ntapi/
ntwow64.rs

1use core::mem::size_of;
2use crate::ntapi_base::CLIENT_ID32;
3use crate::ntldr::{LDR_DDAG_STATE, LDR_DLL_LOAD_REASON};
4use crate::ntpsapi::GDI_HANDLE_BUFFER32;
5use crate::ntrtl::RTL_MAX_DRIVE_LETTERS;
6use crate::string::{UTF16Const, UTF8Const};
7use winapi::shared::guiddef::GUID;
8use winapi::shared::ntdef::{
9    BOOLEAN, CHAR, LARGE_INTEGER, LCID, LIST_ENTRY32, LONG, NTSTATUS, PROCESSOR_NUMBER,
10    SINGLE_LIST_ENTRY32, STRING32, UCHAR, ULARGE_INTEGER, ULONG, ULONGLONG, UNICODE_STRING,
11    UNICODE_STRING32, USHORT, WCHAR,
12};
13use winapi::um::winnt::{FLS_MAXIMUM_AVAILABLE, NT_TIB32};
14pub const WOW64_SYSTEM_DIRECTORY: UTF8Const = UTF8Const("SysWOW64\0");
15/// "SysWOW64"
16pub const WOW64_SYSTEM_DIRECTORY_U: UTF16Const = UTF16Const(&[
17    0x0053, 0x0079, 0x0073, 0x0057, 0x004F, 0x0057, 0x0036, 0x0034, 0u16,
18]);
19pub const WOW64_X86_TAG: UTF8Const = UTF8Const(" (x86)\0");
20/// " (x86)"
21pub const WOW64_X86_TAG_U: UTF16Const = UTF16Const(&[
22    0x0020, 0x0028, 0x0078, 0x0038, 0x0036, 0x0029, 0u16,
23]);
24ENUM!{enum WOW64_SHARED_INFORMATION {
25    SharedNtdll32LdrInitializeThunk = 0,
26    SharedNtdll32KiUserExceptionDispatcher = 1,
27    SharedNtdll32KiUserApcDispatcher = 2,
28    SharedNtdll32KiUserCallbackDispatcher = 3,
29    SharedNtdll32ExpInterlockedPopEntrySListFault = 4,
30    SharedNtdll32ExpInterlockedPopEntrySListResume = 5,
31    SharedNtdll32ExpInterlockedPopEntrySListEnd = 6,
32    SharedNtdll32RtlUserThreadStart = 7,
33    SharedNtdll32pQueryProcessDebugInformationRemote = 8,
34    SharedNtdll32BaseAddress = 9,
35    SharedNtdll32LdrSystemDllInitBlock = 10,
36    Wow64SharedPageEntriesCount = 11,
37}}
38STRUCT!{struct RTL_BALANCED_NODE32_u_s {
39    Left: ULONG, // WOW64_POINTER
40    Right: ULONG, // WOW64_POINTER
41}}
42UNION!{union RTL_BALANCED_NODE32_u {
43    Children: [ULONG; 2], // WOW64_POINTER
44    s: RTL_BALANCED_NODE32_u_s,
45}}
46STRUCT!{struct RTL_BALANCED_NODE32 {
47    u: RTL_BALANCED_NODE32_u,
48    ParentValue: ULONG,
49}}
50pub type PRTL_BALANCED_NODE32 = *mut RTL_BALANCED_NODE32;
51STRUCT!{struct RTL_RB_TREE32 {
52    Root: ULONG, // WOW64_POINTER
53    Min: ULONG, // WOW64_POINTER
54}}
55pub type PRTL_RB_TREE32 = *mut RTL_RB_TREE32;
56STRUCT!{struct PEB_LDR_DATA32 {
57    Length: ULONG,
58    Initialized: BOOLEAN,
59    SsHandle: ULONG,
60    InLoadOrderModuleList: LIST_ENTRY32,
61    InMemoryOrderModuleList: LIST_ENTRY32,
62    InInitializationOrderModuleList: LIST_ENTRY32,
63    EntryInProgress: ULONG,
64    ShutdownInProgress: BOOLEAN,
65    ShutdownThreadId: ULONG,
66}}
67pub type PPEB_LDR_DATA32 = *mut PEB_LDR_DATA32;
68STRUCT!{struct LDR_SERVICE_TAG_RECORD32 {
69    Next: ULONG,
70    ServiceTag: ULONG,
71}}
72pub type PLDR_SERVICE_TAG_RECORD32 = *mut LDR_SERVICE_TAG_RECORD32;
73STRUCT!{struct LDRP_CSLIST32 {
74    Tail: ULONG, // WOW64_POINTER
75}}
76pub type PLDRP_CSLIST32 = *mut LDRP_CSLIST32;
77UNION!{union LDR_DDAG_NODE32_u {
78    Dependencies: LDRP_CSLIST32,
79    RemovalLink: SINGLE_LIST_ENTRY32,
80}}
81STRUCT!{struct LDR_DDAG_NODE32 {
82    Modules: LIST_ENTRY32,
83    ServiceTagList: ULONG, // WOW64_POINTER
84    LoadCount: ULONG,
85    LoadWhileUnloadingCount: ULONG,
86    LowestLink: ULONG,
87    u: LDR_DDAG_NODE32_u,
88    IncomingDependencies: LDRP_CSLIST32,
89    State: LDR_DDAG_STATE,
90    CondenseLink: SINGLE_LIST_ENTRY32,
91    PreorderNumber: ULONG,
92}}
93pub type PLDR_DDAG_NODE32 = *mut LDR_DDAG_NODE32;
94pub const LDR_DATA_TABLE_ENTRY_SIZE_WINXP_32: usize = 80;
95pub const LDR_DATA_TABLE_ENTRY_SIZE_WIN7_32: usize = 144;
96pub const LDR_DATA_TABLE_ENTRY_SIZE_WIN8_32: usize = 152;
97UNION!{union LDR_DATA_TABLE_ENTRY32_u1 {
98    InInitializationOrderLinks: LIST_ENTRY32,
99    InProgressLinks: LIST_ENTRY32,
100}}
101UNION!{union LDR_DATA_TABLE_ENTRY32_u2 {
102    FlagGroup: [UCHAR; 4],
103    Flags: ULONG,
104}}
105STRUCT!{struct LDR_DATA_TABLE_ENTRY32 {
106    InLoadOrderLinks: LIST_ENTRY32,
107    InMemoryOrderLinks: LIST_ENTRY32,
108    u1: LDR_DATA_TABLE_ENTRY32_u1,
109    DllBase: ULONG, // WOW64_POINTER
110    EntryPoint: ULONG, // WOW64_POINTER
111    SizeOfImage: ULONG,
112    FullDllName: UNICODE_STRING32,
113    BaseDllName: UNICODE_STRING32,
114    u2: LDR_DATA_TABLE_ENTRY32_u2,
115    ObsoleteLoadCount: USHORT,
116    TlsIndex: USHORT,
117    HashLinks: LIST_ENTRY32,
118    TimeDateStamp: ULONG,
119    EntryPointActivationContext: ULONG, // WOW64_POINTER
120    Lock: ULONG, // WOW64_POINTER
121    DdagNode: ULONG, // WOW64_POINTER
122    NodeModuleLink: LIST_ENTRY32,
123    LoadContext: ULONG, // WOW64_POINTER
124    ParentDllBase: ULONG, // WOW64_POINTER
125    SwitchBackContext: ULONG, // WOW64_POINTER
126    BaseAddressIndexNode: RTL_BALANCED_NODE32,
127    MappingInfoIndexNode: RTL_BALANCED_NODE32,
128    OriginalBase: ULONG,
129    LoadTime: LARGE_INTEGER,
130    BaseNameHashValue: ULONG,
131    LoadReason: LDR_DLL_LOAD_REASON,
132    ImplicitPathOptions: ULONG,
133    ReferenceCount: ULONG,
134    DependentLoadFlags: ULONG,
135    SigningLevel: UCHAR,
136}}
137BITFIELD!{unsafe LDR_DATA_TABLE_ENTRY32_u2 Flags: ULONG [
138    PackagedBinary set_PackagedBinary[0..1],
139    MarkedForRemoval set_MarkedForRemoval[1..2],
140    ImageDll set_ImageDll[2..3],
141    LoadNotificationsSent set_LoadNotificationsSent[3..4],
142    TelemetryEntryProcessed set_TelemetryEntryProcessed[4..5],
143    ProcessStaticImport set_ProcessStaticImport[5..6],
144    InLegacyLists set_InLegacyLists[6..7],
145    InIndexes set_InIndexes[7..8],
146    ShimDll set_ShimDll[8..9],
147    InExceptionTable set_InExceptionTable[9..10],
148    ReservedFlags1 set_ReservedFlags1[10..12],
149    LoadInProgress set_LoadInProgress[12..13],
150    LoadConfigProcessed set_LoadConfigProcessed[13..14],
151    EntryProcessed set_EntryProcessed[14..15],
152    ProtectDelayLoad set_ProtectDelayLoad[15..16],
153    ReservedFlags3 set_ReservedFlags3[16..18],
154    DontCallForThreads set_DontCallForThreads[18..19],
155    ProcessAttachCalled set_ProcessAttachCalled[19..20],
156    ProcessAttachFailed set_ProcessAttachFailed[20..21],
157    CorDeferredValidate set_CorDeferredValidate[21..22],
158    CorImage set_CorImage[22..23],
159    DontRelocate set_DontRelocate[23..24],
160    CorILOnly set_CorILOnly[24..25],
161    ReservedFlags5 set_ReservedFlags5[25..28],
162    Redirected set_Redirected[28..29],
163    ReservedFlags6 set_ReservedFlags6[29..31],
164    CompatDatabaseProcessed set_CompatDatabaseProcessed[31..32],
165]}
166pub type PLDR_DATA_TABLE_ENTRY32 = *mut LDR_DATA_TABLE_ENTRY32;
167STRUCT!{struct CURDIR32 {
168    DosPath: UNICODE_STRING32,
169    Handle: ULONG, // WOW64_POINTER
170}}
171pub type PCURDIR32 = *mut CURDIR32;
172STRUCT!{struct RTL_DRIVE_LETTER_CURDIR32 {
173    Flags: USHORT,
174    Length: USHORT,
175    TimeStamp: ULONG,
176    DosPath: STRING32,
177}}
178pub type PRTL_DRIVE_LETTER_CURDIR32 = *mut RTL_DRIVE_LETTER_CURDIR32;
179STRUCT!{struct RTL_USER_PROCESS_PARAMETERS32 {
180    MaximumLength: ULONG,
181    Length: ULONG,
182    Flags: ULONG,
183    DebugFlags: ULONG,
184    ConsoleHandle: ULONG, // WOW64_POINTER
185    ConsoleFlags: ULONG,
186    StandardInput: ULONG, // WOW64_POINTER
187    StandardOutput: ULONG, // WOW64_POINTER
188    StandardError: ULONG, // WOW64_POINTER
189    CurrentDirectory: CURDIR32,
190    DllPath: UNICODE_STRING32,
191    ImagePathName: UNICODE_STRING32,
192    CommandLine: UNICODE_STRING32,
193    Environment: ULONG, // WOW64_POINTER
194    StartingX: ULONG,
195    StartingY: ULONG,
196    CountX: ULONG,
197    CountY: ULONG,
198    CountCharsX: ULONG,
199    CountCharsY: ULONG,
200    FillAttribute: ULONG,
201    WindowFlags: ULONG,
202    ShowWindowFlags: ULONG,
203    WindowTitle: UNICODE_STRING32,
204    DesktopInfo: UNICODE_STRING32,
205    ShellInfo: UNICODE_STRING32,
206    RuntimeData: UNICODE_STRING32,
207    CurrentDirectories: [RTL_DRIVE_LETTER_CURDIR32; RTL_MAX_DRIVE_LETTERS],
208    EnvironmentSize: ULONG,
209    EnvironmentVersion: ULONG,
210    PackageDependencyData: ULONG, // WOW64_POINTER
211    ProcessGroupId: ULONG,
212    LoaderThreads: ULONG,
213}}
214pub type PRTL_USER_PROCESS_PARAMETERS32 = *mut RTL_USER_PROCESS_PARAMETERS32;
215UNION!{union PEB32_u {
216    KernelCallbackTable: ULONG, // WOW64_POINTER
217    UserSharedInfoPtr: ULONG, // WOW64_POINTER
218}}
219STRUCT!{struct PEB32 {
220    InheritedAddressSpace: BOOLEAN,
221    ReadImageFileExecOptions: BOOLEAN,
222    BeingDebugged: BOOLEAN,
223    BitField: BOOLEAN,
224    Mutant: ULONG, // WOW64_POINTER
225    ImageBaseAddress: ULONG, // WOW64_POINTER
226    Ldr: ULONG, // WOW64_POINTER
227    ProcessParameters: ULONG, // WOW64_POINTER
228    SubSystemData: ULONG, // WOW64_POINTER
229    ProcessHeap: ULONG, // WOW64_POINTER
230    FastPebLock: ULONG, // WOW64_POINTER
231    AtlThunkSListPtr: ULONG, // WOW64_POINTER
232    IFEOKey: ULONG, // WOW64_POINTER
233    CrossProcessFlags: ULONG,
234    u: PEB32_u,
235    SystemReserved: [ULONG; 1],
236    AtlThunkSListPtr32: ULONG,
237    ApiSetMap: ULONG, // WOW64_POINTER
238    TlsExpansionCounter: ULONG,
239    TlsBitmap: ULONG, // WOW64_POINTER
240    TlsBitmapBits: [ULONG; 2],
241    ReadOnlySharedMemoryBase: ULONG, // WOW64_POINTER
242    HotpatchInformation: ULONG, // WOW64_POINTER
243    ReadOnlyStaticServerData: ULONG, // WOW64_POINTER
244    AnsiCodePageData: ULONG, // WOW64_POINTER
245    OemCodePageData: ULONG, // WOW64_POINTER
246    UnicodeCaseTableData: ULONG, // WOW64_POINTER
247    NumberOfProcessors: ULONG,
248    NtGlobalFlag: ULONG,
249    CriticalSectionTimeout: LARGE_INTEGER,
250    HeapSegmentReserve: ULONG,
251    HeapSegmentCommit: ULONG,
252    HeapDeCommitTotalFreeThreshold: ULONG,
253    HeapDeCommitFreeBlockThreshold: ULONG,
254    NumberOfHeaps: ULONG,
255    MaximumNumberOfHeaps: ULONG,
256    ProcessHeaps: ULONG, // WOW64_POINTER
257    GdiSharedHandleTable: ULONG, // WOW64_POINTER
258    ProcessStarterHelper: ULONG, // WOW64_POINTER
259    GdiDCAttributeList: ULONG,
260    LoaderLock: ULONG, // WOW64_POINTER
261    OSMajorVersion: ULONG,
262    OSMinorVersion: ULONG,
263    OSBuildNumber: USHORT,
264    OSCSDVersion: USHORT,
265    OSPlatformId: ULONG,
266    ImageSubsystem: ULONG,
267    ImageSubsystemMajorVersion: ULONG,
268    ImageSubsystemMinorVersion: ULONG,
269    ActiveProcessAffinityMask: ULONG,
270    GdiHandleBuffer: GDI_HANDLE_BUFFER32,
271    PostProcessInitRoutine: ULONG, // WOW64_POINTER
272    TlsExpansionBitmap: ULONG, // WOW64_POINTER
273    TlsExpansionBitmapBits: [ULONG; 32],
274    SessionId: ULONG,
275    AppCompatFlags: ULARGE_INTEGER,
276    AppCompatFlagsUser: ULARGE_INTEGER,
277    pShimData: ULONG, // WOW64_POINTER
278    AppCompatInfo: ULONG, // WOW64_POINTER
279    CSDVersion: UNICODE_STRING32,
280    ActivationContextData: ULONG, // WOW64_POINTER
281    ProcessAssemblyStorageMap: ULONG, // WOW64_POINTER
282    SystemDefaultActivationContextData: ULONG, // WOW64_POINTER
283    SystemAssemblyStorageMap: ULONG, // WOW64_POINTER
284    MinimumStackCommit: ULONG,
285    FlsCallback: ULONG, // WOW64_POINTER
286    FlsListHead: LIST_ENTRY32,
287    FlsBitmap: ULONG, // WOW64_POINTER
288    FlsBitmapBits: [ULONG; FLS_MAXIMUM_AVAILABLE as usize / (size_of::<ULONG>() * 8)],
289    FlsHighIndex: ULONG,
290    WerRegistrationData: ULONG, // WOW64_POINTER
291    WerShipAssertPtr: ULONG, // WOW64_POINTER
292    pContextData: ULONG, // WOW64_POINTER
293    pImageHeaderHash: ULONG, // WOW64_POINTER
294    TracingFlags: ULONG,
295    CsrServerReadOnlySharedMemoryBase: ULONGLONG,
296    TppWorkerpListLock: ULONG, // WOW64_POINTER
297    TppWorkerpList: LIST_ENTRY32,
298    WaitOnAddressHashTable: [ULONG; 128], // WOW64_POINTER
299    TelemetryCoverageHeader: ULONG, // WOW64_POINTER
300    CloudFileFlags: ULONG,
301    CloudFileDiagFlags: ULONG,
302    PlaceholderCompatibilityMode: CHAR,
303    PlaceholderCompatibilityModeReserved: [CHAR; 7],
304}}
305BITFIELD!{PEB32 BitField: BOOLEAN [
306    ImageUsesLargePages set_ImageUsesLargePages[0..1],
307    IsProtectedProcess set_IsProtectedProcess[1..2],
308    IsImageDynamicallyRelocated set_IsImageDynamicallyRelocated[2..3],
309    SkipPatchingUser32Forwarders set_SkipPatchingUser32Forwarders[3..4],
310    IsPackagedProcess set_IsPackagedProcess[4..5],
311    IsAppContainer set_IsAppContainer[5..6],
312    IsProtectedProcessLight set_IsProtectedProcessLight[6..7],
313    IsLongPathAwareProcess set_IsLongPathAwareProcess[7..8],
314]}
315BITFIELD!{PEB32 CrossProcessFlags: ULONG [
316    ProcessInJob set_ProcessInJob[0..1],
317    ProcessInitializing set_ProcessInitializing[1..2],
318    ProcessUsingVEH set_ProcessUsingVEH[2..3],
319    ProcessUsingVCH set_ProcessUsingVCH[3..4],
320    ProcessUsingFTH set_ProcessUsingFTH[4..5],
321    ReservedBits0 set_ReservedBits0[5..32],
322]}
323BITFIELD!{PEB32 TracingFlags: ULONG [
324    HeapTracingEnabled set_HeapTracingEnabled[0..1],
325    CritSecTracingEnabled set_CritSecTracingEnabled[1..2],
326    LibLoaderTracingEnabled set_LibLoaderTracingEnabled[2..3],
327    SpareTracingBits set_SpareTracingBits[3..32],
328]}
329pub type PPEB32 = *mut PEB32;
330pub const GDI_BATCH_BUFFER_SIZE: usize = 310;
331STRUCT!{struct GDI_TEB_BATCH32 {
332    Offset: ULONG,
333    HDC: ULONG,
334    Buffer: [ULONG; GDI_BATCH_BUFFER_SIZE],
335}}
336pub type PGDI_TEB_BATCH32 = *mut GDI_TEB_BATCH32;
337STRUCT!{struct TEB32_u_s {
338    ReservedPad0: UCHAR,
339    ReservedPad1: UCHAR,
340    ReservedPad2: UCHAR,
341    IdealProcessor: UCHAR,
342}}
343UNION!{union TEB32_u {
344    CurrentIdealProcessor: PROCESSOR_NUMBER,
345    IdealProcessorValue: ULONG,
346    s: TEB32_u_s,
347}}
348STRUCT!{struct TEB32 {
349    NtTib: NT_TIB32,
350    EnvironmentPointer: ULONG, // WOW64_POINTER
351    ClientId: CLIENT_ID32,
352    ActiveRpcHandle: ULONG, // WOW64_POINTER
353    ThreadLocalStoragePointer: ULONG, // WOW64_POINTER
354    ProcessEnvironmentBlock: ULONG, // WOW64_POINTER
355    LastErrorValue: ULONG,
356    CountOfOwnedCriticalSections: ULONG,
357    CsrClientThread: ULONG, // WOW64_POINTER
358    Win32ThreadInfo: ULONG, // WOW64_POINTER
359    User32Reserved: [ULONG; 26],
360    UserReserved: [ULONG; 5],
361    WOW32Reserved: ULONG, // WOW64_POINTER
362    CurrentLocale: LCID,
363    FpSoftwareStatusRegister: ULONG,
364    ReservedForDebuggerInstrumentation: [ULONG; 16], // WOW64_POINTER
365    SystemReserved1: [ULONG; 36], // WOW64_POINTER
366    WorkingOnBehalfTicket: [UCHAR; 8],
367    ExceptionCode: NTSTATUS,
368    ActivationContextStackPointer: ULONG, // WOW64_POINTER
369    InstrumentationCallbackSp: ULONG,
370    InstrumentationCallbackPreviousPc: ULONG,
371    InstrumentationCallbackPreviousSp: ULONG,
372    InstrumentationCallbackDisabled: BOOLEAN,
373    SpareBytes: [UCHAR; 23],
374    TxFsContext: ULONG,
375    GdiTebBatch: GDI_TEB_BATCH32,
376    RealClientId: CLIENT_ID32,
377    GdiCachedProcessHandle: ULONG, // WOW64_POINTER
378    GdiClientPID: ULONG,
379    GdiClientTID: ULONG,
380    GdiThreadLocalInfo: ULONG, // WOW64_POINTER
381    Win32ClientInfo: [ULONG; 62],
382    glDispatchTable: [ULONG; 233], // WOW64_POINTER
383    glReserved1: [ULONG; 29], // WOW64_POINTER
384    glReserved2: ULONG, // WOW64_POINTER
385    glSectionInfo: ULONG, // WOW64_POINTER
386    glSection: ULONG, // WOW64_POINTER
387    glTable: ULONG, // WOW64_POINTER
388    glCurrentRC: ULONG, // WOW64_POINTER
389    glContext: ULONG, // WOW64_POINTER
390    LastStatusValue: NTSTATUS,
391    StaticUnicodeString: UNICODE_STRING32,
392    StaticUnicodeBuffer: [WCHAR; 261],
393    DeallocationStack: ULONG, // WOW64_POINTER
394    TlsSlots: [ULONG; 64], // WOW64_POINTER
395    TlsLinks: LIST_ENTRY32,
396    Vdm: ULONG, // WOW64_POINTER
397    ReservedForNtRpc: ULONG, // WOW64_POINTER
398    DbgSsReserved: [ULONG; 2], // WOW64_POINTER
399    HardErrorMode: ULONG,
400    Instrumentation: [ULONG; 9], // WOW64_POINTER
401    ActivityId: GUID,
402    SubProcessTag: ULONG, // WOW64_POINTER
403    PerflibData: ULONG, // WOW64_POINTER
404    EtwTraceData: ULONG, // WOW64_POINTER
405    WinSockData: ULONG, // WOW64_POINTER
406    GdiBatchCount: ULONG,
407    u: TEB32_u,
408    GuaranteedStackBytes: ULONG,
409    ReservedForPerf: ULONG, // WOW64_POINTER
410    ReservedForOle: ULONG, // WOW64_POINTER
411    WaitingOnLoaderLock: ULONG,
412    SavedPriorityState: ULONG, // WOW64_POINTER
413    ReservedForCodeCoverage: ULONG,
414    ThreadPoolData: ULONG, // WOW64_POINTER
415    TlsExpansionSlots: ULONG, // WOW64_POINTER
416    MuiGeneration: ULONG,
417    IsImpersonating: ULONG,
418    NlsCache: ULONG, // WOW64_POINTER
419    pShimData: ULONG, // WOW64_POINTER
420    HeapVirtualAffinity: USHORT,
421    LowFragHeapDataSlot: USHORT,
422    CurrentTransactionHandle: ULONG, // WOW64_POINTER
423    ActiveFrame: ULONG, // WOW64_POINTER
424    FlsData: ULONG, // WOW64_POINTER
425    PreferredLanguages: ULONG, // WOW64_POINTER
426    UserPrefLanguages: ULONG, // WOW64_POINTER
427    MergedPrefLanguages: ULONG, // WOW64_POINTER
428    MuiImpersonation: ULONG,
429    CrossTebFlags: USHORT,
430    SameTebFlags: USHORT,
431    TxnScopeEnterCallback: ULONG, // WOW64_POINTER
432    TxnScopeExitCallback: ULONG, // WOW64_POINTER
433    TxnScopeContext: ULONG, // WOW64_POINTER
434    LockCount: ULONG,
435    WowTebOffset: LONG,
436    ResourceRetValue: ULONG, // WOW64_POINTER
437    ReservedForWdf: ULONG, // WOW64_POINTER
438    ReservedForCrt: ULONGLONG,
439    EffectiveContainerId: GUID,
440}}
441BITFIELD!{TEB32 SameTebFlags: USHORT [
442    SafeThunkCall set_SafeThunkCall[0..1],
443    InDebugPrint set_InDebugPrint[1..2],
444    HasFiberData set_HasFiberData[2..3],
445    SkipThreadAttach set_SkipThreadAttach[3..4],
446    WerInShipAssertCode set_WerInShipAssertCode[4..5],
447    RanProcessInit set_RanProcessInit[5..6],
448    ClonedThread set_ClonedThread[6..7],
449    SuppressDebugMsg set_SuppressDebugMsg[7..8],
450    DisableUserStackWalk set_DisableUserStackWalk[8..9],
451    RtlExceptionAttached set_RtlExceptionAttached[9..10],
452    InitialThread set_InitialThread[10..11],
453    SessionAware set_SessionAware[11..12],
454    LoadOwner set_LoadOwner[12..13],
455    LoaderWorker set_LoaderWorker[13..14],
456    SpareSameTebBits set_SpareSameTebBits[14..16],
457]}
458pub type PTEB32 = *mut TEB32;
459#[inline]
460pub fn UStr32ToUStr(
461    Destination: &mut UNICODE_STRING,
462    Source: &UNICODE_STRING32,
463) {
464    Destination.Length = Source.Length;
465    Destination.MaximumLength = Source.MaximumLength;
466    Destination.Buffer = Source.Buffer as *mut u16;
467}
468#[inline]
469pub fn UStrToUStr32(
470    Destination: &mut UNICODE_STRING32,
471    Source: &UNICODE_STRING,
472) {
473    Destination.Length = Source.Length;
474    Destination.MaximumLength = Source.MaximumLength;
475    Destination.Buffer = Source.Buffer as u32;
476}
ntapi/ntwow64.rs

ntapi/
ntwow64.rs
