
1875 fn RtlExpandEnvironmentStrings_U(
1876 Environment: PVOID,
1877 Source: PUNICODE_STRING,
1878 Destination: PUNICODE_STRING,
1879 ReturnedLength: PULONG,
1880 ) -> NTSTATUS;
1881 fn RtlSetEnvironmentStrings(
1882 NewEnvironment: PWCHAR,
1883 NewEnvironmentSize: SIZE_T,
1884 ) -> NTSTATUS;
1885}}
1886STRUCT!{struct RTLP_CURDIR_REF {
1887 ReferenceCount: LONG,
1888 DirectoryHandle: HANDLE,
1889}}
1890pub type PRTLP_CURDIR_REF = *mut RTLP_CURDIR_REF;
1891STRUCT!{struct RTL_RELATIVE_NAME_U {
1892 RelativeName: UNICODE_STRING,
1893 ContainingDirectory: HANDLE,
1894 CurDirRef: PRTLP_CURDIR_REF,
1895}}
1896pub type PRTL_RELATIVE_NAME_U = *mut RTL_RELATIVE_NAME_U;
1897ENUM!{enum RTL_PATH_TYPE {
1898 RtlPathTypeUnknown = 0,
1899 RtlPathTypeUncAbsolute = 1,
1900 RtlPathTypeDriveAbsolute = 2,
1901 RtlPathTypeDriveRelative = 3,
1902 RtlPathTypeRooted = 4,
1903 RtlPathTypeRelative = 5,
1904 RtlPathTypeLocalDevice = 6,
1905 RtlPathTypeRootLocalDevice = 7,
1906}}
1907EXTERN!{extern "C" {
1908 static mut RtlDosPathSeperatorsString: UNICODE_STRING;
1909 static mut RtlAlternateDosPathSeperatorString: UNICODE_STRING;
1910 static mut RtlNtPathSeperatorString: UNICODE_STRING;
1911}}
1912pub const RtlNtdllName: UTF16Const = UTF16Const(&[
1914 0x006E, 0x0074, 0x0064, 0x006C, 0x006C, 0x002E, 0x0064, 0x006C, 0x006C, 0u16,
1915]);
1916EXTERN!{extern "system" {
1917 fn RtlDetermineDosPathNameType_U(
1918 DosFileName: PWSTR,
1919 ) -> RTL_PATH_TYPE;
1920 fn RtlDetermineDosPathNameType_Ustr(
1921 DosFileName: PCUNICODE_STRING,
1922 ) -> RTL_PATH_TYPE;
1923 fn RtlIsDosDeviceName_U(
1924 DosFileName: PWSTR,
1925 ) -> ULONG;
1926 fn RtlIsDosDeviceName_Ustr(
1927 DosFileName: PUNICODE_STRING,
1928 ) -> ULONG;
1929 fn RtlGetFullPathName_U(
1930 FileName: PWSTR,
1931 BufferLength: ULONG,
1932 Buffer: PWSTR,
1933 FilePart: *mut PWSTR,
1934 ) -> ULONG;
1935 fn RtlGetFullPathName_UEx(
1936 FileName: PWSTR,
1937 BufferLength: ULONG,
1938 Buffer: PWSTR,
1939 FilePart: *mut PWSTR,
1940 BytesRequired: *mut ULONG,
1941 ) -> NTSTATUS;
1942 fn RtlGetFullPathName_UstrEx(
1943 FileName: PUNICODE_STRING,
1944 StaticString: PUNICODE_STRING,
1945 DynamicString: PUNICODE_STRING,
1946 StringUsed: *mut PUNICODE_STRING,
1947 FilePartPrefixCch: *mut SIZE_T,
1948 NameInvalid: PBOOLEAN,
1949 InputPathType: *mut RTL_PATH_TYPE,
1950 BytesRequired: *mut SIZE_T,
1951 ) -> NTSTATUS;
1952 fn RtlGetCurrentDirectory_U(
1953 BufferLength: ULONG,
1954 Buffer: PWSTR,
1955 ) -> ULONG;
1956 fn RtlSetCurrentDirectory_U(
1957 PathName: PUNICODE_STRING,
1958 ) -> NTSTATUS;
1959 fn RtlGetLongestNtPathLength() -> ULONG;
1960 fn RtlDosPathNameToNtPathName_U(
1961 DosFileName: PWSTR,
1962 NtFileName: PUNICODE_STRING,
1963 FilePart: *mut PWSTR,
1964 RelativeName: PRTL_RELATIVE_NAME_U,
1965 ) -> BOOLEAN;
1966 fn RtlDosPathNameToNtPathName_U_WithStatus(
1967 DosFileName: PWSTR,
1968 NtFileName: PUNICODE_STRING,
1969 FilePart: *mut PWSTR,
1970 RelativeName: PRTL_RELATIVE_NAME_U,
1971 ) -> NTSTATUS;
1972 fn RtlDosLongPathNameToNtPathName_U_WithStatus(
1973 DosFileName: PWSTR,
1974 NtFileName: PUNICODE_STRING,
1975 FilePart: *mut PWSTR,
1976 RelativeName: PRTL_RELATIVE_NAME_U,
1977 ) -> NTSTATUS;
1978 fn RtlDosPathNameToRelativeNtPathName_U(
1979 DosFileName: PWSTR,
1980 NtFileName: PUNICODE_STRING,
1981 FilePart: *mut PWSTR,
1982 RelativeName: PRTL_RELATIVE_NAME_U,
1983 ) -> BOOLEAN;
1984 fn RtlDosPathNameToRelativeNtPathName_U_WithStatus(
1985 DosFileName: PWSTR,
1986 NtFileName: PUNICODE_STRING,
1987 FilePart: *mut PWSTR,
1988 RelativeName: PRTL_RELATIVE_NAME_U,
1989 ) -> NTSTATUS;
1990 fn RtlDosLongPathNameToRelativeNtPathName_U_WithStatus(
1991 DosFileName: PWSTR,
1992 NtFileName: PUNICODE_STRING,
1993 FilePart: *mut PWSTR,
1994 RelativeName: PRTL_RELATIVE_NAME_U,
1995 ) -> NTSTATUS;
1996 fn RtlReleaseRelativeName(
1997 RelativeName: PRTL_RELATIVE_NAME_U,
1998 );
1999 fn RtlDosSearchPath_U(
2000 Path: PWSTR,
2001 FileName: PWSTR,
2002 Extension: PWSTR,
2003 BufferLength: ULONG,
2004 Buffer: PWSTR,
2005 FilePart: *mut PWSTR,
2006 ) -> ULONG;
2007}}
2008pub const RTL_DOS_SEARCH_PATH_FLAG_APPLY_ISOLATION_REDIRECTION: ULONG = 0x00000001;
2009pub const RTL_DOS_SEARCH_PATH_FLAG_DISALLOW_DOT_RELATIVE_PATH_SEARCH: ULONG = 0x00000002;
2010pub const RTL_DOS_SEARCH_PATH_FLAG_APPLY_DEFAULT_EXTENSION_WHEN_NOT_RELATIVE_PATH_EVEN_IF_FILE_HAS_EXTENSION: ULONG = 0x00000004;
2011EXTERN!{extern "system" {
2012 fn RtlDosSearchPath_Ustr(
2013 Flags: ULONG,
2014 Path: PUNICODE_STRING,
2015 FileName: PUNICODE_STRING,
2016 DefaultExtension: PUNICODE_STRING,
2017 StaticString: PUNICODE_STRING,
2018 DynamicString: PUNICODE_STRING,
2019 FullFileNameOut: *mut PCUNICODE_STRING,
2020 FilePartPrefixCch: *mut SIZE_T,
2021 BytesRequired: *mut SIZE_T,
2022 ) -> NTSTATUS;
2023 fn RtlDoesFileExists_U(
2024 FileName: PWSTR,
2025 ) -> BOOLEAN;
2026 fn RtlGetLengthWithoutLastFullDosOrNtPathElement(
2027 Flags: ULONG,
2028 PathString: PUNICODE_STRING,
2029 Length: PULONG,
2030 ) -> NTSTATUS;
2031 fn RtlGetLengthWithoutTrailingPathSeperators(
2032 Flags: ULONG,
2033 PathString: PUNICODE_STRING,
2034 Length: PULONG,
2035 ) -> NTSTATUS;
2036}}
2037STRUCT!{struct GENERATE_NAME_CONTEXT {
2038 Checksum: USHORT,
2039 CheckSumInserted: BOOLEAN,
2040 NameLength: UCHAR,
2041 NameBuffer: [WCHAR; 8],
2042 ExtensionLength: ULONG,
2043 ExtensionBuffer: [WCHAR; 4],
2044 LastIndexValue: ULONG,
2045}}
2046pub type PGENERATE_NAME_CONTEXT = *mut GENERATE_NAME_CONTEXT;
2047EXTERN!{extern "system" {
2048 fn RtlGenerate8dot3Name(
2049 Name: PCUNICODE_STRING,
2050 AllowExtendedCharacters: BOOLEAN,
2051 Context: PGENERATE_NAME_CONTEXT,
2052 Name8dot3: PUNICODE_STRING,
2053 ) -> NTSTATUS;
2054 fn RtlComputePrivatizedDllName_U(
2055 DllName: PUNICODE_STRING,
2056 RealName: PUNICODE_STRING,
2057 LocalName: PUNICODE_STRING,
2058 ) -> NTSTATUS;
2059 fn RtlGetSearchPath(
2060 SearchPathA: *mut PWSTR,
2061 ) -> BOOLEAN;
2062 fn RtlSetSearchPathMode(
2063 Flags: ULONG,
2064 ) -> NTSTATUS;
2065 fn RtlGetExePath() -> PWSTR;
2066 fn RtlGetNtSystemRoot() -> PWSTR;
2067 fn RtlAreLongPathsEnabled() -> BOOLEAN;
2068 fn RtlIsThreadWithinLoaderCallout() -> BOOLEAN;
2069 fn RtlDllShutdownInProgress() -> BOOLEAN;
2070}}
2071STRUCT!{struct RTL_HEAP_ENTRY_u_s1 {
2072 Settable: SIZE_T,
2073 Tag: ULONG,
2074}}
2075STRUCT!{struct RTL_HEAP_ENTRY_u_s2 {
2076 CommittedSize: SIZE_T,
2077 FirstBlock: PVOID,
2078}}
2079UNION!{union RTL_HEAP_ENTRY_u {
2080 s1: RTL_HEAP_ENTRY_u_s1,
2081 s2: RTL_HEAP_ENTRY_u_s2,
2082}}
2083STRUCT!{struct RTL_HEAP_ENTRY {
2084 Size: SIZE_T,
2085 Flags: USHORT,
2086 AllocatorBackTraceIndex: USHORT,
2087 u: RTL_HEAP_ENTRY_u,
2088}}
2089pub type PRTL_HEAP_ENTRY = *mut RTL_HEAP_ENTRY;
2090pub const RTL_HEAP_BUSY: USHORT = 0x0001;
2091pub const RTL_HEAP_SEGMENT: USHORT = 0x0002;
2092pub const RTL_HEAP_SETTABLE_VALUE: USHORT = 0x0010;
2093pub const RTL_HEAP_SETTABLE_FLAG1: USHORT = 0x0020;
2094pub const RTL_HEAP_SETTABLE_FLAG2: USHORT = 0x0040;
2095pub const RTL_HEAP_SETTABLE_FLAG3: USHORT = 0x0080;
2096pub const RTL_HEAP_SETTABLE_FLAGS: USHORT = 0x00e0;
2097pub const RTL_HEAP_UNCOMMITTED_RANGE: USHORT = 0x0100;
2098pub const RTL_HEAP_PROTECTED_ENTRY: USHORT = 0x0200;
2099STRUCT!{struct RTL_HEAP_TAG {
2100 NumberOfAllocations: ULONG,
2101 NumberOfFrees: ULONG,
2102 BytesAllocated: SIZE_T,
2103 TagIndex: USHORT,
2104 CreatorBackTraceIndex: USHORT,
2105 TagName: [WCHAR; 24],
2106}}
2107pub type PRTL_HEAP_TAG = *mut RTL_HEAP_TAG;
2108STRUCT!{struct RTL_HEAP_INFORMATION {
2109 BaseAddress: PVOID,
2110 Flags: ULONG,
2111 EntryOverhead: USHORT,
2112 CreatorBackTraceIndex: USHORT,
2113 BytesAllocated: SIZE_T,
2114 BytesCommitted: SIZE_T,
2115 NumberOfTags: ULONG,
2116 NumberOfEntries: ULONG,
2117 NumberOfPseudoTags: ULONG,
2118 PseudoTagGranularity: ULONG,
2119 Reserved: [ULONG; 5],
2120 Tags: PRTL_HEAP_TAG,
2121 Entries: PRTL_HEAP_ENTRY,
2122}}
2123pub type PRTL_HEAP_INFORMATION = *mut RTL_HEAP_INFORMATION;
2124STRUCT!{struct RTL_PROCESS_HEAPS {
2125 NumberOfHeaps: ULONG,
2126 Heaps: [RTL_HEAP_INFORMATION; 1],
2127}}
2128pub type PRTL_PROCESS_HEAPS = *mut RTL_PROCESS_HEAPS;
2129FN!{stdcall PRTL_HEAP_COMMIT_ROUTINE(
2130 Base: PVOID,
2131 CommitAddress: *mut PVOID,
2132 CommitSize: PSIZE_T,
2133) -> NTSTATUS}
2134STRUCT!{struct RTL_HEAP_PARAMETERS {
2135 Length: ULONG,
2136 SegmentReserve: SIZE_T,
2137 SegmentCommit: SIZE_T,
2138 DeCommitFreeBlockThreshold: SIZE_T,
2139 DeCommitTotalFreeThreshold: SIZE_T,
2140 MaximumAllocationSize: SIZE_T,
2141 VirtualMemoryThreshold: SIZE_T,
2142 InitialCommit: SIZE_T,
2143 InitialReserve: SIZE_T,
2144 CommitRoutine: PRTL_HEAP_COMMIT_ROUTINE,
2145 Reserved: [SIZE_T; 2],
2146}}
2147pub type PRTL_HEAP_PARAMETERS = *mut RTL_HEAP_PARAMETERS;
2148pub const HEAP_SETTABLE_USER_VALUE: ULONG = 0x00000100;
2149pub const HEAP_SETTABLE_USER_FLAG1: ULONG = 0x00000200;
2150pub const HEAP_SETTABLE_USER_FLAG2: ULONG = 0x00000400;
2151pub const HEAP_SETTABLE_USER_FLAG3: ULONG = 0x00000800;
2152pub const HEAP_SETTABLE_USER_FLAGS: ULONG = 0x00000e00;
2153pub const HEAP_CLASS_0: ULONG = 0x00000000;
2154pub const HEAP_CLASS_1: ULONG = 0x00001000;
2155pub const HEAP_CLASS_2: ULONG = 0x00002000;
2156pub const HEAP_CLASS_3: ULONG = 0x00003000;
2157pub const HEAP_CLASS_4: ULONG = 0x00004000;
2158pub const HEAP_CLASS_5: ULONG = 0x00005000;
2159pub const HEAP_CLASS_6: ULONG = 0x00006000;
2160pub const HEAP_CLASS_7: ULONG = 0x00007000;
2161pub const HEAP_CLASS_8: ULONG = 0x00008000;
2162pub const HEAP_CLASS_MASK: ULONG = 0x0000f000;
2163EXTERN!{extern "system" {
2164 fn RtlCreateHeap(
2165 Flags: ULONG,
2166 HeapBase: PVOID,
2167 ReserveSize: SIZE_T,
2168 CommitSize: SIZE_T,
2169 Lock: PVOID,
2170 Parameters: PRTL_HEAP_PARAMETERS,
2171 ) -> PVOID;
2172 fn RtlDestroyHeap(
2173 HeapHandle: PVOID,
2174 ) -> PVOID;
2175 fn RtlAllocateHeap(
2176 HeapHandle: PVOID,
2177 Flags: ULONG,
2178 Size: SIZE_T,
2179 ) -> PVOID;
2180 fn RtlFreeHeap(
2181 HeapHandle: PVOID,
2182 Flags: ULONG,
2183 BaseAddress: PVOID,
2184 ) -> BOOLEAN;
2185 fn RtlSizeHeap(
2186 HeapHandle: PVOID,
2187 Flags: ULONG,
2188 BaseAddress: PVOID,
2189 ) -> SIZE_T;
2190 fn RtlZeroHeap(
2191 HeapHandle: PVOID,
2192 Flags: ULONG,
2193 ) -> NTSTATUS;
2194 fn RtlProtectHeap(
2195 HeapHandle: PVOID,
2196 MakeReadOnly: BOOLEAN,
2197 );
2198}}
2199#[inline] #[cfg(not(target_arch = "aarch64"))]
2200pub unsafe fn RtlProcessHeap() -> PVOID {
2201 use crate::ntpsapi::NtCurrentPeb;
2202 (*NtCurrentPeb()).ProcessHeap
2203}
2204EXTERN!{extern "system" {
2205 fn RtlLockHeap(
2206 HeapHandle: PVOID,
2207 ) -> BOOLEAN;
2208 fn RtlUnlockHeap(
2209 HeapHandle: PVOID,
2210 ) -> BOOLEAN;
2211 fn RtlReAllocateHeap(
2212 HeapHandle: PVOID,
2213 Flags: ULONG,
2214 BaseAddress: PVOID,
2215 Size: SIZE_T,
2216 ) -> PVOID;
2217 fn RtlGetUserInfoHeap(
2218 HeapHandle: PVOID,
2219 Flags: ULONG,
2220 BaseAddress: PVOID,
2221 UserValue: *mut PVOID,
2222 UserFlags: PULONG,
2223 ) -> BOOLEAN;
2224 fn RtlSetUserValueHeap(
2225 HeapHandle: PVOID,
2226 Flags: ULONG,
2227 BaseAddress: PVOID,
2228 UserValue: PVOID,
2229 ) -> BOOLEAN;
2230 fn RtlSetUserFlagsHeap(
2231 HeapHandle: PVOID,
2232 Flags: ULONG,
2233 BaseAddress: PVOID,
2234 UserFlagsReset: ULONG,
2235 UserFlagsSet: ULONG,
2236 ) -> BOOLEAN;
2237}}
2238STRUCT!{struct RTL_HEAP_TAG_INFO {
2239 NumberOfAllocations: ULONG,
2240 NumberOfFrees: ULONG,
2241 BytesAllocated: SIZE_T,
2242}}
2243pub type PRTL_HEAP_TAG_INFO = *mut RTL_HEAP_TAG_INFO;
2244EXTERN!{extern "system" {
2245 fn RtlCreateTagHeap(
2246 HeapHandle: PVOID,
2247 Flags: ULONG,
2248 TagPrefix: PWSTR,
2249 TagNames: PWSTR,
2250 ) -> ULONG;
2251 fn RtlQueryTagHeap(
2252 HeapHandle: PVOID,
2253 Flags: ULONG,
2254 TagIndex: USHORT,
2255 ResetCounters: BOOLEAN,
2256 TagInfo: PRTL_HEAP_TAG_INFO,
2257 ) -> PWSTR;
2258 fn RtlExtendHeap(
2259 HeapHandle: PVOID,
2260 Flags: ULONG,
2261 Base: PVOID,
2262 Size: SIZE_T,
2263 ) -> NTSTATUS;
2264 fn RtlCompactHeap(
2265 HeapHandle: PVOID,
2266 Flags: ULONG,
2267 ) -> SIZE_T;
2268 fn RtlValidateHeap(
2269 HeapHandle: PVOID,
2270 Flags: ULONG,
2271 BaseAddress: PVOID,
2272 ) -> BOOLEAN;
2273 fn RtlValidateProcessHeaps() -> BOOLEAN;
2274 fn RtlGetProcessHeaps(
2275 NumberOfHeaps: ULONG,
2276 ProcessHeaps: *mut PVOID,
2277 ) -> ULONG;
2278}}
2279FN!{stdcall PRTL_ENUM_HEAPS_ROUTINE(
2280 HeapHandle: PVOID,
2281 Parameter: PVOID,
2282) -> NTSTATUS}
2283EXTERN!{extern "system" {
2284 fn RtlEnumProcessHeaps(
2285 EnumRoutine: PRTL_ENUM_HEAPS_ROUTINE,
2286 Parameter: PVOID,
2287 ) -> NTSTATUS;
2288}}
2289STRUCT!{struct RTL_HEAP_USAGE_ENTRY {
2290 Next: *mut RTL_HEAP_USAGE_ENTRY,
2291 Address: PVOID,
2292 Size: SIZE_T,
2293 AllocatorBackTraceIndex: USHORT,
2294 TagIndex: USHORT,
2295}}
2296pub type PRTL_HEAP_USAGE_ENTRY = *mut RTL_HEAP_USAGE_ENTRY;
2297STRUCT!{struct RTL_HEAP_USAGE {
2298 Length: ULONG,
2299 BytesAllocated: SIZE_T,
2300 BytesCommitted: SIZE_T,
2301 BytesReserved: SIZE_T,
2302 BytesReservedMaximum: SIZE_T,
2303 Entries: PRTL_HEAP_USAGE_ENTRY,
2304 AddedEntries: PRTL_HEAP_USAGE_ENTRY,
2305 RemovedEntries: PRTL_HEAP_USAGE_ENTRY,
2306 Reserved: [ULONG_PTR; 8],
2307}}
2308pub type PRTL_HEAP_USAGE = *mut RTL_HEAP_USAGE;
2309pub const HEAP_USAGE_ALLOCATED_BLOCKS: ULONG = HEAP_REALLOC_IN_PLACE_ONLY;
2310pub const HEAP_USAGE_FREE_BUFFER: ULONG = HEAP_ZERO_MEMORY;
2311EXTERN!{extern "system" {
2312 fn RtlUsageHeap(
2313 HeapHandle: PVOID,
2314 Flags: ULONG,
2315 Usage: PRTL_HEAP_USAGE,
2316 ) -> NTSTATUS;
2317}}
2318STRUCT!{struct RTL_HEAP_WALK_ENTRY_u_Block {
2319 Settable: SIZE_T,
2320 TagIndex: USHORT,
2321 AllocatorBackTraceIndex: USHORT,
2322 Reserved: [ULONG; 2],
2323}}
2324STRUCT!{struct RTL_HEAP_WALK_ENTRY_u_Segment {
2325 CommittedSize: ULONG,
2326 UnCommittedSize: ULONG,
2327 FirstEntry: PVOID,
2328 LastEntry: PVOID,
2329}}
2330UNION!{union RTL_HEAP_WALK_ENTRY_u {
2331 Block: RTL_HEAP_WALK_ENTRY_u_Block,
2332 Segment: RTL_HEAP_WALK_ENTRY_u_Segment,
2333}}
2334STRUCT!{struct RTL_HEAP_WALK_ENTRY {
2335 DataAddress: PVOID,
2336 DataSize: SIZE_T,
2337 OverheadBytes: UCHAR,
2338 SegmentIndex: UCHAR,
2339 Flags: USHORT,
2340 u: RTL_HEAP_WALK_ENTRY_u,
2341}}
2342pub type PRTL_HEAP_WALK_ENTRY = *mut RTL_HEAP_WALK_ENTRY;
2343EXTERN!{extern "system" {
2344 fn RtlWalkHeap(
2345 HeapHandle: PVOID,
2346 Entry: PRTL_HEAP_WALK_ENTRY,
2347 ) -> NTSTATUS;
2348}}
2349pub const HeapDetailedFailureInformation: u32 = 0x80000001;
2350pub const HeapSetDebuggingInformation: u32 = 0x80000002;
2351ENUM!{enum HEAP_COMPATIBILITY_MODE {
2352 HEAP_COMPATIBILITY_STANDARD = 0,
2353 HEAP_COMPATIBILITY_LAL = 1,
2354 HEAP_COMPATIBILITY_LFH = 2,
2355}}
2356STRUCT!{struct PROCESS_HEAP_INFORMATION {
2357 ReserveSize: ULONG_PTR,
2358 CommitSize: ULONG_PTR,
2359 NumberOfHeaps: ULONG,
2360 FirstHeapInformationOffset: ULONG_PTR,
2361}}
2362pub type PPROCESS_HEAP_INFORMATION = *mut PROCESS_HEAP_INFORMATION;
2363STRUCT!{struct HEAP_INFORMATION {
2364 Address: ULONG_PTR,
2365 Mode: ULONG,
2366 ReserveSize: ULONG_PTR,
2367 CommitSize: ULONG_PTR,
2368 FirstRegionInformationOffset: ULONG_PTR,
2369 NextHeapInformationOffset: ULONG_PTR,
2370}}
2371pub type PHEAP_INFORMATION = *mut HEAP_INFORMATION;
2372UNION!{union HEAP_EXTENDED_INFORMATION_u {
2373 ProcessHeapInformation: PROCESS_HEAP_INFORMATION,
2374 HeapInformation: HEAP_INFORMATION,
2375}}
2376STRUCT!{struct HEAP_EXTENDED_INFORMATION {
2377 Process: HANDLE,
2378 Heap: ULONG_PTR,
2379 Level: ULONG,
2380 CallbackRoutine: PVOID,
2381 CallbackContext: PVOID,
2382 u: HEAP_EXTENDED_INFORMATION_u,
2383}}
2384pub type PHEAP_EXTENDED_INFORMATION = *mut HEAP_EXTENDED_INFORMATION;
2385FN!{stdcall PRTL_HEAP_LEAK_ENUMERATION_ROUTINE(
2386 Reserved: LONG,
2387 HeapHandle: PVOID,
2388 BaseAddress: PVOID,
2389 BlockSize: SIZE_T,
2390 StackTraceDepth: ULONG,
2391 StackTrace: *mut PVOID,
2392) -> NTSTATUS}
2393STRUCT!{struct HEAP_DEBUGGING_INFORMATION {
2394 InterceptorFunction: PVOID,
2395 InterceptorValue: USHORT,
2396 ExtendedOptions: ULONG,
2397 StackTraceDepth: ULONG,
2398 MinTotalBlockSize: SIZE_T,
2399 MaxTotalBlockSize: SIZE_T,
2400 HeapLeakEnumerationRoutine: PRTL_HEAP_LEAK_ENUMERATION_ROUTINE,
2401}}
2402pub type PHEAP_DEBUGGING_INFORMATION = *mut HEAP_DEBUGGING_INFORMATION;
2403EXTERN!{extern "system" {
2404 fn RtlQueryHeapInformation(
2405 HeapHandle: PVOID,
2406 HeapInformationClass: HEAP_INFORMATION_CLASS,
2407 HeapInformation: PVOID,
2408 HeapInformationLength: SIZE_T,
2409 ReturnLength: PSIZE_T,
2410 ) -> NTSTATUS;
2411 fn RtlSetHeapInformation(
2412 HeapHandle: PVOID,
2413 HeapInformationClass: HEAP_INFORMATION_CLASS,
2414 HeapInformation: PVOID,
2415 HeapInformationLength: SIZE_T,
2416 ) -> NTSTATUS;
2417 fn RtlMultipleAllocateHeap(
2418 HeapHandle: PVOID,
2419 Flags: ULONG,
2420 Size: SIZE_T,
2421 Count: ULONG,
2422 Array: *mut PVOID,
2423 ) -> ULONG;
2424 fn RtlMultipleFreeHeap(
2425 HeapHandle: PVOID,
2426 Flags: ULONG,
2427 Count: ULONG,
2428 Array: *mut PVOID,
2429 ) -> ULONG;
2430 fn RtlDetectHeapLeaks();
2431 fn RtlFlushHeaps();
2432}}
2433STRUCT!{struct RTL_MEMORY_ZONE_SEGMENT {
2434 NextSegment: *mut RTL_MEMORY_ZONE_SEGMENT,
2435 Size: SIZE_T,
2436 Next: PVOID,
2437 Limit: PVOID,
2438}}
2439pub type PRTL_MEMORY_ZONE_SEGMENT = *mut RTL_MEMORY_ZONE_SEGMENT;
2440STRUCT!{struct RTL_MEMORY_ZONE {
2441 Segment: RTL_MEMORY_ZONE_SEGMENT,
2442 Lock: RTL_SRWLOCK,
2443 LockCount: ULONG,
2444 FirstSegment: PRTL_MEMORY_ZONE_SEGMENT,
2445}}
2446pub type PRTL_MEMORY_ZONE = *mut RTL_MEMORY_ZONE;
2447EXTERN!{extern "system" {
2448 fn RtlCreateMemoryZone(
2449 MemoryZone: *mut PVOID,
2450 InitialSize: SIZE_T,
2451 Flags: ULONG,
2452 ) -> NTSTATUS;
2453 fn RtlDestroyMemoryZone(
2454 MemoryZone: PVOID,
2455 ) -> NTSTATUS;
2456 fn RtlAllocateMemoryZone(
2457 MemoryZone: PVOID,
2458 BlockSize: SIZE_T,
2459 Block: *mut PVOID,
2460 ) -> NTSTATUS;
2461 fn RtlResetMemoryZone(
2462 MemoryZone: PVOID,
2463 ) -> NTSTATUS;
2464 fn RtlLockMemoryZone(
2465 MemoryZone: PVOID,
2466 ) -> NTSTATUS;
2467 fn RtlUnlockMemoryZone(
2468 MemoryZone: PVOID,
2469 ) -> NTSTATUS;
2470 fn RtlCreateMemoryBlockLookaside(
2471 MemoryBlockLookaside: *mut PVOID,
2472 Flags: ULONG,
2473 InitialSize: ULONG,
2474 MinimumBlockSize: ULONG,
2475 MaximumBlockSize: ULONG,
2476 ) -> NTSTATUS;
2477 fn RtlDestroyMemoryBlockLookaside(
2478 MemoryBlockLookaside: PVOID,
2479 ) -> NTSTATUS;
2480 fn RtlAllocateMemoryBlockLookaside(
2481 MemoryBlockLookaside: PVOID,
2482 BlockSize: ULONG,
2483 Block: *mut PVOID,
2484 ) -> NTSTATUS;
2485 fn RtlFreeMemoryBlockLookaside(
2486 MemoryBlockLookaside: PVOID,
2487 Block: PVOID,
2488 ) -> NTSTATUS;
2489 fn RtlExtendMemoryBlockLookaside(
2490 MemoryBlockLookaside: PVOID,
2491 Increment: ULONG,
2492 ) -> NTSTATUS;
2493 fn RtlResetMemoryBlockLookaside(
2494 MemoryBlockLookaside: PVOID,
2495 ) -> NTSTATUS;
2496 fn RtlLockMemoryBlockLookaside(
2497 MemoryBlockLookaside: PVOID,
2498 ) -> NTSTATUS;
2499 fn RtlUnlockMemoryBlockLookaside(
2500 MemoryBlockLookaside: PVOID,
2501 ) -> NTSTATUS;
2502 fn RtlGetCurrentTransaction() -> HANDLE;
2503 fn RtlSetCurrentTransaction(
2504 TransactionHandle: HANDLE,
2505 ) -> LOGICAL;
2506}}
2507#[inline]
2508pub const fn RtlIsEqualLuid(L1: &LUID, L2: &LUID) -> bool {
2509 (L1.LowPart == L2.LowPart) && (L1.HighPart == L2.HighPart)
2510}
2511#[inline]
2512pub const fn RtlIsZeroLuid(L1: &LUID) -> bool {
2513 (L1.LowPart | L1.HighPart as u32) == 0
2514}
2515#[inline]
2516pub const fn RtlConvertLongToLuid(Long: LONG) -> LUID {
2517 LUID { LowPart: Long as u32, HighPart: ((Long as i64) >> 32) as i32 }
2518}
2519#[inline]
2520pub const fn RtlConvertUlongToLuid(Ulong: ULONG) -> LUID {
2521 LUID { LowPart: Ulong, HighPart: 0 }
2522}
2523EXTERN!{extern "system" {
2524 fn RtlCopyLuid(
2525 DestinationLuid: PLUID,
2526 SourceLuid: PLUID,
2527 );
2528 fn RtlCopyLuidAndAttributesArray(
2529 Count: ULONG,
2530 Src: PLUID_AND_ATTRIBUTES,
2531 Dest: PLUID_AND_ATTRIBUTES,
2532 );
2533}}
2534STRUCT!{struct RTL_PROCESS_VERIFIER_OPTIONS {
2535 SizeStruct: ULONG,
2536 Option: ULONG,
2537 OptionData: [UCHAR; 1],
2538}}
2539pub type PRTL_PROCESS_VERIFIER_OPTIONS = *mut RTL_PROCESS_VERIFIER_OPTIONS;
2540UNION!{union RTL_DEBUG_INFORMATION_u {
2541 Modules: *mut RTL_PROCESS_MODULES,
2542 ModulesEx: *mut RTL_PROCESS_MODULE_INFORMATION_EX,
2543}}
2544STRUCT!{struct RTL_DEBUG_INFORMATION {
2545 SectionHandleClient: HANDLE,
2546 ViewBaseClient: PVOID,
2547 ViewBaseTarget: PVOID,
2548 ViewBaseDelta: ULONG_PTR,
2549 EventPairClient: HANDLE,
2550 EventPairTarget: HANDLE,
2551 TargetProcessId: HANDLE,
2552 TargetThreadHandle: HANDLE,
2553 Flags: ULONG,
2554 OffsetFree: SIZE_T,
2555 CommitSize: SIZE_T,
2556 ViewSize: SIZE_T,
2557 u: RTL_DEBUG_INFORMATION_u,
2558 BackTraces: *mut RTL_PROCESS_BACKTRACES,
2559 Heaps: *mut RTL_PROCESS_HEAPS,
2560 Locks: *mut RTL_PROCESS_LOCKS,
2561 SpecificHeap: PVOID,
2562 TargetProcessHandle: HANDLE,
2563 VerifierOptions: PRTL_PROCESS_VERIFIER_OPTIONS,
2564 ProcessHeap: PVOID,
2565 CriticalSectionHandle: HANDLE,
2566 CriticalSectionOwnerThread: HANDLE,
2567 Reserved: [PVOID; 4],
2568}}
2569pub type PRTL_DEBUG_INFORMATION = *mut RTL_DEBUG_INFORMATION;
2570EXTERN!{extern "system" {
2571 fn RtlCreateQueryDebugBuffer(
2572 MaximumCommit: ULONG,
2573 UseEventPair: BOOLEAN,
2574 ) -> PRTL_DEBUG_INFORMATION;
2575 fn RtlDestroyQueryDebugBuffer(
2576 Buffer: PRTL_DEBUG_INFORMATION,
2577 ) -> NTSTATUS;
2578 fn RtlCommitDebugInfo(
2579 Buffer: PRTL_DEBUG_INFORMATION,
2580 Size: SIZE_T,
2581 ) -> PVOID;
2582 fn RtlDeCommitDebugInfo(
2583 Buffer: PRTL_DEBUG_INFORMATION,
2584 p: PVOID,
2585 Size: SIZE_T,
2586 );
2587}}
2588pub const RTL_QUERY_PROCESS_MODULES: ULONG = 0x00000001;
2589pub const RTL_QUERY_PROCESS_BACKTRACES: ULONG = 0x00000002;
2590pub const RTL_QUERY_PROCESS_HEAP_SUMMARY: ULONG = 0x00000004;
2591pub const RTL_QUERY_PROCESS_HEAP_TAGS: ULONG = 0x00000008;
2592pub const RTL_QUERY_PROCESS_HEAP_ENTRIES: ULONG = 0x00000010;
2593pub const RTL_QUERY_PROCESS_LOCKS: ULONG = 0x00000020;
2594pub const RTL_QUERY_PROCESS_MODULES32: ULONG = 0x00000040;
2595pub const RTL_QUERY_PROCESS_VERIFIER_OPTIONS: ULONG = 0x00000080;
2596pub const RTL_QUERY_PROCESS_MODULESEX: ULONG = 0x00000100;
2597pub const RTL_QUERY_PROCESS_HEAP_ENTRIES_EX: ULONG = 0x00000200;
2598pub const RTL_QUERY_PROCESS_CS_OWNER: ULONG = 0x00000400;
2599pub const RTL_QUERY_PROCESS_NONINVASIVE: ULONG = 0x80000000;
2600EXTERN!{extern "system" {
2601 fn RtlQueryProcessDebugInformation(
2602 UniqueProcessId: HANDLE,
2603 Flags: ULONG,
2604 Buffer: PRTL_DEBUG_INFORMATION,
2605 ) -> NTSTATUS;
2606 fn RtlFindMessage(
2607 DllHandle: PVOID,
2608 MessageTableId: ULONG,
2609 MessageLanguageId: ULONG,
2610 MessageId: ULONG,
2611 MessageEntry: *mut PMESSAGE_RESOURCE_ENTRY,
2612 ) -> NTSTATUS;
2613 fn RtlFormatMessage(
2614 MessageFormat: PWSTR,
2615 MaximumWidth: ULONG,
2616 IgnoreInserts: BOOLEAN,
2617 ArgumentsAreAnsi: BOOLEAN,
2618 ArgumentsAreAnArray: BOOLEAN,
2619 Arguments: *mut va_list,
2620 Buffer: PWSTR,
2621 Length: ULONG,
2622 ReturnLength: PULONG,
2623 ) -> NTSTATUS;
2624}}
2625STRUCT!{struct PARSE_MESSAGE_CONTEXT {
2626 fFlags: ULONG,
2627 cwSavColumn: ULONG,
2628 iwSrc: SIZE_T,
2629 iwDst: SIZE_T,
2630 iwDstSpace: SIZE_T,
2631 lpvArgStart: va_list,
2632}}
2633pub type PPARSE_MESSAGE_CONTEXT = *mut PARSE_MESSAGE_CONTEXT;
2634#[inline]
2635pub fn INIT_PARSE_MESSAGE_CONTEXT(ctx: &mut PARSE_MESSAGE_CONTEXT) {
2636 ctx.fFlags = 0;
2637}
2638#[inline]
2639pub fn TEST_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG {
2640 ctx.fFlags & flag
2641}
2642#[inline]
2643pub fn SET_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG {
2644 ctx.fFlags |= flag;
2645 ctx.fFlags
2646}
2647#[inline]
2648pub fn CLEAR_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG {
2649 ctx.fFlags &= !flag;
2650 ctx.fFlags
2651}
2652EXTERN!{extern "system" {
2653 fn RtlFormatMessageEx(
2654 MessageFormat: PWSTR,
2655 MaximumWidth: ULONG,
2656 IgnoreInserts: BOOLEAN,
2657 ArgumentsAreAnsi: BOOLEAN,
2658 ArgumentsAreAnArray: BOOLEAN,
2659 Arguments: *mut va_list,
2660 Buffer: PWSTR,
2661 Length: ULONG,
2662 ReturnLength: PULONG,
2663 ParseContext: PPARSE_MESSAGE_CONTEXT,
2664 ) -> NTSTATUS;
2665 fn RtlNtStatusToDosError(
2666 Status: NTSTATUS,
2667 ) -> ULONG;
2668 fn RtlNtStatusToDosErrorNoTeb(
2669 Status: NTSTATUS,
2670 ) -> ULONG;
2671 fn RtlGetLastNtStatus() -> NTSTATUS;
2672 fn RtlGetLastWin32Error() -> LONG;
2673 fn RtlSetLastWin32ErrorAndNtStatusFromNtStatus(
2674 Status: NTSTATUS,
2675 );
2676 fn RtlSetLastWin32Error(
2677 Win32Error: LONG,
2678 );
2679 fn RtlRestoreLastWin32Error(
2680 Win32Error: LONG,
2681 );
2682}}
2683pub const RTL_ERRORMODE_FAILCRITICALERRORS: ULONG = 0x0010;
2684pub const RTL_ERRORMODE_NOGPFAULTERRORBOX: ULONG = 0x0020;
2685pub const RTL_ERRORMODE_NOOPENFILEERRORBOX: ULONG = 0x0040;
2686EXTERN!{extern "system" {
2687 fn RtlGetThreadErrorMode() -> ULONG;
2688 fn RtlSetThreadErrorMode(
2689 NewMode: ULONG,
2690 OldMode: PULONG,
2691 ) -> NTSTATUS;
2692 fn RtlReportException(
2693 ExceptionRecord: PEXCEPTION_RECORD,
2694 ContextRecord: PCONTEXT,
2695 Flags: ULONG,
2696 ) -> NTSTATUS;
2697 fn RtlReportExceptionEx(
2698 ExceptionRecord: PEXCEPTION_RECORD,
2699 ContextRecord: PCONTEXT,
2700 Flags: ULONG,
2701 Timeout: PLARGE_INTEGER,
2702 ) -> NTSTATUS;
2703 fn RtlWerpReportException(
2704 ProcessId: ULONG,
2705 CrashReportSharedMem: HANDLE,
2706 Flags: ULONG,
2707 CrashVerticalProcessHandle: PHANDLE,
2708 ) -> NTSTATUS;
2709 fn RtlReportSilentProcessExit(
2710 ProcessHandle: HANDLE,
2711 ExitStatus: NTSTATUS,
2712 ) -> NTSTATUS;
2713 fn RtlUniform(
2714 Seed: PULONG,
2715 ) -> ULONG;
2716 fn RtlRandom(
2717 Seed: PULONG,
2718 ) -> ULONG;
2719 fn RtlRandomEx(
2720 Seed: PULONG,
2721 ) -> ULONG;
2722 fn RtlComputeImportTableHash(
2723 FileHandle: HANDLE,
2724 Hash: PCHAR,
2725 ImportTableHashRevision: ULONG,
2726 ) -> NTSTATUS;
2727 fn RtlIntegerToChar(
2728 Value: ULONG,
2729 Base: ULONG,
2730 OutputLength: LONG,
2731 String: PSTR,
2732 ) -> NTSTATUS;
2733 fn RtlCharToInteger(
2734 String: PCSZ,
2735 Base: ULONG,
2736 Value: PULONG,
2737 ) -> NTSTATUS;
2738 fn RtlLargeIntegerToChar(
2739 Value: PLARGE_INTEGER,
2740 Base: ULONG,
2741 OutputLength: LONG,
2742 String: PSTR,
2743 ) -> NTSTATUS;
2744 fn RtlIntegerToUnicodeString(
2745 Value: ULONG,
2746 Base: ULONG,
2747 String: PUNICODE_STRING,
2748 ) -> NTSTATUS;
2749 fn RtlInt64ToUnicodeString(
2750 Value: ULONGLONG,
2751 Base: ULONG,
2752 String: PUNICODE_STRING,
2753 ) -> NTSTATUS;
2754 fn RtlUnicodeStringToInteger(
2755 String: PCUNICODE_STRING,
2756 Base: ULONG,
2757 Value: PULONG,
2758 ) -> NTSTATUS;
2759 fn RtlIpv4AddressToStringExW(
2760 Address: *const in_addr,
2761 Port: USHORT,
2762 AddressString: PWSTR,
2763 AddressStringLength: PULONG,
2764 ) -> NTSTATUS;
2765 fn RtlIpv6AddressToStringExW(
2766 Address: *const in6_addr,
2767 ScopeId: ULONG,
2768 Port: USHORT,
2769 AddressString: PWSTR,
2770 AddressStringLength: PULONG,
2771 ) -> NTSTATUS;
2772 fn RtlIpv4StringToAddressExW(
2773 AddressString: PCWSTR,
2774 Strict: BOOLEAN,
2775 Address: *mut in_addr,
2776 Port: PUSHORT,
2777 ) -> NTSTATUS;
2778 fn RtlIpv6StringToAddressExW(
2779 AddressString: PCWSTR,
2780 Address: *mut in6_addr,
2781 ScopeId: PULONG,
2782 Port: PUSHORT,
2783 ) -> NTSTATUS;
2784}}
2785STRUCT!{struct TIME_FIELDS {
2786 Year: CSHORT,
2787 Month: CSHORT,
2788 Day: CSHORT,
2789 Hour: CSHORT,
2790 Minute: CSHORT,
2791 Second: CSHORT,
2792 Milliseconds: CSHORT,
2793 Weekday: CSHORT,
2794}}
2795pub type PTIME_FIELDS = *mut TIME_FIELDS;
2796EXTERN!{extern "system" {
2797 fn RtlCutoverTimeToSystemTime(
2798 CutoverTime: PTIME_FIELDS,
2799 SystemTime: PLARGE_INTEGER,
2800 CurrentSystemTime: PLARGE_INTEGER,
2801 ThisYear: BOOLEAN,
2802 ) -> BOOLEAN;
2803 fn RtlSystemTimeToLocalTime(
2804 SystemTime: PLARGE_INTEGER,
2805 LocalTime: PLARGE_INTEGER,
2806 ) -> NTSTATUS;
2807 fn RtlLocalTimeToSystemTime(
2808 LocalTime: PLARGE_INTEGER,
2809 SystemTime: PLARGE_INTEGER,
2810 ) -> NTSTATUS;
2811 fn RtlTimeToElapsedTimeFields(
2812 Time: PLARGE_INTEGER,
2813 TimeFields: PTIME_FIELDS,
2814 );
2815 fn RtlTimeToTimeFields(
2816 Time: PLARGE_INTEGER,
2817 TimeFields: PTIME_FIELDS,
2818 );
2819 fn RtlTimeFieldsToTime(
2820 TimeFields: PTIME_FIELDS,
2821 Time: PLARGE_INTEGER,
2822 ) -> BOOLEAN;
2823 fn RtlTimeToSecondsSince1980(
2824 Time: PLARGE_INTEGER,
2825 ElapsedSeconds: PULONG,
2826 ) -> BOOLEAN;
2827 fn RtlSecondsSince1980ToTime(
2828 ElapsedSeconds: ULONG,
2829 Time: PLARGE_INTEGER,
2830 );
2831 fn RtlTimeToSecondsSince1970(
2832 Time: PLARGE_INTEGER,
2833 ElapsedSeconds: PULONG,
2834 ) -> BOOLEAN;
2835 fn RtlSecondsSince1970ToTime(
2836 ElapsedSeconds: ULONG,
2837 Time: PLARGE_INTEGER,
2838 );
2839}}
2840STRUCT!{struct RTL_TIME_ZONE_INFORMATION {
2841 Bias: LONG,
2842 StandardName: [WCHAR; 32],
2843 StandardStart: TIME_FIELDS,
2844 StandardBias: LONG,
2845 DaylightName: [WCHAR; 32],
2846 DaylightStart: TIME_FIELDS,
2847 DaylightBias: LONG,
2848}}
2849pub type PRTL_TIME_ZONE_INFORMATION = *mut RTL_TIME_ZONE_INFORMATION;
2850EXTERN!{extern "system" {
2851 fn RtlQueryTimeZoneInformation(
2852 TimeZoneInformation: PRTL_TIME_ZONE_INFORMATION,
2853 ) -> NTSTATUS;
2854 fn RtlSetTimeZoneInformation(
2855 TimeZoneInformation: PRTL_TIME_ZONE_INFORMATION,
2856 ) -> NTSTATUS;
2857}}
2858STRUCT!{struct RTL_BITMAP {
2859 SizeOfBitMap: ULONG,
2860 Buffer: PULONG,
2861}}
2862pub type PRTL_BITMAP = *mut RTL_BITMAP;
2863EXTERN!{extern "system" {
2864 fn RtlInitializeBitMap(
2865 BitMapHeader: PRTL_BITMAP,
2866 BitMapBuffer: PULONG,
2867 SizeOfBitMap: ULONG,
2868 );
2869 fn RtlClearBit(
2870 BitMapHeader: PRTL_BITMAP,
2871 BitNumber: ULONG,
2872 );
2873 fn RtlSetBit(
2874 BitMapHeader: PRTL_BITMAP,
2875 BitNumber: ULONG,
2876 );
2877 fn RtlTestBit(
2878 BitMapHeader: PRTL_BITMAP,
2879 BitNumber: ULONG,
2880 ) -> BOOLEAN;
2881 fn RtlClearAllBits(
2882 BitMapHeader: PRTL_BITMAP,
2883 );
2884 fn RtlSetAllBits(
2885 BitMapHeader: PRTL_BITMAP,
2886 );
2887 fn RtlFindClearBits(
2888 BitMapHeader: PRTL_BITMAP,
2889 NumberToFind: ULONG,
2890 HintIndex: ULONG,
2891 ) -> ULONG;
2892 fn RtlFindSetBits(
2893 BitMapHeader: PRTL_BITMAP,
2894 NumberToFind: ULONG,
2895 HintIndex: ULONG,
2896 ) -> ULONG;
2897 fn RtlFindClearBitsAndSet(
2898 BitMapHeader: PRTL_BITMAP,
2899 NumberToFind: ULONG,
2900 HintIndex: ULONG,
2901 ) -> ULONG;
2902 fn RtlFindSetBitsAndClear(
2903 BitMapHeader: PRTL_BITMAP,
2904 NumberToFind: ULONG,
2905 HintIndex: ULONG,
2906 ) -> ULONG;
2907 fn RtlClearBits(
2908 BitMapHeader: PRTL_BITMAP,
2909 StartingIndex: ULONG,
2910 NumberToClear: ULONG,
2911 );
2912 fn RtlSetBits(
2913 BitMapHeader: PRTL_BITMAP,
2914 StartingIndex: ULONG,
2915 NumberToSet: ULONG,
2916 );
2917 fn RtlFindMostSignificantBit(
2918 Set: ULONGLONG,
2919 ) -> CCHAR;
2920 fn RtlFindLeastSignificantBit(
2921 Set: ULONGLONG,
2922 ) -> CCHAR;
2923}}
2924STRUCT!{struct RTL_BITMAP_RUN {
2925 StartingIndex: ULONG,
2926 NumberOfBits: ULONG,
2927}}
2928pub type PRTL_BITMAP_RUN = *mut RTL_BITMAP_RUN;
2929EXTERN!{extern "system" {
2930 fn RtlFindClearRuns(
2931 BitMapHeader: PRTL_BITMAP,
2932 RunArray: PRTL_BITMAP_RUN,
2933 SizeOfRunArray: ULONG,
2934 LocateLongestRuns: BOOLEAN,
2935 ) -> ULONG;
2936 fn RtlFindLongestRunClear(
2937 BitMapHeader: PRTL_BITMAP,
2938 StartingIndex: PULONG,
2939 ) -> ULONG;
2940 fn RtlFindFirstRunClear(
2941 BitMapHeader: PRTL_BITMAP,
2942 StartingIndex: PULONG,
2943 ) -> ULONG;
2944}}
2945#[inline]
2946pub unsafe fn RtlCheckBit(BitMapHeader: &RTL_BITMAP, BitPosition: ULONG) -> u8 {
2947 #[cfg(target_arch = "x86_64")] {
2948 core::arch::x86_64::_bittest64(BitMapHeader.Buffer as *const i64, BitPosition as i64)
2949 }
2950 #[cfg(any(target_arch = "x86", target_arch = "aarch64"))] {
2951 (*BitMapHeader.Buffer.offset(BitPosition as isize / 32) >> (BitPosition % 32) & 1) as u8
2952 }
2953}
2954EXTERN!{extern "system" {
2955 fn RtlNumberOfClearBits(
2956 BitMapHeader: PRTL_BITMAP,
2957 ) -> ULONG;
2958 fn RtlNumberOfSetBits(
2959 BitMapHeader: PRTL_BITMAP,
2960 ) -> ULONG;
2961 fn RtlAreBitsClear(
2962 BitMapHeader: PRTL_BITMAP,
2963 StartingIndex: ULONG,
2964 Length: ULONG,
2965 ) -> BOOLEAN;
2966 fn RtlAreBitsSet(
2967 BitMapHeader: PRTL_BITMAP,
2968 StartingIndex: ULONG,
2969 Length: ULONG,
2970 ) -> BOOLEAN;
2971 fn RtlFindNextForwardRunClear(
2972 BitMapHeader: PRTL_BITMAP,
2973 FromIndex: ULONG,
2974 StartingRunIndex: PULONG,
2975 ) -> ULONG;
2976 fn RtlFindLastBackwardRunClear(
2977 BitMapHeader: PRTL_BITMAP,
2978 FromIndex: ULONG,
2979 StartingRunIndex: PULONG,
2980 ) -> ULONG;
2981 fn RtlNumberOfSetBitsUlongPtr(
2982 Target: ULONG_PTR,
2983 ) -> ULONG;
2984 fn RtlInterlockedClearBitRun(
2985 BitMapHeader: PRTL_BITMAP,
2986 StartingIndex: ULONG,
2987 NumberToClear: ULONG,
2988 );
2989 fn RtlInterlockedSetBitRun(
2990 BitMapHeader: PRTL_BITMAP,
2991 StartingIndex: ULONG,
2992 NumberToSet: ULONG,
2993 );
2994 fn RtlCopyBitMap(
2995 Source: PRTL_BITMAP,
2996 Destination: PRTL_BITMAP,
2997 TargetBit: ULONG,
2998 );
2999 fn RtlExtractBitMap(
3000 Source: PRTL_BITMAP,
3001 Destination: PRTL_BITMAP,
3002 TargetBit: ULONG,
3003 NumberOfBits: ULONG,
3004 );
3005 fn RtlNumberOfClearBitsInRange(
3006 BitMapHeader: PRTL_BITMAP,
3007 StartingIndex: ULONG,
3008 Length: ULONG,
3009 ) -> ULONG;
3010 fn RtlNumberOfSetBitsInRange(
3011 BitMapHeader: PRTL_BITMAP,
3012 StartingIndex: ULONG,
3013 Length: ULONG,
3014 ) -> ULONG;
3015}}
3016STRUCT!{struct RTL_BITMAP_EX {
3017 SizeOfBitMap: ULONG64,
3018 Buffer: PULONG64,
3019}}
3020pub type PRTL_BITMAP_EX = *mut RTL_BITMAP_EX;
3021EXTERN!{extern "system" {
3022 fn RtlInitializeBitMapEx(
3023 BitMapHeader: PRTL_BITMAP_EX,
3024 BitMapBuffer: PULONG64,
3025 SizeOfBitMap: ULONG64,
3026 );
3027 fn RtlTestBitEx(
3028 BitMapHeader: PRTL_BITMAP_EX,
3029 BitNumber: ULONG64,
3030 ) -> BOOLEAN;
3031 fn RtlClearAllBitsEx(
3032 BitMapHeader: PRTL_BITMAP_EX,
3033 );
3034 fn RtlClearBitEx(
3035 BitMapHeader: PRTL_BITMAP_EX,
3036 BitNumber: ULONG64,
3037 );
3038 fn RtlSetBitEx(
3039 BitMapHeader: PRTL_BITMAP_EX,
3040 BitNumber: ULONG64,
3041 );
3042 fn RtlFindSetBitsEx(
3043 BitMapHeader: PRTL_BITMAP_EX,
3044 NumberToFind: ULONG64,
3045 HintIndex: ULONG64,
3046 ) -> ULONG64;
3047 fn RtlFindSetBitsAndClearEx(
3048 BitMapHeader: PRTL_BITMAP_EX,
3049 NumberToFind: ULONG64,
3050 HintIndex: ULONG64,
3051 ) -> ULONG64;
3052}}
3053UNION!{union RTL_HANDLE_TABLE_ENTRY {
3054 Flags: ULONG,
3055 NextFree: *mut RTL_HANDLE_TABLE_ENTRY,
3056}}
3057pub type PRTL_HANDLE_TABLE_ENTRY = *mut RTL_HANDLE_TABLE_ENTRY;
3058pub const RTL_HANDLE_ALLOCATED: USHORT = 0x0001;
3059STRUCT!{struct RTL_HANDLE_TABLE {
3060 MaximumNumberOfHandles: ULONG,
3061 SizeOfHandleTableEntry: ULONG,
3062 Reserved: [ULONG; 2],
3063 FreeHandles: PRTL_HANDLE_TABLE_ENTRY,
3064 CommittedHandles: PRTL_HANDLE_TABLE_ENTRY,
3065 UnCommittedHandles: PRTL_HANDLE_TABLE_ENTRY,
3066 MaxReservedHandles: PRTL_HANDLE_TABLE_ENTRY,
3067}}
3068pub type PRTL_HANDLE_TABLE = *mut RTL_HANDLE_TABLE;
3069EXTERN!{extern "system" {
3070 fn RtlInitializeHandleTable(
3071 MaximumNumberOfHandles: ULONG,
3072 SizeOfHandleTableEntry: ULONG,
3073 HandleTable: PRTL_HANDLE_TABLE,
3074 );
3075 fn RtlDestroyHandleTable(
3076 HandleTable: PRTL_HANDLE_TABLE,
3077 ) -> NTSTATUS;
3078 fn RtlAllocateHandle(
3079 HandleTable: PRTL_HANDLE_TABLE,
3080 HandleIndex: PULONG,
3081 ) -> PRTL_HANDLE_TABLE_ENTRY;
3082 fn RtlFreeHandle(
3083 HandleTable: PRTL_HANDLE_TABLE,
3084 Handle: PRTL_HANDLE_TABLE_ENTRY,
3085 ) -> BOOLEAN;
3086 fn RtlIsValidHandle(
3087 HandleTable: PRTL_HANDLE_TABLE,
3088 Handle: PRTL_HANDLE_TABLE_ENTRY,
3089 ) -> BOOLEAN;
3090 fn RtlIsValidIndexHandle(
3091 HandleTable: PRTL_HANDLE_TABLE,
3092 HandleIndex: ULONG,
3093 Handle: *mut PRTL_HANDLE_TABLE_ENTRY,
3094 ) -> BOOLEAN;
3095}}
3096pub const RTL_ATOM_MAXIMUM_INTEGER_ATOM: RTL_ATOM = 0xc000;
3097pub const RTL_ATOM_INVALID_ATOM: RTL_ATOM = 0x0000;
3098pub const RTL_ATOM_TABLE_DEFAULT_NUMBER_OF_BUCKETS: u32 = 37;
3099pub const RTL_ATOM_MAXIMUM_NAME_LENGTH: u32 = 255;
3100pub const RTL_ATOM_PINNED: u32 = 0x01;
3101EXTERN!{extern "system" {
3102 fn RtlCreateAtomTable(
3103 NumberOfBuckets: ULONG,
3104 AtomTableHandle: *mut PVOID,
3105 ) -> NTSTATUS;
3106 fn RtlDestroyAtomTable(
3107 AtomTableHandle: PVOID,
3108 ) -> NTSTATUS;
3109 fn RtlEmptyAtomTable(
3110 AtomTableHandle: PVOID,
3111 IncludePinnedAtoms: BOOLEAN,
3112 ) -> NTSTATUS;
3113 fn RtlAddAtomToAtomTable(
3114 AtomTableHandle: PVOID,
3115 AtomName: PWSTR,
3116 Atom: PRTL_ATOM,
3117 ) -> NTSTATUS;
3118 fn RtlLookupAtomInAtomTable(
3119 AtomTableHandle: PVOID,
3120 AtomName: PWSTR,
3121 Atom: PRTL_ATOM,
3122 ) -> NTSTATUS;
3123 fn RtlDeleteAtomFromAtomTable(
3124 AtomTableHandle: PVOID,
3125 Atom: RTL_ATOM,
3126 ) -> NTSTATUS;
3127 fn RtlPinAtomInAtomTable(
3128 AtomTableHandle: PVOID,
3129 Atom: RTL_ATOM,
3130 ) -> NTSTATUS;
3131 fn RtlQueryAtomInAtomTable(
3132 AtomTableHandle: PVOID,
3133 Atom: RTL_ATOM,
3134 AtomUsage: PULONG,
3135 AtomFlags: PULONG,
3136 AtomName: PWSTR,
3137 AtomNameLength: PULONG,
3138 ) -> NTSTATUS;
3139 fn RtlGetIntegerAtom(
3140 AtomName: PWSTR,
3141 IntegerAtom: PUSHORT,
3142 ) -> BOOLEAN;
3143 fn RtlValidSid(
3144 Sid: PSID,
3145 ) -> BOOLEAN;
3146 fn RtlEqualSid(
3147 Sid1: PSID,
3148 Sid2: PSID,
3149 ) -> BOOLEAN;
3150 fn RtlEqualPrefixSid(
3151 Sid1: PSID,
3152 Sid2: PSID,
3153 ) -> BOOLEAN;
3154 fn RtlLengthRequiredSid(
3155 SubAuthorityCount: ULONG,
3156 ) -> ULONG;
3157 fn RtlFreeSid(
3158 Sid: PSID,
3159 ) -> PVOID;
3160 fn RtlAllocateAndInitializeSid(
3161 IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY,
3162 SubAuthorityCount: UCHAR,
3163 SubAuthority0: ULONG,
3164 SubAuthority1: ULONG,
3165 SubAuthority2: ULONG,
3166 SubAuthority3: ULONG,
3167 SubAuthority4: ULONG,
3168 SubAuthority5: ULONG,
3169 SubAuthority6: ULONG,
3170 SubAuthority7: ULONG,
3171 Sid: *mut PSID,
3172 ) -> NTSTATUS;
3173 fn RtlInitializeSid(
3174 Sid: PSID,
3175 IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY,
3176 SubAuthorityCount: UCHAR,
3177 ) -> NTSTATUS;
3178}}
3179EXTERN!{extern "C" {
3180 fn RtlInitializeSidEx(
3181 Sid: PSID,
3182 IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY,
3183 SubAuthorityCount: UCHAR,
3184 ...
3185 ) -> NTSTATUS;
3186}}
3187EXTERN!{extern "system" {
3188 fn RtlIdentifierAuthoritySid(
3189 Sid: PSID,
3190 ) -> PSID_IDENTIFIER_AUTHORITY;
3191 fn RtlSubAuthoritySid(
3192 Sid: PSID,
3193 SubAuthority: ULONG,
3194 ) -> PULONG;
3195 fn RtlSubAuthorityCountSid(
3196 Sid: PSID,
3197 ) -> PUCHAR;
3198 fn RtlLengthSid(
3199 Sid: PSID,
3200 ) -> ULONG;
3201 fn RtlCopySid(
3202 DestinationSidLength: ULONG,
3203 DestinationSid: PSID,
3204 SourceSid: PSID,
3205 ) -> NTSTATUS;
3206 fn RtlCopySidAndAttributesArray(
3207 Count: ULONG,
3208 Src: PSID_AND_ATTRIBUTES,
3209 SidAreaSize: ULONG,
3210 Dest: PSID_AND_ATTRIBUTES,
3211 SidArea: PSID,
3212 RemainingSidArea: *mut PSID,
3213 RemainingSidAreaSize: PULONG,
3214 ) -> NTSTATUS;
3215 fn RtlCreateServiceSid(
3216 ServiceName: PUNICODE_STRING,
3217 ServiceSid: PSID,
3218 ServiceSidLength: PULONG,
3219 ) -> NTSTATUS;
3220 fn RtlSidDominates(
3221 Sid1: PSID,
3222 Sid2: PSID,
3223 Dominates: PBOOLEAN,
3224 ) -> NTSTATUS;
3225 fn RtlSidDominatesForTrust(
3226 Sid1: PSID,
3227 Sid2: PSID,
3228 DominatesTrust: PBOOLEAN,
3229 ) -> NTSTATUS;
3230 fn RtlSidEqualLevel(
3231 Sid1: PSID,
3232 Sid2: PSID,
3233 EqualLevel: PBOOLEAN,
3234 ) -> NTSTATUS;
3235 fn RtlSidIsHigherLevel(
3236 Sid1: PSID,
3237 Sid2: PSID,
3238 HigherLevel: PBOOLEAN,
3239 ) -> NTSTATUS;
3240 fn RtlCreateVirtualAccountSid(
3241 Name: PCUNICODE_STRING,
3242 BaseSubAuthority: ULONG,
3243 Sid: PSID,
3244 SidLength: PULONG,
3245 ) -> NTSTATUS;
3246 fn RtlReplaceSidInSd(
3247 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3248 OldSid: PSID,
3249 NewSid: PSID,
3250 NumChanges: *mut ULONG,
3251 ) -> NTSTATUS;
3252}}
3253pub const MAX_UNICODE_STACK_BUFFER_LENGTH: usize = 256;
3254EXTERN!{extern "system" {
3255 fn RtlConvertSidToUnicodeString(
3256 UnicodeString: PUNICODE_STRING,
3257 Sid: PSID,
3258 AllocateDestinationString: BOOLEAN,
3259 ) -> NTSTATUS;
3260 fn RtlSidHashInitialize(
3261 SidAttr: PSID_AND_ATTRIBUTES,
3262 SidCount: ULONG,
3263 SidAttrHash: PSID_AND_ATTRIBUTES_HASH,
3264 ) -> NTSTATUS;
3265 fn RtlSidHashLookup(
3266 SidAttrHash: PSID_AND_ATTRIBUTES_HASH,
3267 Sid: PSID,
3268 ) -> PSID_AND_ATTRIBUTES;
3269 fn RtlIsElevatedRid(
3270 SidAttr: PSID_AND_ATTRIBUTES,
3271 ) -> BOOLEAN;
3272 fn RtlDeriveCapabilitySidsFromName(
3273 UnicodeString: PUNICODE_STRING,
3274 CapabilityGroupSid: PSID,
3275 CapabilitySid: PSID,
3276 ) -> NTSTATUS;
3277 fn RtlCreateSecurityDescriptor(
3278 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3279 Revision: ULONG,
3280 ) -> NTSTATUS;
3281 fn RtlValidSecurityDescriptor(
3282 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3283 ) -> BOOLEAN;
3284 fn RtlLengthSecurityDescriptor(
3285 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3286 ) -> ULONG;
3287 fn RtlValidRelativeSecurityDescriptor(
3288 SecurityDescriptorInput: PSECURITY_DESCRIPTOR,
3289 SecurityDescriptorLength: ULONG,
3290 RequiredInformation: SECURITY_INFORMATION,
3291 ) -> BOOLEAN;
3292 fn RtlGetControlSecurityDescriptor(
3293 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3294 Control: PSECURITY_DESCRIPTOR_CONTROL,
3295 Revision: PULONG,
3296 ) -> NTSTATUS;
3297 fn RtlSetControlSecurityDescriptor(
3298 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3299 ControlBitsOfInterest: SECURITY_DESCRIPTOR_CONTROL,
3300 ControlBitsToSet: SECURITY_DESCRIPTOR_CONTROL,
3301 ) -> NTSTATUS;
3302 fn RtlSetAttributesSecurityDescriptor(
3303 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3304 Control: SECURITY_DESCRIPTOR_CONTROL,
3305 Revision: PULONG,
3306 ) -> NTSTATUS;
3307 fn RtlGetSecurityDescriptorRMControl(
3308 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3309 RMControl: PUCHAR,
3310 ) -> BOOLEAN;
3311 fn RtlSetSecurityDescriptorRMControl(
3312 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3313 RMControl: PUCHAR,
3314 );
3315 fn RtlSetDaclSecurityDescriptor(
3316 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3317 DaclPresent: BOOLEAN,
3318 Dacl: PACL,
3319 DaclDefaulted: BOOLEAN,
3320 ) -> NTSTATUS;
3321 fn RtlGetDaclSecurityDescriptor(
3322 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3323 DaclPresent: PBOOLEAN,
3324 Dacl: *mut PACL,
3325 DaclDefaulted: PBOOLEAN,
3326 ) -> NTSTATUS;
3327 fn RtlSetSaclSecurityDescriptor(
3328 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3329 SaclPresent: BOOLEAN,
3330 Sacl: PACL,
3331 SaclDefaulted: BOOLEAN,
3332 ) -> NTSTATUS;
3333 fn RtlGetSaclSecurityDescriptor(
3334 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3335 SaclPresent: PBOOLEAN,
3336 Sacl: *mut PACL,
3337 SaclDefaulted: PBOOLEAN,
3338 ) -> NTSTATUS;
3339 fn RtlSetOwnerSecurityDescriptor(
3340 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3341 Owner: PSID,
3342 OwnerDefaulted: BOOLEAN,
3343 ) -> NTSTATUS;
3344 fn RtlGetOwnerSecurityDescriptor(
3345 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3346 Owner: *mut PSID,
3347 OwnerDefaulted: PBOOLEAN,
3348 ) -> NTSTATUS;
3349 fn RtlSetGroupSecurityDescriptor(
3350 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3351 Group: PSID,
3352 GroupDefaulted: BOOLEAN,
3353 ) -> NTSTATUS;
3354 fn RtlGetGroupSecurityDescriptor(
3355 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3356 Group: *mut PSID,
3357 GroupDefaulted: PBOOLEAN,
3358 ) -> NTSTATUS;
3359 fn RtlMakeSelfRelativeSD(
3360 AbsoluteSecurityDescriptor: PSECURITY_DESCRIPTOR,
3361 SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR,
3362 BufferLength: PULONG,
3363 ) -> NTSTATUS;
3364 fn RtlAbsoluteToSelfRelativeSD(
3365 AbsoluteSecurityDescriptor: PSECURITY_DESCRIPTOR,
3366 SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR,
3367 BufferLength: PULONG,
3368 ) -> NTSTATUS;
3369 fn RtlSelfRelativeToAbsoluteSD(
3370 SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR,
3371 AbsoluteSecurityDescriptor: PSECURITY_DESCRIPTOR,
3372 AbsoluteSecurityDescriptorSize: PULONG,
3373 Dacl: PACL,
3374 DaclSize: PULONG,
3375 Sacl: PACL,
3376 SaclSize: PULONG,
3377 Owner: PSID,
3378 OwnerSize: PULONG,
3379 PrimaryGroup: PSID,
3380 PrimaryGroupSize: PULONG,
3381 ) -> NTSTATUS;
3382 fn RtlSelfRelativeToAbsoluteSD2(
3383 pSelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR,
3384 pBufferSize: PULONG,
3385 ) -> NTSTATUS;
3386 fn RtlAreAllAccessesGranted(
3387 GrantedAccess: ACCESS_MASK,
3388 DesiredAccess: ACCESS_MASK,
3389 ) -> BOOLEAN;
3390 fn RtlAreAnyAccessesGranted(
3391 GrantedAccess: ACCESS_MASK,
3392 DesiredAccess: ACCESS_MASK,
3393 ) -> BOOLEAN;
3394 fn RtlMapGenericMask(
3395 AccessMask: PACCESS_MASK,
3396 GenericMapping: PGENERIC_MAPPING,
3397 );
3398 fn RtlCreateAcl(
3399 Acl: PACL,
3400 AclLength: ULONG,
3401 AclRevision: ULONG,
3402 ) -> NTSTATUS;
3403 fn RtlValidAcl(
3404 Acl: PACL,
3405 ) -> BOOLEAN;
3406 fn RtlQueryInformationAcl(
3407 Acl: PACL,
3408 AclInformation: PVOID,
3409 AclInformationLength: ULONG,
3410 AclInformationClass: ACL_INFORMATION_CLASS,
3411 ) -> NTSTATUS;
3412 fn RtlSetInformationAcl(
3413 Acl: PACL,
3414 AclInformation: PVOID,
3415 AclInformationLength: ULONG,
3416 AclInformationClass: ACL_INFORMATION_CLASS,
3417 ) -> NTSTATUS;
3418 fn RtlAddAce(
3419 Acl: PACL,
3420 AceRevision: ULONG,
3421 StartingAceIndex: ULONG,
3422 AceList: PVOID,
3423 AceListLength: ULONG,
3424 ) -> NTSTATUS;
3425 fn RtlDeleteAce(
3426 Acl: PACL,
3427 AceIndex: ULONG,
3428 ) -> NTSTATUS;
3429 fn RtlGetAce(
3430 Acl: PACL,
3431 AceIndex: ULONG,
3432 Ace: *mut PVOID,
3433 ) -> NTSTATUS;
3434 fn RtlFirstFreeAce(
3435 Acl: PACL,
3436 FirstFree: *mut PVOID,
3437 ) -> BOOLEAN;
3438 fn RtlFindAceByType(
3439 pAcl: PACL,
3440 AceType: UCHAR,
3441 pIndex: PULONG,
3442 ) -> PVOID;
3443 fn RtlOwnerAcesPresent(
3444 pAcl: PACL,
3445 ) -> BOOLEAN;
3446 fn RtlAddAccessAllowedAce(
3447 Acl: PACL,
3448 AceRevision: ULONG,
3449 AccessMask: ACCESS_MASK,
3450 Sid: PSID,
3451 ) -> NTSTATUS;
3452 fn RtlAddAccessAllowedAceEx(
3453 Acl: PACL,
3454 AceRevision: ULONG,
3455 AceFlags: ULONG,
3456 AccessMask: ACCESS_MASK,
3457 Sid: PSID,
3458 ) -> NTSTATUS;
3459 fn RtlAddAccessDeniedAce(
3460 Acl: PACL,
3461 AceRevision: ULONG,
3462 AccessMask: ACCESS_MASK,
3463 Sid: PSID,
3464 ) -> NTSTATUS;
3465 fn RtlAddAccessDeniedAceEx(
3466 Acl: PACL,
3467 AceRevision: ULONG,
3468 AceFlags: ULONG,
3469 AccessMask: ACCESS_MASK,
3470 Sid: PSID,
3471 ) -> NTSTATUS;
3472 fn RtlAddAuditAccessAce(
3473 Acl: PACL,
3474 AceRevision: ULONG,
3475 AccessMask: ACCESS_MASK,
3476 Sid: PSID,
3477 AuditSuccess: BOOLEAN,
3478 AuditFailure: BOOLEAN,
3479 ) -> NTSTATUS;
3480 fn RtlAddAuditAccessAceEx(
3481 Acl: PACL,
3482 AceRevision: ULONG,
3483 AceFlags: ULONG,
3484 AccessMask: ACCESS_MASK,
3485 Sid: PSID,
3486 AuditSuccess: BOOLEAN,
3487 AuditFailure: BOOLEAN,
3488 ) -> NTSTATUS;
3489 fn RtlAddAccessAllowedObjectAce(
3490 Acl: PACL,
3491 AceRevision: ULONG,
3492 AceFlags: ULONG,
3493 AccessMask: ACCESS_MASK,
3494 ObjectTypeGuid: *mut GUID,
3495 InheritedObjectTypeGuid: *mut GUID,
3496 Sid: PSID,
3497 ) -> NTSTATUS;
3498 fn RtlAddAccessDeniedObjectAce(
3499 Acl: PACL,
3500 AceRevision: ULONG,
3501 AceFlags: ULONG,
3502 AccessMask: ACCESS_MASK,
3503 ObjectTypeGuid: *mut GUID,
3504 InheritedObjectTypeGuid: *mut GUID,
3505 Sid: PSID,
3506 ) -> NTSTATUS;
3507 fn RtlAddAuditAccessObjectAce(
3508 Acl: PACL,
3509 AceRevision: ULONG,
3510 AceFlags: ULONG,
3511 AccessMask: ACCESS_MASK,
3512 ObjectTypeGuid: *mut GUID,
3513 InheritedObjectTypeGuid: *mut GUID,
3514 Sid: PSID,
3515 AuditSuccess: BOOLEAN,
3516 AuditFailure: BOOLEAN,
3517 ) -> NTSTATUS;
3518 fn RtlAddCompoundAce(
3519 Acl: PACL,
3520 AceRevision: ULONG,
3521 AceType: UCHAR,
3522 AccessMask: ACCESS_MASK,
3523 ServerSid: PSID,
3524 ClientSid: PSID,
3525 ) -> NTSTATUS;
3526 fn RtlAddMandatoryAce(
3527 Acl: PACL,
3528 AceRevision: ULONG,
3529 AceFlags: ULONG,
3530 Sid: PSID,
3531 AceType: UCHAR,
3532 AccessMask: ACCESS_MASK,
3533 ) -> NTSTATUS;
3534 fn RtlDefaultNpAcl(
3535 Acl: *mut PACL,
3536 ) -> NTSTATUS;
3537 fn RtlNewSecurityObject(
3538 ParentDescriptor: PSECURITY_DESCRIPTOR,
3539 CreatorDescriptor: PSECURITY_DESCRIPTOR,
3540 NewDescriptor: *mut PSECURITY_DESCRIPTOR,
3541 IsDirectoryObject: BOOLEAN,
3542 Token: HANDLE,
3543 GenericMapping: PGENERIC_MAPPING,
3544 ) -> NTSTATUS;
3545 fn RtlNewSecurityObjectEx(
3546 ParentDescriptor: PSECURITY_DESCRIPTOR,
3547 CreatorDescriptor: PSECURITY_DESCRIPTOR,
3548 NewDescriptor: *mut PSECURITY_DESCRIPTOR,
3549 ObjectType: *mut GUID,
3550 IsDirectoryObject: BOOLEAN,
3551 AutoInheritFlags: ULONG,
3552 Token: HANDLE,
3553 GenericMapping: PGENERIC_MAPPING,
3554 ) -> NTSTATUS;
3555 fn RtlNewSecurityObjectWithMultipleInheritance(
3556 ParentDescriptor: PSECURITY_DESCRIPTOR,
3557 CreatorDescriptor: PSECURITY_DESCRIPTOR,
3558 NewDescriptor: *mut PSECURITY_DESCRIPTOR,
3559 ObjectType: *mut *mut GUID,
3560 GuidCount: ULONG,
3561 IsDirectoryObject: BOOLEAN,
3562 AutoInheritFlags: ULONG,
3563 Token: HANDLE,
3564 GenericMapping: PGENERIC_MAPPING,
3565 ) -> NTSTATUS;
3566 fn RtlDeleteSecurityObject(
3567 ObjectDescriptor: *mut PSECURITY_DESCRIPTOR,
3568 ) -> NTSTATUS;
3569 fn RtlQuerySecurityObject(
3570 ObjectDescriptor: PSECURITY_DESCRIPTOR,
3571 SecurityInformation: SECURITY_INFORMATION,
3572 ResultantDescriptor: PSECURITY_DESCRIPTOR,
3573 DescriptorLength: ULONG,
3574 ReturnLength: PULONG,
3575 ) -> NTSTATUS;
3576 fn RtlSetSecurityObject(
3577 SecurityInformation: SECURITY_INFORMATION,
3578 ModificationDescriptor: PSECURITY_DESCRIPTOR,
3579 ObjectsSecurityDescriptor: *mut PSECURITY_DESCRIPTOR,
3580 GenericMapping: PGENERIC_MAPPING,
3581 Token: HANDLE,
3582 ) -> NTSTATUS;
3583 fn RtlSetSecurityObjectEx(
3584 SecurityInformation: SECURITY_INFORMATION,
3585 ModificationDescriptor: PSECURITY_DESCRIPTOR,
3586 ObjectsSecurityDescriptor: *mut PSECURITY_DESCRIPTOR,
3587 AutoInheritFlags: ULONG,
3588 GenericMapping: PGENERIC_MAPPING,
3589 Token: HANDLE,
3590 ) -> NTSTATUS;
3591 fn RtlConvertToAutoInheritSecurityObject(
3592 ParentDescriptor: PSECURITY_DESCRIPTOR,
3593 CurrentSecurityDescriptor: PSECURITY_DESCRIPTOR,
3594 NewSecurityDescriptor: *mut PSECURITY_DESCRIPTOR,
3595 ObjectType: *mut GUID,
3596 IsDirectoryObject: BOOLEAN,
3597 GenericMapping: PGENERIC_MAPPING,
3598 ) -> NTSTATUS;
3599 fn RtlNewInstanceSecurityObject(
3600 ParentDescriptorChanged: BOOLEAN,
3601 CreatorDescriptorChanged: BOOLEAN,
3602 OldClientTokenModifiedId: PLUID,
3603 NewClientTokenModifiedId: PLUID,
3604 ParentDescriptor: PSECURITY_DESCRIPTOR,
3605 CreatorDescriptor: PSECURITY_DESCRIPTOR,
3606 NewDescriptor: *mut PSECURITY_DESCRIPTOR,
3607 IsDirectoryObject: BOOLEAN,
3608 Token: HANDLE,
3609 GenericMapping: PGENERIC_MAPPING,
3610 ) -> NTSTATUS;
3611 fn RtlCopySecurityDescriptor(
3612 InputSecurityDescriptor: PSECURITY_DESCRIPTOR,
3613 OutputSecurityDescriptor: *mut PSECURITY_DESCRIPTOR,
3614 ) -> NTSTATUS;
3615 fn RtlRunEncodeUnicodeString(
3616 Seed: PUCHAR,
3617 String: PUNICODE_STRING,
3618 );
3619 fn RtlRunDecodeUnicodeString(
3620 Seed: UCHAR,
3621 String: PUNICODE_STRING,
3622 );
3623 fn RtlImpersonateSelf(
3624 ImpersonationLevel: SECURITY_IMPERSONATION_LEVEL,
3625 ) -> NTSTATUS;
3626 fn RtlImpersonateSelfEx(
3627 ImpersonationLevel: SECURITY_IMPERSONATION_LEVEL,
3628 AdditionalAccess: ACCESS_MASK,
3629 ThreadToken: PHANDLE,
3630 ) -> NTSTATUS;
3631 fn RtlAdjustPrivilege(
3632 Privilege: ULONG,
3633 Enable: BOOLEAN,
3634 Client: BOOLEAN,
3635 WasEnabled: PBOOLEAN,
3636 ) -> NTSTATUS;
3637}}
3638pub const RTL_ACQUIRE_PRIVILEGE_REVERT: ULONG = 0x00000001;
3639pub const RTL_ACQUIRE_PRIVILEGE_PROCESS: ULONG = 0x00000002;
3640EXTERN!{extern "system" {
3641 fn RtlAcquirePrivilege(
3642 Privilege: PULONG,
3643 NumPriv: ULONG,
3644 Flags: ULONG,
3645 ReturnedState: *mut PVOID,
3646 ) -> NTSTATUS;
3647 fn RtlReleasePrivilege(
3648 StatePointer: PVOID,
3649 );
3650 fn RtlRemovePrivileges(
3651 TokenHandle: HANDLE,
3652 PrivilegesToKeep: PULONG,
3653 PrivilegeCount: ULONG,
3654 ) -> NTSTATUS;
3655 fn RtlIsUntrustedObject(
3656 Handle: HANDLE,
3657 Object: PVOID,
3658 IsUntrustedObject: PBOOLEAN,
3659 ) -> NTSTATUS;
3660 fn RtlQueryValidationRunlevel(
3661 ComponentName: PUNICODE_STRING,
3662 ) -> ULONG;
3663 fn RtlCreateBoundaryDescriptor(
3664 Name: PUNICODE_STRING,
3665 Flags: ULONG,
3666 ) -> PVOID;
3667 fn RtlDeleteBoundaryDescriptor(
3668 BoundaryDescriptor: PVOID,
3669 );
3670 fn RtlAddSIDToBoundaryDescriptor(
3671 BoundaryDescriptor: *mut PVOID,
3672 RequiredSid: PSID,
3673 ) -> NTSTATUS;
3674 fn RtlAddIntegrityLabelToBoundaryDescriptor(
3675 BoundaryDescriptor: *mut PVOID,
3676 IntegrityLabel: PSID,
3677 ) -> NTSTATUS;
3678 fn RtlGetVersion(
3679 lpVersionInformation: PRTL_OSVERSIONINFOW,
3680 ) -> NTSTATUS;
3681 fn RtlVerifyVersionInfo(
3682 VersionInfo: PRTL_OSVERSIONINFOEXW,
3683 TypeMask: ULONG,
3684 ConditionMask: ULONGLONG,
3685 ) -> NTSTATUS;
3686 fn RtlGetNtVersionNumbers(
3687 NtMajorVersion: PULONG,
3688 NtMinorVersion: PULONG,
3689 NtBuildNumber: PULONG,
3690 );
3691 fn RtlGetNtGlobalFlags() -> ULONG;
3692 fn RtlGetNtProductType(
3693 NtProductType: PNT_PRODUCT_TYPE,
3694 ) -> BOOLEAN;
3695 fn RtlGetSuiteMask() -> ULONG;
3696 fn RtlRegisterWait(
3697 WaitHandle: PHANDLE,
3698 Handle: HANDLE,
3699 Function: WAITORTIMERCALLBACKFUNC,
3700 Context: PVOID,
3701 Milliseconds: ULONG,
3702 Flags: ULONG,
3703 ) -> NTSTATUS;
3704 fn RtlDeregisterWait(
3705 WaitHandle: HANDLE,
3706 ) -> NTSTATUS;
3707 fn RtlDeregisterWaitEx(
3708 WaitHandle: HANDLE,
3709 Event: HANDLE,
3710 ) -> NTSTATUS;
3711 fn RtlQueueWorkItem(
3712 Function: WORKERCALLBACKFUNC,
3713 Context: PVOID,
3714 Flags: ULONG,
3715 ) -> NTSTATUS;
3716 fn RtlSetIoCompletionCallback(
3717 FileHandle: HANDLE,
3718 CompletionProc: APC_CALLBACK_FUNCTION,
3719 Flags: ULONG,
3720 ) -> NTSTATUS;
3721}}
3722FN!{stdcall PRTL_START_POOL_THREAD(
3723 Function: PTHREAD_START_ROUTINE,
3724 Parameter: PVOID,
3725 ThreadHandle: PHANDLE,
3726) -> NTSTATUS}
3727FN!{stdcall PRTL_EXIT_POOL_THREAD(
3728 ExitStatus: NTSTATUS,
3729) -> NTSTATUS}
3730EXTERN!{extern "system" {
3731 fn RtlSetThreadPoolStartFunc(
3732 StartPoolThread: PRTL_START_POOL_THREAD,
3733 ExitPoolThread: PRTL_EXIT_POOL_THREAD,
3734 ) -> NTSTATUS;
3735 fn RtlUserThreadStart(
3736 Function: PTHREAD_START_ROUTINE,
3737 Parameter: PVOID,
3738 );
3739 fn LdrInitializeThunk(
3740 ContextRecord: PCONTEXT,
3741 Parameter: PVOID,
3742 );
3743 fn RtlCreateTimerQueue(
3744 TimerQueueHandle: PHANDLE,
3745 ) -> NTSTATUS;
3746 fn RtlCreateTimer(
3747 TimerQueueHandle: HANDLE,
3748 Handle: PHANDLE,
3749 Function: WAITORTIMERCALLBACKFUNC,
3750 Context: PVOID,
3751 DueTime: ULONG,
3752 Period: ULONG,
3753 Flags: ULONG,
3754 ) -> NTSTATUS;
3755 fn RtlUpdateTimer(
3756 TimerQueueHandle: HANDLE,
3757 TimerHandle: HANDLE,
3758 DueTime: ULONG,
3759 Period: ULONG,
3760 ) -> NTSTATUS;
3761 fn RtlDeleteTimer(
3762 TimerQueueHandle: HANDLE,
3763 TimerToCancel: HANDLE,
3764 Event: HANDLE,
3765 ) -> NTSTATUS;
3766 fn RtlDeleteTimerQueue(
3767 TimerQueueHandle: HANDLE,
3768 ) -> NTSTATUS;
3769 fn RtlDeleteTimerQueueEx(
3770 TimerQueueHandle: HANDLE,
3771 Event: HANDLE,
3772 ) -> NTSTATUS;
3773 fn RtlFormatCurrentUserKeyPath(
3774 CurrentUserKeyPath: PUNICODE_STRING,
3775 ) -> NTSTATUS;
3776 fn RtlOpenCurrentUser(
3777 DesiredAccess: ACCESS_MASK,
3778 CurrentUserKey: PHANDLE,
3779 ) -> NTSTATUS;
3780}}
3781pub const RTL_REGISTRY_ABSOLUTE: ULONG = 0;
3782pub const RTL_REGISTRY_SERVICES: ULONG = 1;
3783pub const RTL_REGISTRY_CONTROL: ULONG = 2;
3784pub const RTL_REGISTRY_WINDOWS_NT: ULONG = 3;
3785pub const RTL_REGISTRY_DEVICEMAP: ULONG = 4;
3786pub const RTL_REGISTRY_USER: ULONG = 5;
3787pub const RTL_REGISTRY_MAXIMUM: ULONG = 6;
3788pub const RTL_REGISTRY_HANDLE: ULONG = 0x40000000;
3789pub const RTL_REGISTRY_OPTIONAL: ULONG = 0x80000000;
3790EXTERN!{extern "system" {
3791 fn RtlCreateRegistryKey(
3792 RelativeTo: ULONG,
3793 Path: PWSTR,
3794 ) -> NTSTATUS;
3795 fn RtlCheckRegistryKey(
3796 RelativeTo: ULONG,
3797 Path: PWSTR,
3798 ) -> NTSTATUS;
3799}}
3800FN!{stdcall PRTL_QUERY_REGISTRY_ROUTINE(
3801 ValueName: PWSTR,
3802 ValueType: ULONG,
3803 ValueData: PVOID,
3804 ValueLength: ULONG,
3805 Context: PVOID,
3806 EntryContext: PVOID,
3807) -> NTSTATUS}
3808STRUCT!{struct RTL_QUERY_REGISTRY_TABLE {
3809 QueryRoutine: PRTL_QUERY_REGISTRY_ROUTINE,
3810 Flags: ULONG,
3811 Name: PWSTR,
3812 EntryContext: PVOID,
3813 DefaultType: ULONG,
3814 DefaultData: PVOID,
3815 DefaultLength: ULONG,
3816}}
3817pub type PRTL_QUERY_REGISTRY_TABLE = *mut RTL_QUERY_REGISTRY_TABLE;
3818pub const RTL_QUERY_REGISTRY_SUBKEY: ULONG = 0x00000001;
3819pub const RTL_QUERY_REGISTRY_TOPKEY: ULONG = 0x00000002;
3820pub const RTL_QUERY_REGISTRY_REQUIRED: ULONG = 0x00000004;
3821pub const RTL_QUERY_REGISTRY_NOVALUE: ULONG = 0x00000008;
3822pub const RTL_QUERY_REGISTRY_NOEXPAND: ULONG = 0x00000010;
3823pub const RTL_QUERY_REGISTRY_DIRECT: ULONG = 0x00000020;
3824pub const RTL_QUERY_REGISTRY_DELETE: ULONG = 0x00000040;
3825EXTERN!{extern "system" {
3826 fn RtlQueryRegistryValues(
3827 RelativeTo: ULONG,
3828 Path: PCWSTR,
3829 QueryTable: PRTL_QUERY_REGISTRY_TABLE,
3830 Context: PVOID,
3831 Environment: PVOID,
3832 ) -> NTSTATUS;
3833 fn RtlQueryRegistryValuesEx(
3834 RelativeTo: ULONG,
3835 Path: PWSTR,
3836 QueryTable: PRTL_QUERY_REGISTRY_TABLE,
3837 Context: PVOID,
3838 Environment: PVOID,
3839 ) -> NTSTATUS;
3840 fn RtlWriteRegistryValue(
3841 RelativeTo: ULONG,
3842 Path: PCWSTR,
3843 ValueName: PCWSTR,
3844 ValueType: ULONG,
3845 ValueData: PVOID,
3846 ValueLength: ULONG,
3847 ) -> NTSTATUS;
3848 fn RtlDeleteRegistryValue(
3849 RelativeTo: ULONG,
3850 Path: PCWSTR,
3851 ValueName: PCWSTR,
3852 ) -> NTSTATUS;
3853 fn RtlEnableThreadProfiling(
3854 ThreadHandle: HANDLE,
3855 Flags: ULONG,
3856 HardwareCounters: ULONG64,
3857 PerformanceDataHandle: *mut PVOID,
3858 ) -> NTSTATUS;
3859 fn RtlDisableThreadProfiling(
3860 PerformanceDataHandle: PVOID,
3861 ) -> NTSTATUS;
3862 fn RtlQueryThreadProfiling(
3863 ThreadHandle: HANDLE,
3864 Enabled: PBOOLEAN,
3865 ) -> NTSTATUS;
3866 fn RtlReadThreadProfilingData(
3867 PerformanceDataHandle: HANDLE,
3868 Flags: ULONG,
3869 PerformanceData: PPERFORMANCE_DATA,
3870 ) -> NTSTATUS;
3871 fn RtlGetNativeSystemInformation(
3872 SystemInformationClass: ULONG,
3873 NativeSystemInformation: PVOID,
3874 InformationLength: ULONG,
3875 ReturnLength: PULONG,
3876 ) -> NTSTATUS;
3877 fn RtlQueueApcWow64Thread(
3878 ThreadHandle: HANDLE,
3879 ApcRoutine: PPS_APC_ROUTINE,
3880 ApcArgument1: PVOID,
3881 ApcArgument2: PVOID,
3882 ApcArgument3: PVOID,
3883 ) -> NTSTATUS;
3884 fn RtlWow64EnableFsRedirection(
3885 Wow64FsEnableRedirection: BOOLEAN,
3886 ) -> NTSTATUS;
3887 fn RtlWow64EnableFsRedirectionEx(
3888 Wow64FsEnableRedirection: PVOID,
3889 OldFsRedirectionLevel: *mut PVOID,
3890 ) -> NTSTATUS;
3891 fn RtlComputeCrc32(
3892 PartialCrc: ULONG32,
3893 Buffer: PVOID,
3894 Length: ULONG,
3895 ) -> ULONG32;
3896 fn RtlEncodePointer(
3897 Ptr: PVOID,
3898 ) -> PVOID;
3899 fn RtlDecodePointer(
3900 Ptr: PVOID,
3901 ) -> PVOID;
3902 fn RtlEncodeSystemPointer(
3903 Ptr: PVOID,
3904 ) -> PVOID;
3905 fn RtlDecodeSystemPointer(
3906 Ptr: PVOID,
3907 ) -> PVOID;
3908 fn RtlEncodeRemotePointer(
3909 ProcessHandle: HANDLE,
3910 Pointer: PVOID,
3911 EncodedPointer: *mut PVOID,
3912 ) -> NTSTATUS;
3913 fn RtlDecodeRemotePointer(
3914 ProcessHandle: HANDLE,
3915 Pointer: PVOID,
3916 DecodedPointer: *mut PVOID,
3917 ) -> NTSTATUS;
3918 fn RtlIsProcessorFeaturePresent(
3919 ProcessorFeature: ULONG,
3920 ) -> BOOLEAN;
3921 fn RtlGetCurrentProcessorNumber() -> ULONG;
3922 fn RtlGetCurrentProcessorNumberEx(
3923 ProcessorNumber: PPROCESSOR_NUMBER,
3924 );
3925 fn RtlPushFrame(
3926 Frame: PTEB_ACTIVE_FRAME,
3927 );
3928 fn RtlPopFrame(
3929 Frame: PTEB_ACTIVE_FRAME,
3930 );
3931 fn RtlGetFrame() -> PTEB_ACTIVE_FRAME;
3932}}
3933pub const RTL_WALK_USER_MODE_STACK: ULONG = 0x00000001;
3934pub const RTL_WALK_VALID_FLAGS: ULONG = 0x00000001;
3935pub const RTL_STACK_WALKING_MODE_FRAMES_TO_SKIP_SHIFT: ULONG = 0x00000008;
3936EXTERN!{extern "system" {
3937 fn RtlWalkFrameChain(
3938 Callers: *mut PVOID,
3939 Count: ULONG,
3940 Flags: ULONG,
3941 ) -> ULONG;
3942 fn RtlGetCallersAddress(
3943 CallersAddress: *mut PVOID,
3944 CallersCaller: *mut PVOID,
3945 );
3946 fn RtlGetEnabledExtendedFeatures(
3947 FeatureMask: ULONG64,
3948 ) -> ULONG64;
3949 fn RtlGetEnabledExtendedAndSupervisorFeatures(
3950 FeatureMask: ULONG64,
3951 ) -> ULONG64;
3952 fn RtlLocateSupervisorFeature(
3953 XStateHeader: PXSAVE_AREA_HEADER,
3954 FeatureId: ULONG,
3955 Length: PULONG,
3956 ) -> PVOID;
3957}}
3958STRUCT!{struct RTL_ELEVATION_FLAGS {
3959 Flags: ULONG,
3960}}
3961BITFIELD!{RTL_ELEVATION_FLAGS Flags: ULONG [
3962 ElevationEnabled set_ElevationEnabled[0..1],
3963 VirtualizationEnabled set_VirtualizationEnabled[1..2],
3964 InstallerDetectEnabled set_InstallerDetectEnabled[2..3],
3965 ReservedBits set_ReservedBits[3..32],
3966]}
3967pub type PRTL_ELEVATION_FLAGS = *mut RTL_ELEVATION_FLAGS;
3968EXTERN!{extern "system" {
3969 fn RtlQueryElevationFlags(
3970 Flags: PRTL_ELEVATION_FLAGS,
3971 ) -> NTSTATUS;
3972 fn RtlRegisterThreadWithCsrss() -> NTSTATUS;
3973 fn RtlLockCurrentThread() -> NTSTATUS;
3974 fn RtlUnlockCurrentThread() -> NTSTATUS;
3975 fn RtlLockModuleSection(
3976 Address: PVOID,
3977 ) -> NTSTATUS;
3978 fn RtlUnlockModuleSection(
3979 Address: PVOID,
3980 ) -> NTSTATUS;
3981}}
3982pub const RTL_UNLOAD_EVENT_TRACE_NUMBER: u32 = 64;
3983STRUCT!{struct RTL_UNLOAD_EVENT_TRACE {
3984 BaseAddress: PVOID,
3985 SizeOfImage: SIZE_T,
3986 Sequence: ULONG,
3987 TimeDateStamp: ULONG,
3988 CheckSum: ULONG,
3989 ImageName: [WCHAR; 32],
3990 Version: [ULONG; 2],
3991}}
3992pub type PRTL_UNLOAD_EVENT_TRACE = *mut RTL_UNLOAD_EVENT_TRACE;
3993STRUCT!{struct RTL_UNLOAD_EVENT_TRACE32 {
3994 BaseAddress: ULONG,
3995 SizeOfImage: ULONG,
3996 Sequence: ULONG,
3997 TimeDateStamp: ULONG,
3998 CheckSum: ULONG,
3999 ImageName: [WCHAR; 32],
4000 Version: [ULONG; 2],
4001}}
4002pub type PRTL_UNLOAD_EVENT_TRACE32 = *mut RTL_UNLOAD_EVENT_TRACE32;
4003EXTERN!{extern "system" {
4004 fn RtlGetUnloadEventTrace() -> PRTL_UNLOAD_EVENT_TRACE;
4005 fn RtlGetUnloadEventTraceEx(
4006 ElementSize: *mut PULONG,
4007 ElementCount: *mut PULONG,
4008 EventTrace: *mut PVOID,
4009 );
4010 fn RtlQueryPerformanceCounter(
4011 PerformanceCounter: PLARGE_INTEGER,
4012 ) -> LOGICAL;
4013 fn RtlQueryPerformanceFrequency(
4014 PerformanceFrequency: PLARGE_INTEGER,
4015 ) -> LOGICAL;
4016}}
4017ENUM!{enum IMAGE_MITIGATION_POLICY {
4018 ImageDepPolicy = 0,
4019 ImageAslrPolicy = 1,
4020 ImageDynamicCodePolicy = 2,
4021 ImageStrictHandleCheckPolicy = 3,
4022 ImageSystemCallDisablePolicy = 4,
4023 ImageMitigationOptionsMask = 5,
4024 ImageExtensionPointDisablePolicy = 6,
4025 ImageControlFlowGuardPolicy = 7,
4026 ImageSignaturePolicy = 8,
4027 ImageFontDisablePolicy = 9,
4028 ImageImageLoadPolicy = 10,
4029 ImagePayloadRestrictionPolicy = 11,
4030 ImageChildProcessPolicy = 12,
4031 ImageSehopPolicy = 13,
4032 ImageHeapPolicy = 14,
4033 MaxImageMitigationPolicy = 15,
4034}}
4035UNION!{union RTL_IMAGE_MITIGATION_POLICY {
4036 Bitfields1: ULONG64,
4037 Bitfields2: ULONG64,
4038}}
4039BITFIELD!{unsafe RTL_IMAGE_MITIGATION_POLICY Bitfields1: ULONG64 [
4040 AuditState set_AuditState[0..2],
4041 AuditFlag set_AuditFlag[2..3],
4042 EnableAdditionalAuditingOption set_EnableAdditionalAuditingOption[3..4],
4043 Reserved set_Reserved[4..64],
4044]}
4045BITFIELD!{unsafe RTL_IMAGE_MITIGATION_POLICY Bitfields2: ULONG64 [
4046 PolicyState set_PolicyState[0..2],
4047 AlwaysInherit set_AlwaysInherit[2..3],
4048 EnableAdditionalPolicyOption set_EnableAdditionalPolicyOption[3..4],
4049 AuditReserved set_AuditReserved[4..64],
4050]}
4051pub type PRTL_IMAGE_MITIGATION_POLICY = *mut RTL_IMAGE_MITIGATION_POLICY;
4052STRUCT!{struct RTL_IMAGE_MITIGATION_DEP_POLICY {
4053 Dep: RTL_IMAGE_MITIGATION_POLICY,
4054}}
4055pub type PRTL_IMAGE_MITIGATION_DEP_POLICY = *mut RTL_IMAGE_MITIGATION_DEP_POLICY;
4056STRUCT!{struct RTL_IMAGE_MITIGATION_ASLR_POLICY {
4057 ForceRelocateImages: RTL_IMAGE_MITIGATION_POLICY,
4058 BottomUpRandomization: RTL_IMAGE_MITIGATION_POLICY,
4059 HighEntropyRandomization: RTL_IMAGE_MITIGATION_POLICY,
4060}}
4061pub type PRTL_IMAGE_MITIGATION_ASLR_POLICY = *mut RTL_IMAGE_MITIGATION_ASLR_POLICY;
4062STRUCT!{struct RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY {
4063 BlockDynamicCode: RTL_IMAGE_MITIGATION_POLICY,
4064}}
4065pub type PRTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY = *mut RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY;
4066STRUCT!{struct RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY {
4067 StrictHandleChecks: RTL_IMAGE_MITIGATION_POLICY,
4068}}
4069pub type PRTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY =
4070 *mut RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY;
4071STRUCT!{struct RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY {
4072 BlockWin32kSystemCalls: RTL_IMAGE_MITIGATION_POLICY,
4073}}
4074pub type PRTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY =
4075 *mut RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY;
4076STRUCT!{struct RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY {
4077 DisableExtensionPoints: RTL_IMAGE_MITIGATION_POLICY,
4078}}
4079pub type PRTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY =
4080 *mut RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY;
4081STRUCT!{struct RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY {
4082 ControlFlowGuard: RTL_IMAGE_MITIGATION_POLICY,
4083 StrictControlFlowGuard: RTL_IMAGE_MITIGATION_POLICY,
4084}}
4085pub type PRTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY =
4086 *mut RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY;
4087STRUCT!{struct RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY {
4088 BlockNonMicrosoftSignedBinaries: RTL_IMAGE_MITIGATION_POLICY,
4089 EnforceSigningOnModuleDependencies: RTL_IMAGE_MITIGATION_POLICY,
4090}}
4091pub type PRTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY =
4092 *mut RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY;
4093STRUCT!{struct RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY {
4094 DisableNonSystemFonts: RTL_IMAGE_MITIGATION_POLICY,
4095}}
4096pub type PRTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY = *mut RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY;
4097STRUCT!{struct RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY {
4098 BlockRemoteImageLoads: RTL_IMAGE_MITIGATION_POLICY,
4099 BlockLowLabelImageLoads: RTL_IMAGE_MITIGATION_POLICY,
4100 PreferSystem32: RTL_IMAGE_MITIGATION_POLICY,
4101}}
4102pub type PRTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY = *mut RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY;
4103STRUCT!{struct RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY {
4104 EnableExportAddressFilter: RTL_IMAGE_MITIGATION_POLICY,
4105 EnableExportAddressFilterPlus: RTL_IMAGE_MITIGATION_POLICY,
4106 EnableImportAddressFilter: RTL_IMAGE_MITIGATION_POLICY,
4107 EnableRopStackPivot: RTL_IMAGE_MITIGATION_POLICY,
4108 EnableRopCallerCheck: RTL_IMAGE_MITIGATION_POLICY,
4109 EnableRopSimExec: RTL_IMAGE_MITIGATION_POLICY,
4110}}
4111pub type PRTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY =
4112 *mut RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY;
4113STRUCT!{struct RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY {
4114 DisallowChildProcessCreation: RTL_IMAGE_MITIGATION_POLICY,
4115}}
4116pub type PRTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY =
4117 *mut RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY;
4118STRUCT!{struct RTL_IMAGE_MITIGATION_SEHOP_POLICY {
4119 Sehop: RTL_IMAGE_MITIGATION_POLICY,
4120}}
4121pub type PRTL_IMAGE_MITIGATION_SEHOP_POLICY = *mut RTL_IMAGE_MITIGATION_SEHOP_POLICY;
4122STRUCT!{struct RTL_IMAGE_MITIGATION_HEAP_POLICY {
4123 TerminateOnHeapErrors: RTL_IMAGE_MITIGATION_POLICY,
4124}}
4125pub type PRTL_IMAGE_MITIGATION_HEAP_POLICY = *mut RTL_IMAGE_MITIGATION_HEAP_POLICY;
4126ENUM!{enum RTL_IMAGE_MITIGATION_OPTION_STATE {
4127 RtlMitigationOptionStateNotConfigured = 0,
4128 RtlMitigationOptionStateOn = 1,
4129 RtlMitigationOptionStateOff = 2,
4130}}
4131pub const RTL_IMAGE_MITIGATION_FLAG_RESET: ULONG = 0x1;
4132pub const RTL_IMAGE_MITIGATION_FLAG_REMOVE: ULONG = 0x2;
4133pub const RTL_IMAGE_MITIGATION_FLAG_OSDEFAULT: ULONG = 0x4;
4134pub const RTL_IMAGE_MITIGATION_FLAG_AUDIT: ULONG = 0x8;
4135EXTERN!{extern "system" {
4136 fn RtlQueryImageMitigationPolicy(
4137 ImagePath: PWSTR,
4138 Policy: IMAGE_MITIGATION_POLICY,
4139 Flags: ULONG,
4140 Buffer: PVOID,
4141 BufferSize: ULONG,
4142 ) -> NTSTATUS;
4143 fn RtlSetImageMitigationPolicy(
4144 ImagePath: PWSTR,
4145 Policy: IMAGE_MITIGATION_POLICY,
4146 Flags: ULONG,
4147 Buffer: PVOID,
4148 BufferSize: ULONG,
4149 ) -> NTSTATUS;
4150 fn RtlGetCurrentServiceSessionId() -> ULONG;
4151 fn RtlGetActiveConsoleId() -> ULONG;
4152 fn RtlGetConsoleSessionForegroundProcessId() -> ULONGLONG;
4153 fn RtlGetTokenNamedObjectPath(
4154 Token: HANDLE,
4155 Sid: PSID,
4156 ObjectPath: PUNICODE_STRING,
4157 ) -> NTSTATUS;
4158 fn RtlGetAppContainerNamedObjectPath(
4159 Token: HANDLE,
4160 AppContainerSid: PSID,
4161 RelativePath: BOOLEAN,
4162 ObjectPath: PUNICODE_STRING,
4163 ) -> NTSTATUS;
4164 fn RtlGetAppContainerParent(
4165 AppContainerSid: PSID,
4166 AppContainerSidParent: *mut PSID,
4167 ) -> NTSTATUS;
4168 fn RtlCheckSandboxedToken(
4169 TokenHandle: HANDLE,
4170 IsSandboxed: PBOOLEAN,
4171 ) -> NTSTATUS;
4172 fn RtlCheckTokenCapability(
4173 TokenHandle: HANDLE,
4174 CapabilitySidToCheck: PSID,
4175 HasCapability: PBOOLEAN,
4176 ) -> NTSTATUS;
4177 fn RtlCapabilityCheck(
4178 TokenHandle: HANDLE,
4179 CapabilityName: PUNICODE_STRING,
4180 HasCapability: PBOOLEAN,
4181 ) -> NTSTATUS;
4182 fn RtlCheckTokenMembership(
4183 TokenHandle: HANDLE,
4184 SidToCheck: PSID,
4185 IsMember: PBOOLEAN,
4186 ) -> NTSTATUS;
4187 fn RtlCheckTokenMembershipEx(
4188 TokenHandle: HANDLE,
4189 SidToCheck: PSID,
4190 Flags: ULONG,
4191 IsMember: PBOOLEAN,
4192 ) -> NTSTATUS;
4193 fn RtlIsParentOfChildAppContainer(
4194 ParentAppContainerSid: PSID,
4195 ChildAppContainerSid: PSID,
4196 ) -> NTSTATUS;
4197 fn RtlIsCapabilitySid(
4198 Sid: PSID,
4199 ) -> BOOLEAN;
4200 fn RtlIsPackageSid(
4201 Sid: PSID,
4202 ) -> BOOLEAN;
4203 fn RtlIsValidProcessTrustLabelSid(
4204 Sid: PSID,
4205 ) -> BOOLEAN;
4206 fn RtlIsStateSeparationEnabled() -> BOOLEAN;
4207}}
4208ENUM!{enum APPCONTAINER_SID_TYPE {
4209 NotAppContainerSidType = 0,
4210 ChildAppContainerSidType = 1,
4211 ParentAppContainerSidType = 2,
4212 InvalidAppContainerSidType = 3,
4213 MaxAppContainerSidType = 4,
4214}}
4215pub type PAPPCONTAINER_SID_TYPE = *mut APPCONTAINER_SID_TYPE;
4216EXTERN!{extern "system" {
4217 fn RtlGetAppContainerSidType(
4218 AppContainerSid: PSID,
4219 AppContainerSidType: PAPPCONTAINER_SID_TYPE,
4220 ) -> NTSTATUS;
4221 fn RtlFlsAlloc(
4222 Callback: PFLS_CALLBACK_FUNCTION,
4223 FlsIndex: PULONG,
4224 ) -> NTSTATUS;
4225 fn RtlFlsFree(
4226 FlsIndex: ULONG,
4227 ) -> NTSTATUS;
4228}}
4229ENUM!{enum STATE_LOCATION_TYPE {
4230 LocationTypeRegistry = 0,
4231 LocationTypeFileSystem = 1,
4232 LocationTypeMaximum = 2,
4233}}
4234EXTERN!{extern "system" {
4235 fn RtlGetPersistedStateLocation(
4236 SourceID: PCWSTR,
4237 CustomValue: PCWSTR,
4238 DefaultPath: PCWSTR,
4239 StateLocationType: STATE_LOCATION_TYPE,
4240 TargetPath: PWCHAR,
4241 BufferLengthIn: ULONG,
4242 BufferLengthOut: PULONG,
4243 ) -> NTSTATUS;
4244 fn RtlIsCloudFilesPlaceholder(
4245 FileAttributes: ULONG,
4246 ReparseTag: ULONG,
4247 ) -> BOOLEAN;
4248 fn RtlIsPartialPlaceholder(
4249 FileAttributes: ULONG,
4250 ReparseTag: ULONG,
4251 ) -> BOOLEAN;
4252 fn RtlIsPartialPlaceholderFileHandle(
4253 FileHandle: HANDLE,
4254 IsPartialPlaceholder: PBOOLEAN,
4255 ) -> NTSTATUS;
4256 fn RtlIsPartialPlaceholderFileInfo(
4257 InfoBuffer: *const c_void,
4258 InfoClass: FILE_INFORMATION_CLASS,
4259 IsPartialPlaceholder: PBOOLEAN,
4260 ) -> NTSTATUS;
4261 fn RtlIsNonEmptyDirectoryReparsePointAllowed(
4262 ReparseTag: ULONG,
4263 ) -> BOOLEAN;
4264 fn RtlAppxIsFileOwnedByTrustedInstaller(
4265 FileHandle: HANDLE,
4266 IsFileOwnedByTrustedInstaller: PBOOLEAN,
4267 ) -> NTSTATUS;
4268}}
4269STRUCT!{struct PS_PKG_CLAIM {
4270 Flags: ULONGLONG,
4271 Origin: ULONGLONG,
4272}}
4273pub type PPS_PKG_CLAIM = *mut PS_PKG_CLAIM;
4274EXTERN!{extern "system" {
4275 fn RtlQueryPackageClaims(
4276 TokenHandle: HANDLE,
4277 PackageFullName: PWSTR,
4278 PackageSize: PSIZE_T,
4279 AppId: PWSTR,
4280 AppIdSize: PSIZE_T,
4281 DynamicId: *mut GUID,
4282 PkgClaim: PPS_PKG_CLAIM,
4283 AttributesPresent: PULONG64,
4284 ) -> NTSTATUS;
4285 fn RtlQueryProtectedPolicy(
4286 PolicyGuid: *mut GUID,
4287 PolicyValue: PULONG_PTR,
4288 ) -> NTSTATUS;
4289 fn RtlSetProtectedPolicy(
4290 PolicyGuid: *mut GUID,
4291 PolicyValue: ULONG_PTR,
4292 OldPolicyValue: PULONG_PTR,
4293 ) -> NTSTATUS;
4294 fn RtlIsMultiSessionSku() -> BOOLEAN;
4295 fn RtlIsMultiUsersInSessionSku() -> BOOLEAN;
4296}}
4297ENUM!{enum RTL_BSD_ITEM_TYPE {
4298 RtlBsdItemVersionNumber = 0,
4299 RtlBsdItemProductType = 1,
4300 RtlBsdItemAabEnabled = 2,
4301 RtlBsdItemAabTimeout = 3,
4302 RtlBsdItemBootGood = 4,
4303 RtlBsdItemBootShutdown = 5,
4304 RtlBsdSleepInProgress = 6,
4305 RtlBsdPowerTransition = 7,
4306 RtlBsdItemBootAttemptCount = 8,
4307 RtlBsdItemBootCheckpoint = 9,
4308 RtlBsdItemBootId = 10,
4309 RtlBsdItemShutdownBootId = 11,
4310 RtlBsdItemReportedAbnormalShutdownBootId = 12,
4311 RtlBsdItemErrorInfo = 13,
4312 RtlBsdItemPowerButtonPressInfo = 14,
4313 RtlBsdItemChecksum = 15,
4314 RtlBsdItemMax = 16,
4315}}
4316STRUCT!{struct RTL_BSD_ITEM {
4317 Type: RTL_BSD_ITEM_TYPE,
4318 DataBuffer: PVOID,
4319 DataLength: ULONG,
4320}}
4321pub type PRTL_BSD_ITEM = *mut RTL_BSD_ITEM;
4322EXTERN!{extern "system" {
4323 fn RtlCreateBootStatusDataFile() -> NTSTATUS;
4324 fn RtlLockBootStatusData(
4325 FileHandle: PHANDLE,
4326 ) -> NTSTATUS;
4327 fn RtlUnlockBootStatusData(
4328 FileHandle: HANDLE,
4329 ) -> NTSTATUS;
4330 fn RtlGetSetBootStatusData(
4331 FileHandle: HANDLE,
4332 Read: BOOLEAN,
4333 DataClass: RTL_BSD_ITEM_TYPE,
4334 Buffer: PVOID,
4335 BufferSize: ULONG,
4336 ReturnLength: PULONG,
4337 ) -> NTSTATUS;
4338 fn RtlCheckBootStatusIntegrity(
4339 FileHandle: HANDLE,
4340 Verified: PBOOLEAN,
4341 ) -> NTSTATUS;
4342 fn RtlCheckPortableOperatingSystem(
4343 IsPortable: PBOOLEAN,
4344 ) -> NTSTATUS;
4345 fn RtlSetPortableOperatingSystem(
4346 IsPortable: BOOLEAN,
4347 ) -> NTSTATUS;
4348}}
4349EXTERN!{extern "system" {
4350 fn RtlOsDeploymentState(
4351 Flags: DWORD,
4352 ) -> OS_DEPLOYEMENT_STATE_VALUES;
4353 fn RtlFindClosestEncodableLength(
4354 SourceLength: ULONGLONG,
4355 TargetLength: PULONGLONG,
4356 ) -> NTSTATUS;
4357}}
4358FN!{stdcall PRTL_SECURE_MEMORY_CACHE_CALLBACK(
4359 Address: PVOID,
4360 Length: SIZE_T,
4361) -> NTSTATUS}
4362EXTERN!{extern "system" {
4363 fn RtlRegisterSecureMemoryCacheCallback(
4364 Callback: PRTL_SECURE_MEMORY_CACHE_CALLBACK,
4365 ) -> NTSTATUS;
4366 fn RtlDeregisterSecureMemoryCacheCallback(
4367 Callback: PRTL_SECURE_MEMORY_CACHE_CALLBACK,
4368 ) -> NTSTATUS;
4369 fn RtlFlushSecureMemoryCache(
4370 MemoryCache: PVOID,
4371 MemoryLength: SIZE_T,
4372 ) -> BOOLEAN;
4373}}