1 use core::ptr::null_mut;
2 use crate::ntapi_base::{CLIENT_ID, PCLIENT_ID};
3 use crate::ntexapi::{RTL_PROCESS_BACKTRACES, RTL_PROCESS_LOCKS};
4 use crate::ntioapi::FILE_INFORMATION_CLASS;
5 use crate::ntldr::{RTL_PROCESS_MODULES, RTL_PROCESS_MODULE_INFORMATION_EX};
6 use crate::ntmmapi::SECTION_IMAGE_INFORMATION;
7 use crate::ntnls::{PCPTABLEINFO, PNLSTABLEINFO};
8 use crate::ntpebteb::{PPEB, PTEB_ACTIVE_FRAME};
9 use crate::ntpsapi::{PINITIAL_TEB, PPS_APC_ROUTINE, PS_PROTECTION};
10 use crate::ntapi_base::{PRTL_ATOM, RTL_ATOM};
11 use crate::string::UTF16Const;
12 use winapi::ctypes::c_void;
13 use winapi::shared::basetsd::{PULONG64, ULONG32, ULONG64, PSIZE_T, PULONG_PTR, SIZE_T, ULONG_PTR};
14 use winapi::shared::guiddef::GUID;
15 use winapi::shared::in6addr::in6_addr;
16 use winapi::shared::inaddr::in_addr;
17 use winapi::shared::minwindef::{BOOL, DWORD, PBOOL};
18 #[cfg(target_arch = "x86_64")]
19 use winapi::shared::ntdef::{LARGE_INTEGER, RTL_BALANCED_NODE};
20 use winapi::shared::ntdef::{
21 BOOLEAN, CCHAR, CHAR, CLONG, CSHORT, HANDLE, LCID, LIST_ENTRY, LOGICAL, LONG, LUID, NTSTATUS,
22 PANSI_STRING, PBOOLEAN, PCANSI_STRING, PCCH, PCH, PCHAR, PCOEM_STRING, PCSZ, PCUNICODE_STRING,
23 PCWCH, PCWSTR, PHANDLE, PLARGE_INTEGER, PLCID, PLIST_ENTRY, PLONG, PLUID, PNT_PRODUCT_TYPE,
24 POEM_STRING, PPROCESSOR_NUMBER, PRTL_BALANCED_NODE, PSINGLE_LIST_ENTRY, PSTR, PSTRING, PUCHAR,
25 PULONG, PULONGLONG, PUNICODE_STRING, PUSHORT, PVOID, PWCH, PWCHAR, PWSTR, SINGLE_LIST_ENTRY,
26 STRING, UCHAR, ULONG, ULONGLONG, UNICODE_STRING, USHORT, VOID, WCHAR,
27 };
28 use winapi::um::minwinbase::PTHREAD_START_ROUTINE;
29 #[cfg(target_arch = "x86_64")]
30 use winapi::um::winnt::{PGET_RUNTIME_FUNCTION_CALLBACK, PRUNTIME_FUNCTION, PWOW64_CONTEXT};
31 use winapi::um::winnt::{
32 ACCESS_MASK, ACL_INFORMATION_CLASS, APC_CALLBACK_FUNCTION, HEAP_INFORMATION_CLASS,
33 HEAP_REALLOC_IN_PLACE_ONLY, HEAP_ZERO_MEMORY, OS_DEPLOYEMENT_STATE_VALUES, PACCESS_MASK, PACL,
34 PCONTEXT, PEXCEPTION_POINTERS, PEXCEPTION_RECORD, PFLS_CALLBACK_FUNCTION, PGENERIC_MAPPING,
35 PIMAGE_NT_HEADERS, PIMAGE_SECTION_HEADER, PLUID_AND_ATTRIBUTES, PMESSAGE_RESOURCE_ENTRY,
36 PPERFORMANCE_DATA, PRTL_BARRIER, PRTL_CONDITION_VARIABLE, PRTL_CRITICAL_SECTION,
37 PRTL_OSVERSIONINFOEXW, PRTL_OSVERSIONINFOW, PRTL_RESOURCE_DEBUG, PRTL_SRWLOCK,
38 PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR_CONTROL, PSID, PSID_AND_ATTRIBUTES,
39 PSID_AND_ATTRIBUTES_HASH, PSID_IDENTIFIER_AUTHORITY, PVECTORED_EXCEPTION_HANDLER,
40 PXSAVE_AREA_HEADER, RTL_CRITICAL_SECTION, RTL_SRWLOCK, SECURITY_DESCRIPTOR_CONTROL,
41 SECURITY_IMPERSONATION_LEVEL, SECURITY_INFORMATION, WAITORTIMERCALLBACKFUNC,
42 WORKERCALLBACKFUNC,
43 };
44 use winapi::vc::vadefs::va_list;
45 #[inline]
InitializeListHead(ListHead: &mut LIST_ENTRY)46 pub fn InitializeListHead(ListHead: &mut LIST_ENTRY) {
47 ListHead.Flink = ListHead;
48 ListHead.Blink = ListHead;
49 }
50 #[inline]
IsListEmpty(ListHead: &LIST_ENTRY) -> bool51 pub fn IsListEmpty(ListHead: &LIST_ENTRY) -> bool {
52 ListHead.Flink as *const _ == ListHead as *const _
53 }
54 #[inline]
RemoveEntryList(Entry: &mut LIST_ENTRY) -> bool55 pub unsafe fn RemoveEntryList(Entry: &mut LIST_ENTRY) -> bool {
56 let (Blink, Flink) = (Entry.Blink, Entry.Flink);
57 (*Blink).Flink = Flink;
58 (*Flink).Blink = Blink;
59 Flink == Blink
60 }
61 #[inline]
RemoveHeadList(ListHead: &mut LIST_ENTRY) -> PLIST_ENTRY62 pub unsafe fn RemoveHeadList(ListHead: &mut LIST_ENTRY) -> PLIST_ENTRY {
63 let Entry = ListHead.Flink;
64 let Flink = (*Entry).Flink;
65 ListHead.Flink = Flink;
66 (*Flink).Blink = ListHead;
67 Entry
68 }
69 #[inline]
RemoveTailList(ListHead: &mut LIST_ENTRY) -> PLIST_ENTRY70 pub unsafe fn RemoveTailList(ListHead: &mut LIST_ENTRY) -> PLIST_ENTRY {
71 let Entry = ListHead.Blink;
72 let Blink = (*Entry).Blink;
73 ListHead.Blink = Blink;
74 (*Blink).Flink = ListHead;
75 Entry
76 }
77 #[inline]
InsertTailList(ListHead: &mut LIST_ENTRY, Entry: &mut LIST_ENTRY)78 pub unsafe fn InsertTailList(ListHead: &mut LIST_ENTRY, Entry: &mut LIST_ENTRY) {
79 let Blink = ListHead.Blink;
80 Entry.Flink = ListHead;
81 Entry.Blink = Blink;
82 (*Blink).Flink = Entry;
83 ListHead.Blink = Entry;
84 }
85 #[inline]
InsertHeadList(ListHead: &mut LIST_ENTRY, Entry: &mut LIST_ENTRY)86 pub unsafe fn InsertHeadList(ListHead: &mut LIST_ENTRY, Entry: &mut LIST_ENTRY) {
87 let Flink = ListHead.Flink;
88 Entry.Flink = Flink;
89 Entry.Blink = ListHead;
90 (*Flink).Blink = Entry;
91 ListHead.Flink = Entry;
92 }
93 #[inline]
AppendTailList(ListHead: &mut LIST_ENTRY, ListToAppend: &mut LIST_ENTRY)94 pub unsafe fn AppendTailList(ListHead: &mut LIST_ENTRY, ListToAppend: &mut LIST_ENTRY) {
95 let ListEnd = ListHead.Blink;
96 (*ListHead.Blink).Flink = ListToAppend;
97 ListHead.Blink = ListToAppend.Blink;
98 (*ListToAppend.Blink).Flink = ListHead;
99 ListToAppend.Blink = ListEnd;
100 }
101 #[inline]
PopEntryList(ListHead: &mut SINGLE_LIST_ENTRY) -> PSINGLE_LIST_ENTRY102 pub unsafe fn PopEntryList(ListHead: &mut SINGLE_LIST_ENTRY) -> PSINGLE_LIST_ENTRY {
103 let FirstEntry = ListHead.Next;
104 if !FirstEntry.is_null() {
105 ListHead.Next = (*FirstEntry).Next;
106 }
107 FirstEntry
108 }
109 #[inline]
PushEntryList(ListHead: &mut SINGLE_LIST_ENTRY, Entry: &mut SINGLE_LIST_ENTRY)110 pub fn PushEntryList(ListHead: &mut SINGLE_LIST_ENTRY, Entry: &mut SINGLE_LIST_ENTRY) {
111 Entry.Next = ListHead.Next;
112 ListHead.Next = Entry;
113 }
114 ENUM!{enum TABLE_SEARCH_RESULT {
115 TableEmptyTree = 0,
116 TableFoundNode = 1,
117 TableInsertAsLeft = 2,
118 TableInsertAsRight = 3,
119 }}
120 ENUM!{enum RTL_GENERIC_COMPARE_RESULTS {
121 GenericLessThan = 0,
122 GenericGreaterThan = 1,
123 GenericEqual = 2,
124 }}
125 FN!{stdcall PRTL_AVL_COMPARE_ROUTINE(
126 Table: *mut RTL_AVL_TABLE,
127 FirstStruct: PVOID,
128 SecondStruct: PVOID,
129 ) -> RTL_GENERIC_COMPARE_RESULTS}
130 FN!{stdcall PRTL_AVL_ALLOCATE_ROUTINE(
131 Table: *mut RTL_AVL_TABLE,
132 ByteSize: CLONG,
133 ) -> PVOID}
134 FN!{stdcall PRTL_AVL_FREE_ROUTINE(
135 Table: *mut RTL_AVL_TABLE,
136 Buffer: PVOID,
137 ) -> ()}
138 FN!{stdcall PRTL_AVL_MATCH_FUNCTION(
139 Table: *mut RTL_AVL_TABLE,
140 UserData: PVOID,
141 MatchData: PVOID,
142 ) -> NTSTATUS}
143 STRUCT!{struct RTL_BALANCED_LINKS {
144 Parent: *mut RTL_BALANCED_LINKS,
145 LeftChild: *mut RTL_BALANCED_LINKS,
146 RightChild: *mut RTL_BALANCED_LINKS,
147 Balance: CHAR,
148 Reserved: [UCHAR; 3],
149 }}
150 pub type PRTL_BALANCED_LINKS = *mut RTL_BALANCED_LINKS;
151 STRUCT!{struct RTL_AVL_TABLE {
152 BalancedRoot: RTL_BALANCED_LINKS,
153 OrderedPointer: PVOID,
154 WhichOrderedElement: ULONG,
155 NumberGenericTableElements: ULONG,
156 DepthOfTree: ULONG,
157 RestartKey: PRTL_BALANCED_LINKS,
158 DeleteCount: ULONG,
159 CompareRoutine: PRTL_AVL_COMPARE_ROUTINE,
160 AllocateRoutine: PRTL_AVL_ALLOCATE_ROUTINE,
161 FreeRoutine: PRTL_AVL_FREE_ROUTINE,
162 TableContext: PVOID,
163 }}
164 pub type PRTL_AVL_TABLE = *mut RTL_AVL_TABLE;
165 EXTERN!{extern "system" {
166 fn RtlInitializeGenericTableAvl(
167 Table: PRTL_AVL_TABLE,
168 CompareRoutine: PRTL_AVL_COMPARE_ROUTINE,
169 AllocateRoutine: PRTL_AVL_ALLOCATE_ROUTINE,
170 FreeRoutine: PRTL_AVL_FREE_ROUTINE,
171 TableContext: PVOID,
172 );
173 fn RtlInsertElementGenericTableAvl(
174 Table: PRTL_AVL_TABLE,
175 Buffer: PVOID,
176 BufferSize: CLONG,
177 NewElement: PBOOLEAN,
178 ) -> PVOID;
179 fn RtlInsertElementGenericTableFullAvl(
180 Table: PRTL_AVL_TABLE,
181 Buffer: PVOID,
182 BufferSize: CLONG,
183 NewElement: PBOOLEAN,
184 NodeOrParent: PVOID,
185 SearchResult: TABLE_SEARCH_RESULT,
186 ) -> PVOID;
187 fn RtlDeleteElementGenericTableAvl(
188 Table: PRTL_AVL_TABLE,
189 Buffer: PVOID,
190 ) -> BOOLEAN;
191 fn RtlLookupElementGenericTableAvl(
192 Table: PRTL_AVL_TABLE,
193 Buffer: PVOID,
194 ) -> PVOID;
195 fn RtlLookupElementGenericTableFullAvl(
196 Table: PRTL_AVL_TABLE,
197 Buffer: PVOID,
198 NodeOrParent: *mut PVOID,
199 SearchResult: *mut TABLE_SEARCH_RESULT,
200 ) -> PVOID;
201 fn RtlEnumerateGenericTableAvl(
202 Table: PRTL_AVL_TABLE,
203 Restart: BOOLEAN,
204 ) -> PVOID;
205 fn RtlEnumerateGenericTableWithoutSplayingAvl(
206 Table: PRTL_AVL_TABLE,
207 RestartKey: *mut PVOID,
208 ) -> PVOID;
209 fn RtlLookupFirstMatchingElementGenericTableAvl(
210 Table: PRTL_AVL_TABLE,
211 Buffer: PVOID,
212 RestartKey: *mut PVOID,
213 ) -> PVOID;
214 fn RtlEnumerateGenericTableLikeADirectory(
215 Table: PRTL_AVL_TABLE,
216 MatchFunction: PRTL_AVL_MATCH_FUNCTION,
217 MatchData: PVOID,
218 NextFlag: ULONG,
219 RestartKey: *mut PVOID,
220 DeleteCount: PULONG,
221 Buffer: PVOID,
222 ) -> PVOID;
223 fn RtlGetElementGenericTableAvl(
224 Table: PRTL_AVL_TABLE,
225 I: ULONG,
226 ) -> PVOID;
227 fn RtlNumberGenericTableElementsAvl(
228 Table: PRTL_AVL_TABLE,
229 ) -> ULONG;
230 fn RtlIsGenericTableEmptyAvl(
231 Table: PRTL_AVL_TABLE,
232 ) -> BOOLEAN;
233 }}
234 STRUCT!{struct RTL_SPLAY_LINKS {
235 Parent: *mut RTL_SPLAY_LINKS,
236 LeftChild: *mut RTL_SPLAY_LINKS,
237 RightChild: *mut RTL_SPLAY_LINKS,
238 }}
239 pub type PRTL_SPLAY_LINKS = *mut RTL_SPLAY_LINKS;
240 #[inline]
RtlInitializeSplayLinks(Links: &mut RTL_SPLAY_LINKS)241 pub fn RtlInitializeSplayLinks(Links: &mut RTL_SPLAY_LINKS) {
242 Links.Parent = Links;
243 Links.LeftChild = null_mut();
244 Links.RightChild = null_mut();
245 }
246 #[inline]
RtlParent(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS247 pub const fn RtlParent(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS {
248 Links.Parent
249 }
250 #[inline]
RtlLeftChild(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS251 pub const fn RtlLeftChild(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS {
252 Links.LeftChild
253 }
254 #[inline]
RtlRightChild(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS255 pub const fn RtlRightChild(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS {
256 Links.RightChild
257 }
258 #[inline]
RtlIsRoot(Links: *const RTL_SPLAY_LINKS) -> bool259 pub unsafe fn RtlIsRoot(Links: *const RTL_SPLAY_LINKS) -> bool {
260 (*Links).Parent as *const _ == Links
261 }
262 #[inline]
RtlIsLeftChild(Links: *const RTL_SPLAY_LINKS) -> bool263 pub unsafe fn RtlIsLeftChild(Links: *const RTL_SPLAY_LINKS) -> bool {
264 RtlLeftChild(&*RtlParent(&*Links)) as *const _ == Links
265 }
266 #[inline]
RtlIsRightChild(Links: *const RTL_SPLAY_LINKS) -> bool267 pub unsafe fn RtlIsRightChild(Links: *const RTL_SPLAY_LINKS) -> bool {
268 RtlRightChild(&*RtlParent(&*Links)) as *const _ == Links
269 }
270 #[inline]
RtlInsertAsLeftChild( ParentLinks: &mut RTL_SPLAY_LINKS, ChildLinks: &mut RTL_SPLAY_LINKS, )271 pub fn RtlInsertAsLeftChild(
272 ParentLinks: &mut RTL_SPLAY_LINKS,
273 ChildLinks: &mut RTL_SPLAY_LINKS,
274 ) {
275 ParentLinks.LeftChild = ChildLinks;
276 ChildLinks.Parent = ParentLinks;
277 }
278 #[inline]
RtlInsertAsRightChild( ParentLinks: &mut RTL_SPLAY_LINKS, ChildLinks: &mut RTL_SPLAY_LINKS, )279 pub fn RtlInsertAsRightChild(
280 ParentLinks: &mut RTL_SPLAY_LINKS,
281 ChildLinks: &mut RTL_SPLAY_LINKS,
282 ) {
283 ParentLinks.RightChild = ChildLinks;
284 ChildLinks.Parent = ParentLinks;
285 }
286 EXTERN!{extern "system" {
287 fn RtlSplay(
288 Links: PRTL_SPLAY_LINKS,
289 ) -> PRTL_SPLAY_LINKS;
290 fn RtlDelete(
291 Links: PRTL_SPLAY_LINKS,
292 ) -> PRTL_SPLAY_LINKS;
293 fn RtlDeleteNoSplay(
294 Links: PRTL_SPLAY_LINKS,
295 Root: *mut PRTL_SPLAY_LINKS,
296 );
297 fn RtlSubtreeSuccessor(
298 Links: PRTL_SPLAY_LINKS,
299 ) -> PRTL_SPLAY_LINKS;
300 fn RtlSubtreePredecessor(
301 Links: PRTL_SPLAY_LINKS,
302 ) -> PRTL_SPLAY_LINKS;
303 fn RtlRealSuccessor(
304 Links: PRTL_SPLAY_LINKS,
305 ) -> PRTL_SPLAY_LINKS;
306 fn RtlRealPredecessor(
307 Links: PRTL_SPLAY_LINKS,
308 ) -> PRTL_SPLAY_LINKS;
309 }}
310 FN!{stdcall PRTL_GENERIC_COMPARE_ROUTINE(
311 Table: *mut RTL_GENERIC_TABLE,
312 FirstStruct: PVOID,
313 SecondStruct: PVOID,
314 ) -> RTL_GENERIC_COMPARE_RESULTS}
315 FN!{stdcall PRTL_GENERIC_ALLOCATE_ROUTINE(
316 Table: *mut RTL_GENERIC_TABLE,
317 ByteSize: CLONG,
318 ) -> PVOID}
319 FN!{stdcall PRTL_GENERIC_FREE_ROUTINE(
320 Table: *mut RTL_GENERIC_TABLE,
321 Buffer: PVOID,
322 ) -> ()}
323 STRUCT!{struct RTL_GENERIC_TABLE {
324 TableRoot: PRTL_SPLAY_LINKS,
325 InsertOrderList: LIST_ENTRY,
326 OrderedPointer: PLIST_ENTRY,
327 WhichOrderedElement: ULONG,
328 NumberGenericTableElements: ULONG,
329 CompareRoutine: PRTL_GENERIC_COMPARE_ROUTINE,
330 AllocateRoutine: PRTL_GENERIC_ALLOCATE_ROUTINE,
331 FreeRoutine: PRTL_GENERIC_FREE_ROUTINE,
332 TableContext: PVOID,
333 }}
334 pub type PRTL_GENERIC_TABLE = *mut RTL_GENERIC_TABLE;
335 EXTERN!{extern "system" {
336 fn RtlInitializeGenericTable(
337 Table: PRTL_GENERIC_TABLE,
338 CompareRoutine: PRTL_GENERIC_COMPARE_ROUTINE,
339 AllocateRoutine: PRTL_GENERIC_ALLOCATE_ROUTINE,
340 FreeRoutine: PRTL_GENERIC_FREE_ROUTINE,
341 TableContext: PVOID,
342 );
343 fn RtlInsertElementGenericTable(
344 Table: PRTL_GENERIC_TABLE,
345 Buffer: PVOID,
346 BufferSize: CLONG,
347 NewElement: PBOOLEAN,
348 ) -> PVOID;
349 fn RtlInsertElementGenericTableFull(
350 Table: PRTL_GENERIC_TABLE,
351 Buffer: PVOID,
352 BufferSize: CLONG,
353 NewElement: PBOOLEAN,
354 NodeOrParent: PVOID,
355 SearchResult: TABLE_SEARCH_RESULT,
356 ) -> PVOID;
357 fn RtlDeleteElementGenericTable(
358 Table: PRTL_GENERIC_TABLE,
359 Buffer: PVOID,
360 ) -> BOOLEAN;
361 fn RtlLookupElementGenericTable(
362 Table: PRTL_GENERIC_TABLE,
363 Buffer: PVOID,
364 ) -> PVOID;
365 fn RtlLookupElementGenericTableFull(
366 Table: PRTL_GENERIC_TABLE,
367 Buffer: PVOID,
368 NodeOrParent: *mut PVOID,
369 SearchResult: *mut TABLE_SEARCH_RESULT,
370 ) -> PVOID;
371 fn RtlEnumerateGenericTable(
372 Table: PRTL_GENERIC_TABLE,
373 Restart: BOOLEAN,
374 ) -> PVOID;
375 fn RtlEnumerateGenericTableWithoutSplaying(
376 Table: PRTL_GENERIC_TABLE,
377 RestartKey: *mut PVOID,
378 ) -> PVOID;
379 fn RtlGetElementGenericTable(
380 Table: PRTL_GENERIC_TABLE,
381 I: ULONG,
382 ) -> PVOID;
383 fn RtlNumberGenericTableElements(
384 Table: PRTL_GENERIC_TABLE,
385 ) -> ULONG;
386 fn RtlIsGenericTableEmpty(
387 Table: PRTL_GENERIC_TABLE,
388 ) -> BOOLEAN;
389 }}
390 STRUCT!{struct RTL_RB_TREE {
391 Root: PRTL_BALANCED_NODE,
392 Min: PRTL_BALANCED_NODE,
393 }}
394 pub type PRTL_RB_TREE = *mut RTL_RB_TREE;
395 EXTERN!{extern "system" {
396 fn RtlRbInsertNodeEx(
397 Tree: PRTL_RB_TREE,
398 Parent: PRTL_BALANCED_NODE,
399 Right: BOOLEAN,
400 Node: PRTL_BALANCED_NODE,
401 );
402 fn RtlRbRemoveNode(
403 Tree: PRTL_RB_TREE,
404 Node: PRTL_BALANCED_NODE,
405 );
406 }}
407 pub const RTL_HASH_ALLOCATED_HEADER: u32 = 0x00000001;
408 pub const RTL_HASH_RESERVED_SIGNATURE: u32 = 0;
409 STRUCT!{struct RTL_DYNAMIC_HASH_TABLE_ENTRY {
410 Linkage: LIST_ENTRY,
411 Signature: ULONG_PTR,
412 }}
413 pub type PRTL_DYNAMIC_HASH_TABLE_ENTRY = *mut RTL_DYNAMIC_HASH_TABLE_ENTRY;
414 #[inline]
HASH_ENTRY_KEY(x: &RTL_DYNAMIC_HASH_TABLE_ENTRY) -> ULONG_PTR415 pub const fn HASH_ENTRY_KEY(x: &RTL_DYNAMIC_HASH_TABLE_ENTRY) -> ULONG_PTR {
416 x.Signature
417 }
418 STRUCT!{struct RTL_DYNAMIC_HASH_TABLE_CONTEXT {
419 ChainHead: PLIST_ENTRY,
420 PrevLinkage: PLIST_ENTRY,
421 Signature: ULONG_PTR,
422 }}
423 pub type PRTL_DYNAMIC_HASH_TABLE_CONTEXT = *mut RTL_DYNAMIC_HASH_TABLE_CONTEXT;
424 STRUCT!{struct RTL_DYNAMIC_HASH_TABLE_ENUMERATOR {
425 HashEntry: RTL_DYNAMIC_HASH_TABLE_ENTRY,
426 ChainHead: PLIST_ENTRY,
427 BucketIndex: ULONG,
428 }}
429 pub type PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR = *mut RTL_DYNAMIC_HASH_TABLE_ENUMERATOR;
430 STRUCT!{struct RTL_DYNAMIC_HASH_TABLE {
431 Flags: ULONG,
432 Shift: ULONG,
433 TableSize: ULONG,
434 Pivot: ULONG,
435 DivisorMask: ULONG,
436 NumEntries: ULONG,
437 NonEmptyBuckets: ULONG,
438 NumEnumerators: ULONG,
439 Directory: PVOID,
440 }}
441 pub type PRTL_DYNAMIC_HASH_TABLE = *mut RTL_DYNAMIC_HASH_TABLE;
442 #[inline]
RtlInitHashTableContext(Context: &mut RTL_DYNAMIC_HASH_TABLE_CONTEXT)443 pub fn RtlInitHashTableContext(Context: &mut RTL_DYNAMIC_HASH_TABLE_CONTEXT) {
444 Context.ChainHead = null_mut();
445 Context.PrevLinkage = null_mut();
446 }
447 #[inline]
RtlInitHashTableContextFromEnumerator( Context: &mut RTL_DYNAMIC_HASH_TABLE_CONTEXT, Enumerator: &RTL_DYNAMIC_HASH_TABLE_ENUMERATOR, )448 pub fn RtlInitHashTableContextFromEnumerator(
449 Context: &mut RTL_DYNAMIC_HASH_TABLE_CONTEXT,
450 Enumerator: &RTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
451 ) {
452 Context.ChainHead = Enumerator.ChainHead;
453 Context.PrevLinkage = Enumerator.HashEntry.Linkage.Blink;
454 }
455 // RtlReleaseHashTableContext
456 #[inline]
RtlTotalBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG457 pub const fn RtlTotalBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG {
458 HashTable.TableSize
459 }
460 #[inline]
RtlNonEmptyBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG461 pub const fn RtlNonEmptyBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG {
462 HashTable.NonEmptyBuckets
463 }
464 #[inline]
RtlEmptyBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG465 pub const fn RtlEmptyBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG {
466 HashTable.TableSize - HashTable.NonEmptyBuckets
467 }
468 #[inline]
RtlTotalEntriesHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG469 pub const fn RtlTotalEntriesHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG {
470 HashTable.NumEntries
471 }
472 #[inline]
RtlActiveEnumeratorsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG473 pub const fn RtlActiveEnumeratorsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG {
474 HashTable.NumEnumerators
475 }
476 EXTERN!{extern "system" {
477 fn RtlCreateHashTable(
478 HashTable: *mut PRTL_DYNAMIC_HASH_TABLE,
479 Shift: ULONG,
480 Flags: ULONG,
481 ) -> BOOLEAN;
482 fn RtlDeleteHashTable(
483 HashTable: PRTL_DYNAMIC_HASH_TABLE,
484 );
485 fn RtlInsertEntryHashTable(
486 HashTable: PRTL_DYNAMIC_HASH_TABLE,
487 Entry: PRTL_DYNAMIC_HASH_TABLE_ENTRY,
488 Signature: ULONG_PTR,
489 Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT,
490 ) -> BOOLEAN;
491 fn RtlRemoveEntryHashTable(
492 HashTable: PRTL_DYNAMIC_HASH_TABLE,
493 Entry: PRTL_DYNAMIC_HASH_TABLE_ENTRY,
494 Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT,
495 ) -> BOOLEAN;
496 fn RtlLookupEntryHashTable(
497 HashTable: PRTL_DYNAMIC_HASH_TABLE,
498 Signature: ULONG_PTR,
499 Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT,
500 ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY;
501 fn RtlGetNextEntryHashTable(
502 HashTable: PRTL_DYNAMIC_HASH_TABLE,
503 Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT,
504 ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY;
505 fn RtlInitEnumerationHashTable(
506 HashTable: PRTL_DYNAMIC_HASH_TABLE,
507 Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
508 ) -> BOOLEAN;
509 fn RtlEnumerateEntryHashTable(
510 HashTable: PRTL_DYNAMIC_HASH_TABLE,
511 Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
512 ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY;
513 fn RtlEndEnumerationHashTable(
514 HashTable: PRTL_DYNAMIC_HASH_TABLE,
515 Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
516 );
517 fn RtlInitWeakEnumerationHashTable(
518 HashTable: PRTL_DYNAMIC_HASH_TABLE,
519 Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
520 ) -> BOOLEAN;
521 fn RtlWeaklyEnumerateEntryHashTable(
522 HashTable: PRTL_DYNAMIC_HASH_TABLE,
523 Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
524 ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY;
525 fn RtlEndWeakEnumerationHashTable(
526 HashTable: PRTL_DYNAMIC_HASH_TABLE,
527 Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
528 );
529 fn RtlExpandHashTable(
530 HashTable: PRTL_DYNAMIC_HASH_TABLE,
531 ) -> BOOLEAN;
532 fn RtlContractHashTable(
533 HashTable: PRTL_DYNAMIC_HASH_TABLE,
534 ) -> BOOLEAN;
535 fn RtlInitStrongEnumerationHashTable(
536 HashTable: PRTL_DYNAMIC_HASH_TABLE,
537 Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
538 ) -> BOOLEAN;
539 fn RtlStronglyEnumerateEntryHashTable(
540 HashTable: PRTL_DYNAMIC_HASH_TABLE,
541 Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
542 ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY;
543 fn RtlEndStrongEnumerationHashTable(
544 HashTable: PRTL_DYNAMIC_HASH_TABLE,
545 Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
546 );
547 fn RtlInitializeCriticalSection(
548 CriticalSection: PRTL_CRITICAL_SECTION,
549 ) -> NTSTATUS;
550 fn RtlInitializeCriticalSectionAndSpinCount(
551 CriticalSection: PRTL_CRITICAL_SECTION,
552 SpinCount: ULONG,
553 ) -> NTSTATUS;
554 fn RtlDeleteCriticalSection(
555 CriticalSection: PRTL_CRITICAL_SECTION,
556 ) -> NTSTATUS;
557 fn RtlEnterCriticalSection(
558 CriticalSection: PRTL_CRITICAL_SECTION,
559 ) -> NTSTATUS;
560 fn RtlLeaveCriticalSection(
561 CriticalSection: PRTL_CRITICAL_SECTION,
562 ) -> NTSTATUS;
563 fn RtlTryEnterCriticalSection(
564 CriticalSection: PRTL_CRITICAL_SECTION,
565 ) -> LOGICAL;
566 fn RtlIsCriticalSectionLocked(
567 CriticalSection: PRTL_CRITICAL_SECTION,
568 ) -> LOGICAL;
569 fn RtlIsCriticalSectionLockedByThread(
570 CriticalSection: PRTL_CRITICAL_SECTION,
571 ) -> LOGICAL;
572 fn RtlGetCriticalSectionRecursionCount(
573 CriticalSection: PRTL_CRITICAL_SECTION,
574 ) -> ULONG;
575 fn RtlSetCriticalSectionSpinCount(
576 CriticalSection: PRTL_CRITICAL_SECTION,
577 SpinCount: ULONG,
578 ) -> ULONG;
579 fn RtlQueryCriticalSectionOwner(
580 EventHandle: HANDLE,
581 ) -> HANDLE;
582 fn RtlCheckForOrphanedCriticalSections(
583 ThreadHandle: HANDLE,
584 );
585 }}
586 STRUCT!{struct RTL_RESOURCE {
587 CriticalSection: RTL_CRITICAL_SECTION,
588 SharedSemaphore: HANDLE,
589 NumberOfWaitingShared: ULONG,
590 ExclusiveSemaphore: HANDLE,
591 NumberOfWaitingExclusive: ULONG,
592 NumberOfActive: LONG,
593 ExclusiveOwnerThread: HANDLE,
594 Flags: ULONG,
595 DebugInfo: PRTL_RESOURCE_DEBUG,
596 }}
597 pub type PRTL_RESOURCE = *mut RTL_RESOURCE;
598 pub const RTL_RESOURCE_FLAG_LONG_TERM: ULONG = 0x00000001;
599 EXTERN!{extern "system" {
600 fn RtlInitializeResource(
601 Resource: PRTL_RESOURCE,
602 );
603 fn RtlDeleteResource(
604 Resource: PRTL_RESOURCE,
605 );
606 fn RtlAcquireResourceShared(
607 Resource: PRTL_RESOURCE,
608 Wait: BOOLEAN,
609 ) -> BOOLEAN;
610 fn RtlAcquireResourceExclusive(
611 Resource: PRTL_RESOURCE,
612 Wait: BOOLEAN,
613 ) -> BOOLEAN;
614 fn RtlReleaseResource(
615 Resource: PRTL_RESOURCE,
616 );
617 fn RtlConvertSharedToExclusive(
618 Resource: PRTL_RESOURCE,
619 );
620 fn RtlConvertExclusiveToShared(
621 Resource: PRTL_RESOURCE,
622 );
623 fn RtlInitializeSRWLock(
624 SRWLock: PRTL_SRWLOCK,
625 );
626 fn RtlAcquireSRWLockExclusive(
627 SRWLock: PRTL_SRWLOCK,
628 );
629 fn RtlAcquireSRWLockShared(
630 SRWLock: PRTL_SRWLOCK,
631 );
632 fn RtlReleaseSRWLockExclusive(
633 SRWLock: PRTL_SRWLOCK,
634 );
635 fn RtlReleaseSRWLockShared(
636 SRWLock: PRTL_SRWLOCK,
637 );
638 fn RtlTryAcquireSRWLockExclusive(
639 SRWLock: PRTL_SRWLOCK,
640 ) -> BOOLEAN;
641 fn RtlTryAcquireSRWLockShared(
642 SRWLock: PRTL_SRWLOCK,
643 ) -> BOOLEAN;
644 fn RtlAcquireReleaseSRWLockExclusive(
645 SRWLock: PRTL_SRWLOCK,
646 );
647 fn RtlInitializeConditionVariable(
648 ConditionVariable: PRTL_CONDITION_VARIABLE,
649 );
650 fn RtlSleepConditionVariableCS(
651 ConditionVariable: PRTL_CONDITION_VARIABLE,
652 CriticalSection: PRTL_CRITICAL_SECTION,
653 Timeout: PLARGE_INTEGER,
654 ) -> NTSTATUS;
655 fn RtlSleepConditionVariableSRW(
656 ConditionVariable: PRTL_CONDITION_VARIABLE,
657 SRWLock: PRTL_SRWLOCK,
658 Timeout: PLARGE_INTEGER,
659 Flags: ULONG,
660 ) -> NTSTATUS;
661 fn RtlWakeConditionVariable(
662 ConditionVariable: PRTL_CONDITION_VARIABLE,
663 );
664 fn RtlWakeAllConditionVariable(
665 ConditionVariable: PRTL_CONDITION_VARIABLE,
666 );
667 }}
668 pub const RTL_BARRIER_FLAGS_SPIN_ONLY: ULONG = 0x00000001;
669 pub const RTL_BARRIER_FLAGS_BLOCK_ONLY: ULONG = 0x00000002;
670 pub const RTL_BARRIER_FLAGS_NO_DELETE: ULONG = 0x00000004;
671 EXTERN!{extern "system" {
672 fn RtlInitBarrier(
673 Barrier: PRTL_BARRIER,
674 TotalThreads: ULONG,
675 SpinCount: ULONG,
676 ) -> NTSTATUS;
677 fn RtlDeleteBarrier(
678 Barrier: PRTL_BARRIER,
679 ) -> NTSTATUS;
680 fn RtlBarrier(
681 Barrier: PRTL_BARRIER,
682 Flags: ULONG,
683 ) -> BOOLEAN;
684 fn RtlBarrierForDelete(
685 Barrier: PRTL_BARRIER,
686 Flags: ULONG,
687 ) -> BOOLEAN;
688 fn RtlWaitOnAddress(
689 Address: *mut VOID,
690 CompareAddress: PVOID,
691 AddressSize: SIZE_T,
692 Timeout: PLARGE_INTEGER,
693 ) -> NTSTATUS;
694 fn RtlWakeAddressAll(
695 Address: PVOID,
696 );
697 fn RtlWakeAddressSingle(
698 Address: PVOID,
699 );
700 fn RtlInitString(
701 DestinationString: PSTRING,
702 SourceString: PCSZ,
703 );
704 fn RtlInitStringEx(
705 DestinationString: PSTRING,
706 SourceString: PCSZ,
707 ) -> NTSTATUS;
708 fn RtlInitAnsiString(
709 DestinationString: PANSI_STRING,
710 SourceString: PCSZ,
711 );
712 fn RtlInitAnsiStringEx(
713 DestinationString: PANSI_STRING,
714 SourceString: PCSZ,
715 ) -> NTSTATUS;
716 fn RtlFreeAnsiString(
717 AnsiString: PANSI_STRING,
718 );
719 fn RtlFreeOemString(
720 OemString: POEM_STRING,
721 );
722 fn RtlCopyString(
723 DestinationString: PSTRING,
724 SourceString: *const STRING,
725 );
726 fn RtlUpperChar(
727 Character: CHAR,
728 ) -> CHAR;
729 fn RtlCompareString(
730 String1: *const STRING,
731 String2: *const STRING,
732 CaseInSensitive: BOOLEAN,
733 ) -> LONG;
734 fn RtlEqualString(
735 String1: *const STRING,
736 String2: *const STRING,
737 CaseInSensitive: BOOLEAN,
738 ) -> BOOLEAN;
739 fn RtlPrefixString(
740 String1: *const STRING,
741 String2: *const STRING,
742 CaseInSensitive: BOOLEAN,
743 ) -> BOOLEAN;
744 fn RtlAppendStringToString(
745 Destination: PSTRING,
746 Source: *const STRING,
747 ) -> NTSTATUS;
748 fn RtlAppendAsciizToString(
749 Destination: PSTRING,
750 Source: PSTR,
751 ) -> NTSTATUS;
752 fn RtlUpperString(
753 DestinationString: PSTRING,
754 SourceString: *const STRING,
755 );
756 }}
757 #[inline]
RtlIsNullOrEmptyUnicodeString(String: PUNICODE_STRING) -> bool758 pub unsafe fn RtlIsNullOrEmptyUnicodeString(String: PUNICODE_STRING) -> bool {
759 String.is_null() || (*String).Length == 0
760 }
761 #[inline]
RtlInitEmptyUnicodeString( UnicodeString: &mut UNICODE_STRING, Buffer: PWCHAR, MaximumLength: USHORT, )762 pub fn RtlInitEmptyUnicodeString(
763 UnicodeString: &mut UNICODE_STRING,
764 Buffer: PWCHAR,
765 MaximumLength: USHORT,
766 ) {
767 UnicodeString.Buffer = Buffer;
768 UnicodeString.MaximumLength = MaximumLength;
769 UnicodeString.Length = 0;
770 }
771 EXTERN!{extern "system" {
772 fn RtlInitUnicodeString(
773 DestinationString: PUNICODE_STRING,
774 SourceString: PCWSTR,
775 );
776 fn RtlInitUnicodeStringEx(
777 DestinationString: PUNICODE_STRING,
778 SourceString: PCWSTR,
779 ) -> NTSTATUS;
780 fn RtlCreateUnicodeString(
781 DestinationString: PUNICODE_STRING,
782 SourceString: PCWSTR,
783 ) -> BOOLEAN;
784 fn RtlCreateUnicodeStringFromAsciiz(
785 DestinationString: PUNICODE_STRING,
786 SourceString: PSTR,
787 ) -> BOOLEAN;
788 fn RtlFreeUnicodeString(
789 UnicodeString: PUNICODE_STRING,
790 );
791 }}
792 pub const RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE: ULONG = 0x00000001;
793 pub const RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING: ULONG = 0x00000002;
794 EXTERN!{extern "system" {
795 fn RtlDuplicateUnicodeString(
796 Flags: ULONG,
797 StringIn: PCUNICODE_STRING,
798 StringOut: PUNICODE_STRING,
799 ) -> NTSTATUS;
800 fn RtlCopyUnicodeString(
801 DestinationString: PUNICODE_STRING,
802 SourceString: PCUNICODE_STRING,
803 );
804 fn RtlUpcaseUnicodeChar(
805 SourceCharacter: WCHAR,
806 ) -> WCHAR;
807 fn RtlDowncaseUnicodeChar(
808 SourceCharacter: WCHAR,
809 ) -> WCHAR;
810 fn RtlCompareUnicodeString(
811 String1: PCUNICODE_STRING,
812 String2: PCUNICODE_STRING,
813 CaseInSensitive: BOOLEAN,
814 ) -> LONG;
815 fn RtlCompareUnicodeStrings(
816 String1: PCWCH,
817 String1Length: SIZE_T,
818 String2: PCWCH,
819 String2Length: SIZE_T,
820 CaseInSensitive: BOOLEAN,
821 ) -> LONG;
822 fn RtlEqualUnicodeString(
823 String1: PCUNICODE_STRING,
824 String2: PCUNICODE_STRING,
825 CaseInSensitive: BOOLEAN,
826 ) -> BOOLEAN;
827 }}
828 pub const HASH_STRING_ALGORITHM_DEFAULT: ULONG = 0;
829 pub const HASH_STRING_ALGORITHM_X65599: ULONG = 1;
830 pub const HASH_STRING_ALGORITHM_INVALID: ULONG = 0xffffffff;
831 EXTERN!{extern "system" {
832 fn RtlHashUnicodeString(
833 String: PCUNICODE_STRING,
834 CaseInSensitive: BOOLEAN,
835 HashAlgorithm: ULONG,
836 HashValue: PULONG,
837 ) -> NTSTATUS;
838 fn RtlValidateUnicodeString(
839 Flags: ULONG,
840 String: PCUNICODE_STRING,
841 ) -> NTSTATUS;
842 fn RtlPrefixUnicodeString(
843 String1: PCUNICODE_STRING,
844 String2: PCUNICODE_STRING,
845 CaseInSensitive: BOOLEAN,
846 ) -> BOOLEAN;
847 fn RtlSuffixUnicodeString(
848 String1: PUNICODE_STRING,
849 String2: PUNICODE_STRING,
850 CaseInSensitive: BOOLEAN,
851 ) -> BOOLEAN;
852 fn RtlFindUnicodeSubstring(
853 FullString: PUNICODE_STRING,
854 SearchString: PUNICODE_STRING,
855 CaseInSensitive: BOOLEAN,
856 ) -> PWCHAR;
857 }}
858 pub const RTL_FIND_CHAR_IN_UNICODE_STRING_START_AT_END: ULONG = 0x00000001;
859 pub const RTL_FIND_CHAR_IN_UNICODE_STRING_COMPLEMENT_CHAR_SET: ULONG = 0x00000002;
860 pub const RTL_FIND_CHAR_IN_UNICODE_STRING_CASE_INSENSITIVE: ULONG = 0x00000004;
861 EXTERN!{extern "system" {
862 fn RtlFindCharInUnicodeString(
863 Flags: ULONG,
864 StringToSearch: PUNICODE_STRING,
865 CharSet: PUNICODE_STRING,
866 NonInclusivePrefixLength: PUSHORT,
867 ) -> NTSTATUS;
868 fn RtlAppendUnicodeStringToString(
869 Destination: PUNICODE_STRING,
870 Source: PCUNICODE_STRING,
871 ) -> NTSTATUS;
872 fn RtlAppendUnicodeToString(
873 Destination: PUNICODE_STRING,
874 Source: PCWSTR,
875 ) -> NTSTATUS;
876 fn RtlUpcaseUnicodeString(
877 DestinationString: PUNICODE_STRING,
878 SourceString: PCUNICODE_STRING,
879 AllocateDestinationString: BOOLEAN,
880 ) -> NTSTATUS;
881 fn RtlDowncaseUnicodeString(
882 DestinationString: PUNICODE_STRING,
883 SourceString: PCUNICODE_STRING,
884 AllocateDestinationString: BOOLEAN,
885 ) -> NTSTATUS;
886 fn RtlEraseUnicodeString(
887 String: PUNICODE_STRING,
888 );
889 fn RtlAnsiStringToUnicodeString(
890 DestinationString: PUNICODE_STRING,
891 SourceString: PCANSI_STRING,
892 AllocateDestinationString: BOOLEAN,
893 ) -> NTSTATUS;
894 fn RtlUnicodeStringToAnsiString(
895 DestinationString: PANSI_STRING,
896 SourceString: PCUNICODE_STRING,
897 AllocateDestinationString: BOOLEAN,
898 ) -> NTSTATUS;
899 fn RtlAnsiCharToUnicodeChar(
900 SourceCharacter: *mut PUCHAR,
901 ) -> WCHAR;
902 fn RtlUpcaseUnicodeStringToAnsiString(
903 DestinationString: PANSI_STRING,
904 SourceString: PUNICODE_STRING,
905 AllocateDestinationString: BOOLEAN,
906 ) -> NTSTATUS;
907 fn RtlOemStringToUnicodeString(
908 DestinationString: PUNICODE_STRING,
909 SourceString: PCOEM_STRING,
910 AllocateDestinationString: BOOLEAN,
911 ) -> NTSTATUS;
912 fn RtlUnicodeStringToOemString(
913 DestinationString: POEM_STRING,
914 SourceString: PCUNICODE_STRING,
915 AllocateDestinationString: BOOLEAN,
916 ) -> NTSTATUS;
917 fn RtlUpcaseUnicodeStringToOemString(
918 DestinationString: POEM_STRING,
919 SourceString: PUNICODE_STRING,
920 AllocateDestinationString: BOOLEAN,
921 ) -> NTSTATUS;
922 fn RtlUnicodeStringToCountedOemString(
923 DestinationString: POEM_STRING,
924 SourceString: PCUNICODE_STRING,
925 AllocateDestinationString: BOOLEAN,
926 ) -> NTSTATUS;
927 fn RtlUpcaseUnicodeStringToCountedOemString(
928 DestinationString: POEM_STRING,
929 SourceString: PCUNICODE_STRING,
930 AllocateDestinationString: BOOLEAN,
931 ) -> NTSTATUS;
932 fn RtlMultiByteToUnicodeN(
933 UnicodeString: PWCH,
934 MaxBytesInUnicodeString: ULONG,
935 BytesInUnicodeString: PULONG,
936 MultiByteString: *const CHAR,
937 BytesInMultiByteString: ULONG,
938 ) -> NTSTATUS;
939 fn RtlMultiByteToUnicodeSize(
940 BytesInUnicodeString: PULONG,
941 MultiByteString: *const CHAR,
942 BytesInMultiByteString: ULONG,
943 ) -> NTSTATUS;
944 fn RtlUnicodeToMultiByteN(
945 MultiByteString: PCHAR,
946 MaxBytesInMultiByteString: ULONG,
947 BytesInMultiByteString: PULONG,
948 UnicodeString: PCWCH,
949 BytesInUnicodeString: ULONG,
950 ) -> NTSTATUS;
951 fn RtlUnicodeToMultiByteSize(
952 BytesInMultiByteString: PULONG,
953 UnicodeString: PCWCH,
954 BytesInUnicodeString: ULONG,
955 ) -> NTSTATUS;
956 fn RtlUpcaseUnicodeToMultiByteN(
957 MultiByteString: PCHAR,
958 MaxBytesInMultiByteString: ULONG,
959 BytesInMultiByteString: PULONG,
960 UnicodeString: PCWCH,
961 BytesInUnicodeString: ULONG,
962 ) -> NTSTATUS;
963 fn RtlOemToUnicodeN(
964 UnicodeString: PWCH,
965 MaxBytesInUnicodeString: ULONG,
966 BytesInUnicodeString: PULONG,
967 OemString: PCCH,
968 BytesInOemString: ULONG,
969 ) -> NTSTATUS;
970 fn RtlUnicodeToOemN(
971 OemString: PCHAR,
972 MaxBytesInOemString: ULONG,
973 BytesInOemString: PULONG,
974 UnicodeString: PCWCH,
975 BytesInUnicodeString: ULONG,
976 ) -> NTSTATUS;
977 fn RtlUpcaseUnicodeToOemN(
978 OemString: PCHAR,
979 MaxBytesInOemString: ULONG,
980 BytesInOemString: PULONG,
981 UnicodeString: PCWCH,
982 BytesInUnicodeString: ULONG,
983 ) -> NTSTATUS;
984 fn RtlConsoleMultiByteToUnicodeN(
985 UnicodeString: PWCH,
986 MaxBytesInUnicodeString: ULONG,
987 BytesInUnicodeString: PULONG,
988 MultiByteString: PCH,
989 BytesInMultiByteString: ULONG,
990 pdwSpecialChar: PULONG,
991 ) -> NTSTATUS;
992 fn RtlUTF8ToUnicodeN(
993 UnicodeStringDestination: PWSTR,
994 UnicodeStringMaxByteCount: ULONG,
995 UnicodeStringActualByteCount: PULONG,
996 UTF8StringSource: PCCH,
997 UTF8StringByteCount: ULONG,
998 ) -> NTSTATUS;
999 fn RtlUnicodeToUTF8N(
1000 UTF8StringDestination: PCHAR,
1001 UTF8StringMaxByteCount: ULONG,
1002 UTF8StringActualByteCount: PULONG,
1003 UnicodeStringSource: PCWCH,
1004 UnicodeStringByteCount: ULONG,
1005 ) -> NTSTATUS;
1006 fn RtlCustomCPToUnicodeN(
1007 CustomCP: PCPTABLEINFO,
1008 UnicodeString: PWCH,
1009 MaxBytesInUnicodeString: ULONG,
1010 BytesInUnicodeString: PULONG,
1011 CustomCPString: PCH,
1012 BytesInCustomCPString: ULONG,
1013 ) -> NTSTATUS;
1014 fn RtlUnicodeToCustomCPN(
1015 CustomCP: PCPTABLEINFO,
1016 CustomCPString: PCH,
1017 MaxBytesInCustomCPString: ULONG,
1018 BytesInCustomCPString: PULONG,
1019 UnicodeString: PWCH,
1020 BytesInUnicodeString: ULONG,
1021 ) -> NTSTATUS;
1022 fn RtlUpcaseUnicodeToCustomCPN(
1023 CustomCP: PCPTABLEINFO,
1024 CustomCPString: PCH,
1025 MaxBytesInCustomCPString: ULONG,
1026 BytesInCustomCPString: PULONG,
1027 UnicodeString: PWCH,
1028 BytesInUnicodeString: ULONG,
1029 ) -> NTSTATUS;
1030 fn RtlInitCodePageTable(
1031 TableBase: PUSHORT,
1032 CodePageTable: PCPTABLEINFO,
1033 );
1034 fn RtlInitNlsTables(
1035 AnsiNlsBase: PUSHORT,
1036 OemNlsBase: PUSHORT,
1037 LanguageNlsBase: PUSHORT,
1038 TableInfo: PNLSTABLEINFO,
1039 );
1040 fn RtlResetRtlTranslations(
1041 TableInfo: PNLSTABLEINFO,
1042 );
1043 fn RtlIsTextUnicode(
1044 Buffer: PVOID,
1045 Size: ULONG,
1046 Result: PULONG,
1047 ) -> BOOLEAN;
1048 }}
1049 ENUM!{enum RTL_NORM_FORM {
1050 NormOther = 0x0,
1051 NormC = 0x1,
1052 NormD = 0x2,
1053 NormKC = 0x5,
1054 NormKD = 0x6,
1055 NormIdna = 0xd,
1056 DisallowUnassigned = 0x100,
1057 NormCDisallowUnassigned = 0x101,
1058 NormDDisallowUnassigned = 0x102,
1059 NormKCDisallowUnassigned = 0x105,
1060 NormKDDisallowUnassigned = 0x106,
1061 NormIdnaDisallowUnassigned = 0x10d,
1062 }}
1063 EXTERN!{extern "system" {
1064 fn RtlNormalizeString(
1065 NormForm: ULONG,
1066 SourceString: PCWSTR,
1067 SourceStringLength: LONG,
1068 DestinationString: PWSTR,
1069 DestinationStringLength: PLONG,
1070 ) -> NTSTATUS;
1071 fn RtlIsNormalizedString(
1072 NormForm: ULONG,
1073 SourceString: PCWSTR,
1074 SourceStringLength: LONG,
1075 Normalized: PBOOLEAN,
1076 ) -> NTSTATUS;
1077 fn RtlIsNameInExpression(
1078 Expression: PUNICODE_STRING,
1079 Name: PUNICODE_STRING,
1080 IgnoreCase: BOOLEAN,
1081 UpcaseTable: PWCH,
1082 ) -> BOOLEAN;
1083 fn RtlIsNameInUnUpcasedExpression(
1084 Expression: PUNICODE_STRING,
1085 Name: PUNICODE_STRING,
1086 IgnoreCase: BOOLEAN,
1087 UpcaseTable: PWCH,
1088 ) -> BOOLEAN;
1089 fn RtlEqualDomainName(
1090 String1: PUNICODE_STRING,
1091 String2: PUNICODE_STRING,
1092 ) -> BOOLEAN;
1093 fn RtlEqualComputerName(
1094 String1: PUNICODE_STRING,
1095 String2: PUNICODE_STRING,
1096 ) -> BOOLEAN;
1097 fn RtlDnsHostNameToComputerName(
1098 ComputerNameString: PUNICODE_STRING,
1099 DnsHostNameString: PUNICODE_STRING,
1100 AllocateComputerNameString: BOOLEAN,
1101 ) -> NTSTATUS;
1102 fn RtlStringFromGUID(
1103 Guid: *const GUID,
1104 GuidString: PUNICODE_STRING,
1105 ) -> NTSTATUS;
1106 fn RtlStringFromGUIDEx(
1107 Guid: *mut GUID,
1108 GuidString: PUNICODE_STRING,
1109 AllocateGuidString: BOOLEAN,
1110 ) -> NTSTATUS;
1111 fn RtlGUIDFromString(
1112 GuidString: PCUNICODE_STRING,
1113 Guid: *mut GUID,
1114 ) -> NTSTATUS;
1115 fn RtlCompareAltitudes(
1116 Altitude1: PCUNICODE_STRING,
1117 Altitude2: PCUNICODE_STRING,
1118 ) -> LONG;
1119 fn RtlIdnToAscii(
1120 Flags: ULONG,
1121 SourceString: PCWSTR,
1122 SourceStringLength: LONG,
1123 DestinationString: PWSTR,
1124 DestinationStringLength: PLONG,
1125 ) -> NTSTATUS;
1126 fn RtlIdnToUnicode(
1127 Flags: ULONG,
1128 SourceString: PCWSTR,
1129 SourceStringLength: LONG,
1130 DestinationString: PWSTR,
1131 DestinationStringLength: PLONG,
1132 ) -> NTSTATUS;
1133 fn RtlIdnToNameprepUnicode(
1134 Flags: ULONG,
1135 SourceString: PCWSTR,
1136 SourceStringLength: LONG,
1137 DestinationString: PWSTR,
1138 DestinationStringLength: PLONG,
1139 ) -> NTSTATUS;
1140 }}
1141 STRUCT!{struct PREFIX_TABLE_ENTRY {
1142 NodeTypeCode: CSHORT,
1143 NameLength: CSHORT,
1144 NextPrefixTree: *mut PREFIX_TABLE_ENTRY,
1145 Links: RTL_SPLAY_LINKS,
1146 Prefix: PSTRING,
1147 }}
1148 pub type PPREFIX_TABLE_ENTRY = *mut PREFIX_TABLE_ENTRY;
1149 STRUCT!{struct PREFIX_TABLE {
1150 NodeTypeCode: CSHORT,
1151 NameLength: CSHORT,
1152 NextPrefixTree: PPREFIX_TABLE_ENTRY,
1153 }}
1154 pub type PPREFIX_TABLE = *mut PREFIX_TABLE;
1155 EXTERN!{extern "system" {
1156 fn PfxInitialize(
1157 PrefixTable: PPREFIX_TABLE,
1158 );
1159 fn PfxInsertPrefix(
1160 PrefixTable: PPREFIX_TABLE,
1161 Prefix: PSTRING,
1162 PrefixTableEntry: PPREFIX_TABLE_ENTRY,
1163 ) -> BOOLEAN;
1164 fn PfxRemovePrefix(
1165 PrefixTable: PPREFIX_TABLE,
1166 PrefixTableEntry: PPREFIX_TABLE_ENTRY,
1167 );
1168 fn PfxFindPrefix(
1169 PrefixTable: PPREFIX_TABLE,
1170 FullName: PSTRING,
1171 ) -> PPREFIX_TABLE_ENTRY;
1172 }}
1173 STRUCT!{struct UNICODE_PREFIX_TABLE_ENTRY {
1174 NodeTypeCode: CSHORT,
1175 NameLength: CSHORT,
1176 NextPrefixTree: *mut UNICODE_PREFIX_TABLE_ENTRY,
1177 CaseMatch: *mut UNICODE_PREFIX_TABLE_ENTRY,
1178 Links: RTL_SPLAY_LINKS,
1179 Prefix: PUNICODE_STRING,
1180 }}
1181 pub type PUNICODE_PREFIX_TABLE_ENTRY = *mut UNICODE_PREFIX_TABLE_ENTRY;
1182 STRUCT!{struct UNICODE_PREFIX_TABLE {
1183 NodeTypeCode: CSHORT,
1184 NameLength: CSHORT,
1185 NextPrefixTree: PUNICODE_PREFIX_TABLE_ENTRY,
1186 LastNextEntry: PUNICODE_PREFIX_TABLE_ENTRY,
1187 }}
1188 pub type PUNICODE_PREFIX_TABLE = *mut UNICODE_PREFIX_TABLE;
1189 EXTERN!{extern "system" {
1190 fn RtlInitializeUnicodePrefix(
1191 PrefixTable: PUNICODE_PREFIX_TABLE,
1192 );
1193 fn RtlInsertUnicodePrefix(
1194 PrefixTable: PUNICODE_PREFIX_TABLE,
1195 Prefix: PUNICODE_STRING,
1196 PrefixTableEntry: PUNICODE_PREFIX_TABLE_ENTRY,
1197 ) -> BOOLEAN;
1198 fn RtlRemoveUnicodePrefix(
1199 PrefixTable: PUNICODE_PREFIX_TABLE,
1200 PrefixTableEntry: PUNICODE_PREFIX_TABLE_ENTRY,
1201 );
1202 fn RtlFindUnicodePrefix(
1203 PrefixTable: PUNICODE_PREFIX_TABLE,
1204 FullName: PCUNICODE_STRING,
1205 CaseInsensitiveIndex: ULONG,
1206 ) -> PUNICODE_PREFIX_TABLE_ENTRY;
1207 fn RtlNextUnicodePrefix(
1208 PrefixTable: PUNICODE_PREFIX_TABLE,
1209 Restart: BOOLEAN,
1210 ) -> PUNICODE_PREFIX_TABLE_ENTRY;
1211 }}
1212 STRUCT!{struct COMPRESSED_DATA_INFO {
1213 CompressionFormatAndEngine: USHORT,
1214 CompressionUnitShift: UCHAR,
1215 ChunkShift: UCHAR,
1216 ClusterShift: UCHAR,
1217 Reserved: UCHAR,
1218 NumberOfChunks: USHORT,
1219 CompressedChunkSizes: [ULONG; 1],
1220 }}
1221 pub type PCOMPRESSED_DATA_INFO = *mut COMPRESSED_DATA_INFO;
1222 EXTERN!{extern "system" {
1223 fn RtlGetCompressionWorkSpaceSize(
1224 CompressionFormatAndEngine: USHORT,
1225 CompressBufferWorkSpaceSize: PULONG,
1226 CompressFragmentWorkSpaceSize: PULONG,
1227 ) -> NTSTATUS;
1228 fn RtlCompressBuffer(
1229 CompressionFormatAndEngine: USHORT,
1230 UncompressedBuffer: PUCHAR,
1231 UncompressedBufferSize: ULONG,
1232 CompressedBuffer: PUCHAR,
1233 CompressedBufferSize: ULONG,
1234 UncompressedChunkSize: ULONG,
1235 FinalCompressedSize: PULONG,
1236 WorkSpace: PVOID,
1237 ) -> NTSTATUS;
1238 fn RtlDecompressBuffer(
1239 CompressionFormat: USHORT,
1240 UncompressedBuffer: PUCHAR,
1241 UncompressedBufferSize: ULONG,
1242 CompressedBuffer: PUCHAR,
1243 CompressedBufferSize: ULONG,
1244 FinalUncompressedSize: PULONG,
1245 ) -> NTSTATUS;
1246 fn RtlDecompressBufferEx(
1247 CompressionFormat: USHORT,
1248 UncompressedBuffer: PUCHAR,
1249 UncompressedBufferSize: ULONG,
1250 CompressedBuffer: PUCHAR,
1251 CompressedBufferSize: ULONG,
1252 FinalUncompressedSize: PULONG,
1253 WorkSpace: PVOID,
1254 ) -> NTSTATUS;
1255 fn RtlDecompressFragment(
1256 CompressionFormat: USHORT,
1257 UncompressedFragment: PUCHAR,
1258 UncompressedFragmentSize: ULONG,
1259 CompressedBuffer: PUCHAR,
1260 CompressedBufferSize: ULONG,
1261 FragmentOffset: ULONG,
1262 FinalUncompressedSize: PULONG,
1263 WorkSpace: PVOID,
1264 ) -> NTSTATUS;
1265 fn RtlDescribeChunk(
1266 CompressionFormat: USHORT,
1267 CompressedBuffer: *mut PUCHAR,
1268 EndOfCompressedBufferPlus1: PUCHAR,
1269 ChunkBuffer: *mut PUCHAR,
1270 ChunkSize: PULONG,
1271 ) -> NTSTATUS;
1272 fn RtlReserveChunk(
1273 CompressionFormat: USHORT,
1274 CompressedBuffer: *mut PUCHAR,
1275 EndOfCompressedBufferPlus1: PUCHAR,
1276 ChunkBuffer: *mut PUCHAR,
1277 ChunkSize: ULONG,
1278 ) -> NTSTATUS;
1279 fn RtlDecompressChunks(
1280 UncompressedBuffer: PUCHAR,
1281 UncompressedBufferSize: ULONG,
1282 CompressedBuffer: PUCHAR,
1283 CompressedBufferSize: ULONG,
1284 CompressedTail: PUCHAR,
1285 CompressedTailSize: ULONG,
1286 CompressedDataInfo: PCOMPRESSED_DATA_INFO,
1287 ) -> NTSTATUS;
1288 fn RtlCompressChunks(
1289 UncompressedBuffer: PUCHAR,
1290 UncompressedBufferSize: ULONG,
1291 CompressedBuffer: PUCHAR,
1292 CompressedBufferSize: ULONG,
1293 CompressedDataInfo: PCOMPRESSED_DATA_INFO,
1294 CompressedDataInfoLength: ULONG,
1295 WorkSpace: PVOID,
1296 ) -> NTSTATUS;
1297 fn RtlConvertLCIDToString(
1298 LcidValue: LCID,
1299 Base: ULONG,
1300 Padding: ULONG,
1301 pResultBuf: PWSTR,
1302 Size: ULONG,
1303 ) -> NTSTATUS;
1304 fn RtlIsValidLocaleName(
1305 LocaleName: PWSTR,
1306 Flags: ULONG,
1307 ) -> BOOLEAN;
1308 fn RtlGetParentLocaleName(
1309 LocaleName: PWSTR,
1310 ParentLocaleName: PUNICODE_STRING,
1311 Flags: ULONG,
1312 AllocateDestinationString: BOOLEAN,
1313 ) -> NTSTATUS;
1314 fn RtlLcidToLocaleName(
1315 lcid: LCID,
1316 LocaleName: PUNICODE_STRING,
1317 Flags: ULONG,
1318 AllocateDestinationString: BOOLEAN,
1319 ) -> NTSTATUS;
1320 fn RtlLocaleNameToLcid(
1321 LocaleName: PWSTR,
1322 lcid: PLCID,
1323 Flags: ULONG,
1324 ) -> NTSTATUS;
1325 fn RtlLCIDToCultureName(
1326 Lcid: LCID,
1327 String: PUNICODE_STRING,
1328 ) -> BOOLEAN;
1329 fn RtlCultureNameToLCID(
1330 String: PUNICODE_STRING,
1331 Lcid: PLCID,
1332 ) -> BOOLEAN;
1333 fn RtlCleanUpTEBLangLists();
1334 fn RtlGetLocaleFileMappingAddress(
1335 BaseAddress: *mut PVOID,
1336 DefaultLocaleId: PLCID,
1337 DefaultCasingTableSize: PLARGE_INTEGER,
1338 ) -> NTSTATUS;
1339 fn RtlGetCurrentPeb() -> PPEB;
1340 fn RtlAcquirePebLock();
1341 fn RtlReleasePebLock();
1342 fn RtlTryAcquirePebLock() -> LOGICAL;
1343 fn RtlAllocateFromPeb(
1344 Size: ULONG,
1345 Block: *mut PVOID,
1346 ) -> NTSTATUS;
1347 fn RtlFreeToPeb(
1348 Block: PVOID,
1349 Size: ULONG,
1350 ) -> NTSTATUS;
1351 }}
1352 pub const DOS_MAX_COMPONENT_LENGTH: u32 = 255;
1353 pub const DOS_MAX_PATH_LENGTH: u32 = DOS_MAX_COMPONENT_LENGTH + 5;
1354 STRUCT!{struct CURDIR {
1355 DosPath: UNICODE_STRING,
1356 Handle: HANDLE,
1357 }}
1358 pub type PCURDIR = *mut CURDIR;
1359 pub const RTL_USER_PROC_CURDIR_CLOSE: u32 = 0x00000002;
1360 pub const RTL_USER_PROC_CURDIR_INHERIT: u32 = 0x00000003;
1361 STRUCT!{struct RTL_DRIVE_LETTER_CURDIR {
1362 Flags: USHORT,
1363 Length: USHORT,
1364 TimeStamp: ULONG,
1365 DosPath: STRING,
1366 }}
1367 pub type PRTL_DRIVE_LETTER_CURDIR = *mut RTL_DRIVE_LETTER_CURDIR;
1368 pub const RTL_MAX_DRIVE_LETTERS: usize = 32;
1369 pub const RTL_DRIVE_LETTER_VALID: USHORT = 0x0001;
1370 STRUCT!{struct RTL_USER_PROCESS_PARAMETERS {
1371 MaximumLength: ULONG,
1372 Length: ULONG,
1373 Flags: ULONG,
1374 DebugFlags: ULONG,
1375 ConsoleHandle: HANDLE,
1376 ConsoleFlags: ULONG,
1377 StandardInput: HANDLE,
1378 StandardOutput: HANDLE,
1379 StandardError: HANDLE,
1380 CurrentDirectory: CURDIR,
1381 DllPath: UNICODE_STRING,
1382 ImagePathName: UNICODE_STRING,
1383 CommandLine: UNICODE_STRING,
1384 Environment: PVOID,
1385 StartingX: ULONG,
1386 StartingY: ULONG,
1387 CountX: ULONG,
1388 CountY: ULONG,
1389 CountCharsX: ULONG,
1390 CountCharsY: ULONG,
1391 FillAttribute: ULONG,
1392 WindowFlags: ULONG,
1393 ShowWindowFlags: ULONG,
1394 WindowTitle: UNICODE_STRING,
1395 DesktopInfo: UNICODE_STRING,
1396 ShellInfo: UNICODE_STRING,
1397 RuntimeData: UNICODE_STRING,
1398 CurrentDirectories: [RTL_DRIVE_LETTER_CURDIR; RTL_MAX_DRIVE_LETTERS],
1399 EnvironmentSize: ULONG_PTR,
1400 EnvironmentVersion: ULONG_PTR,
1401 PackageDependencyData: PVOID,
1402 ProcessGroupId: ULONG,
1403 LoaderThreads: ULONG,
1404 }}
1405 pub type PRTL_USER_PROCESS_PARAMETERS = *mut RTL_USER_PROCESS_PARAMETERS;
1406 pub const RTL_USER_PROC_PARAMS_NORMALIZED: ULONG = 0x00000001;
1407 pub const RTL_USER_PROC_PROFILE_USER: ULONG = 0x00000002;
1408 pub const RTL_USER_PROC_PROFILE_KERNEL: ULONG = 0x00000004;
1409 pub const RTL_USER_PROC_PROFILE_SERVER: ULONG = 0x00000008;
1410 pub const RTL_USER_PROC_RESERVE_1MB: ULONG = 0x00000020;
1411 pub const RTL_USER_PROC_RESERVE_16MB: ULONG = 0x00000040;
1412 pub const RTL_USER_PROC_CASE_SENSITIVE: ULONG = 0x00000080;
1413 pub const RTL_USER_PROC_DISABLE_HEAP_DECOMMIT: ULONG = 0x00000100;
1414 pub const RTL_USER_PROC_DLL_REDIRECTION_LOCAL: ULONG = 0x00001000;
1415 pub const RTL_USER_PROC_APP_MANIFEST_PRESENT: ULONG = 0x00002000;
1416 pub const RTL_USER_PROC_IMAGE_KEY_MISSING: ULONG = 0x00004000;
1417 pub const RTL_USER_PROC_OPTIN_PROCESS: ULONG = 0x00020000;
1418 EXTERN!{extern "system" {
1419 fn RtlCreateProcessParameters(
1420 pProcessParameters: *mut PRTL_USER_PROCESS_PARAMETERS,
1421 ImagePathName: PUNICODE_STRING,
1422 DllPath: PUNICODE_STRING,
1423 CurrentDirectory: PUNICODE_STRING,
1424 CommandLine: PUNICODE_STRING,
1425 Environment: PVOID,
1426 WindowTitle: PUNICODE_STRING,
1427 DesktopInfo: PUNICODE_STRING,
1428 ShellInfo: PUNICODE_STRING,
1429 RuntimeData: PUNICODE_STRING,
1430 ) -> NTSTATUS;
1431 fn RtlCreateProcessParametersEx(
1432 pProcessParameters: *mut PRTL_USER_PROCESS_PARAMETERS,
1433 ImagePathName: PUNICODE_STRING,
1434 DllPath: PUNICODE_STRING,
1435 CurrentDirectory: PUNICODE_STRING,
1436 CommandLine: PUNICODE_STRING,
1437 Environment: PVOID,
1438 WindowTitle: PUNICODE_STRING,
1439 DesktopInfo: PUNICODE_STRING,
1440 ShellInfo: PUNICODE_STRING,
1441 RuntimeData: PUNICODE_STRING,
1442 Flags: ULONG,
1443 ) -> NTSTATUS;
1444 fn RtlDestroyProcessParameters(
1445 ProcessParameters: PRTL_USER_PROCESS_PARAMETERS,
1446 ) -> NTSTATUS;
1447 fn RtlNormalizeProcessParams(
1448 ProcessParameters: PRTL_USER_PROCESS_PARAMETERS,
1449 ) -> PRTL_USER_PROCESS_PARAMETERS;
1450 fn RtlDeNormalizeProcessParams(
1451 ProcessParameters: PRTL_USER_PROCESS_PARAMETERS,
1452 ) -> PRTL_USER_PROCESS_PARAMETERS;
1453 }}
1454 STRUCT!{struct RTL_USER_PROCESS_INFORMATION {
1455 Length: ULONG,
1456 Process: HANDLE,
1457 Thread: HANDLE,
1458 ClientId: CLIENT_ID,
1459 ImageInformation: SECTION_IMAGE_INFORMATION,
1460 }}
1461 pub type PRTL_USER_PROCESS_INFORMATION = *mut RTL_USER_PROCESS_INFORMATION;
1462 EXTERN!{extern "system" {
1463 fn RtlCreateUserProcess(
1464 NtImagePathName: PUNICODE_STRING,
1465 AttributesDeprecated: ULONG,
1466 ProcessParameters: PRTL_USER_PROCESS_PARAMETERS,
1467 ProcessSecurityDescriptor: PSECURITY_DESCRIPTOR,
1468 ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR,
1469 ParentProcess: HANDLE,
1470 InheritHandles: BOOLEAN,
1471 DebugPort: HANDLE,
1472 TokenHandle: HANDLE,
1473 ProcessInformation: PRTL_USER_PROCESS_INFORMATION,
1474 ) -> NTSTATUS;
1475 fn RtlCreateUserProcessEx(
1476 NtImagePathName: PUNICODE_STRING,
1477 ProcessParameters: PRTL_USER_PROCESS_PARAMETERS,
1478 InheritHandles: BOOLEAN,
1479 Flags: ULONG,
1480 ProcessInformation: PRTL_USER_PROCESS_INFORMATION,
1481 ) -> NTSTATUS;
1482 fn RtlExitUserProcess(
1483 ExitStatus: NTSTATUS,
1484 );
1485 }}
1486 pub const RTL_CLONE_PROCESS_FLAGS_CREATE_SUSPENDED: ULONG = 0x00000001;
1487 pub const RTL_CLONE_PROCESS_FLAGS_INHERIT_HANDLES: ULONG = 0x00000002;
1488 pub const RTL_CLONE_PROCESS_FLAGS_NO_SYNCHRONIZE: ULONG = 0x00000004;
1489 EXTERN!{extern "system" {
1490 fn RtlCloneUserProcess(
1491 ProcessFlags: ULONG,
1492 ProcessSecurityDescriptor: PSECURITY_DESCRIPTOR,
1493 ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR,
1494 DebugPort: HANDLE,
1495 ProcessInformation: PRTL_USER_PROCESS_INFORMATION,
1496 ) -> NTSTATUS;
1497 fn RtlUpdateClonedCriticalSection(
1498 CriticalSection: PRTL_CRITICAL_SECTION,
1499 );
1500 fn RtlUpdateClonedSRWLock(
1501 SRWLock: PRTL_SRWLOCK,
1502 Shared: LOGICAL,
1503 );
1504 }}
1505 STRUCT!{struct RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION {
1506 ReflectionProcessHandle: HANDLE,
1507 ReflectionThreadHandle: HANDLE,
1508 ReflectionClientId: CLIENT_ID,
1509 }}
1510 pub type PRTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION =
1511 *mut RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION;
1512 EXTERN!{extern "system" {
1513 fn RtlCreateProcessReflection(
1514 ProcessHandle: HANDLE,
1515 Flags: ULONG,
1516 StartRoutine: PVOID,
1517 StartContext: PVOID,
1518 EventHandle: HANDLE,
1519 ReflectionInformation: PRTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION,
1520 ) -> NTSTATUS;
1521 }}
1522 EXTERN!{extern "C" {
1523 fn RtlSetProcessIsCritical(
1524 NewValue: BOOLEAN,
1525 OldValue: PBOOLEAN,
1526 CheckFlag: BOOLEAN,
1527 ) -> NTSTATUS;
1528 fn RtlSetThreadIsCritical(
1529 NewValue: BOOLEAN,
1530 OldValue: PBOOLEAN,
1531 CheckFlag: BOOLEAN,
1532 ) -> NTSTATUS;
1533 }}
1534 EXTERN!{extern "system" {
1535 fn RtlValidProcessProtection(
1536 ProcessProtection: PS_PROTECTION,
1537 ) -> BOOLEAN;
1538 fn RtlTestProtectedAccess(
1539 Source: PS_PROTECTION,
1540 Target: PS_PROTECTION,
1541 ) -> BOOLEAN;
1542 fn RtlIsCurrentProcess(
1543 ProcessHandle: HANDLE,
1544 ) -> BOOLEAN;
1545 fn RtlIsCurrentThread(
1546 ThreadHandle: HANDLE,
1547 ) -> BOOLEAN;
1548 }}
1549 FN!{stdcall PUSER_THREAD_START_ROUTINE(
1550 ThreadParameter: PVOID,
1551 ) -> NTSTATUS}
1552 EXTERN!{extern "system" {
1553 fn RtlCreateUserThread(
1554 Process: HANDLE,
1555 ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR,
1556 CreateSuspended: BOOLEAN,
1557 ZeroBits: ULONG,
1558 MaximumStackSize: SIZE_T,
1559 CommittedStackSize: SIZE_T,
1560 StartAddress: PUSER_THREAD_START_ROUTINE,
1561 Parameter: PVOID,
1562 Thread: PHANDLE,
1563 ClientId: PCLIENT_ID,
1564 ) -> NTSTATUS;
1565 fn RtlExitUserThread(
1566 ExitStatus: NTSTATUS,
1567 );
1568 fn RtlIsCurrentThreadAttachExempt() -> BOOLEAN;
1569 fn RtlCreateUserStack(
1570 CommittedStackSize: SIZE_T,
1571 MaximumStackSize: SIZE_T,
1572 ZeroBits: ULONG_PTR,
1573 PageSize: SIZE_T,
1574 ReserveAlignment: ULONG_PTR,
1575 InitialTeb: PINITIAL_TEB,
1576 ) -> NTSTATUS;
1577 fn RtlFreeUserStack(
1578 AllocationBase: PVOID,
1579 ) -> NTSTATUS;
1580 }}
1581 STRUCT!{struct CONTEXT_CHUNK {
1582 Offset: LONG,
1583 Length: ULONG,
1584 }}
1585 pub type PCONTEXT_CHUNK = *mut CONTEXT_CHUNK;
1586 STRUCT!{struct CONTEXT_EX {
1587 All: CONTEXT_CHUNK,
1588 Legacy: CONTEXT_CHUNK,
1589 XState: CONTEXT_CHUNK,
1590 }}
1591 pub type PCONTEXT_EX = *mut CONTEXT_EX;
1592 pub const CONTEXT_EX_LENGTH: usize = 4096;
1593 #[macro_export]
1594 macro_rules! RTL_CONTEXT_EX_OFFSET {
1595 ($ContextEx:expr, $Chunk:ident) => {
1596 (*$ContextEx).$Chunk.Offset
1597 };
1598 }
1599 #[macro_export]
1600 macro_rules! RTL_CONTEXT_EX_LENGTH {
1601 ($ContextEx:expr, $Chunk:ident) => {
1602 (*$ContextEx).$Chunk.Length
1603 };
1604 }
1605 #[macro_export]
1606 macro_rules! RTL_CONTEXT_EX_CHUNK {
1607 ($Base:expr, $Layout:expr, $Chunk:ident) => {
1608 ($Base as usize + RTL_CONTEXT_EX_OFFSET!($Layout, $Chunk) as usize) as *mut c_void
1609 };
1610 }
1611 #[macro_export]
1612 macro_rules! RTL_CONTEXT_OFFSET {
1613 ($Context:expr, $Chunk:ident) => {
1614 RTL_CONTEXT_EX_OFFSET!(($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1)
1615 as *const $crate::ntrtl::CONTEXT_EX, $Chunk)
1616 };
1617 }
1618 #[macro_export]
1619 macro_rules! RTL_CONTEXT_LENGTH {
1620 ($Context:expr, $Chunk:ident) => {
1621 RTL_CONTEXT_EX_LENGTH!(($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1)
1622 as *const $crate::ntrtl::CONTEXT_EX, $Chunk)
1623 };
1624 }
1625 #[macro_export]
1626 macro_rules! RTL_CONTEXT_CHUNK {
1627 ($Context:expr, $Chunk:ident) => {
1628 RTL_CONTEXT_EX_CHUNK!(
1629 ($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1)
1630 as *const $crate::ntrtl::CONTEXT_EX,
1631 ($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1)
1632 as *const $crate::ntrtl::CONTEXT_EX,
1633 $Chunk
1634 )
1635 };
1636 }
1637 EXTERN!{extern "system" {
1638 fn RtlInitializeContext(
1639 Process: HANDLE,
1640 Context: PCONTEXT,
1641 Parameter: PVOID,
1642 InitialPc: PVOID,
1643 InitialSp: PVOID,
1644 );
1645 fn RtlInitializeExtendedContext(
1646 Context: PCONTEXT,
1647 ContextFlags: ULONG,
1648 ContextEx: *mut PCONTEXT_EX,
1649 ) -> ULONG;
1650 fn RtlCopyExtendedContext(
1651 Destination: PCONTEXT_EX,
1652 ContextFlags: ULONG,
1653 Source: PCONTEXT_EX,
1654 ) -> ULONG;
1655 fn RtlGetExtendedContextLength(
1656 ContextFlags: ULONG,
1657 ContextLength: PULONG,
1658 ) -> ULONG;
1659 fn RtlGetExtendedFeaturesMask(
1660 ContextEx: PCONTEXT_EX,
1661 ) -> ULONG64;
1662 fn RtlLocateExtendedFeature(
1663 ContextEx: PCONTEXT_EX,
1664 FeatureId: ULONG,
1665 Length: PULONG,
1666 ) -> PVOID;
1667 fn RtlLocateLegacyContext(
1668 ContextEx: PCONTEXT_EX,
1669 Length: PULONG,
1670 ) -> PCONTEXT;
1671 fn RtlSetExtendedFeaturesMask(
1672 ContextEx: PCONTEXT_EX,
1673 FeatureMask: ULONG64,
1674 );
1675 }}
1676 #[cfg(target_arch = "x86_64")]
1677 EXTERN!{extern "system" {
1678 fn RtlWow64GetThreadContext(
1679 ThreadHandle: HANDLE,
1680 ThreadContext: PWOW64_CONTEXT,
1681 ) -> NTSTATUS;
1682 fn RtlWow64SetThreadContext(
1683 ThreadHandle: HANDLE,
1684 ThreadContext: PWOW64_CONTEXT,
1685 ) -> NTSTATUS;
1686 }}
1687 EXTERN!{extern "system" {
1688 fn RtlRemoteCall(
1689 Process: HANDLE,
1690 Thread: HANDLE,
1691 CallSite: PVOID,
1692 ArgumentCount: ULONG,
1693 Arguments: PULONG_PTR,
1694 PassContext: BOOLEAN,
1695 AlreadySuspended: BOOLEAN,
1696 ) -> NTSTATUS;
1697 fn RtlAddVectoredExceptionHandler(
1698 First: ULONG,
1699 Handler: PVECTORED_EXCEPTION_HANDLER,
1700 ) -> PVOID;
1701 fn RtlRemoveVectoredExceptionHandler(
1702 Handle: PVOID,
1703 ) -> ULONG;
1704 fn RtlAddVectoredContinueHandler(
1705 First: ULONG,
1706 Handler: PVECTORED_EXCEPTION_HANDLER,
1707 ) -> PVOID;
1708 fn RtlRemoveVectoredContinueHandler(
1709 Handle: PVOID,
1710 ) -> ULONG;
1711 }}
1712 FN!{stdcall PRTLP_UNHANDLED_EXCEPTION_FILTER(
1713 ExceptionInfo: PEXCEPTION_POINTERS,
1714 ) -> ULONG}
1715 EXTERN!{extern "system" {
1716 fn RtlSetUnhandledExceptionFilter(
1717 UnhandledExceptionFilter: PRTLP_UNHANDLED_EXCEPTION_FILTER,
1718 );
1719 fn RtlUnhandledExceptionFilter(
1720 ExceptionPointers: PEXCEPTION_POINTERS,
1721 ) -> LONG;
1722 fn RtlUnhandledExceptionFilter2(
1723 ExceptionPointers: PEXCEPTION_POINTERS,
1724 Flags: ULONG,
1725 ) -> LONG;
1726 fn RtlKnownExceptionFilter(
1727 ExceptionPointers: PEXCEPTION_POINTERS,
1728 ) -> LONG;
1729 }}
1730 #[cfg(target_arch = "x86_64")]
1731 IFDEF!{
1732 ENUM!{enum FUNCTION_TABLE_TYPE {
1733 RF_SORTED = 0,
1734 RF_UNSORTED = 1,
1735 RF_CALLBACK = 2,
1736 RF_KERNEL_DYNAMIC = 3,
1737 }}
1738 STRUCT!{struct DYNAMIC_FUNCTION_TABLE {
1739 ListEntry: LIST_ENTRY,
1740 FunctionTable: PRUNTIME_FUNCTION,
1741 TimeStamp: LARGE_INTEGER,
1742 MinimumAddress: ULONG64,
1743 MaximumAddress: ULONG64,
1744 BaseAddress: ULONG64,
1745 Callback: PGET_RUNTIME_FUNCTION_CALLBACK,
1746 Context: PVOID,
1747 OutOfProcessCallbackDll: PWSTR,
1748 Type: FUNCTION_TABLE_TYPE,
1749 EntryCount: ULONG,
1750 TreeNode: RTL_BALANCED_NODE,
1751 }}
1752 pub type PDYNAMIC_FUNCTION_TABLE = *mut DYNAMIC_FUNCTION_TABLE;
1753 EXTERN!{extern "system" {
1754 fn RtlGetFunctionTableListHead() -> PLIST_ENTRY;
1755 }}
1756 }
1757 EXTERN!{extern "system" {
1758 fn RtlImageNtHeader(
1759 BaseOfImage: PVOID,
1760 ) -> PIMAGE_NT_HEADERS;
1761 }}
1762 pub const RTL_IMAGE_NT_HEADER_EX_FLAG_NO_RANGE_CHECK: ULONG = 0x00000001;
1763 EXTERN!{extern "system" {
1764 fn RtlImageNtHeaderEx(
1765 Flags: ULONG,
1766 BaseOfImage: PVOID,
1767 Size: ULONG64,
1768 OutHeaders: *mut PIMAGE_NT_HEADERS,
1769 ) -> NTSTATUS;
1770 fn RtlAddressInSectionTable(
1771 NtHeaders: PIMAGE_NT_HEADERS,
1772 BaseOfImage: PVOID,
1773 VirtualAddress: ULONG,
1774 ) -> PVOID;
1775 fn RtlSectionTableFromVirtualAddress(
1776 NtHeaders: PIMAGE_NT_HEADERS,
1777 BaseOfImage: PVOID,
1778 VirtualAddress: ULONG,
1779 ) -> PIMAGE_SECTION_HEADER;
1780 fn RtlImageDirectoryEntryToData(
1781 BaseOfImage: PVOID,
1782 MappedAsImage: BOOLEAN,
1783 DirectoryEntry: USHORT,
1784 Size: PULONG,
1785 ) -> PVOID;
1786 fn RtlImageRvaToSection(
1787 NtHeaders: PIMAGE_NT_HEADERS,
1788 BaseOfImage: PVOID,
1789 Rva: ULONG,
1790 ) -> PIMAGE_SECTION_HEADER;
1791 fn RtlImageRvaToVa(
1792 NtHeaders: PIMAGE_NT_HEADERS,
1793 BaseOfImage: PVOID,
1794 Rva: ULONG,
1795 LastRvaSection: *mut PIMAGE_SECTION_HEADER,
1796 ) -> PVOID;
1797 fn RtlFindExportedRoutineByName(
1798 BaseOfImage: PVOID,
1799 RoutineName: PSTR,
1800 ) -> PVOID;
1801 fn RtlGuardCheckLongJumpTarget(
1802 PcValue: PVOID,
1803 IsFastFail: BOOL,
1804 IsLongJumpTarget: PBOOL,
1805 ) -> NTSTATUS;
1806 fn RtlCompareMemoryUlong(
1807 Source: PVOID,
1808 Length: SIZE_T,
1809 Pattern: ULONG,
1810 ) -> SIZE_T;
1811 fn RtlFillMemoryUlong(
1812 Destination: PVOID,
1813 Length: SIZE_T,
1814 Pattern: ULONG,
1815 );
1816 fn RtlFillMemoryUlonglong(
1817 Destination: PVOID,
1818 Length: SIZE_T,
1819 Pattern: ULONGLONG,
1820 );
1821 fn RtlCreateEnvironment(
1822 CloneCurrentEnvironment: BOOLEAN,
1823 Environment: *mut PVOID,
1824 ) -> NTSTATUS;
1825 }}
1826 pub const RTL_CREATE_ENVIRONMENT_TRANSLATE: ULONG = 0x1;
1827 pub const RTL_CREATE_ENVIRONMENT_TRANSLATE_FROM_OEM: ULONG = 0x2;
1828 pub const RTL_CREATE_ENVIRONMENT_EMPTY: ULONG = 0x4;
1829 EXTERN!{extern "system" {
1830 fn RtlCreateEnvironmentEx(
1831 SourceEnv: PVOID,
1832 Environment: *mut PVOID,
1833 Flags: ULONG,
1834 ) -> NTSTATUS;
1835 fn RtlDestroyEnvironment(
1836 Environment: PVOID,
1837 ) -> NTSTATUS;
1838 fn RtlSetCurrentEnvironment(
1839 Environment: PVOID,
1840 PreviousEnvironment: *mut PVOID,
1841 ) -> NTSTATUS;
1842 fn RtlSetEnvironmentVar(
1843 Environment: *mut PWSTR,
1844 Name: PWSTR,
1845 NameLength: SIZE_T,
1846 Value: PWSTR,
1847 ValueLength: SIZE_T,
1848 ) -> NTSTATUS;
1849 fn RtlSetEnvironmentVariable(
1850 Environment: *mut PVOID,
1851 Name: PUNICODE_STRING,
1852 Value: PUNICODE_STRING,
1853 ) -> NTSTATUS;
1854 fn RtlQueryEnvironmentVariable(
1855 Environment: PVOID,
1856 Name: PWSTR,
1857 NameLength: SIZE_T,
1858 Value: PWSTR,
1859 ValueLength: SIZE_T,
1860 ReturnLength: PSIZE_T,
1861 ) -> NTSTATUS;
1862 fn RtlQueryEnvironmentVariable_U(
1863 Environment: PVOID,
1864 Name: PUNICODE_STRING,
1865 Value: PUNICODE_STRING,
1866 ) -> NTSTATUS;
1867 fn RtlExpandEnvironmentStrings(
1868 Environment: PVOID,
1869 Src: PWSTR,
1870 SrcLength: SIZE_T,
1871 Dst: PWSTR,
1872 DstLength: SIZE_T,
1873 ReturnLength: PSIZE_T,
1874 ) -> NTSTATUS;
1875 fn RtlExpandEnvironmentStrings_U(
1876 Environment: PVOID,
1877 Source: PUNICODE_STRING,
1878 Destination: PUNICODE_STRING,
1879 ReturnedLength: PULONG,
1880 ) -> NTSTATUS;
1881 fn RtlSetEnvironmentStrings(
1882 NewEnvironment: PWCHAR,
1883 NewEnvironmentSize: SIZE_T,
1884 ) -> NTSTATUS;
1885 }}
1886 STRUCT!{struct RTLP_CURDIR_REF {
1887 ReferenceCount: LONG,
1888 DirectoryHandle: HANDLE,
1889 }}
1890 pub type PRTLP_CURDIR_REF = *mut RTLP_CURDIR_REF;
1891 STRUCT!{struct RTL_RELATIVE_NAME_U {
1892 RelativeName: UNICODE_STRING,
1893 ContainingDirectory: HANDLE,
1894 CurDirRef: PRTLP_CURDIR_REF,
1895 }}
1896 pub type PRTL_RELATIVE_NAME_U = *mut RTL_RELATIVE_NAME_U;
1897 ENUM!{enum RTL_PATH_TYPE {
1898 RtlPathTypeUnknown = 0,
1899 RtlPathTypeUncAbsolute = 1,
1900 RtlPathTypeDriveAbsolute = 2,
1901 RtlPathTypeDriveRelative = 3,
1902 RtlPathTypeRooted = 4,
1903 RtlPathTypeRelative = 5,
1904 RtlPathTypeLocalDevice = 6,
1905 RtlPathTypeRootLocalDevice = 7,
1906 }}
1907 EXTERN!{extern "C" {
1908 static mut RtlDosPathSeperatorsString: UNICODE_STRING;
1909 static mut RtlAlternateDosPathSeperatorString: UNICODE_STRING;
1910 static mut RtlNtPathSeperatorString: UNICODE_STRING;
1911 }}
1912 /// "ntdll.dll"
1913 pub const RtlNtdllName: UTF16Const = UTF16Const(&[
1914 0x006E, 0x0074, 0x0064, 0x006C, 0x006C, 0x002E, 0x0064, 0x006C, 0x006C, 0u16,
1915 ]);
1916 EXTERN!{extern "system" {
1917 fn RtlDetermineDosPathNameType_U(
1918 DosFileName: PWSTR,
1919 ) -> RTL_PATH_TYPE;
1920 fn RtlDetermineDosPathNameType_Ustr(
1921 DosFileName: PCUNICODE_STRING,
1922 ) -> RTL_PATH_TYPE;
1923 fn RtlIsDosDeviceName_U(
1924 DosFileName: PWSTR,
1925 ) -> ULONG;
1926 fn RtlIsDosDeviceName_Ustr(
1927 DosFileName: PUNICODE_STRING,
1928 ) -> ULONG;
1929 fn RtlGetFullPathName_U(
1930 FileName: PWSTR,
1931 BufferLength: ULONG,
1932 Buffer: PWSTR,
1933 FilePart: *mut PWSTR,
1934 ) -> ULONG;
1935 fn RtlGetFullPathName_UEx(
1936 FileName: PWSTR,
1937 BufferLength: ULONG,
1938 Buffer: PWSTR,
1939 FilePart: *mut PWSTR,
1940 BytesRequired: *mut ULONG,
1941 ) -> NTSTATUS;
1942 fn RtlGetFullPathName_UstrEx(
1943 FileName: PUNICODE_STRING,
1944 StaticString: PUNICODE_STRING,
1945 DynamicString: PUNICODE_STRING,
1946 StringUsed: *mut PUNICODE_STRING,
1947 FilePartPrefixCch: *mut SIZE_T,
1948 NameInvalid: PBOOLEAN,
1949 InputPathType: *mut RTL_PATH_TYPE,
1950 BytesRequired: *mut SIZE_T,
1951 ) -> NTSTATUS;
1952 fn RtlGetCurrentDirectory_U(
1953 BufferLength: ULONG,
1954 Buffer: PWSTR,
1955 ) -> ULONG;
1956 fn RtlSetCurrentDirectory_U(
1957 PathName: PUNICODE_STRING,
1958 ) -> NTSTATUS;
1959 fn RtlGetLongestNtPathLength() -> ULONG;
1960 fn RtlDosPathNameToNtPathName_U(
1961 DosFileName: PWSTR,
1962 NtFileName: PUNICODE_STRING,
1963 FilePart: *mut PWSTR,
1964 RelativeName: PRTL_RELATIVE_NAME_U,
1965 ) -> BOOLEAN;
1966 fn RtlDosPathNameToNtPathName_U_WithStatus(
1967 DosFileName: PWSTR,
1968 NtFileName: PUNICODE_STRING,
1969 FilePart: *mut PWSTR,
1970 RelativeName: PRTL_RELATIVE_NAME_U,
1971 ) -> NTSTATUS;
1972 fn RtlDosLongPathNameToNtPathName_U_WithStatus(
1973 DosFileName: PWSTR,
1974 NtFileName: PUNICODE_STRING,
1975 FilePart: *mut PWSTR,
1976 RelativeName: PRTL_RELATIVE_NAME_U,
1977 ) -> NTSTATUS;
1978 fn RtlDosPathNameToRelativeNtPathName_U(
1979 DosFileName: PWSTR,
1980 NtFileName: PUNICODE_STRING,
1981 FilePart: *mut PWSTR,
1982 RelativeName: PRTL_RELATIVE_NAME_U,
1983 ) -> BOOLEAN;
1984 fn RtlDosPathNameToRelativeNtPathName_U_WithStatus(
1985 DosFileName: PWSTR,
1986 NtFileName: PUNICODE_STRING,
1987 FilePart: *mut PWSTR,
1988 RelativeName: PRTL_RELATIVE_NAME_U,
1989 ) -> NTSTATUS;
1990 fn RtlDosLongPathNameToRelativeNtPathName_U_WithStatus(
1991 DosFileName: PWSTR,
1992 NtFileName: PUNICODE_STRING,
1993 FilePart: *mut PWSTR,
1994 RelativeName: PRTL_RELATIVE_NAME_U,
1995 ) -> NTSTATUS;
1996 fn RtlReleaseRelativeName(
1997 RelativeName: PRTL_RELATIVE_NAME_U,
1998 );
1999 fn RtlDosSearchPath_U(
2000 Path: PWSTR,
2001 FileName: PWSTR,
2002 Extension: PWSTR,
2003 BufferLength: ULONG,
2004 Buffer: PWSTR,
2005 FilePart: *mut PWSTR,
2006 ) -> ULONG;
2007 }}
2008 pub const RTL_DOS_SEARCH_PATH_FLAG_APPLY_ISOLATION_REDIRECTION: ULONG = 0x00000001;
2009 pub const RTL_DOS_SEARCH_PATH_FLAG_DISALLOW_DOT_RELATIVE_PATH_SEARCH: ULONG = 0x00000002;
2010 pub const RTL_DOS_SEARCH_PATH_FLAG_APPLY_DEFAULT_EXTENSION_WHEN_NOT_RELATIVE_PATH_EVEN_IF_FILE_HAS_EXTENSION: ULONG = 0x00000004;
2011 EXTERN!{extern "system" {
2012 fn RtlDosSearchPath_Ustr(
2013 Flags: ULONG,
2014 Path: PUNICODE_STRING,
2015 FileName: PUNICODE_STRING,
2016 DefaultExtension: PUNICODE_STRING,
2017 StaticString: PUNICODE_STRING,
2018 DynamicString: PUNICODE_STRING,
2019 FullFileNameOut: *mut PCUNICODE_STRING,
2020 FilePartPrefixCch: *mut SIZE_T,
2021 BytesRequired: *mut SIZE_T,
2022 ) -> NTSTATUS;
2023 fn RtlDoesFileExists_U(
2024 FileName: PWSTR,
2025 ) -> BOOLEAN;
2026 fn RtlGetLengthWithoutLastFullDosOrNtPathElement(
2027 Flags: ULONG,
2028 PathString: PUNICODE_STRING,
2029 Length: PULONG,
2030 ) -> NTSTATUS;
2031 fn RtlGetLengthWithoutTrailingPathSeperators(
2032 Flags: ULONG,
2033 PathString: PUNICODE_STRING,
2034 Length: PULONG,
2035 ) -> NTSTATUS;
2036 }}
2037 STRUCT!{struct GENERATE_NAME_CONTEXT {
2038 Checksum: USHORT,
2039 CheckSumInserted: BOOLEAN,
2040 NameLength: UCHAR,
2041 NameBuffer: [WCHAR; 8],
2042 ExtensionLength: ULONG,
2043 ExtensionBuffer: [WCHAR; 4],
2044 LastIndexValue: ULONG,
2045 }}
2046 pub type PGENERATE_NAME_CONTEXT = *mut GENERATE_NAME_CONTEXT;
2047 EXTERN!{extern "system" {
2048 fn RtlGenerate8dot3Name(
2049 Name: PCUNICODE_STRING,
2050 AllowExtendedCharacters: BOOLEAN,
2051 Context: PGENERATE_NAME_CONTEXT,
2052 Name8dot3: PUNICODE_STRING,
2053 ) -> NTSTATUS;
2054 fn RtlComputePrivatizedDllName_U(
2055 DllName: PUNICODE_STRING,
2056 RealName: PUNICODE_STRING,
2057 LocalName: PUNICODE_STRING,
2058 ) -> NTSTATUS;
2059 fn RtlGetSearchPath(
2060 SearchPathA: *mut PWSTR,
2061 ) -> BOOLEAN;
2062 fn RtlSetSearchPathMode(
2063 Flags: ULONG,
2064 ) -> NTSTATUS;
2065 fn RtlGetExePath() -> PWSTR;
2066 fn RtlGetNtSystemRoot() -> PWSTR;
2067 fn RtlAreLongPathsEnabled() -> BOOLEAN;
2068 fn RtlIsThreadWithinLoaderCallout() -> BOOLEAN;
2069 fn RtlDllShutdownInProgress() -> BOOLEAN;
2070 }}
2071 STRUCT!{struct RTL_HEAP_ENTRY_u_s1 {
2072 Settable: SIZE_T,
2073 Tag: ULONG,
2074 }}
2075 STRUCT!{struct RTL_HEAP_ENTRY_u_s2 {
2076 CommittedSize: SIZE_T,
2077 FirstBlock: PVOID,
2078 }}
2079 UNION!{union RTL_HEAP_ENTRY_u {
2080 s1: RTL_HEAP_ENTRY_u_s1,
2081 s2: RTL_HEAP_ENTRY_u_s2,
2082 }}
2083 STRUCT!{struct RTL_HEAP_ENTRY {
2084 Size: SIZE_T,
2085 Flags: USHORT,
2086 AllocatorBackTraceIndex: USHORT,
2087 u: RTL_HEAP_ENTRY_u,
2088 }}
2089 pub type PRTL_HEAP_ENTRY = *mut RTL_HEAP_ENTRY;
2090 pub const RTL_HEAP_BUSY: USHORT = 0x0001;
2091 pub const RTL_HEAP_SEGMENT: USHORT = 0x0002;
2092 pub const RTL_HEAP_SETTABLE_VALUE: USHORT = 0x0010;
2093 pub const RTL_HEAP_SETTABLE_FLAG1: USHORT = 0x0020;
2094 pub const RTL_HEAP_SETTABLE_FLAG2: USHORT = 0x0040;
2095 pub const RTL_HEAP_SETTABLE_FLAG3: USHORT = 0x0080;
2096 pub const RTL_HEAP_SETTABLE_FLAGS: USHORT = 0x00e0;
2097 pub const RTL_HEAP_UNCOMMITTED_RANGE: USHORT = 0x0100;
2098 pub const RTL_HEAP_PROTECTED_ENTRY: USHORT = 0x0200;
2099 STRUCT!{struct RTL_HEAP_TAG {
2100 NumberOfAllocations: ULONG,
2101 NumberOfFrees: ULONG,
2102 BytesAllocated: SIZE_T,
2103 TagIndex: USHORT,
2104 CreatorBackTraceIndex: USHORT,
2105 TagName: [WCHAR; 24],
2106 }}
2107 pub type PRTL_HEAP_TAG = *mut RTL_HEAP_TAG;
2108 STRUCT!{struct RTL_HEAP_INFORMATION {
2109 BaseAddress: PVOID,
2110 Flags: ULONG,
2111 EntryOverhead: USHORT,
2112 CreatorBackTraceIndex: USHORT,
2113 BytesAllocated: SIZE_T,
2114 BytesCommitted: SIZE_T,
2115 NumberOfTags: ULONG,
2116 NumberOfEntries: ULONG,
2117 NumberOfPseudoTags: ULONG,
2118 PseudoTagGranularity: ULONG,
2119 Reserved: [ULONG; 5],
2120 Tags: PRTL_HEAP_TAG,
2121 Entries: PRTL_HEAP_ENTRY,
2122 }}
2123 pub type PRTL_HEAP_INFORMATION = *mut RTL_HEAP_INFORMATION;
2124 STRUCT!{struct RTL_PROCESS_HEAPS {
2125 NumberOfHeaps: ULONG,
2126 Heaps: [RTL_HEAP_INFORMATION; 1],
2127 }}
2128 pub type PRTL_PROCESS_HEAPS = *mut RTL_PROCESS_HEAPS;
2129 FN!{stdcall PRTL_HEAP_COMMIT_ROUTINE(
2130 Base: PVOID,
2131 CommitAddress: *mut PVOID,
2132 CommitSize: PSIZE_T,
2133 ) -> NTSTATUS}
2134 STRUCT!{struct RTL_HEAP_PARAMETERS {
2135 Length: ULONG,
2136 SegmentReserve: SIZE_T,
2137 SegmentCommit: SIZE_T,
2138 DeCommitFreeBlockThreshold: SIZE_T,
2139 DeCommitTotalFreeThreshold: SIZE_T,
2140 MaximumAllocationSize: SIZE_T,
2141 VirtualMemoryThreshold: SIZE_T,
2142 InitialCommit: SIZE_T,
2143 InitialReserve: SIZE_T,
2144 CommitRoutine: PRTL_HEAP_COMMIT_ROUTINE,
2145 Reserved: [SIZE_T; 2],
2146 }}
2147 pub type PRTL_HEAP_PARAMETERS = *mut RTL_HEAP_PARAMETERS;
2148 pub const HEAP_SETTABLE_USER_VALUE: ULONG = 0x00000100;
2149 pub const HEAP_SETTABLE_USER_FLAG1: ULONG = 0x00000200;
2150 pub const HEAP_SETTABLE_USER_FLAG2: ULONG = 0x00000400;
2151 pub const HEAP_SETTABLE_USER_FLAG3: ULONG = 0x00000800;
2152 pub const HEAP_SETTABLE_USER_FLAGS: ULONG = 0x00000e00;
2153 pub const HEAP_CLASS_0: ULONG = 0x00000000;
2154 pub const HEAP_CLASS_1: ULONG = 0x00001000;
2155 pub const HEAP_CLASS_2: ULONG = 0x00002000;
2156 pub const HEAP_CLASS_3: ULONG = 0x00003000;
2157 pub const HEAP_CLASS_4: ULONG = 0x00004000;
2158 pub const HEAP_CLASS_5: ULONG = 0x00005000;
2159 pub const HEAP_CLASS_6: ULONG = 0x00006000;
2160 pub const HEAP_CLASS_7: ULONG = 0x00007000;
2161 pub const HEAP_CLASS_8: ULONG = 0x00008000;
2162 pub const HEAP_CLASS_MASK: ULONG = 0x0000f000;
2163 EXTERN!{extern "system" {
2164 fn RtlCreateHeap(
2165 Flags: ULONG,
2166 HeapBase: PVOID,
2167 ReserveSize: SIZE_T,
2168 CommitSize: SIZE_T,
2169 Lock: PVOID,
2170 Parameters: PRTL_HEAP_PARAMETERS,
2171 ) -> PVOID;
2172 fn RtlDestroyHeap(
2173 HeapHandle: PVOID,
2174 ) -> PVOID;
2175 fn RtlAllocateHeap(
2176 HeapHandle: PVOID,
2177 Flags: ULONG,
2178 Size: SIZE_T,
2179 ) -> PVOID;
2180 fn RtlFreeHeap(
2181 HeapHandle: PVOID,
2182 Flags: ULONG,
2183 BaseAddress: PVOID,
2184 ) -> BOOLEAN;
2185 fn RtlSizeHeap(
2186 HeapHandle: PVOID,
2187 Flags: ULONG,
2188 BaseAddress: PVOID,
2189 ) -> SIZE_T;
2190 fn RtlZeroHeap(
2191 HeapHandle: PVOID,
2192 Flags: ULONG,
2193 ) -> NTSTATUS;
2194 fn RtlProtectHeap(
2195 HeapHandle: PVOID,
2196 MakeReadOnly: BOOLEAN,
2197 );
2198 }}
2199 #[inline] #[cfg(feature = "nightly")]
RtlProcessHeap() -> PVOID2200 pub unsafe fn RtlProcessHeap() -> PVOID {
2201 use crate::ntpsapi::NtCurrentPeb;
2202 (*NtCurrentPeb()).ProcessHeap
2203 }
2204 EXTERN!{extern "system" {
2205 fn RtlLockHeap(
2206 HeapHandle: PVOID,
2207 ) -> BOOLEAN;
2208 fn RtlUnlockHeap(
2209 HeapHandle: PVOID,
2210 ) -> BOOLEAN;
2211 fn RtlReAllocateHeap(
2212 HeapHandle: PVOID,
2213 Flags: ULONG,
2214 BaseAddress: PVOID,
2215 Size: SIZE_T,
2216 ) -> PVOID;
2217 fn RtlGetUserInfoHeap(
2218 HeapHandle: PVOID,
2219 Flags: ULONG,
2220 BaseAddress: PVOID,
2221 UserValue: *mut PVOID,
2222 UserFlags: PULONG,
2223 ) -> BOOLEAN;
2224 fn RtlSetUserValueHeap(
2225 HeapHandle: PVOID,
2226 Flags: ULONG,
2227 BaseAddress: PVOID,
2228 UserValue: PVOID,
2229 ) -> BOOLEAN;
2230 fn RtlSetUserFlagsHeap(
2231 HeapHandle: PVOID,
2232 Flags: ULONG,
2233 BaseAddress: PVOID,
2234 UserFlagsReset: ULONG,
2235 UserFlagsSet: ULONG,
2236 ) -> BOOLEAN;
2237 }}
2238 STRUCT!{struct RTL_HEAP_TAG_INFO {
2239 NumberOfAllocations: ULONG,
2240 NumberOfFrees: ULONG,
2241 BytesAllocated: SIZE_T,
2242 }}
2243 pub type PRTL_HEAP_TAG_INFO = *mut RTL_HEAP_TAG_INFO;
2244 EXTERN!{extern "system" {
2245 fn RtlCreateTagHeap(
2246 HeapHandle: PVOID,
2247 Flags: ULONG,
2248 TagPrefix: PWSTR,
2249 TagNames: PWSTR,
2250 ) -> ULONG;
2251 fn RtlQueryTagHeap(
2252 HeapHandle: PVOID,
2253 Flags: ULONG,
2254 TagIndex: USHORT,
2255 ResetCounters: BOOLEAN,
2256 TagInfo: PRTL_HEAP_TAG_INFO,
2257 ) -> PWSTR;
2258 fn RtlExtendHeap(
2259 HeapHandle: PVOID,
2260 Flags: ULONG,
2261 Base: PVOID,
2262 Size: SIZE_T,
2263 ) -> NTSTATUS;
2264 fn RtlCompactHeap(
2265 HeapHandle: PVOID,
2266 Flags: ULONG,
2267 ) -> SIZE_T;
2268 fn RtlValidateHeap(
2269 HeapHandle: PVOID,
2270 Flags: ULONG,
2271 BaseAddress: PVOID,
2272 ) -> BOOLEAN;
2273 fn RtlValidateProcessHeaps() -> BOOLEAN;
2274 fn RtlGetProcessHeaps(
2275 NumberOfHeaps: ULONG,
2276 ProcessHeaps: *mut PVOID,
2277 ) -> ULONG;
2278 }}
2279 FN!{stdcall PRTL_ENUM_HEAPS_ROUTINE(
2280 HeapHandle: PVOID,
2281 Parameter: PVOID,
2282 ) -> NTSTATUS}
2283 EXTERN!{extern "system" {
2284 fn RtlEnumProcessHeaps(
2285 EnumRoutine: PRTL_ENUM_HEAPS_ROUTINE,
2286 Parameter: PVOID,
2287 ) -> NTSTATUS;
2288 }}
2289 STRUCT!{struct RTL_HEAP_USAGE_ENTRY {
2290 Next: *mut RTL_HEAP_USAGE_ENTRY,
2291 Address: PVOID,
2292 Size: SIZE_T,
2293 AllocatorBackTraceIndex: USHORT,
2294 TagIndex: USHORT,
2295 }}
2296 pub type PRTL_HEAP_USAGE_ENTRY = *mut RTL_HEAP_USAGE_ENTRY;
2297 STRUCT!{struct RTL_HEAP_USAGE {
2298 Length: ULONG,
2299 BytesAllocated: SIZE_T,
2300 BytesCommitted: SIZE_T,
2301 BytesReserved: SIZE_T,
2302 BytesReservedMaximum: SIZE_T,
2303 Entries: PRTL_HEAP_USAGE_ENTRY,
2304 AddedEntries: PRTL_HEAP_USAGE_ENTRY,
2305 RemovedEntries: PRTL_HEAP_USAGE_ENTRY,
2306 Reserved: [ULONG_PTR; 8],
2307 }}
2308 pub type PRTL_HEAP_USAGE = *mut RTL_HEAP_USAGE;
2309 pub const HEAP_USAGE_ALLOCATED_BLOCKS: ULONG = HEAP_REALLOC_IN_PLACE_ONLY;
2310 pub const HEAP_USAGE_FREE_BUFFER: ULONG = HEAP_ZERO_MEMORY;
2311 EXTERN!{extern "system" {
2312 fn RtlUsageHeap(
2313 HeapHandle: PVOID,
2314 Flags: ULONG,
2315 Usage: PRTL_HEAP_USAGE,
2316 ) -> NTSTATUS;
2317 }}
2318 STRUCT!{struct RTL_HEAP_WALK_ENTRY_u_Block {
2319 Settable: SIZE_T,
2320 TagIndex: USHORT,
2321 AllocatorBackTraceIndex: USHORT,
2322 Reserved: [ULONG; 2],
2323 }}
2324 STRUCT!{struct RTL_HEAP_WALK_ENTRY_u_Segment {
2325 CommittedSize: ULONG,
2326 UnCommittedSize: ULONG,
2327 FirstEntry: PVOID,
2328 LastEntry: PVOID,
2329 }}
2330 UNION!{union RTL_HEAP_WALK_ENTRY_u {
2331 Block: RTL_HEAP_WALK_ENTRY_u_Block,
2332 Segment: RTL_HEAP_WALK_ENTRY_u_Segment,
2333 }}
2334 STRUCT!{struct RTL_HEAP_WALK_ENTRY {
2335 DataAddress: PVOID,
2336 DataSize: SIZE_T,
2337 OverheadBytes: UCHAR,
2338 SegmentIndex: UCHAR,
2339 Flags: USHORT,
2340 u: RTL_HEAP_WALK_ENTRY_u,
2341 }}
2342 pub type PRTL_HEAP_WALK_ENTRY = *mut RTL_HEAP_WALK_ENTRY;
2343 EXTERN!{extern "system" {
2344 fn RtlWalkHeap(
2345 HeapHandle: PVOID,
2346 Entry: PRTL_HEAP_WALK_ENTRY,
2347 ) -> NTSTATUS;
2348 }}
2349 pub const HeapDetailedFailureInformation: u32 = 0x80000001;
2350 pub const HeapSetDebuggingInformation: u32 = 0x80000002;
2351 ENUM!{enum HEAP_COMPATIBILITY_MODE {
2352 HEAP_COMPATIBILITY_STANDARD = 0,
2353 HEAP_COMPATIBILITY_LAL = 1,
2354 HEAP_COMPATIBILITY_LFH = 2,
2355 }}
2356 STRUCT!{struct PROCESS_HEAP_INFORMATION {
2357 ReserveSize: ULONG_PTR,
2358 CommitSize: ULONG_PTR,
2359 NumberOfHeaps: ULONG,
2360 FirstHeapInformationOffset: ULONG_PTR,
2361 }}
2362 pub type PPROCESS_HEAP_INFORMATION = *mut PROCESS_HEAP_INFORMATION;
2363 STRUCT!{struct HEAP_INFORMATION {
2364 Address: ULONG_PTR,
2365 Mode: ULONG,
2366 ReserveSize: ULONG_PTR,
2367 CommitSize: ULONG_PTR,
2368 FirstRegionInformationOffset: ULONG_PTR,
2369 NextHeapInformationOffset: ULONG_PTR,
2370 }}
2371 pub type PHEAP_INFORMATION = *mut HEAP_INFORMATION;
2372 UNION!{union HEAP_EXTENDED_INFORMATION_u {
2373 ProcessHeapInformation: PROCESS_HEAP_INFORMATION,
2374 HeapInformation: HEAP_INFORMATION,
2375 }}
2376 STRUCT!{struct HEAP_EXTENDED_INFORMATION {
2377 Process: HANDLE,
2378 Heap: ULONG_PTR,
2379 Level: ULONG,
2380 CallbackRoutine: PVOID,
2381 CallbackContext: PVOID,
2382 u: HEAP_EXTENDED_INFORMATION_u,
2383 }}
2384 pub type PHEAP_EXTENDED_INFORMATION = *mut HEAP_EXTENDED_INFORMATION;
2385 FN!{stdcall PRTL_HEAP_LEAK_ENUMERATION_ROUTINE(
2386 Reserved: LONG,
2387 HeapHandle: PVOID,
2388 BaseAddress: PVOID,
2389 BlockSize: SIZE_T,
2390 StackTraceDepth: ULONG,
2391 StackTrace: *mut PVOID,
2392 ) -> NTSTATUS}
2393 STRUCT!{struct HEAP_DEBUGGING_INFORMATION {
2394 InterceptorFunction: PVOID,
2395 InterceptorValue: USHORT,
2396 ExtendedOptions: ULONG,
2397 StackTraceDepth: ULONG,
2398 MinTotalBlockSize: SIZE_T,
2399 MaxTotalBlockSize: SIZE_T,
2400 HeapLeakEnumerationRoutine: PRTL_HEAP_LEAK_ENUMERATION_ROUTINE,
2401 }}
2402 pub type PHEAP_DEBUGGING_INFORMATION = *mut HEAP_DEBUGGING_INFORMATION;
2403 EXTERN!{extern "system" {
2404 fn RtlQueryHeapInformation(
2405 HeapHandle: PVOID,
2406 HeapInformationClass: HEAP_INFORMATION_CLASS,
2407 HeapInformation: PVOID,
2408 HeapInformationLength: SIZE_T,
2409 ReturnLength: PSIZE_T,
2410 ) -> NTSTATUS;
2411 fn RtlSetHeapInformation(
2412 HeapHandle: PVOID,
2413 HeapInformationClass: HEAP_INFORMATION_CLASS,
2414 HeapInformation: PVOID,
2415 HeapInformationLength: SIZE_T,
2416 ) -> NTSTATUS;
2417 fn RtlMultipleAllocateHeap(
2418 HeapHandle: PVOID,
2419 Flags: ULONG,
2420 Size: SIZE_T,
2421 Count: ULONG,
2422 Array: *mut PVOID,
2423 ) -> ULONG;
2424 fn RtlMultipleFreeHeap(
2425 HeapHandle: PVOID,
2426 Flags: ULONG,
2427 Count: ULONG,
2428 Array: *mut PVOID,
2429 ) -> ULONG;
2430 fn RtlDetectHeapLeaks();
2431 fn RtlFlushHeaps();
2432 }}
2433 STRUCT!{struct RTL_MEMORY_ZONE_SEGMENT {
2434 NextSegment: *mut RTL_MEMORY_ZONE_SEGMENT,
2435 Size: SIZE_T,
2436 Next: PVOID,
2437 Limit: PVOID,
2438 }}
2439 pub type PRTL_MEMORY_ZONE_SEGMENT = *mut RTL_MEMORY_ZONE_SEGMENT;
2440 STRUCT!{struct RTL_MEMORY_ZONE {
2441 Segment: RTL_MEMORY_ZONE_SEGMENT,
2442 Lock: RTL_SRWLOCK,
2443 LockCount: ULONG,
2444 FirstSegment: PRTL_MEMORY_ZONE_SEGMENT,
2445 }}
2446 pub type PRTL_MEMORY_ZONE = *mut RTL_MEMORY_ZONE;
2447 EXTERN!{extern "system" {
2448 fn RtlCreateMemoryZone(
2449 MemoryZone: *mut PVOID,
2450 InitialSize: SIZE_T,
2451 Flags: ULONG,
2452 ) -> NTSTATUS;
2453 fn RtlDestroyMemoryZone(
2454 MemoryZone: PVOID,
2455 ) -> NTSTATUS;
2456 fn RtlAllocateMemoryZone(
2457 MemoryZone: PVOID,
2458 BlockSize: SIZE_T,
2459 Block: *mut PVOID,
2460 ) -> NTSTATUS;
2461 fn RtlResetMemoryZone(
2462 MemoryZone: PVOID,
2463 ) -> NTSTATUS;
2464 fn RtlLockMemoryZone(
2465 MemoryZone: PVOID,
2466 ) -> NTSTATUS;
2467 fn RtlUnlockMemoryZone(
2468 MemoryZone: PVOID,
2469 ) -> NTSTATUS;
2470 fn RtlCreateMemoryBlockLookaside(
2471 MemoryBlockLookaside: *mut PVOID,
2472 Flags: ULONG,
2473 InitialSize: ULONG,
2474 MinimumBlockSize: ULONG,
2475 MaximumBlockSize: ULONG,
2476 ) -> NTSTATUS;
2477 fn RtlDestroyMemoryBlockLookaside(
2478 MemoryBlockLookaside: PVOID,
2479 ) -> NTSTATUS;
2480 fn RtlAllocateMemoryBlockLookaside(
2481 MemoryBlockLookaside: PVOID,
2482 BlockSize: ULONG,
2483 Block: *mut PVOID,
2484 ) -> NTSTATUS;
2485 fn RtlFreeMemoryBlockLookaside(
2486 MemoryBlockLookaside: PVOID,
2487 Block: PVOID,
2488 ) -> NTSTATUS;
2489 fn RtlExtendMemoryBlockLookaside(
2490 MemoryBlockLookaside: PVOID,
2491 Increment: ULONG,
2492 ) -> NTSTATUS;
2493 fn RtlResetMemoryBlockLookaside(
2494 MemoryBlockLookaside: PVOID,
2495 ) -> NTSTATUS;
2496 fn RtlLockMemoryBlockLookaside(
2497 MemoryBlockLookaside: PVOID,
2498 ) -> NTSTATUS;
2499 fn RtlUnlockMemoryBlockLookaside(
2500 MemoryBlockLookaside: PVOID,
2501 ) -> NTSTATUS;
2502 fn RtlGetCurrentTransaction() -> HANDLE;
2503 fn RtlSetCurrentTransaction(
2504 TransactionHandle: HANDLE,
2505 ) -> LOGICAL;
2506 }}
2507 #[inline]
RtlIsEqualLuid(L1: &LUID, L2: &LUID) -> bool2508 pub const fn RtlIsEqualLuid(L1: &LUID, L2: &LUID) -> bool {
2509 ((L1.LowPart == L2.LowPart) & (L1.HighPart == L2.HighPart)) as u8 != 0 //fixme
2510 }
2511 #[inline]
RtlIsZeroLuid(L1: &LUID) -> bool2512 pub const fn RtlIsZeroLuid(L1: &LUID) -> bool {
2513 (L1.LowPart | L1.HighPart as u32) == 0
2514 }
2515 #[inline]
RtlConvertLongToLuid(Long: LONG) -> LUID2516 pub const fn RtlConvertLongToLuid(Long: LONG) -> LUID {
2517 LUID { LowPart: Long as u32, HighPart: ((Long as i64) >> 32) as i32 }
2518 }
2519 #[inline]
RtlConvertUlongToLuid(Ulong: ULONG) -> LUID2520 pub const fn RtlConvertUlongToLuid(Ulong: ULONG) -> LUID {
2521 LUID { LowPart: Ulong, HighPart: 0 }
2522 }
2523 EXTERN!{extern "system" {
2524 fn RtlCopyLuid(
2525 DestinationLuid: PLUID,
2526 SourceLuid: PLUID,
2527 );
2528 fn RtlCopyLuidAndAttributesArray(
2529 Count: ULONG,
2530 Src: PLUID_AND_ATTRIBUTES,
2531 Dest: PLUID_AND_ATTRIBUTES,
2532 );
2533 }}
2534 STRUCT!{struct RTL_PROCESS_VERIFIER_OPTIONS {
2535 SizeStruct: ULONG,
2536 Option: ULONG,
2537 OptionData: [UCHAR; 1],
2538 }}
2539 pub type PRTL_PROCESS_VERIFIER_OPTIONS = *mut RTL_PROCESS_VERIFIER_OPTIONS;
2540 UNION!{union RTL_DEBUG_INFORMATION_u {
2541 Modules: *mut RTL_PROCESS_MODULES,
2542 ModulesEx: *mut RTL_PROCESS_MODULE_INFORMATION_EX,
2543 }}
2544 STRUCT!{struct RTL_DEBUG_INFORMATION {
2545 SectionHandleClient: HANDLE,
2546 ViewBaseClient: PVOID,
2547 ViewBaseTarget: PVOID,
2548 ViewBaseDelta: ULONG_PTR,
2549 EventPairClient: HANDLE,
2550 EventPairTarget: HANDLE,
2551 TargetProcessId: HANDLE,
2552 TargetThreadHandle: HANDLE,
2553 Flags: ULONG,
2554 OffsetFree: SIZE_T,
2555 CommitSize: SIZE_T,
2556 ViewSize: SIZE_T,
2557 u: RTL_DEBUG_INFORMATION_u,
2558 BackTraces: *mut RTL_PROCESS_BACKTRACES,
2559 Heaps: *mut RTL_PROCESS_HEAPS,
2560 Locks: *mut RTL_PROCESS_LOCKS,
2561 SpecificHeap: PVOID,
2562 TargetProcessHandle: HANDLE,
2563 VerifierOptions: PRTL_PROCESS_VERIFIER_OPTIONS,
2564 ProcessHeap: PVOID,
2565 CriticalSectionHandle: HANDLE,
2566 CriticalSectionOwnerThread: HANDLE,
2567 Reserved: [PVOID; 4],
2568 }}
2569 pub type PRTL_DEBUG_INFORMATION = *mut RTL_DEBUG_INFORMATION;
2570 EXTERN!{extern "system" {
2571 fn RtlCreateQueryDebugBuffer(
2572 MaximumCommit: ULONG,
2573 UseEventPair: BOOLEAN,
2574 ) -> PRTL_DEBUG_INFORMATION;
2575 fn RtlDestroyQueryDebugBuffer(
2576 Buffer: PRTL_DEBUG_INFORMATION,
2577 ) -> NTSTATUS;
2578 fn RtlCommitDebugInfo(
2579 Buffer: PRTL_DEBUG_INFORMATION,
2580 Size: SIZE_T,
2581 ) -> PVOID;
2582 fn RtlDeCommitDebugInfo(
2583 Buffer: PRTL_DEBUG_INFORMATION,
2584 p: PVOID,
2585 Size: SIZE_T,
2586 );
2587 }}
2588 pub const RTL_QUERY_PROCESS_MODULES: ULONG = 0x00000001;
2589 pub const RTL_QUERY_PROCESS_BACKTRACES: ULONG = 0x00000002;
2590 pub const RTL_QUERY_PROCESS_HEAP_SUMMARY: ULONG = 0x00000004;
2591 pub const RTL_QUERY_PROCESS_HEAP_TAGS: ULONG = 0x00000008;
2592 pub const RTL_QUERY_PROCESS_HEAP_ENTRIES: ULONG = 0x00000010;
2593 pub const RTL_QUERY_PROCESS_LOCKS: ULONG = 0x00000020;
2594 pub const RTL_QUERY_PROCESS_MODULES32: ULONG = 0x00000040;
2595 pub const RTL_QUERY_PROCESS_VERIFIER_OPTIONS: ULONG = 0x00000080;
2596 pub const RTL_QUERY_PROCESS_MODULESEX: ULONG = 0x00000100;
2597 pub const RTL_QUERY_PROCESS_HEAP_ENTRIES_EX: ULONG = 0x00000200;
2598 pub const RTL_QUERY_PROCESS_CS_OWNER: ULONG = 0x00000400;
2599 pub const RTL_QUERY_PROCESS_NONINVASIVE: ULONG = 0x80000000;
2600 EXTERN!{extern "system" {
2601 fn RtlQueryProcessDebugInformation(
2602 UniqueProcessId: HANDLE,
2603 Flags: ULONG,
2604 Buffer: PRTL_DEBUG_INFORMATION,
2605 ) -> NTSTATUS;
2606 fn RtlFindMessage(
2607 DllHandle: PVOID,
2608 MessageTableId: ULONG,
2609 MessageLanguageId: ULONG,
2610 MessageId: ULONG,
2611 MessageEntry: *mut PMESSAGE_RESOURCE_ENTRY,
2612 ) -> NTSTATUS;
2613 fn RtlFormatMessage(
2614 MessageFormat: PWSTR,
2615 MaximumWidth: ULONG,
2616 IgnoreInserts: BOOLEAN,
2617 ArgumentsAreAnsi: BOOLEAN,
2618 ArgumentsAreAnArray: BOOLEAN,
2619 Arguments: *mut va_list,
2620 Buffer: PWSTR,
2621 Length: ULONG,
2622 ReturnLength: PULONG,
2623 ) -> NTSTATUS;
2624 }}
2625 STRUCT!{struct PARSE_MESSAGE_CONTEXT {
2626 fFlags: ULONG,
2627 cwSavColumn: ULONG,
2628 iwSrc: SIZE_T,
2629 iwDst: SIZE_T,
2630 iwDstSpace: SIZE_T,
2631 lpvArgStart: va_list,
2632 }}
2633 pub type PPARSE_MESSAGE_CONTEXT = *mut PARSE_MESSAGE_CONTEXT;
2634 #[inline]
INIT_PARSE_MESSAGE_CONTEXT(ctx: &mut PARSE_MESSAGE_CONTEXT)2635 pub fn INIT_PARSE_MESSAGE_CONTEXT(ctx: &mut PARSE_MESSAGE_CONTEXT) {
2636 ctx.fFlags = 0;
2637 }
2638 #[inline]
TEST_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG2639 pub fn TEST_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG {
2640 ctx.fFlags & flag
2641 }
2642 #[inline]
SET_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG2643 pub fn SET_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG {
2644 ctx.fFlags |= flag;
2645 ctx.fFlags
2646 }
2647 #[inline]
CLEAR_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG2648 pub fn CLEAR_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG {
2649 ctx.fFlags &= !flag;
2650 ctx.fFlags
2651 }
2652 EXTERN!{extern "system" {
2653 fn RtlFormatMessageEx(
2654 MessageFormat: PWSTR,
2655 MaximumWidth: ULONG,
2656 IgnoreInserts: BOOLEAN,
2657 ArgumentsAreAnsi: BOOLEAN,
2658 ArgumentsAreAnArray: BOOLEAN,
2659 Arguments: *mut va_list,
2660 Buffer: PWSTR,
2661 Length: ULONG,
2662 ReturnLength: PULONG,
2663 ParseContext: PPARSE_MESSAGE_CONTEXT,
2664 ) -> NTSTATUS;
2665 fn RtlNtStatusToDosError(
2666 Status: NTSTATUS,
2667 ) -> ULONG;
2668 fn RtlNtStatusToDosErrorNoTeb(
2669 Status: NTSTATUS,
2670 ) -> ULONG;
2671 fn RtlGetLastNtStatus() -> NTSTATUS;
2672 fn RtlGetLastWin32Error() -> LONG;
2673 fn RtlSetLastWin32ErrorAndNtStatusFromNtStatus(
2674 Status: NTSTATUS,
2675 );
2676 fn RtlSetLastWin32Error(
2677 Win32Error: LONG,
2678 );
2679 fn RtlRestoreLastWin32Error(
2680 Win32Error: LONG,
2681 );
2682 }}
2683 pub const RTL_ERRORMODE_FAILCRITICALERRORS: ULONG = 0x0010;
2684 pub const RTL_ERRORMODE_NOGPFAULTERRORBOX: ULONG = 0x0020;
2685 pub const RTL_ERRORMODE_NOOPENFILEERRORBOX: ULONG = 0x0040;
2686 EXTERN!{extern "system" {
2687 fn RtlGetThreadErrorMode() -> ULONG;
2688 fn RtlSetThreadErrorMode(
2689 NewMode: ULONG,
2690 OldMode: PULONG,
2691 ) -> NTSTATUS;
2692 fn RtlReportException(
2693 ExceptionRecord: PEXCEPTION_RECORD,
2694 ContextRecord: PCONTEXT,
2695 Flags: ULONG,
2696 ) -> NTSTATUS;
2697 fn RtlReportExceptionEx(
2698 ExceptionRecord: PEXCEPTION_RECORD,
2699 ContextRecord: PCONTEXT,
2700 Flags: ULONG,
2701 Timeout: PLARGE_INTEGER,
2702 ) -> NTSTATUS;
2703 fn RtlWerpReportException(
2704 ProcessId: ULONG,
2705 CrashReportSharedMem: HANDLE,
2706 Flags: ULONG,
2707 CrashVerticalProcessHandle: PHANDLE,
2708 ) -> NTSTATUS;
2709 fn RtlReportSilentProcessExit(
2710 ProcessHandle: HANDLE,
2711 ExitStatus: NTSTATUS,
2712 ) -> NTSTATUS;
2713 fn RtlUniform(
2714 Seed: PULONG,
2715 ) -> ULONG;
2716 fn RtlRandom(
2717 Seed: PULONG,
2718 ) -> ULONG;
2719 fn RtlRandomEx(
2720 Seed: PULONG,
2721 ) -> ULONG;
2722 fn RtlComputeImportTableHash(
2723 FileHandle: HANDLE,
2724 Hash: PCHAR,
2725 ImportTableHashRevision: ULONG,
2726 ) -> NTSTATUS;
2727 fn RtlIntegerToChar(
2728 Value: ULONG,
2729 Base: ULONG,
2730 OutputLength: LONG,
2731 String: PSTR,
2732 ) -> NTSTATUS;
2733 fn RtlCharToInteger(
2734 String: PCSZ,
2735 Base: ULONG,
2736 Value: PULONG,
2737 ) -> NTSTATUS;
2738 fn RtlLargeIntegerToChar(
2739 Value: PLARGE_INTEGER,
2740 Base: ULONG,
2741 OutputLength: LONG,
2742 String: PSTR,
2743 ) -> NTSTATUS;
2744 fn RtlIntegerToUnicodeString(
2745 Value: ULONG,
2746 Base: ULONG,
2747 String: PUNICODE_STRING,
2748 ) -> NTSTATUS;
2749 fn RtlInt64ToUnicodeString(
2750 Value: ULONGLONG,
2751 Base: ULONG,
2752 String: PUNICODE_STRING,
2753 ) -> NTSTATUS;
2754 fn RtlUnicodeStringToInteger(
2755 String: PCUNICODE_STRING,
2756 Base: ULONG,
2757 Value: PULONG,
2758 ) -> NTSTATUS;
2759 fn RtlIpv4AddressToStringExW(
2760 Address: *const in_addr,
2761 Port: USHORT,
2762 AddressString: PWSTR,
2763 AddressStringLength: PULONG,
2764 ) -> NTSTATUS;
2765 fn RtlIpv6AddressToStringExW(
2766 Address: *const in6_addr,
2767 ScopeId: ULONG,
2768 Port: USHORT,
2769 AddressString: PWSTR,
2770 AddressStringLength: PULONG,
2771 ) -> NTSTATUS;
2772 fn RtlIpv4StringToAddressExW(
2773 AddressString: PCWSTR,
2774 Strict: BOOLEAN,
2775 Address: *mut in_addr,
2776 Port: PUSHORT,
2777 ) -> NTSTATUS;
2778 fn RtlIpv6StringToAddressExW(
2779 AddressString: PCWSTR,
2780 Address: *mut in6_addr,
2781 ScopeId: PULONG,
2782 Port: PUSHORT,
2783 ) -> NTSTATUS;
2784 }}
2785 STRUCT!{struct TIME_FIELDS {
2786 Year: CSHORT,
2787 Month: CSHORT,
2788 Day: CSHORT,
2789 Hour: CSHORT,
2790 Minute: CSHORT,
2791 Second: CSHORT,
2792 Milliseconds: CSHORT,
2793 Weekday: CSHORT,
2794 }}
2795 pub type PTIME_FIELDS = *mut TIME_FIELDS;
2796 EXTERN!{extern "system" {
2797 fn RtlCutoverTimeToSystemTime(
2798 CutoverTime: PTIME_FIELDS,
2799 SystemTime: PLARGE_INTEGER,
2800 CurrentSystemTime: PLARGE_INTEGER,
2801 ThisYear: BOOLEAN,
2802 ) -> BOOLEAN;
2803 fn RtlSystemTimeToLocalTime(
2804 SystemTime: PLARGE_INTEGER,
2805 LocalTime: PLARGE_INTEGER,
2806 ) -> NTSTATUS;
2807 fn RtlLocalTimeToSystemTime(
2808 LocalTime: PLARGE_INTEGER,
2809 SystemTime: PLARGE_INTEGER,
2810 ) -> NTSTATUS;
2811 fn RtlTimeToElapsedTimeFields(
2812 Time: PLARGE_INTEGER,
2813 TimeFields: PTIME_FIELDS,
2814 );
2815 fn RtlTimeToTimeFields(
2816 Time: PLARGE_INTEGER,
2817 TimeFields: PTIME_FIELDS,
2818 );
2819 fn RtlTimeFieldsToTime(
2820 TimeFields: PTIME_FIELDS,
2821 Time: PLARGE_INTEGER,
2822 ) -> BOOLEAN;
2823 fn RtlTimeToSecondsSince1980(
2824 Time: PLARGE_INTEGER,
2825 ElapsedSeconds: PULONG,
2826 ) -> BOOLEAN;
2827 fn RtlSecondsSince1980ToTime(
2828 ElapsedSeconds: ULONG,
2829 Time: PLARGE_INTEGER,
2830 );
2831 fn RtlTimeToSecondsSince1970(
2832 Time: PLARGE_INTEGER,
2833 ElapsedSeconds: PULONG,
2834 ) -> BOOLEAN;
2835 fn RtlSecondsSince1970ToTime(
2836 ElapsedSeconds: ULONG,
2837 Time: PLARGE_INTEGER,
2838 );
2839 }}
2840 STRUCT!{struct RTL_TIME_ZONE_INFORMATION {
2841 Bias: LONG,
2842 StandardName: [WCHAR; 32],
2843 StandardStart: TIME_FIELDS,
2844 StandardBias: LONG,
2845 DaylightName: [WCHAR; 32],
2846 DaylightStart: TIME_FIELDS,
2847 DaylightBias: LONG,
2848 }}
2849 pub type PRTL_TIME_ZONE_INFORMATION = *mut RTL_TIME_ZONE_INFORMATION;
2850 EXTERN!{extern "system" {
2851 fn RtlQueryTimeZoneInformation(
2852 TimeZoneInformation: PRTL_TIME_ZONE_INFORMATION,
2853 ) -> NTSTATUS;
2854 fn RtlSetTimeZoneInformation(
2855 TimeZoneInformation: PRTL_TIME_ZONE_INFORMATION,
2856 ) -> NTSTATUS;
2857 }}
2858 STRUCT!{struct RTL_BITMAP {
2859 SizeOfBitMap: ULONG,
2860 Buffer: PULONG,
2861 }}
2862 pub type PRTL_BITMAP = *mut RTL_BITMAP;
2863 EXTERN!{extern "system" {
2864 fn RtlInitializeBitMap(
2865 BitMapHeader: PRTL_BITMAP,
2866 BitMapBuffer: PULONG,
2867 SizeOfBitMap: ULONG,
2868 );
2869 fn RtlClearBit(
2870 BitMapHeader: PRTL_BITMAP,
2871 BitNumber: ULONG,
2872 );
2873 fn RtlSetBit(
2874 BitMapHeader: PRTL_BITMAP,
2875 BitNumber: ULONG,
2876 );
2877 fn RtlTestBit(
2878 BitMapHeader: PRTL_BITMAP,
2879 BitNumber: ULONG,
2880 ) -> BOOLEAN;
2881 fn RtlClearAllBits(
2882 BitMapHeader: PRTL_BITMAP,
2883 );
2884 fn RtlSetAllBits(
2885 BitMapHeader: PRTL_BITMAP,
2886 );
2887 fn RtlFindClearBits(
2888 BitMapHeader: PRTL_BITMAP,
2889 NumberToFind: ULONG,
2890 HintIndex: ULONG,
2891 ) -> ULONG;
2892 fn RtlFindSetBits(
2893 BitMapHeader: PRTL_BITMAP,
2894 NumberToFind: ULONG,
2895 HintIndex: ULONG,
2896 ) -> ULONG;
2897 fn RtlFindClearBitsAndSet(
2898 BitMapHeader: PRTL_BITMAP,
2899 NumberToFind: ULONG,
2900 HintIndex: ULONG,
2901 ) -> ULONG;
2902 fn RtlFindSetBitsAndClear(
2903 BitMapHeader: PRTL_BITMAP,
2904 NumberToFind: ULONG,
2905 HintIndex: ULONG,
2906 ) -> ULONG;
2907 fn RtlClearBits(
2908 BitMapHeader: PRTL_BITMAP,
2909 StartingIndex: ULONG,
2910 NumberToClear: ULONG,
2911 );
2912 fn RtlSetBits(
2913 BitMapHeader: PRTL_BITMAP,
2914 StartingIndex: ULONG,
2915 NumberToSet: ULONG,
2916 );
2917 fn RtlFindMostSignificantBit(
2918 Set: ULONGLONG,
2919 ) -> CCHAR;
2920 fn RtlFindLeastSignificantBit(
2921 Set: ULONGLONG,
2922 ) -> CCHAR;
2923 }}
2924 STRUCT!{struct RTL_BITMAP_RUN {
2925 StartingIndex: ULONG,
2926 NumberOfBits: ULONG,
2927 }}
2928 pub type PRTL_BITMAP_RUN = *mut RTL_BITMAP_RUN;
2929 EXTERN!{extern "system" {
2930 fn RtlFindClearRuns(
2931 BitMapHeader: PRTL_BITMAP,
2932 RunArray: PRTL_BITMAP_RUN,
2933 SizeOfRunArray: ULONG,
2934 LocateLongestRuns: BOOLEAN,
2935 ) -> ULONG;
2936 fn RtlFindLongestRunClear(
2937 BitMapHeader: PRTL_BITMAP,
2938 StartingIndex: PULONG,
2939 ) -> ULONG;
2940 fn RtlFindFirstRunClear(
2941 BitMapHeader: PRTL_BITMAP,
2942 StartingIndex: PULONG,
2943 ) -> ULONG;
2944 }}
2945 #[inline]
RtlCheckBit(BitMapHeader: &RTL_BITMAP, BitPosition: ULONG) -> u82946 pub unsafe fn RtlCheckBit(BitMapHeader: &RTL_BITMAP, BitPosition: ULONG) -> u8 {
2947 #[cfg(all(target_arch = "x86_64", feature = "nightly"))] {
2948 use crate::winapi_local::um::winnt::_bittest64;
2949 _bittest64(BitMapHeader.Buffer as *const i64, BitPosition as i64)
2950 }
2951 #[cfg(any(target_arch = "x86", all(target_arch = "x86_64", not(feature = "nightly"))))] {
2952 (*BitMapHeader.Buffer.offset(BitPosition as isize / 32) >> (BitPosition % 32) & 1) as u8
2953 }
2954 }
2955 EXTERN!{extern "system" {
2956 fn RtlNumberOfClearBits(
2957 BitMapHeader: PRTL_BITMAP,
2958 ) -> ULONG;
2959 fn RtlNumberOfSetBits(
2960 BitMapHeader: PRTL_BITMAP,
2961 ) -> ULONG;
2962 fn RtlAreBitsClear(
2963 BitMapHeader: PRTL_BITMAP,
2964 StartingIndex: ULONG,
2965 Length: ULONG,
2966 ) -> BOOLEAN;
2967 fn RtlAreBitsSet(
2968 BitMapHeader: PRTL_BITMAP,
2969 StartingIndex: ULONG,
2970 Length: ULONG,
2971 ) -> BOOLEAN;
2972 fn RtlFindNextForwardRunClear(
2973 BitMapHeader: PRTL_BITMAP,
2974 FromIndex: ULONG,
2975 StartingRunIndex: PULONG,
2976 ) -> ULONG;
2977 fn RtlFindLastBackwardRunClear(
2978 BitMapHeader: PRTL_BITMAP,
2979 FromIndex: ULONG,
2980 StartingRunIndex: PULONG,
2981 ) -> ULONG;
2982 fn RtlNumberOfSetBitsUlongPtr(
2983 Target: ULONG_PTR,
2984 ) -> ULONG;
2985 fn RtlInterlockedClearBitRun(
2986 BitMapHeader: PRTL_BITMAP,
2987 StartingIndex: ULONG,
2988 NumberToClear: ULONG,
2989 );
2990 fn RtlInterlockedSetBitRun(
2991 BitMapHeader: PRTL_BITMAP,
2992 StartingIndex: ULONG,
2993 NumberToSet: ULONG,
2994 );
2995 fn RtlCopyBitMap(
2996 Source: PRTL_BITMAP,
2997 Destination: PRTL_BITMAP,
2998 TargetBit: ULONG,
2999 );
3000 fn RtlExtractBitMap(
3001 Source: PRTL_BITMAP,
3002 Destination: PRTL_BITMAP,
3003 TargetBit: ULONG,
3004 NumberOfBits: ULONG,
3005 );
3006 fn RtlNumberOfClearBitsInRange(
3007 BitMapHeader: PRTL_BITMAP,
3008 StartingIndex: ULONG,
3009 Length: ULONG,
3010 ) -> ULONG;
3011 fn RtlNumberOfSetBitsInRange(
3012 BitMapHeader: PRTL_BITMAP,
3013 StartingIndex: ULONG,
3014 Length: ULONG,
3015 ) -> ULONG;
3016 }}
3017 STRUCT!{struct RTL_BITMAP_EX {
3018 SizeOfBitMap: ULONG64,
3019 Buffer: PULONG64,
3020 }}
3021 pub type PRTL_BITMAP_EX = *mut RTL_BITMAP_EX;
3022 EXTERN!{extern "system" {
3023 fn RtlInitializeBitMapEx(
3024 BitMapHeader: PRTL_BITMAP_EX,
3025 BitMapBuffer: PULONG64,
3026 SizeOfBitMap: ULONG64,
3027 );
3028 fn RtlTestBitEx(
3029 BitMapHeader: PRTL_BITMAP_EX,
3030 BitNumber: ULONG64,
3031 ) -> BOOLEAN;
3032 fn RtlClearAllBitsEx(
3033 BitMapHeader: PRTL_BITMAP_EX,
3034 );
3035 fn RtlClearBitEx(
3036 BitMapHeader: PRTL_BITMAP_EX,
3037 BitNumber: ULONG64,
3038 );
3039 fn RtlSetBitEx(
3040 BitMapHeader: PRTL_BITMAP_EX,
3041 BitNumber: ULONG64,
3042 );
3043 fn RtlFindSetBitsEx(
3044 BitMapHeader: PRTL_BITMAP_EX,
3045 NumberToFind: ULONG64,
3046 HintIndex: ULONG64,
3047 ) -> ULONG64;
3048 fn RtlFindSetBitsAndClearEx(
3049 BitMapHeader: PRTL_BITMAP_EX,
3050 NumberToFind: ULONG64,
3051 HintIndex: ULONG64,
3052 ) -> ULONG64;
3053 }}
3054 UNION!{union RTL_HANDLE_TABLE_ENTRY {
3055 Flags: ULONG,
3056 NextFree: *mut RTL_HANDLE_TABLE_ENTRY,
3057 }}
3058 pub type PRTL_HANDLE_TABLE_ENTRY = *mut RTL_HANDLE_TABLE_ENTRY;
3059 pub const RTL_HANDLE_ALLOCATED: USHORT = 0x0001;
3060 STRUCT!{struct RTL_HANDLE_TABLE {
3061 MaximumNumberOfHandles: ULONG,
3062 SizeOfHandleTableEntry: ULONG,
3063 Reserved: [ULONG; 2],
3064 FreeHandles: PRTL_HANDLE_TABLE_ENTRY,
3065 CommittedHandles: PRTL_HANDLE_TABLE_ENTRY,
3066 UnCommittedHandles: PRTL_HANDLE_TABLE_ENTRY,
3067 MaxReservedHandles: PRTL_HANDLE_TABLE_ENTRY,
3068 }}
3069 pub type PRTL_HANDLE_TABLE = *mut RTL_HANDLE_TABLE;
3070 EXTERN!{extern "system" {
3071 fn RtlInitializeHandleTable(
3072 MaximumNumberOfHandles: ULONG,
3073 SizeOfHandleTableEntry: ULONG,
3074 HandleTable: PRTL_HANDLE_TABLE,
3075 );
3076 fn RtlDestroyHandleTable(
3077 HandleTable: PRTL_HANDLE_TABLE,
3078 ) -> NTSTATUS;
3079 fn RtlAllocateHandle(
3080 HandleTable: PRTL_HANDLE_TABLE,
3081 HandleIndex: PULONG,
3082 ) -> PRTL_HANDLE_TABLE_ENTRY;
3083 fn RtlFreeHandle(
3084 HandleTable: PRTL_HANDLE_TABLE,
3085 Handle: PRTL_HANDLE_TABLE_ENTRY,
3086 ) -> BOOLEAN;
3087 fn RtlIsValidHandle(
3088 HandleTable: PRTL_HANDLE_TABLE,
3089 Handle: PRTL_HANDLE_TABLE_ENTRY,
3090 ) -> BOOLEAN;
3091 fn RtlIsValidIndexHandle(
3092 HandleTable: PRTL_HANDLE_TABLE,
3093 HandleIndex: ULONG,
3094 Handle: *mut PRTL_HANDLE_TABLE_ENTRY,
3095 ) -> BOOLEAN;
3096 }}
3097 pub const RTL_ATOM_MAXIMUM_INTEGER_ATOM: RTL_ATOM = 0xc000;
3098 pub const RTL_ATOM_INVALID_ATOM: RTL_ATOM = 0x0000;
3099 pub const RTL_ATOM_TABLE_DEFAULT_NUMBER_OF_BUCKETS: u32 = 37;
3100 pub const RTL_ATOM_MAXIMUM_NAME_LENGTH: u32 = 255;
3101 pub const RTL_ATOM_PINNED: u32 = 0x01;
3102 EXTERN!{extern "system" {
3103 fn RtlCreateAtomTable(
3104 NumberOfBuckets: ULONG,
3105 AtomTableHandle: *mut PVOID,
3106 ) -> NTSTATUS;
3107 fn RtlDestroyAtomTable(
3108 AtomTableHandle: PVOID,
3109 ) -> NTSTATUS;
3110 fn RtlEmptyAtomTable(
3111 AtomTableHandle: PVOID,
3112 IncludePinnedAtoms: BOOLEAN,
3113 ) -> NTSTATUS;
3114 fn RtlAddAtomToAtomTable(
3115 AtomTableHandle: PVOID,
3116 AtomName: PWSTR,
3117 Atom: PRTL_ATOM,
3118 ) -> NTSTATUS;
3119 fn RtlLookupAtomInAtomTable(
3120 AtomTableHandle: PVOID,
3121 AtomName: PWSTR,
3122 Atom: PRTL_ATOM,
3123 ) -> NTSTATUS;
3124 fn RtlDeleteAtomFromAtomTable(
3125 AtomTableHandle: PVOID,
3126 Atom: RTL_ATOM,
3127 ) -> NTSTATUS;
3128 fn RtlPinAtomInAtomTable(
3129 AtomTableHandle: PVOID,
3130 Atom: RTL_ATOM,
3131 ) -> NTSTATUS;
3132 fn RtlQueryAtomInAtomTable(
3133 AtomTableHandle: PVOID,
3134 Atom: RTL_ATOM,
3135 AtomUsage: PULONG,
3136 AtomFlags: PULONG,
3137 AtomName: PWSTR,
3138 AtomNameLength: PULONG,
3139 ) -> NTSTATUS;
3140 fn RtlGetIntegerAtom(
3141 AtomName: PWSTR,
3142 IntegerAtom: PUSHORT,
3143 ) -> BOOLEAN;
3144 fn RtlValidSid(
3145 Sid: PSID,
3146 ) -> BOOLEAN;
3147 fn RtlEqualSid(
3148 Sid1: PSID,
3149 Sid2: PSID,
3150 ) -> BOOLEAN;
3151 fn RtlEqualPrefixSid(
3152 Sid1: PSID,
3153 Sid2: PSID,
3154 ) -> BOOLEAN;
3155 fn RtlLengthRequiredSid(
3156 SubAuthorityCount: ULONG,
3157 ) -> ULONG;
3158 fn RtlFreeSid(
3159 Sid: PSID,
3160 ) -> PVOID;
3161 fn RtlAllocateAndInitializeSid(
3162 IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY,
3163 SubAuthorityCount: UCHAR,
3164 SubAuthority0: ULONG,
3165 SubAuthority1: ULONG,
3166 SubAuthority2: ULONG,
3167 SubAuthority3: ULONG,
3168 SubAuthority4: ULONG,
3169 SubAuthority5: ULONG,
3170 SubAuthority6: ULONG,
3171 SubAuthority7: ULONG,
3172 Sid: *mut PSID,
3173 ) -> NTSTATUS;
3174 fn RtlInitializeSid(
3175 Sid: PSID,
3176 IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY,
3177 SubAuthorityCount: UCHAR,
3178 ) -> NTSTATUS;
3179 }}
3180 EXTERN!{extern "C" {
3181 fn RtlInitializeSidEx(
3182 Sid: PSID,
3183 IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY,
3184 SubAuthorityCount: UCHAR,
3185 ...
3186 ) -> NTSTATUS;
3187 }}
3188 EXTERN!{extern "system" {
3189 fn RtlIdentifierAuthoritySid(
3190 Sid: PSID,
3191 ) -> PSID_IDENTIFIER_AUTHORITY;
3192 fn RtlSubAuthoritySid(
3193 Sid: PSID,
3194 SubAuthority: ULONG,
3195 ) -> PULONG;
3196 fn RtlSubAuthorityCountSid(
3197 Sid: PSID,
3198 ) -> PUCHAR;
3199 fn RtlLengthSid(
3200 Sid: PSID,
3201 ) -> ULONG;
3202 fn RtlCopySid(
3203 DestinationSidLength: ULONG,
3204 DestinationSid: PSID,
3205 SourceSid: PSID,
3206 ) -> NTSTATUS;
3207 fn RtlCopySidAndAttributesArray(
3208 Count: ULONG,
3209 Src: PSID_AND_ATTRIBUTES,
3210 SidAreaSize: ULONG,
3211 Dest: PSID_AND_ATTRIBUTES,
3212 SidArea: PSID,
3213 RemainingSidArea: *mut PSID,
3214 RemainingSidAreaSize: PULONG,
3215 ) -> NTSTATUS;
3216 fn RtlCreateServiceSid(
3217 ServiceName: PUNICODE_STRING,
3218 ServiceSid: PSID,
3219 ServiceSidLength: PULONG,
3220 ) -> NTSTATUS;
3221 fn RtlSidDominates(
3222 Sid1: PSID,
3223 Sid2: PSID,
3224 Dominates: PBOOLEAN,
3225 ) -> NTSTATUS;
3226 fn RtlSidDominatesForTrust(
3227 Sid1: PSID,
3228 Sid2: PSID,
3229 DominatesTrust: PBOOLEAN,
3230 ) -> NTSTATUS;
3231 fn RtlSidEqualLevel(
3232 Sid1: PSID,
3233 Sid2: PSID,
3234 EqualLevel: PBOOLEAN,
3235 ) -> NTSTATUS;
3236 fn RtlSidIsHigherLevel(
3237 Sid1: PSID,
3238 Sid2: PSID,
3239 HigherLevel: PBOOLEAN,
3240 ) -> NTSTATUS;
3241 fn RtlCreateVirtualAccountSid(
3242 Name: PCUNICODE_STRING,
3243 BaseSubAuthority: ULONG,
3244 Sid: PSID,
3245 SidLength: PULONG,
3246 ) -> NTSTATUS;
3247 fn RtlReplaceSidInSd(
3248 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3249 OldSid: PSID,
3250 NewSid: PSID,
3251 NumChanges: *mut ULONG,
3252 ) -> NTSTATUS;
3253 }}
3254 pub const MAX_UNICODE_STACK_BUFFER_LENGTH: usize = 256;
3255 EXTERN!{extern "system" {
3256 fn RtlConvertSidToUnicodeString(
3257 UnicodeString: PUNICODE_STRING,
3258 Sid: PSID,
3259 AllocateDestinationString: BOOLEAN,
3260 ) -> NTSTATUS;
3261 fn RtlSidHashInitialize(
3262 SidAttr: PSID_AND_ATTRIBUTES,
3263 SidCount: ULONG,
3264 SidAttrHash: PSID_AND_ATTRIBUTES_HASH,
3265 ) -> NTSTATUS;
3266 fn RtlSidHashLookup(
3267 SidAttrHash: PSID_AND_ATTRIBUTES_HASH,
3268 Sid: PSID,
3269 ) -> PSID_AND_ATTRIBUTES;
3270 fn RtlIsElevatedRid(
3271 SidAttr: PSID_AND_ATTRIBUTES,
3272 ) -> BOOLEAN;
3273 fn RtlDeriveCapabilitySidsFromName(
3274 UnicodeString: PUNICODE_STRING,
3275 CapabilityGroupSid: PSID,
3276 CapabilitySid: PSID,
3277 ) -> NTSTATUS;
3278 fn RtlCreateSecurityDescriptor(
3279 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3280 Revision: ULONG,
3281 ) -> NTSTATUS;
3282 fn RtlValidSecurityDescriptor(
3283 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3284 ) -> BOOLEAN;
3285 fn RtlLengthSecurityDescriptor(
3286 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3287 ) -> ULONG;
3288 fn RtlValidRelativeSecurityDescriptor(
3289 SecurityDescriptorInput: PSECURITY_DESCRIPTOR,
3290 SecurityDescriptorLength: ULONG,
3291 RequiredInformation: SECURITY_INFORMATION,
3292 ) -> BOOLEAN;
3293 fn RtlGetControlSecurityDescriptor(
3294 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3295 Control: PSECURITY_DESCRIPTOR_CONTROL,
3296 Revision: PULONG,
3297 ) -> NTSTATUS;
3298 fn RtlSetControlSecurityDescriptor(
3299 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3300 ControlBitsOfInterest: SECURITY_DESCRIPTOR_CONTROL,
3301 ControlBitsToSet: SECURITY_DESCRIPTOR_CONTROL,
3302 ) -> NTSTATUS;
3303 fn RtlSetAttributesSecurityDescriptor(
3304 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3305 Control: SECURITY_DESCRIPTOR_CONTROL,
3306 Revision: PULONG,
3307 ) -> NTSTATUS;
3308 fn RtlGetSecurityDescriptorRMControl(
3309 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3310 RMControl: PUCHAR,
3311 ) -> BOOLEAN;
3312 fn RtlSetSecurityDescriptorRMControl(
3313 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3314 RMControl: PUCHAR,
3315 );
3316 fn RtlSetDaclSecurityDescriptor(
3317 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3318 DaclPresent: BOOLEAN,
3319 Dacl: PACL,
3320 DaclDefaulted: BOOLEAN,
3321 ) -> NTSTATUS;
3322 fn RtlGetDaclSecurityDescriptor(
3323 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3324 DaclPresent: PBOOLEAN,
3325 Dacl: *mut PACL,
3326 DaclDefaulted: PBOOLEAN,
3327 ) -> NTSTATUS;
3328 fn RtlSetSaclSecurityDescriptor(
3329 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3330 SaclPresent: BOOLEAN,
3331 Sacl: PACL,
3332 SaclDefaulted: BOOLEAN,
3333 ) -> NTSTATUS;
3334 fn RtlGetSaclSecurityDescriptor(
3335 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3336 SaclPresent: PBOOLEAN,
3337 Sacl: *mut PACL,
3338 SaclDefaulted: PBOOLEAN,
3339 ) -> NTSTATUS;
3340 fn RtlSetOwnerSecurityDescriptor(
3341 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3342 Owner: PSID,
3343 OwnerDefaulted: BOOLEAN,
3344 ) -> NTSTATUS;
3345 fn RtlGetOwnerSecurityDescriptor(
3346 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3347 Owner: *mut PSID,
3348 OwnerDefaulted: PBOOLEAN,
3349 ) -> NTSTATUS;
3350 fn RtlSetGroupSecurityDescriptor(
3351 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3352 Group: PSID,
3353 GroupDefaulted: BOOLEAN,
3354 ) -> NTSTATUS;
3355 fn RtlGetGroupSecurityDescriptor(
3356 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3357 Group: *mut PSID,
3358 GroupDefaulted: PBOOLEAN,
3359 ) -> NTSTATUS;
3360 fn RtlMakeSelfRelativeSD(
3361 AbsoluteSecurityDescriptor: PSECURITY_DESCRIPTOR,
3362 SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR,
3363 BufferLength: PULONG,
3364 ) -> NTSTATUS;
3365 fn RtlAbsoluteToSelfRelativeSD(
3366 AbsoluteSecurityDescriptor: PSECURITY_DESCRIPTOR,
3367 SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR,
3368 BufferLength: PULONG,
3369 ) -> NTSTATUS;
3370 fn RtlSelfRelativeToAbsoluteSD(
3371 SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR,
3372 AbsoluteSecurityDescriptor: PSECURITY_DESCRIPTOR,
3373 AbsoluteSecurityDescriptorSize: PULONG,
3374 Dacl: PACL,
3375 DaclSize: PULONG,
3376 Sacl: PACL,
3377 SaclSize: PULONG,
3378 Owner: PSID,
3379 OwnerSize: PULONG,
3380 PrimaryGroup: PSID,
3381 PrimaryGroupSize: PULONG,
3382 ) -> NTSTATUS;
3383 fn RtlSelfRelativeToAbsoluteSD2(
3384 pSelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR,
3385 pBufferSize: PULONG,
3386 ) -> NTSTATUS;
3387 fn RtlAreAllAccessesGranted(
3388 GrantedAccess: ACCESS_MASK,
3389 DesiredAccess: ACCESS_MASK,
3390 ) -> BOOLEAN;
3391 fn RtlAreAnyAccessesGranted(
3392 GrantedAccess: ACCESS_MASK,
3393 DesiredAccess: ACCESS_MASK,
3394 ) -> BOOLEAN;
3395 fn RtlMapGenericMask(
3396 AccessMask: PACCESS_MASK,
3397 GenericMapping: PGENERIC_MAPPING,
3398 );
3399 fn RtlCreateAcl(
3400 Acl: PACL,
3401 AclLength: ULONG,
3402 AclRevision: ULONG,
3403 ) -> NTSTATUS;
3404 fn RtlValidAcl(
3405 Acl: PACL,
3406 ) -> BOOLEAN;
3407 fn RtlQueryInformationAcl(
3408 Acl: PACL,
3409 AclInformation: PVOID,
3410 AclInformationLength: ULONG,
3411 AclInformationClass: ACL_INFORMATION_CLASS,
3412 ) -> NTSTATUS;
3413 fn RtlSetInformationAcl(
3414 Acl: PACL,
3415 AclInformation: PVOID,
3416 AclInformationLength: ULONG,
3417 AclInformationClass: ACL_INFORMATION_CLASS,
3418 ) -> NTSTATUS;
3419 fn RtlAddAce(
3420 Acl: PACL,
3421 AceRevision: ULONG,
3422 StartingAceIndex: ULONG,
3423 AceList: PVOID,
3424 AceListLength: ULONG,
3425 ) -> NTSTATUS;
3426 fn RtlDeleteAce(
3427 Acl: PACL,
3428 AceIndex: ULONG,
3429 ) -> NTSTATUS;
3430 fn RtlGetAce(
3431 Acl: PACL,
3432 AceIndex: ULONG,
3433 Ace: *mut PVOID,
3434 ) -> NTSTATUS;
3435 fn RtlFirstFreeAce(
3436 Acl: PACL,
3437 FirstFree: *mut PVOID,
3438 ) -> BOOLEAN;
3439 fn RtlFindAceByType(
3440 pAcl: PACL,
3441 AceType: UCHAR,
3442 pIndex: PULONG,
3443 ) -> PVOID;
3444 fn RtlOwnerAcesPresent(
3445 pAcl: PACL,
3446 ) -> BOOLEAN;
3447 fn RtlAddAccessAllowedAce(
3448 Acl: PACL,
3449 AceRevision: ULONG,
3450 AccessMask: ACCESS_MASK,
3451 Sid: PSID,
3452 ) -> NTSTATUS;
3453 fn RtlAddAccessAllowedAceEx(
3454 Acl: PACL,
3455 AceRevision: ULONG,
3456 AceFlags: ULONG,
3457 AccessMask: ACCESS_MASK,
3458 Sid: PSID,
3459 ) -> NTSTATUS;
3460 fn RtlAddAccessDeniedAce(
3461 Acl: PACL,
3462 AceRevision: ULONG,
3463 AccessMask: ACCESS_MASK,
3464 Sid: PSID,
3465 ) -> NTSTATUS;
3466 fn RtlAddAccessDeniedAceEx(
3467 Acl: PACL,
3468 AceRevision: ULONG,
3469 AceFlags: ULONG,
3470 AccessMask: ACCESS_MASK,
3471 Sid: PSID,
3472 ) -> NTSTATUS;
3473 fn RtlAddAuditAccessAce(
3474 Acl: PACL,
3475 AceRevision: ULONG,
3476 AccessMask: ACCESS_MASK,
3477 Sid: PSID,
3478 AuditSuccess: BOOLEAN,
3479 AuditFailure: BOOLEAN,
3480 ) -> NTSTATUS;
3481 fn RtlAddAuditAccessAceEx(
3482 Acl: PACL,
3483 AceRevision: ULONG,
3484 AceFlags: ULONG,
3485 AccessMask: ACCESS_MASK,
3486 Sid: PSID,
3487 AuditSuccess: BOOLEAN,
3488 AuditFailure: BOOLEAN,
3489 ) -> NTSTATUS;
3490 fn RtlAddAccessAllowedObjectAce(
3491 Acl: PACL,
3492 AceRevision: ULONG,
3493 AceFlags: ULONG,
3494 AccessMask: ACCESS_MASK,
3495 ObjectTypeGuid: *mut GUID,
3496 InheritedObjectTypeGuid: *mut GUID,
3497 Sid: PSID,
3498 ) -> NTSTATUS;
3499 fn RtlAddAccessDeniedObjectAce(
3500 Acl: PACL,
3501 AceRevision: ULONG,
3502 AceFlags: ULONG,
3503 AccessMask: ACCESS_MASK,
3504 ObjectTypeGuid: *mut GUID,
3505 InheritedObjectTypeGuid: *mut GUID,
3506 Sid: PSID,
3507 ) -> NTSTATUS;
3508 fn RtlAddAuditAccessObjectAce(
3509 Acl: PACL,
3510 AceRevision: ULONG,
3511 AceFlags: ULONG,
3512 AccessMask: ACCESS_MASK,
3513 ObjectTypeGuid: *mut GUID,
3514 InheritedObjectTypeGuid: *mut GUID,
3515 Sid: PSID,
3516 AuditSuccess: BOOLEAN,
3517 AuditFailure: BOOLEAN,
3518 ) -> NTSTATUS;
3519 fn RtlAddCompoundAce(
3520 Acl: PACL,
3521 AceRevision: ULONG,
3522 AceType: UCHAR,
3523 AccessMask: ACCESS_MASK,
3524 ServerSid: PSID,
3525 ClientSid: PSID,
3526 ) -> NTSTATUS;
3527 fn RtlAddMandatoryAce(
3528 Acl: PACL,
3529 AceRevision: ULONG,
3530 AceFlags: ULONG,
3531 Sid: PSID,
3532 AceType: UCHAR,
3533 AccessMask: ACCESS_MASK,
3534 ) -> NTSTATUS;
3535 fn RtlDefaultNpAcl(
3536 Acl: *mut PACL,
3537 ) -> NTSTATUS;
3538 fn RtlNewSecurityObject(
3539 ParentDescriptor: PSECURITY_DESCRIPTOR,
3540 CreatorDescriptor: PSECURITY_DESCRIPTOR,
3541 NewDescriptor: *mut PSECURITY_DESCRIPTOR,
3542 IsDirectoryObject: BOOLEAN,
3543 Token: HANDLE,
3544 GenericMapping: PGENERIC_MAPPING,
3545 ) -> NTSTATUS;
3546 fn RtlNewSecurityObjectEx(
3547 ParentDescriptor: PSECURITY_DESCRIPTOR,
3548 CreatorDescriptor: PSECURITY_DESCRIPTOR,
3549 NewDescriptor: *mut PSECURITY_DESCRIPTOR,
3550 ObjectType: *mut GUID,
3551 IsDirectoryObject: BOOLEAN,
3552 AutoInheritFlags: ULONG,
3553 Token: HANDLE,
3554 GenericMapping: PGENERIC_MAPPING,
3555 ) -> NTSTATUS;
3556 fn RtlNewSecurityObjectWithMultipleInheritance(
3557 ParentDescriptor: PSECURITY_DESCRIPTOR,
3558 CreatorDescriptor: PSECURITY_DESCRIPTOR,
3559 NewDescriptor: *mut PSECURITY_DESCRIPTOR,
3560 ObjectType: *mut *mut GUID,
3561 GuidCount: ULONG,
3562 IsDirectoryObject: BOOLEAN,
3563 AutoInheritFlags: ULONG,
3564 Token: HANDLE,
3565 GenericMapping: PGENERIC_MAPPING,
3566 ) -> NTSTATUS;
3567 fn RtlDeleteSecurityObject(
3568 ObjectDescriptor: *mut PSECURITY_DESCRIPTOR,
3569 ) -> NTSTATUS;
3570 fn RtlQuerySecurityObject(
3571 ObjectDescriptor: PSECURITY_DESCRIPTOR,
3572 SecurityInformation: SECURITY_INFORMATION,
3573 ResultantDescriptor: PSECURITY_DESCRIPTOR,
3574 DescriptorLength: ULONG,
3575 ReturnLength: PULONG,
3576 ) -> NTSTATUS;
3577 fn RtlSetSecurityObject(
3578 SecurityInformation: SECURITY_INFORMATION,
3579 ModificationDescriptor: PSECURITY_DESCRIPTOR,
3580 ObjectsSecurityDescriptor: *mut PSECURITY_DESCRIPTOR,
3581 GenericMapping: PGENERIC_MAPPING,
3582 Token: HANDLE,
3583 ) -> NTSTATUS;
3584 fn RtlSetSecurityObjectEx(
3585 SecurityInformation: SECURITY_INFORMATION,
3586 ModificationDescriptor: PSECURITY_DESCRIPTOR,
3587 ObjectsSecurityDescriptor: *mut PSECURITY_DESCRIPTOR,
3588 AutoInheritFlags: ULONG,
3589 GenericMapping: PGENERIC_MAPPING,
3590 Token: HANDLE,
3591 ) -> NTSTATUS;
3592 fn RtlConvertToAutoInheritSecurityObject(
3593 ParentDescriptor: PSECURITY_DESCRIPTOR,
3594 CurrentSecurityDescriptor: PSECURITY_DESCRIPTOR,
3595 NewSecurityDescriptor: *mut PSECURITY_DESCRIPTOR,
3596 ObjectType: *mut GUID,
3597 IsDirectoryObject: BOOLEAN,
3598 GenericMapping: PGENERIC_MAPPING,
3599 ) -> NTSTATUS;
3600 fn RtlNewInstanceSecurityObject(
3601 ParentDescriptorChanged: BOOLEAN,
3602 CreatorDescriptorChanged: BOOLEAN,
3603 OldClientTokenModifiedId: PLUID,
3604 NewClientTokenModifiedId: PLUID,
3605 ParentDescriptor: PSECURITY_DESCRIPTOR,
3606 CreatorDescriptor: PSECURITY_DESCRIPTOR,
3607 NewDescriptor: *mut PSECURITY_DESCRIPTOR,
3608 IsDirectoryObject: BOOLEAN,
3609 Token: HANDLE,
3610 GenericMapping: PGENERIC_MAPPING,
3611 ) -> NTSTATUS;
3612 fn RtlCopySecurityDescriptor(
3613 InputSecurityDescriptor: PSECURITY_DESCRIPTOR,
3614 OutputSecurityDescriptor: *mut PSECURITY_DESCRIPTOR,
3615 ) -> NTSTATUS;
3616 fn RtlRunEncodeUnicodeString(
3617 Seed: PUCHAR,
3618 String: PUNICODE_STRING,
3619 );
3620 fn RtlRunDecodeUnicodeString(
3621 Seed: UCHAR,
3622 String: PUNICODE_STRING,
3623 );
3624 fn RtlImpersonateSelf(
3625 ImpersonationLevel: SECURITY_IMPERSONATION_LEVEL,
3626 ) -> NTSTATUS;
3627 fn RtlImpersonateSelfEx(
3628 ImpersonationLevel: SECURITY_IMPERSONATION_LEVEL,
3629 AdditionalAccess: ACCESS_MASK,
3630 ThreadToken: PHANDLE,
3631 ) -> NTSTATUS;
3632 fn RtlAdjustPrivilege(
3633 Privilege: ULONG,
3634 Enable: BOOLEAN,
3635 Client: BOOLEAN,
3636 WasEnabled: PBOOLEAN,
3637 ) -> NTSTATUS;
3638 }}
3639 pub const RTL_ACQUIRE_PRIVILEGE_REVERT: ULONG = 0x00000001;
3640 pub const RTL_ACQUIRE_PRIVILEGE_PROCESS: ULONG = 0x00000002;
3641 EXTERN!{extern "system" {
3642 fn RtlAcquirePrivilege(
3643 Privilege: PULONG,
3644 NumPriv: ULONG,
3645 Flags: ULONG,
3646 ReturnedState: *mut PVOID,
3647 ) -> NTSTATUS;
3648 fn RtlReleasePrivilege(
3649 StatePointer: PVOID,
3650 );
3651 fn RtlRemovePrivileges(
3652 TokenHandle: HANDLE,
3653 PrivilegesToKeep: PULONG,
3654 PrivilegeCount: ULONG,
3655 ) -> NTSTATUS;
3656 fn RtlIsUntrustedObject(
3657 Handle: HANDLE,
3658 Object: PVOID,
3659 IsUntrustedObject: PBOOLEAN,
3660 ) -> NTSTATUS;
3661 fn RtlQueryValidationRunlevel(
3662 ComponentName: PUNICODE_STRING,
3663 ) -> ULONG;
3664 fn RtlCreateBoundaryDescriptor(
3665 Name: PUNICODE_STRING,
3666 Flags: ULONG,
3667 ) -> PVOID;
3668 fn RtlDeleteBoundaryDescriptor(
3669 BoundaryDescriptor: PVOID,
3670 );
3671 fn RtlAddSIDToBoundaryDescriptor(
3672 BoundaryDescriptor: *mut PVOID,
3673 RequiredSid: PSID,
3674 ) -> NTSTATUS;
3675 fn RtlAddIntegrityLabelToBoundaryDescriptor(
3676 BoundaryDescriptor: *mut PVOID,
3677 IntegrityLabel: PSID,
3678 ) -> NTSTATUS;
3679 fn RtlGetVersion(
3680 lpVersionInformation: PRTL_OSVERSIONINFOW,
3681 ) -> NTSTATUS;
3682 fn RtlVerifyVersionInfo(
3683 VersionInfo: PRTL_OSVERSIONINFOEXW,
3684 TypeMask: ULONG,
3685 ConditionMask: ULONGLONG,
3686 ) -> NTSTATUS;
3687 fn RtlGetNtVersionNumbers(
3688 NtMajorVersion: PULONG,
3689 NtMinorVersion: PULONG,
3690 NtBuildNumber: PULONG,
3691 );
3692 fn RtlGetNtGlobalFlags() -> ULONG;
3693 fn RtlGetNtProductType(
3694 NtProductType: PNT_PRODUCT_TYPE,
3695 ) -> BOOLEAN;
3696 fn RtlGetSuiteMask() -> ULONG;
3697 fn RtlRegisterWait(
3698 WaitHandle: PHANDLE,
3699 Handle: HANDLE,
3700 Function: WAITORTIMERCALLBACKFUNC,
3701 Context: PVOID,
3702 Milliseconds: ULONG,
3703 Flags: ULONG,
3704 ) -> NTSTATUS;
3705 fn RtlDeregisterWait(
3706 WaitHandle: HANDLE,
3707 ) -> NTSTATUS;
3708 fn RtlDeregisterWaitEx(
3709 WaitHandle: HANDLE,
3710 Event: HANDLE,
3711 ) -> NTSTATUS;
3712 fn RtlQueueWorkItem(
3713 Function: WORKERCALLBACKFUNC,
3714 Context: PVOID,
3715 Flags: ULONG,
3716 ) -> NTSTATUS;
3717 fn RtlSetIoCompletionCallback(
3718 FileHandle: HANDLE,
3719 CompletionProc: APC_CALLBACK_FUNCTION,
3720 Flags: ULONG,
3721 ) -> NTSTATUS;
3722 }}
3723 FN!{stdcall PRTL_START_POOL_THREAD(
3724 Function: PTHREAD_START_ROUTINE,
3725 Parameter: PVOID,
3726 ThreadHandle: PHANDLE,
3727 ) -> NTSTATUS}
3728 FN!{stdcall PRTL_EXIT_POOL_THREAD(
3729 ExitStatus: NTSTATUS,
3730 ) -> NTSTATUS}
3731 EXTERN!{extern "system" {
3732 fn RtlSetThreadPoolStartFunc(
3733 StartPoolThread: PRTL_START_POOL_THREAD,
3734 ExitPoolThread: PRTL_EXIT_POOL_THREAD,
3735 ) -> NTSTATUS;
3736 fn RtlUserThreadStart(
3737 Function: PTHREAD_START_ROUTINE,
3738 Parameter: PVOID,
3739 );
3740 fn LdrInitializeThunk(
3741 ContextRecord: PCONTEXT,
3742 Parameter: PVOID,
3743 );
3744 fn RtlCreateTimerQueue(
3745 TimerQueueHandle: PHANDLE,
3746 ) -> NTSTATUS;
3747 fn RtlCreateTimer(
3748 TimerQueueHandle: HANDLE,
3749 Handle: PHANDLE,
3750 Function: WAITORTIMERCALLBACKFUNC,
3751 Context: PVOID,
3752 DueTime: ULONG,
3753 Period: ULONG,
3754 Flags: ULONG,
3755 ) -> NTSTATUS;
3756 fn RtlUpdateTimer(
3757 TimerQueueHandle: HANDLE,
3758 TimerHandle: HANDLE,
3759 DueTime: ULONG,
3760 Period: ULONG,
3761 ) -> NTSTATUS;
3762 fn RtlDeleteTimer(
3763 TimerQueueHandle: HANDLE,
3764 TimerToCancel: HANDLE,
3765 Event: HANDLE,
3766 ) -> NTSTATUS;
3767 fn RtlDeleteTimerQueue(
3768 TimerQueueHandle: HANDLE,
3769 ) -> NTSTATUS;
3770 fn RtlDeleteTimerQueueEx(
3771 TimerQueueHandle: HANDLE,
3772 Event: HANDLE,
3773 ) -> NTSTATUS;
3774 fn RtlFormatCurrentUserKeyPath(
3775 CurrentUserKeyPath: PUNICODE_STRING,
3776 ) -> NTSTATUS;
3777 fn RtlOpenCurrentUser(
3778 DesiredAccess: ACCESS_MASK,
3779 CurrentUserKey: PHANDLE,
3780 ) -> NTSTATUS;
3781 }}
3782 pub const RTL_REGISTRY_ABSOLUTE: ULONG = 0;
3783 pub const RTL_REGISTRY_SERVICES: ULONG = 1;
3784 pub const RTL_REGISTRY_CONTROL: ULONG = 2;
3785 pub const RTL_REGISTRY_WINDOWS_NT: ULONG = 3;
3786 pub const RTL_REGISTRY_DEVICEMAP: ULONG = 4;
3787 pub const RTL_REGISTRY_USER: ULONG = 5;
3788 pub const RTL_REGISTRY_MAXIMUM: ULONG = 6;
3789 pub const RTL_REGISTRY_HANDLE: ULONG = 0x40000000;
3790 pub const RTL_REGISTRY_OPTIONAL: ULONG = 0x80000000;
3791 EXTERN!{extern "system" {
3792 fn RtlCreateRegistryKey(
3793 RelativeTo: ULONG,
3794 Path: PWSTR,
3795 ) -> NTSTATUS;
3796 fn RtlCheckRegistryKey(
3797 RelativeTo: ULONG,
3798 Path: PWSTR,
3799 ) -> NTSTATUS;
3800 }}
3801 FN!{stdcall PRTL_QUERY_REGISTRY_ROUTINE(
3802 ValueName: PWSTR,
3803 ValueType: ULONG,
3804 ValueData: PVOID,
3805 ValueLength: ULONG,
3806 Context: PVOID,
3807 EntryContext: PVOID,
3808 ) -> NTSTATUS}
3809 STRUCT!{struct RTL_QUERY_REGISTRY_TABLE {
3810 QueryRoutine: PRTL_QUERY_REGISTRY_ROUTINE,
3811 Flags: ULONG,
3812 Name: PWSTR,
3813 EntryContext: PVOID,
3814 DefaultType: ULONG,
3815 DefaultData: PVOID,
3816 DefaultLength: ULONG,
3817 }}
3818 pub type PRTL_QUERY_REGISTRY_TABLE = *mut RTL_QUERY_REGISTRY_TABLE;
3819 pub const RTL_QUERY_REGISTRY_SUBKEY: ULONG = 0x00000001;
3820 pub const RTL_QUERY_REGISTRY_TOPKEY: ULONG = 0x00000002;
3821 pub const RTL_QUERY_REGISTRY_REQUIRED: ULONG = 0x00000004;
3822 pub const RTL_QUERY_REGISTRY_NOVALUE: ULONG = 0x00000008;
3823 pub const RTL_QUERY_REGISTRY_NOEXPAND: ULONG = 0x00000010;
3824 pub const RTL_QUERY_REGISTRY_DIRECT: ULONG = 0x00000020;
3825 pub const RTL_QUERY_REGISTRY_DELETE: ULONG = 0x00000040;
3826 EXTERN!{extern "system" {
3827 fn RtlQueryRegistryValues(
3828 RelativeTo: ULONG,
3829 Path: PCWSTR,
3830 QueryTable: PRTL_QUERY_REGISTRY_TABLE,
3831 Context: PVOID,
3832 Environment: PVOID,
3833 ) -> NTSTATUS;
3834 fn RtlQueryRegistryValuesEx(
3835 RelativeTo: ULONG,
3836 Path: PWSTR,
3837 QueryTable: PRTL_QUERY_REGISTRY_TABLE,
3838 Context: PVOID,
3839 Environment: PVOID,
3840 ) -> NTSTATUS;
3841 fn RtlWriteRegistryValue(
3842 RelativeTo: ULONG,
3843 Path: PCWSTR,
3844 ValueName: PCWSTR,
3845 ValueType: ULONG,
3846 ValueData: PVOID,
3847 ValueLength: ULONG,
3848 ) -> NTSTATUS;
3849 fn RtlDeleteRegistryValue(
3850 RelativeTo: ULONG,
3851 Path: PCWSTR,
3852 ValueName: PCWSTR,
3853 ) -> NTSTATUS;
3854 fn RtlEnableThreadProfiling(
3855 ThreadHandle: HANDLE,
3856 Flags: ULONG,
3857 HardwareCounters: ULONG64,
3858 PerformanceDataHandle: *mut PVOID,
3859 ) -> NTSTATUS;
3860 fn RtlDisableThreadProfiling(
3861 PerformanceDataHandle: PVOID,
3862 ) -> NTSTATUS;
3863 fn RtlQueryThreadProfiling(
3864 ThreadHandle: HANDLE,
3865 Enabled: PBOOLEAN,
3866 ) -> NTSTATUS;
3867 fn RtlReadThreadProfilingData(
3868 PerformanceDataHandle: HANDLE,
3869 Flags: ULONG,
3870 PerformanceData: PPERFORMANCE_DATA,
3871 ) -> NTSTATUS;
3872 fn RtlGetNativeSystemInformation(
3873 SystemInformationClass: ULONG,
3874 NativeSystemInformation: PVOID,
3875 InformationLength: ULONG,
3876 ReturnLength: PULONG,
3877 ) -> NTSTATUS;
3878 fn RtlQueueApcWow64Thread(
3879 ThreadHandle: HANDLE,
3880 ApcRoutine: PPS_APC_ROUTINE,
3881 ApcArgument1: PVOID,
3882 ApcArgument2: PVOID,
3883 ApcArgument3: PVOID,
3884 ) -> NTSTATUS;
3885 fn RtlWow64EnableFsRedirection(
3886 Wow64FsEnableRedirection: BOOLEAN,
3887 ) -> NTSTATUS;
3888 fn RtlWow64EnableFsRedirectionEx(
3889 Wow64FsEnableRedirection: PVOID,
3890 OldFsRedirectionLevel: *mut PVOID,
3891 ) -> NTSTATUS;
3892 fn RtlComputeCrc32(
3893 PartialCrc: ULONG32,
3894 Buffer: PVOID,
3895 Length: ULONG,
3896 ) -> ULONG32;
3897 fn RtlEncodePointer(
3898 Ptr: PVOID,
3899 ) -> PVOID;
3900 fn RtlDecodePointer(
3901 Ptr: PVOID,
3902 ) -> PVOID;
3903 fn RtlEncodeSystemPointer(
3904 Ptr: PVOID,
3905 ) -> PVOID;
3906 fn RtlDecodeSystemPointer(
3907 Ptr: PVOID,
3908 ) -> PVOID;
3909 fn RtlEncodeRemotePointer(
3910 ProcessHandle: HANDLE,
3911 Pointer: PVOID,
3912 EncodedPointer: *mut PVOID,
3913 ) -> NTSTATUS;
3914 fn RtlDecodeRemotePointer(
3915 ProcessHandle: HANDLE,
3916 Pointer: PVOID,
3917 DecodedPointer: *mut PVOID,
3918 ) -> NTSTATUS;
3919 fn RtlIsProcessorFeaturePresent(
3920 ProcessorFeature: ULONG,
3921 ) -> BOOLEAN;
3922 fn RtlGetCurrentProcessorNumber() -> ULONG;
3923 fn RtlGetCurrentProcessorNumberEx(
3924 ProcessorNumber: PPROCESSOR_NUMBER,
3925 );
3926 fn RtlPushFrame(
3927 Frame: PTEB_ACTIVE_FRAME,
3928 );
3929 fn RtlPopFrame(
3930 Frame: PTEB_ACTIVE_FRAME,
3931 );
3932 fn RtlGetFrame() -> PTEB_ACTIVE_FRAME;
3933 }}
3934 pub const RTL_WALK_USER_MODE_STACK: ULONG = 0x00000001;
3935 pub const RTL_WALK_VALID_FLAGS: ULONG = 0x00000001;
3936 pub const RTL_STACK_WALKING_MODE_FRAMES_TO_SKIP_SHIFT: ULONG = 0x00000008;
3937 EXTERN!{extern "system" {
3938 fn RtlWalkFrameChain(
3939 Callers: *mut PVOID,
3940 Count: ULONG,
3941 Flags: ULONG,
3942 ) -> ULONG;
3943 fn RtlGetCallersAddress(
3944 CallersAddress: *mut PVOID,
3945 CallersCaller: *mut PVOID,
3946 );
3947 fn RtlGetEnabledExtendedFeatures(
3948 FeatureMask: ULONG64,
3949 ) -> ULONG64;
3950 fn RtlGetEnabledExtendedAndSupervisorFeatures(
3951 FeatureMask: ULONG64,
3952 ) -> ULONG64;
3953 fn RtlLocateSupervisorFeature(
3954 XStateHeader: PXSAVE_AREA_HEADER,
3955 FeatureId: ULONG,
3956 Length: PULONG,
3957 ) -> PVOID;
3958 }}
3959 STRUCT!{struct RTL_ELEVATION_FLAGS {
3960 Flags: ULONG,
3961 }}
3962 BITFIELD!{RTL_ELEVATION_FLAGS Flags: ULONG [
3963 ElevationEnabled set_ElevationEnabled[0..1],
3964 VirtualizationEnabled set_VirtualizationEnabled[1..2],
3965 InstallerDetectEnabled set_InstallerDetectEnabled[2..3],
3966 ReservedBits set_ReservedBits[3..32],
3967 ]}
3968 pub type PRTL_ELEVATION_FLAGS = *mut RTL_ELEVATION_FLAGS;
3969 EXTERN!{extern "system" {
3970 fn RtlQueryElevationFlags(
3971 Flags: PRTL_ELEVATION_FLAGS,
3972 ) -> NTSTATUS;
3973 fn RtlRegisterThreadWithCsrss() -> NTSTATUS;
3974 fn RtlLockCurrentThread() -> NTSTATUS;
3975 fn RtlUnlockCurrentThread() -> NTSTATUS;
3976 fn RtlLockModuleSection(
3977 Address: PVOID,
3978 ) -> NTSTATUS;
3979 fn RtlUnlockModuleSection(
3980 Address: PVOID,
3981 ) -> NTSTATUS;
3982 }}
3983 pub const RTL_UNLOAD_EVENT_TRACE_NUMBER: u32 = 64;
3984 STRUCT!{struct RTL_UNLOAD_EVENT_TRACE {
3985 BaseAddress: PVOID,
3986 SizeOfImage: SIZE_T,
3987 Sequence: ULONG,
3988 TimeDateStamp: ULONG,
3989 CheckSum: ULONG,
3990 ImageName: [WCHAR; 32],
3991 Version: [ULONG; 2],
3992 }}
3993 pub type PRTL_UNLOAD_EVENT_TRACE = *mut RTL_UNLOAD_EVENT_TRACE;
3994 STRUCT!{struct RTL_UNLOAD_EVENT_TRACE32 {
3995 BaseAddress: ULONG,
3996 SizeOfImage: ULONG,
3997 Sequence: ULONG,
3998 TimeDateStamp: ULONG,
3999 CheckSum: ULONG,
4000 ImageName: [WCHAR; 32],
4001 Version: [ULONG; 2],
4002 }}
4003 pub type PRTL_UNLOAD_EVENT_TRACE32 = *mut RTL_UNLOAD_EVENT_TRACE32;
4004 EXTERN!{extern "system" {
4005 fn RtlGetUnloadEventTrace() -> PRTL_UNLOAD_EVENT_TRACE;
4006 fn RtlGetUnloadEventTraceEx(
4007 ElementSize: *mut PULONG,
4008 ElementCount: *mut PULONG,
4009 EventTrace: *mut PVOID,
4010 );
4011 fn RtlQueryPerformanceCounter(
4012 PerformanceCounter: PLARGE_INTEGER,
4013 ) -> LOGICAL;
4014 fn RtlQueryPerformanceFrequency(
4015 PerformanceFrequency: PLARGE_INTEGER,
4016 ) -> LOGICAL;
4017 }}
4018 ENUM!{enum IMAGE_MITIGATION_POLICY {
4019 ImageDepPolicy = 0,
4020 ImageAslrPolicy = 1,
4021 ImageDynamicCodePolicy = 2,
4022 ImageStrictHandleCheckPolicy = 3,
4023 ImageSystemCallDisablePolicy = 4,
4024 ImageMitigationOptionsMask = 5,
4025 ImageExtensionPointDisablePolicy = 6,
4026 ImageControlFlowGuardPolicy = 7,
4027 ImageSignaturePolicy = 8,
4028 ImageFontDisablePolicy = 9,
4029 ImageImageLoadPolicy = 10,
4030 ImagePayloadRestrictionPolicy = 11,
4031 ImageChildProcessPolicy = 12,
4032 ImageSehopPolicy = 13,
4033 ImageHeapPolicy = 14,
4034 MaxImageMitigationPolicy = 15,
4035 }}
4036 UNION!{union RTL_IMAGE_MITIGATION_POLICY {
4037 Bitfields1: ULONG64,
4038 Bitfields2: ULONG64,
4039 }}
4040 BITFIELD!{unsafe RTL_IMAGE_MITIGATION_POLICY Bitfields1: ULONG64 [
4041 AuditState set_AuditState[0..2],
4042 AuditFlag set_AuditFlag[2..3],
4043 EnableAdditionalAuditingOption set_EnableAdditionalAuditingOption[3..4],
4044 Reserved set_Reserved[4..64],
4045 ]}
4046 BITFIELD!{unsafe RTL_IMAGE_MITIGATION_POLICY Bitfields2: ULONG64 [
4047 PolicyState set_PolicyState[0..2],
4048 AlwaysInherit set_AlwaysInherit[2..3],
4049 EnableAdditionalPolicyOption set_EnableAdditionalPolicyOption[3..4],
4050 AuditReserved set_AuditReserved[4..64],
4051 ]}
4052 pub type PRTL_IMAGE_MITIGATION_POLICY = *mut RTL_IMAGE_MITIGATION_POLICY;
4053 STRUCT!{struct RTL_IMAGE_MITIGATION_DEP_POLICY {
4054 Dep: RTL_IMAGE_MITIGATION_POLICY,
4055 }}
4056 pub type PRTL_IMAGE_MITIGATION_DEP_POLICY = *mut RTL_IMAGE_MITIGATION_DEP_POLICY;
4057 STRUCT!{struct RTL_IMAGE_MITIGATION_ASLR_POLICY {
4058 ForceRelocateImages: RTL_IMAGE_MITIGATION_POLICY,
4059 BottomUpRandomization: RTL_IMAGE_MITIGATION_POLICY,
4060 HighEntropyRandomization: RTL_IMAGE_MITIGATION_POLICY,
4061 }}
4062 pub type PRTL_IMAGE_MITIGATION_ASLR_POLICY = *mut RTL_IMAGE_MITIGATION_ASLR_POLICY;
4063 STRUCT!{struct RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY {
4064 BlockDynamicCode: RTL_IMAGE_MITIGATION_POLICY,
4065 }}
4066 pub type PRTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY = *mut RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY;
4067 STRUCT!{struct RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY {
4068 StrictHandleChecks: RTL_IMAGE_MITIGATION_POLICY,
4069 }}
4070 pub type PRTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY =
4071 *mut RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY;
4072 STRUCT!{struct RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY {
4073 BlockWin32kSystemCalls: RTL_IMAGE_MITIGATION_POLICY,
4074 }}
4075 pub type PRTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY =
4076 *mut RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY;
4077 STRUCT!{struct RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY {
4078 DisableExtensionPoints: RTL_IMAGE_MITIGATION_POLICY,
4079 }}
4080 pub type PRTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY =
4081 *mut RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY;
4082 STRUCT!{struct RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY {
4083 ControlFlowGuard: RTL_IMAGE_MITIGATION_POLICY,
4084 StrictControlFlowGuard: RTL_IMAGE_MITIGATION_POLICY,
4085 }}
4086 pub type PRTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY =
4087 *mut RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY;
4088 STRUCT!{struct RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY {
4089 BlockNonMicrosoftSignedBinaries: RTL_IMAGE_MITIGATION_POLICY,
4090 EnforceSigningOnModuleDependencies: RTL_IMAGE_MITIGATION_POLICY,
4091 }}
4092 pub type PRTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY =
4093 *mut RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY;
4094 STRUCT!{struct RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY {
4095 DisableNonSystemFonts: RTL_IMAGE_MITIGATION_POLICY,
4096 }}
4097 pub type PRTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY = *mut RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY;
4098 STRUCT!{struct RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY {
4099 BlockRemoteImageLoads: RTL_IMAGE_MITIGATION_POLICY,
4100 BlockLowLabelImageLoads: RTL_IMAGE_MITIGATION_POLICY,
4101 PreferSystem32: RTL_IMAGE_MITIGATION_POLICY,
4102 }}
4103 pub type PRTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY = *mut RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY;
4104 STRUCT!{struct RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY {
4105 EnableExportAddressFilter: RTL_IMAGE_MITIGATION_POLICY,
4106 EnableExportAddressFilterPlus: RTL_IMAGE_MITIGATION_POLICY,
4107 EnableImportAddressFilter: RTL_IMAGE_MITIGATION_POLICY,
4108 EnableRopStackPivot: RTL_IMAGE_MITIGATION_POLICY,
4109 EnableRopCallerCheck: RTL_IMAGE_MITIGATION_POLICY,
4110 EnableRopSimExec: RTL_IMAGE_MITIGATION_POLICY,
4111 }}
4112 pub type PRTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY =
4113 *mut RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY;
4114 STRUCT!{struct RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY {
4115 DisallowChildProcessCreation: RTL_IMAGE_MITIGATION_POLICY,
4116 }}
4117 pub type PRTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY =
4118 *mut RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY;
4119 STRUCT!{struct RTL_IMAGE_MITIGATION_SEHOP_POLICY {
4120 Sehop: RTL_IMAGE_MITIGATION_POLICY,
4121 }}
4122 pub type PRTL_IMAGE_MITIGATION_SEHOP_POLICY = *mut RTL_IMAGE_MITIGATION_SEHOP_POLICY;
4123 STRUCT!{struct RTL_IMAGE_MITIGATION_HEAP_POLICY {
4124 TerminateOnHeapErrors: RTL_IMAGE_MITIGATION_POLICY,
4125 }}
4126 pub type PRTL_IMAGE_MITIGATION_HEAP_POLICY = *mut RTL_IMAGE_MITIGATION_HEAP_POLICY;
4127 ENUM!{enum RTL_IMAGE_MITIGATION_OPTION_STATE {
4128 RtlMitigationOptionStateNotConfigured = 0,
4129 RtlMitigationOptionStateOn = 1,
4130 RtlMitigationOptionStateOff = 2,
4131 }}
4132 pub const RTL_IMAGE_MITIGATION_FLAG_RESET: ULONG = 0x1;
4133 pub const RTL_IMAGE_MITIGATION_FLAG_REMOVE: ULONG = 0x2;
4134 pub const RTL_IMAGE_MITIGATION_FLAG_OSDEFAULT: ULONG = 0x4;
4135 pub const RTL_IMAGE_MITIGATION_FLAG_AUDIT: ULONG = 0x8;
4136 EXTERN!{extern "system" {
4137 fn RtlQueryImageMitigationPolicy(
4138 ImagePath: PWSTR,
4139 Policy: IMAGE_MITIGATION_POLICY,
4140 Flags: ULONG,
4141 Buffer: PVOID,
4142 BufferSize: ULONG,
4143 ) -> NTSTATUS;
4144 fn RtlSetImageMitigationPolicy(
4145 ImagePath: PWSTR,
4146 Policy: IMAGE_MITIGATION_POLICY,
4147 Flags: ULONG,
4148 Buffer: PVOID,
4149 BufferSize: ULONG,
4150 ) -> NTSTATUS;
4151 fn RtlGetCurrentServiceSessionId() -> ULONG;
4152 fn RtlGetActiveConsoleId() -> ULONG;
4153 fn RtlGetConsoleSessionForegroundProcessId() -> ULONGLONG;
4154 fn RtlGetTokenNamedObjectPath(
4155 Token: HANDLE,
4156 Sid: PSID,
4157 ObjectPath: PUNICODE_STRING,
4158 ) -> NTSTATUS;
4159 fn RtlGetAppContainerNamedObjectPath(
4160 Token: HANDLE,
4161 AppContainerSid: PSID,
4162 RelativePath: BOOLEAN,
4163 ObjectPath: PUNICODE_STRING,
4164 ) -> NTSTATUS;
4165 fn RtlGetAppContainerParent(
4166 AppContainerSid: PSID,
4167 AppContainerSidParent: *mut PSID,
4168 ) -> NTSTATUS;
4169 fn RtlCheckSandboxedToken(
4170 TokenHandle: HANDLE,
4171 IsSandboxed: PBOOLEAN,
4172 ) -> NTSTATUS;
4173 fn RtlCheckTokenCapability(
4174 TokenHandle: HANDLE,
4175 CapabilitySidToCheck: PSID,
4176 HasCapability: PBOOLEAN,
4177 ) -> NTSTATUS;
4178 fn RtlCapabilityCheck(
4179 TokenHandle: HANDLE,
4180 CapabilityName: PUNICODE_STRING,
4181 HasCapability: PBOOLEAN,
4182 ) -> NTSTATUS;
4183 fn RtlCheckTokenMembership(
4184 TokenHandle: HANDLE,
4185 SidToCheck: PSID,
4186 IsMember: PBOOLEAN,
4187 ) -> NTSTATUS;
4188 fn RtlCheckTokenMembershipEx(
4189 TokenHandle: HANDLE,
4190 SidToCheck: PSID,
4191 Flags: ULONG,
4192 IsMember: PBOOLEAN,
4193 ) -> NTSTATUS;
4194 fn RtlIsParentOfChildAppContainer(
4195 ParentAppContainerSid: PSID,
4196 ChildAppContainerSid: PSID,
4197 ) -> NTSTATUS;
4198 fn RtlIsCapabilitySid(
4199 Sid: PSID,
4200 ) -> BOOLEAN;
4201 fn RtlIsPackageSid(
4202 Sid: PSID,
4203 ) -> BOOLEAN;
4204 fn RtlIsValidProcessTrustLabelSid(
4205 Sid: PSID,
4206 ) -> BOOLEAN;
4207 fn RtlIsStateSeparationEnabled() -> BOOLEAN;
4208 }}
4209 ENUM!{enum APPCONTAINER_SID_TYPE {
4210 NotAppContainerSidType = 0,
4211 ChildAppContainerSidType = 1,
4212 ParentAppContainerSidType = 2,
4213 InvalidAppContainerSidType = 3,
4214 MaxAppContainerSidType = 4,
4215 }}
4216 pub type PAPPCONTAINER_SID_TYPE = *mut APPCONTAINER_SID_TYPE;
4217 EXTERN!{extern "system" {
4218 fn RtlGetAppContainerSidType(
4219 AppContainerSid: PSID,
4220 AppContainerSidType: PAPPCONTAINER_SID_TYPE,
4221 ) -> NTSTATUS;
4222 fn RtlFlsAlloc(
4223 Callback: PFLS_CALLBACK_FUNCTION,
4224 FlsIndex: PULONG,
4225 ) -> NTSTATUS;
4226 fn RtlFlsFree(
4227 FlsIndex: ULONG,
4228 ) -> NTSTATUS;
4229 }}
4230 ENUM!{enum STATE_LOCATION_TYPE {
4231 LocationTypeRegistry = 0,
4232 LocationTypeFileSystem = 1,
4233 LocationTypeMaximum = 2,
4234 }}
4235 EXTERN!{extern "system" {
4236 fn RtlGetPersistedStateLocation(
4237 SourceID: PCWSTR,
4238 CustomValue: PCWSTR,
4239 DefaultPath: PCWSTR,
4240 StateLocationType: STATE_LOCATION_TYPE,
4241 TargetPath: PWCHAR,
4242 BufferLengthIn: ULONG,
4243 BufferLengthOut: PULONG,
4244 ) -> NTSTATUS;
4245 fn RtlIsCloudFilesPlaceholder(
4246 FileAttributes: ULONG,
4247 ReparseTag: ULONG,
4248 ) -> BOOLEAN;
4249 fn RtlIsPartialPlaceholder(
4250 FileAttributes: ULONG,
4251 ReparseTag: ULONG,
4252 ) -> BOOLEAN;
4253 fn RtlIsPartialPlaceholderFileHandle(
4254 FileHandle: HANDLE,
4255 IsPartialPlaceholder: PBOOLEAN,
4256 ) -> NTSTATUS;
4257 fn RtlIsPartialPlaceholderFileInfo(
4258 InfoBuffer: *const c_void,
4259 InfoClass: FILE_INFORMATION_CLASS,
4260 IsPartialPlaceholder: PBOOLEAN,
4261 ) -> NTSTATUS;
4262 fn RtlIsNonEmptyDirectoryReparsePointAllowed(
4263 ReparseTag: ULONG,
4264 ) -> BOOLEAN;
4265 fn RtlAppxIsFileOwnedByTrustedInstaller(
4266 FileHandle: HANDLE,
4267 IsFileOwnedByTrustedInstaller: PBOOLEAN,
4268 ) -> NTSTATUS;
4269 }}
4270 STRUCT!{struct PS_PKG_CLAIM {
4271 Flags: ULONGLONG,
4272 Origin: ULONGLONG,
4273 }}
4274 pub type PPS_PKG_CLAIM = *mut PS_PKG_CLAIM;
4275 EXTERN!{extern "system" {
4276 fn RtlQueryPackageClaims(
4277 TokenHandle: HANDLE,
4278 PackageFullName: PWSTR,
4279 PackageSize: PSIZE_T,
4280 AppId: PWSTR,
4281 AppIdSize: PSIZE_T,
4282 DynamicId: *mut GUID,
4283 PkgClaim: PPS_PKG_CLAIM,
4284 AttributesPresent: PULONG64,
4285 ) -> NTSTATUS;
4286 fn RtlQueryProtectedPolicy(
4287 PolicyGuid: *mut GUID,
4288 PolicyValue: PULONG_PTR,
4289 ) -> NTSTATUS;
4290 fn RtlSetProtectedPolicy(
4291 PolicyGuid: *mut GUID,
4292 PolicyValue: ULONG_PTR,
4293 OldPolicyValue: PULONG_PTR,
4294 ) -> NTSTATUS;
4295 fn RtlIsMultiSessionSku() -> BOOLEAN;
4296 fn RtlIsMultiUsersInSessionSku() -> BOOLEAN;
4297 }}
4298 ENUM!{enum RTL_BSD_ITEM_TYPE {
4299 RtlBsdItemVersionNumber = 0,
4300 RtlBsdItemProductType = 1,
4301 RtlBsdItemAabEnabled = 2,
4302 RtlBsdItemAabTimeout = 3,
4303 RtlBsdItemBootGood = 4,
4304 RtlBsdItemBootShutdown = 5,
4305 RtlBsdSleepInProgress = 6,
4306 RtlBsdPowerTransition = 7,
4307 RtlBsdItemBootAttemptCount = 8,
4308 RtlBsdItemBootCheckpoint = 9,
4309 RtlBsdItemBootId = 10,
4310 RtlBsdItemShutdownBootId = 11,
4311 RtlBsdItemReportedAbnormalShutdownBootId = 12,
4312 RtlBsdItemErrorInfo = 13,
4313 RtlBsdItemPowerButtonPressInfo = 14,
4314 RtlBsdItemChecksum = 15,
4315 RtlBsdItemMax = 16,
4316 }}
4317 STRUCT!{struct RTL_BSD_ITEM {
4318 Type: RTL_BSD_ITEM_TYPE,
4319 DataBuffer: PVOID,
4320 DataLength: ULONG,
4321 }}
4322 pub type PRTL_BSD_ITEM = *mut RTL_BSD_ITEM;
4323 EXTERN!{extern "system" {
4324 fn RtlCreateBootStatusDataFile() -> NTSTATUS;
4325 fn RtlLockBootStatusData(
4326 FileHandle: PHANDLE,
4327 ) -> NTSTATUS;
4328 fn RtlUnlockBootStatusData(
4329 FileHandle: HANDLE,
4330 ) -> NTSTATUS;
4331 fn RtlGetSetBootStatusData(
4332 FileHandle: HANDLE,
4333 Read: BOOLEAN,
4334 DataClass: RTL_BSD_ITEM_TYPE,
4335 Buffer: PVOID,
4336 BufferSize: ULONG,
4337 ReturnLength: PULONG,
4338 ) -> NTSTATUS;
4339 fn RtlCheckBootStatusIntegrity(
4340 FileHandle: HANDLE,
4341 Verified: PBOOLEAN,
4342 ) -> NTSTATUS;
4343 fn RtlCheckPortableOperatingSystem(
4344 IsPortable: PBOOLEAN,
4345 ) -> NTSTATUS;
4346 fn RtlSetPortableOperatingSystem(
4347 IsPortable: BOOLEAN,
4348 ) -> NTSTATUS;
4349 }}
4350 EXTERN!{extern "system" {
4351 fn RtlOsDeploymentState(
4352 Flags: DWORD,
4353 ) -> OS_DEPLOYEMENT_STATE_VALUES;
4354 fn RtlFindClosestEncodableLength(
4355 SourceLength: ULONGLONG,
4356 TargetLength: PULONGLONG,
4357 ) -> NTSTATUS;
4358 }}
4359 FN!{stdcall PRTL_SECURE_MEMORY_CACHE_CALLBACK(
4360 Address: PVOID,
4361 Length: SIZE_T,
4362 ) -> NTSTATUS}
4363 EXTERN!{extern "system" {
4364 fn RtlRegisterSecureMemoryCacheCallback(
4365 Callback: PRTL_SECURE_MEMORY_CACHE_CALLBACK,
4366 ) -> NTSTATUS;
4367 fn RtlDeregisterSecureMemoryCacheCallback(
4368 Callback: PRTL_SECURE_MEMORY_CACHE_CALLBACK,
4369 ) -> NTSTATUS;
4370 fn RtlFlushSecureMemoryCache(
4371 MemoryCache: PVOID,
4372 MemoryLength: SIZE_T,
4373 ) -> BOOLEAN;
4374 }}
4375