1 use core::ptr::null_mut;
2 use crate::ntapi_base::{CLIENT_ID, PCLIENT_ID};
3 use crate::ntexapi::{RTL_PROCESS_BACKTRACES, RTL_PROCESS_LOCKS};
4 use crate::ntioapi::FILE_INFORMATION_CLASS;
5 use crate::ntldr::{RTL_PROCESS_MODULES, RTL_PROCESS_MODULE_INFORMATION_EX};
6 use crate::ntmmapi::SECTION_IMAGE_INFORMATION;
7 use crate::ntnls::{PCPTABLEINFO, PNLSTABLEINFO};
8 use crate::ntpebteb::{PPEB, PTEB_ACTIVE_FRAME};
9 use crate::ntpsapi::{PINITIAL_TEB, PPS_APC_ROUTINE, PS_PROTECTION};
10 use crate::ntapi_base::{PRTL_ATOM, RTL_ATOM};
11 use crate::string::UTF16Const;
12 use winapi::ctypes::c_void;
13 use winapi::shared::basetsd::{PULONG64, ULONG32, ULONG64, PSIZE_T, PULONG_PTR, SIZE_T, ULONG_PTR};
14 use winapi::shared::guiddef::GUID;
15 use winapi::shared::in6addr::in6_addr;
16 use winapi::shared::inaddr::in_addr;
17 use winapi::shared::minwindef::{BOOL, DWORD, PBOOL};
18 #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
19 use winapi::shared::ntdef::{LARGE_INTEGER, RTL_BALANCED_NODE};
20 use winapi::shared::ntdef::{
21 BOOLEAN, CCHAR, CHAR, CLONG, CSHORT, HANDLE, LCID, LIST_ENTRY, LOGICAL, LONG, LUID, NTSTATUS,
22 PANSI_STRING, PBOOLEAN, PCANSI_STRING, PCCH, PCH, PCHAR, PCOEM_STRING, PCSZ, PCUNICODE_STRING,
23 PCWCH, PCWSTR, PHANDLE, PLARGE_INTEGER, PLCID, PLIST_ENTRY, PLONG, PLUID, PNT_PRODUCT_TYPE,
24 POEM_STRING, PPROCESSOR_NUMBER, PRTL_BALANCED_NODE, PSINGLE_LIST_ENTRY, PSTR, PSTRING, PUCHAR,
25 PULONG, PULONGLONG, PUNICODE_STRING, PUSHORT, PVOID, PWCH, PWCHAR, PWSTR, SINGLE_LIST_ENTRY,
26 STRING, UCHAR, ULONG, ULONGLONG, UNICODE_STRING, USHORT, VOID, WCHAR,
27 };
28 use winapi::um::minwinbase::PTHREAD_START_ROUTINE;
29 #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
30 use winapi::um::winnt::{PGET_RUNTIME_FUNCTION_CALLBACK, PRUNTIME_FUNCTION, PWOW64_CONTEXT};
31 use winapi::um::winnt::{
32 ACCESS_MASK, ACL_INFORMATION_CLASS, APC_CALLBACK_FUNCTION, HEAP_INFORMATION_CLASS,
33 HEAP_REALLOC_IN_PLACE_ONLY, HEAP_ZERO_MEMORY, OS_DEPLOYEMENT_STATE_VALUES, PACCESS_MASK, PACL,
34 PCONTEXT, PEXCEPTION_POINTERS, PEXCEPTION_RECORD, PFLS_CALLBACK_FUNCTION, PGENERIC_MAPPING,
35 PIMAGE_NT_HEADERS, PIMAGE_SECTION_HEADER, PLUID_AND_ATTRIBUTES, PMESSAGE_RESOURCE_ENTRY,
36 PPERFORMANCE_DATA, PRTL_BARRIER, PRTL_CONDITION_VARIABLE, PRTL_CRITICAL_SECTION,
37 PRTL_OSVERSIONINFOEXW, PRTL_OSVERSIONINFOW, PRTL_RESOURCE_DEBUG, PRTL_SRWLOCK,
38 PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR_CONTROL, PSID, PSID_AND_ATTRIBUTES,
39 PSID_AND_ATTRIBUTES_HASH, PSID_IDENTIFIER_AUTHORITY, PVECTORED_EXCEPTION_HANDLER,
40 PXSAVE_AREA_HEADER, RTL_CRITICAL_SECTION, RTL_SRWLOCK, SECURITY_DESCRIPTOR_CONTROL,
41 SECURITY_IMPERSONATION_LEVEL, SECURITY_INFORMATION, WAITORTIMERCALLBACKFUNC,
42 WORKERCALLBACKFUNC,
43 };
44 use winapi::vc::vadefs::va_list;
45 #[inline]
InitializeListHead(ListHead: &mut LIST_ENTRY)46 pub fn InitializeListHead(ListHead: &mut LIST_ENTRY) {
47 ListHead.Flink = ListHead;
48 ListHead.Blink = ListHead;
49 }
50 #[inline]
IsListEmpty(ListHead: &LIST_ENTRY) -> bool51 pub fn IsListEmpty(ListHead: &LIST_ENTRY) -> bool {
52 ListHead.Flink as *const _ == ListHead as *const _
53 }
54 #[inline]
RemoveEntryList(Entry: &mut LIST_ENTRY) -> bool55 pub unsafe fn RemoveEntryList(Entry: &mut LIST_ENTRY) -> bool {
56 let (Blink, Flink) = (Entry.Blink, Entry.Flink);
57 (*Blink).Flink = Flink;
58 (*Flink).Blink = Blink;
59 Flink == Blink
60 }
61 #[inline]
RemoveHeadList(ListHead: &mut LIST_ENTRY) -> PLIST_ENTRY62 pub unsafe fn RemoveHeadList(ListHead: &mut LIST_ENTRY) -> PLIST_ENTRY {
63 let Entry = ListHead.Flink;
64 let Flink = (*Entry).Flink;
65 ListHead.Flink = Flink;
66 (*Flink).Blink = ListHead;
67 Entry
68 }
69 #[inline]
RemoveTailList(ListHead: &mut LIST_ENTRY) -> PLIST_ENTRY70 pub unsafe fn RemoveTailList(ListHead: &mut LIST_ENTRY) -> PLIST_ENTRY {
71 let Entry = ListHead.Blink;
72 let Blink = (*Entry).Blink;
73 ListHead.Blink = Blink;
74 (*Blink).Flink = ListHead;
75 Entry
76 }
77 #[inline]
InsertTailList(ListHead: &mut LIST_ENTRY, Entry: &mut LIST_ENTRY)78 pub unsafe fn InsertTailList(ListHead: &mut LIST_ENTRY, Entry: &mut LIST_ENTRY) {
79 let Blink = ListHead.Blink;
80 Entry.Flink = ListHead;
81 Entry.Blink = Blink;
82 (*Blink).Flink = Entry;
83 ListHead.Blink = Entry;
84 }
85 #[inline]
InsertHeadList(ListHead: &mut LIST_ENTRY, Entry: &mut LIST_ENTRY)86 pub unsafe fn InsertHeadList(ListHead: &mut LIST_ENTRY, Entry: &mut LIST_ENTRY) {
87 let Flink = ListHead.Flink;
88 Entry.Flink = Flink;
89 Entry.Blink = ListHead;
90 (*Flink).Blink = Entry;
91 ListHead.Flink = Entry;
92 }
93 #[inline]
AppendTailList(ListHead: &mut LIST_ENTRY, ListToAppend: &mut LIST_ENTRY)94 pub unsafe fn AppendTailList(ListHead: &mut LIST_ENTRY, ListToAppend: &mut LIST_ENTRY) {
95 let ListEnd = ListHead.Blink;
96 (*ListHead.Blink).Flink = ListToAppend;
97 ListHead.Blink = ListToAppend.Blink;
98 (*ListToAppend.Blink).Flink = ListHead;
99 ListToAppend.Blink = ListEnd;
100 }
101 #[inline]
PopEntryList(ListHead: &mut SINGLE_LIST_ENTRY) -> PSINGLE_LIST_ENTRY102 pub unsafe fn PopEntryList(ListHead: &mut SINGLE_LIST_ENTRY) -> PSINGLE_LIST_ENTRY {
103 let FirstEntry = ListHead.Next;
104 if !FirstEntry.is_null() {
105 ListHead.Next = (*FirstEntry).Next;
106 }
107 FirstEntry
108 }
109 #[inline]
PushEntryList(ListHead: &mut SINGLE_LIST_ENTRY, Entry: &mut SINGLE_LIST_ENTRY)110 pub fn PushEntryList(ListHead: &mut SINGLE_LIST_ENTRY, Entry: &mut SINGLE_LIST_ENTRY) {
111 Entry.Next = ListHead.Next;
112 ListHead.Next = Entry;
113 }
114 ENUM!{enum TABLE_SEARCH_RESULT {
115 TableEmptyTree = 0,
116 TableFoundNode = 1,
117 TableInsertAsLeft = 2,
118 TableInsertAsRight = 3,
119 }}
120 ENUM!{enum RTL_GENERIC_COMPARE_RESULTS {
121 GenericLessThan = 0,
122 GenericGreaterThan = 1,
123 GenericEqual = 2,
124 }}
125 FN!{stdcall PRTL_AVL_COMPARE_ROUTINE(
126 Table: *mut RTL_AVL_TABLE,
127 FirstStruct: PVOID,
128 SecondStruct: PVOID,
129 ) -> RTL_GENERIC_COMPARE_RESULTS}
130 FN!{stdcall PRTL_AVL_ALLOCATE_ROUTINE(
131 Table: *mut RTL_AVL_TABLE,
132 ByteSize: CLONG,
133 ) -> PVOID}
134 FN!{stdcall PRTL_AVL_FREE_ROUTINE(
135 Table: *mut RTL_AVL_TABLE,
136 Buffer: PVOID,
137 ) -> ()}
138 FN!{stdcall PRTL_AVL_MATCH_FUNCTION(
139 Table: *mut RTL_AVL_TABLE,
140 UserData: PVOID,
141 MatchData: PVOID,
142 ) -> NTSTATUS}
143 STRUCT!{struct RTL_BALANCED_LINKS {
144 Parent: *mut RTL_BALANCED_LINKS,
145 LeftChild: *mut RTL_BALANCED_LINKS,
146 RightChild: *mut RTL_BALANCED_LINKS,
147 Balance: CHAR,
148 Reserved: [UCHAR; 3],
149 }}
150 pub type PRTL_BALANCED_LINKS = *mut RTL_BALANCED_LINKS;
151 STRUCT!{struct RTL_AVL_TABLE {
152 BalancedRoot: RTL_BALANCED_LINKS,
153 OrderedPointer: PVOID,
154 WhichOrderedElement: ULONG,
155 NumberGenericTableElements: ULONG,
156 DepthOfTree: ULONG,
157 RestartKey: PRTL_BALANCED_LINKS,
158 DeleteCount: ULONG,
159 CompareRoutine: PRTL_AVL_COMPARE_ROUTINE,
160 AllocateRoutine: PRTL_AVL_ALLOCATE_ROUTINE,
161 FreeRoutine: PRTL_AVL_FREE_ROUTINE,
162 TableContext: PVOID,
163 }}
164 pub type PRTL_AVL_TABLE = *mut RTL_AVL_TABLE;
165 EXTERN!{extern "system" {
166 fn RtlInitializeGenericTableAvl(
167 Table: PRTL_AVL_TABLE,
168 CompareRoutine: PRTL_AVL_COMPARE_ROUTINE,
169 AllocateRoutine: PRTL_AVL_ALLOCATE_ROUTINE,
170 FreeRoutine: PRTL_AVL_FREE_ROUTINE,
171 TableContext: PVOID,
172 );
173 fn RtlInsertElementGenericTableAvl(
174 Table: PRTL_AVL_TABLE,
175 Buffer: PVOID,
176 BufferSize: CLONG,
177 NewElement: PBOOLEAN,
178 ) -> PVOID;
179 fn RtlInsertElementGenericTableFullAvl(
180 Table: PRTL_AVL_TABLE,
181 Buffer: PVOID,
182 BufferSize: CLONG,
183 NewElement: PBOOLEAN,
184 NodeOrParent: PVOID,
185 SearchResult: TABLE_SEARCH_RESULT,
186 ) -> PVOID;
187 fn RtlDeleteElementGenericTableAvl(
188 Table: PRTL_AVL_TABLE,
189 Buffer: PVOID,
190 ) -> BOOLEAN;
191 fn RtlLookupElementGenericTableAvl(
192 Table: PRTL_AVL_TABLE,
193 Buffer: PVOID,
194 ) -> PVOID;
195 fn RtlLookupElementGenericTableFullAvl(
196 Table: PRTL_AVL_TABLE,
197 Buffer: PVOID,
198 NodeOrParent: *mut PVOID,
199 SearchResult: *mut TABLE_SEARCH_RESULT,
200 ) -> PVOID;
201 fn RtlEnumerateGenericTableAvl(
202 Table: PRTL_AVL_TABLE,
203 Restart: BOOLEAN,
204 ) -> PVOID;
205 fn RtlEnumerateGenericTableWithoutSplayingAvl(
206 Table: PRTL_AVL_TABLE,
207 RestartKey: *mut PVOID,
208 ) -> PVOID;
209 fn RtlLookupFirstMatchingElementGenericTableAvl(
210 Table: PRTL_AVL_TABLE,
211 Buffer: PVOID,
212 RestartKey: *mut PVOID,
213 ) -> PVOID;
214 fn RtlEnumerateGenericTableLikeADirectory(
215 Table: PRTL_AVL_TABLE,
216 MatchFunction: PRTL_AVL_MATCH_FUNCTION,
217 MatchData: PVOID,
218 NextFlag: ULONG,
219 RestartKey: *mut PVOID,
220 DeleteCount: PULONG,
221 Buffer: PVOID,
222 ) -> PVOID;
223 fn RtlGetElementGenericTableAvl(
224 Table: PRTL_AVL_TABLE,
225 I: ULONG,
226 ) -> PVOID;
227 fn RtlNumberGenericTableElementsAvl(
228 Table: PRTL_AVL_TABLE,
229 ) -> ULONG;
230 fn RtlIsGenericTableEmptyAvl(
231 Table: PRTL_AVL_TABLE,
232 ) -> BOOLEAN;
233 }}
234 STRUCT!{struct RTL_SPLAY_LINKS {
235 Parent: *mut RTL_SPLAY_LINKS,
236 LeftChild: *mut RTL_SPLAY_LINKS,
237 RightChild: *mut RTL_SPLAY_LINKS,
238 }}
239 pub type PRTL_SPLAY_LINKS = *mut RTL_SPLAY_LINKS;
240 #[inline]
RtlInitializeSplayLinks(Links: &mut RTL_SPLAY_LINKS)241 pub fn RtlInitializeSplayLinks(Links: &mut RTL_SPLAY_LINKS) {
242 Links.Parent = Links;
243 Links.LeftChild = null_mut();
244 Links.RightChild = null_mut();
245 }
246 #[inline]
RtlParent(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS247 pub const fn RtlParent(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS {
248 Links.Parent
249 }
250 #[inline]
RtlLeftChild(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS251 pub const fn RtlLeftChild(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS {
252 Links.LeftChild
253 }
254 #[inline]
RtlRightChild(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS255 pub const fn RtlRightChild(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS {
256 Links.RightChild
257 }
258 #[inline]
RtlIsRoot(Links: *const RTL_SPLAY_LINKS) -> bool259 pub unsafe fn RtlIsRoot(Links: *const RTL_SPLAY_LINKS) -> bool {
260 (*Links).Parent as *const _ == Links
261 }
262 #[inline]
RtlIsLeftChild(Links: *const RTL_SPLAY_LINKS) -> bool263 pub unsafe fn RtlIsLeftChild(Links: *const RTL_SPLAY_LINKS) -> bool {
264 RtlLeftChild(&*RtlParent(&*Links)) as *const _ == Links
265 }
266 #[inline]
RtlIsRightChild(Links: *const RTL_SPLAY_LINKS) -> bool267 pub unsafe fn RtlIsRightChild(Links: *const RTL_SPLAY_LINKS) -> bool {
268 RtlRightChild(&*RtlParent(&*Links)) as *const _ == Links
269 }
270 #[inline]
RtlInsertAsLeftChild( ParentLinks: &mut RTL_SPLAY_LINKS, ChildLinks: &mut RTL_SPLAY_LINKS, )271 pub fn RtlInsertAsLeftChild(
272 ParentLinks: &mut RTL_SPLAY_LINKS,
273 ChildLinks: &mut RTL_SPLAY_LINKS,
274 ) {
275 ParentLinks.LeftChild = ChildLinks;
276 ChildLinks.Parent = ParentLinks;
277 }
278 #[inline]
RtlInsertAsRightChild( ParentLinks: &mut RTL_SPLAY_LINKS, ChildLinks: &mut RTL_SPLAY_LINKS, )279 pub fn RtlInsertAsRightChild(
280 ParentLinks: &mut RTL_SPLAY_LINKS,
281 ChildLinks: &mut RTL_SPLAY_LINKS,
282 ) {
283 ParentLinks.RightChild = ChildLinks;
284 ChildLinks.Parent = ParentLinks;
285 }
286 EXTERN!{extern "system" {
287 fn RtlSplay(
288 Links: PRTL_SPLAY_LINKS,
289 ) -> PRTL_SPLAY_LINKS;
290 fn RtlDelete(
291 Links: PRTL_SPLAY_LINKS,
292 ) -> PRTL_SPLAY_LINKS;
293 fn RtlDeleteNoSplay(
294 Links: PRTL_SPLAY_LINKS,
295 Root: *mut PRTL_SPLAY_LINKS,
296 );
297 fn RtlSubtreeSuccessor(
298 Links: PRTL_SPLAY_LINKS,
299 ) -> PRTL_SPLAY_LINKS;
300 fn RtlSubtreePredecessor(
301 Links: PRTL_SPLAY_LINKS,
302 ) -> PRTL_SPLAY_LINKS;
303 fn RtlRealSuccessor(
304 Links: PRTL_SPLAY_LINKS,
305 ) -> PRTL_SPLAY_LINKS;
306 fn RtlRealPredecessor(
307 Links: PRTL_SPLAY_LINKS,
308 ) -> PRTL_SPLAY_LINKS;
309 }}
310 FN!{stdcall PRTL_GENERIC_COMPARE_ROUTINE(
311 Table: *mut RTL_GENERIC_TABLE,
312 FirstStruct: PVOID,
313 SecondStruct: PVOID,
314 ) -> RTL_GENERIC_COMPARE_RESULTS}
315 FN!{stdcall PRTL_GENERIC_ALLOCATE_ROUTINE(
316 Table: *mut RTL_GENERIC_TABLE,
317 ByteSize: CLONG,
318 ) -> PVOID}
319 FN!{stdcall PRTL_GENERIC_FREE_ROUTINE(
320 Table: *mut RTL_GENERIC_TABLE,
321 Buffer: PVOID,
322 ) -> ()}
323 STRUCT!{struct RTL_GENERIC_TABLE {
324 TableRoot: PRTL_SPLAY_LINKS,
325 InsertOrderList: LIST_ENTRY,
326 OrderedPointer: PLIST_ENTRY,
327 WhichOrderedElement: ULONG,
328 NumberGenericTableElements: ULONG,
329 CompareRoutine: PRTL_GENERIC_COMPARE_ROUTINE,
330 AllocateRoutine: PRTL_GENERIC_ALLOCATE_ROUTINE,
331 FreeRoutine: PRTL_GENERIC_FREE_ROUTINE,
332 TableContext: PVOID,
333 }}
334 pub type PRTL_GENERIC_TABLE = *mut RTL_GENERIC_TABLE;
335 EXTERN!{extern "system" {
336 fn RtlInitializeGenericTable(
337 Table: PRTL_GENERIC_TABLE,
338 CompareRoutine: PRTL_GENERIC_COMPARE_ROUTINE,
339 AllocateRoutine: PRTL_GENERIC_ALLOCATE_ROUTINE,
340 FreeRoutine: PRTL_GENERIC_FREE_ROUTINE,
341 TableContext: PVOID,
342 );
343 fn RtlInsertElementGenericTable(
344 Table: PRTL_GENERIC_TABLE,
345 Buffer: PVOID,
346 BufferSize: CLONG,
347 NewElement: PBOOLEAN,
348 ) -> PVOID;
349 fn RtlInsertElementGenericTableFull(
350 Table: PRTL_GENERIC_TABLE,
351 Buffer: PVOID,
352 BufferSize: CLONG,
353 NewElement: PBOOLEAN,
354 NodeOrParent: PVOID,
355 SearchResult: TABLE_SEARCH_RESULT,
356 ) -> PVOID;
357 fn RtlDeleteElementGenericTable(
358 Table: PRTL_GENERIC_TABLE,
359 Buffer: PVOID,
360 ) -> BOOLEAN;
361 fn RtlLookupElementGenericTable(
362 Table: PRTL_GENERIC_TABLE,
363 Buffer: PVOID,
364 ) -> PVOID;
365 fn RtlLookupElementGenericTableFull(
366 Table: PRTL_GENERIC_TABLE,
367 Buffer: PVOID,
368 NodeOrParent: *mut PVOID,
369 SearchResult: *mut TABLE_SEARCH_RESULT,
370 ) -> PVOID;
371 fn RtlEnumerateGenericTable(
372 Table: PRTL_GENERIC_TABLE,
373 Restart: BOOLEAN,
374 ) -> PVOID;
375 fn RtlEnumerateGenericTableWithoutSplaying(
376 Table: PRTL_GENERIC_TABLE,
377 RestartKey: *mut PVOID,
378 ) -> PVOID;
379 fn RtlGetElementGenericTable(
380 Table: PRTL_GENERIC_TABLE,
381 I: ULONG,
382 ) -> PVOID;
383 fn RtlNumberGenericTableElements(
384 Table: PRTL_GENERIC_TABLE,
385 ) -> ULONG;
386 fn RtlIsGenericTableEmpty(
387 Table: PRTL_GENERIC_TABLE,
388 ) -> BOOLEAN;
389 }}
390 STRUCT!{struct RTL_RB_TREE {
391 Root: PRTL_BALANCED_NODE,
392 Min: PRTL_BALANCED_NODE,
393 }}
394 pub type PRTL_RB_TREE = *mut RTL_RB_TREE;
395 EXTERN!{extern "system" {
396 fn RtlRbInsertNodeEx(
397 Tree: PRTL_RB_TREE,
398 Parent: PRTL_BALANCED_NODE,
399 Right: BOOLEAN,
400 Node: PRTL_BALANCED_NODE,
401 );
402 fn RtlRbRemoveNode(
403 Tree: PRTL_RB_TREE,
404 Node: PRTL_BALANCED_NODE,
405 );
406 }}
407 pub const RTL_HASH_ALLOCATED_HEADER: u32 = 0x00000001;
408 pub const RTL_HASH_RESERVED_SIGNATURE: u32 = 0;
409 STRUCT!{struct RTL_DYNAMIC_HASH_TABLE_ENTRY {
410 Linkage: LIST_ENTRY,
411 Signature: ULONG_PTR,
412 }}
413 pub type PRTL_DYNAMIC_HASH_TABLE_ENTRY = *mut RTL_DYNAMIC_HASH_TABLE_ENTRY;
414 #[inline]
HASH_ENTRY_KEY(x: &RTL_DYNAMIC_HASH_TABLE_ENTRY) -> ULONG_PTR415 pub const fn HASH_ENTRY_KEY(x: &RTL_DYNAMIC_HASH_TABLE_ENTRY) -> ULONG_PTR {
416 x.Signature
417 }
418 STRUCT!{struct RTL_DYNAMIC_HASH_TABLE_CONTEXT {
419 ChainHead: PLIST_ENTRY,
420 PrevLinkage: PLIST_ENTRY,
421 Signature: ULONG_PTR,
422 }}
423 pub type PRTL_DYNAMIC_HASH_TABLE_CONTEXT = *mut RTL_DYNAMIC_HASH_TABLE_CONTEXT;
424 STRUCT!{struct RTL_DYNAMIC_HASH_TABLE_ENUMERATOR {
425 HashEntry: RTL_DYNAMIC_HASH_TABLE_ENTRY,
426 ChainHead: PLIST_ENTRY,
427 BucketIndex: ULONG,
428 }}
429 pub type PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR = *mut RTL_DYNAMIC_HASH_TABLE_ENUMERATOR;
430 STRUCT!{struct RTL_DYNAMIC_HASH_TABLE {
431 Flags: ULONG,
432 Shift: ULONG,
433 TableSize: ULONG,
434 Pivot: ULONG,
435 DivisorMask: ULONG,
436 NumEntries: ULONG,
437 NonEmptyBuckets: ULONG,
438 NumEnumerators: ULONG,
439 Directory: PVOID,
440 }}
441 pub type PRTL_DYNAMIC_HASH_TABLE = *mut RTL_DYNAMIC_HASH_TABLE;
442 #[inline]
RtlInitHashTableContext(Context: &mut RTL_DYNAMIC_HASH_TABLE_CONTEXT)443 pub fn RtlInitHashTableContext(Context: &mut RTL_DYNAMIC_HASH_TABLE_CONTEXT) {
444 Context.ChainHead = null_mut();
445 Context.PrevLinkage = null_mut();
446 }
447 #[inline]
RtlInitHashTableContextFromEnumerator( Context: &mut RTL_DYNAMIC_HASH_TABLE_CONTEXT, Enumerator: &RTL_DYNAMIC_HASH_TABLE_ENUMERATOR, )448 pub fn RtlInitHashTableContextFromEnumerator(
449 Context: &mut RTL_DYNAMIC_HASH_TABLE_CONTEXT,
450 Enumerator: &RTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
451 ) {
452 Context.ChainHead = Enumerator.ChainHead;
453 Context.PrevLinkage = Enumerator.HashEntry.Linkage.Blink;
454 }
455 // RtlReleaseHashTableContext
456 #[inline]
RtlTotalBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG457 pub const fn RtlTotalBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG {
458 HashTable.TableSize
459 }
460 #[inline]
RtlNonEmptyBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG461 pub const fn RtlNonEmptyBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG {
462 HashTable.NonEmptyBuckets
463 }
464 #[inline]
RtlEmptyBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG465 pub const fn RtlEmptyBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG {
466 HashTable.TableSize - HashTable.NonEmptyBuckets
467 }
468 #[inline]
RtlTotalEntriesHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG469 pub const fn RtlTotalEntriesHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG {
470 HashTable.NumEntries
471 }
472 #[inline]
RtlActiveEnumeratorsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG473 pub const fn RtlActiveEnumeratorsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG {
474 HashTable.NumEnumerators
475 }
476 EXTERN!{extern "system" {
477 fn RtlCreateHashTable(
478 HashTable: *mut PRTL_DYNAMIC_HASH_TABLE,
479 Shift: ULONG,
480 Flags: ULONG,
481 ) -> BOOLEAN;
482 fn RtlDeleteHashTable(
483 HashTable: PRTL_DYNAMIC_HASH_TABLE,
484 );
485 fn RtlInsertEntryHashTable(
486 HashTable: PRTL_DYNAMIC_HASH_TABLE,
487 Entry: PRTL_DYNAMIC_HASH_TABLE_ENTRY,
488 Signature: ULONG_PTR,
489 Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT,
490 ) -> BOOLEAN;
491 fn RtlRemoveEntryHashTable(
492 HashTable: PRTL_DYNAMIC_HASH_TABLE,
493 Entry: PRTL_DYNAMIC_HASH_TABLE_ENTRY,
494 Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT,
495 ) -> BOOLEAN;
496 fn RtlLookupEntryHashTable(
497 HashTable: PRTL_DYNAMIC_HASH_TABLE,
498 Signature: ULONG_PTR,
499 Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT,
500 ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY;
501 fn RtlGetNextEntryHashTable(
502 HashTable: PRTL_DYNAMIC_HASH_TABLE,
503 Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT,
504 ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY;
505 fn RtlInitEnumerationHashTable(
506 HashTable: PRTL_DYNAMIC_HASH_TABLE,
507 Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
508 ) -> BOOLEAN;
509 fn RtlEnumerateEntryHashTable(
510 HashTable: PRTL_DYNAMIC_HASH_TABLE,
511 Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
512 ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY;
513 fn RtlEndEnumerationHashTable(
514 HashTable: PRTL_DYNAMIC_HASH_TABLE,
515 Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
516 );
517 fn RtlInitWeakEnumerationHashTable(
518 HashTable: PRTL_DYNAMIC_HASH_TABLE,
519 Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
520 ) -> BOOLEAN;
521 fn RtlWeaklyEnumerateEntryHashTable(
522 HashTable: PRTL_DYNAMIC_HASH_TABLE,
523 Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
524 ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY;
525 fn RtlEndWeakEnumerationHashTable(
526 HashTable: PRTL_DYNAMIC_HASH_TABLE,
527 Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
528 );
529 fn RtlExpandHashTable(
530 HashTable: PRTL_DYNAMIC_HASH_TABLE,
531 ) -> BOOLEAN;
532 fn RtlContractHashTable(
533 HashTable: PRTL_DYNAMIC_HASH_TABLE,
534 ) -> BOOLEAN;
535 fn RtlInitStrongEnumerationHashTable(
536 HashTable: PRTL_DYNAMIC_HASH_TABLE,
537 Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
538 ) -> BOOLEAN;
539 fn RtlStronglyEnumerateEntryHashTable(
540 HashTable: PRTL_DYNAMIC_HASH_TABLE,
541 Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
542 ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY;
543 fn RtlEndStrongEnumerationHashTable(
544 HashTable: PRTL_DYNAMIC_HASH_TABLE,
545 Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
546 );
547 fn RtlInitializeCriticalSection(
548 CriticalSection: PRTL_CRITICAL_SECTION,
549 ) -> NTSTATUS;
550 fn RtlInitializeCriticalSectionAndSpinCount(
551 CriticalSection: PRTL_CRITICAL_SECTION,
552 SpinCount: ULONG,
553 ) -> NTSTATUS;
554 fn RtlDeleteCriticalSection(
555 CriticalSection: PRTL_CRITICAL_SECTION,
556 ) -> NTSTATUS;
557 fn RtlEnterCriticalSection(
558 CriticalSection: PRTL_CRITICAL_SECTION,
559 ) -> NTSTATUS;
560 fn RtlLeaveCriticalSection(
561 CriticalSection: PRTL_CRITICAL_SECTION,
562 ) -> NTSTATUS;
563 fn RtlTryEnterCriticalSection(
564 CriticalSection: PRTL_CRITICAL_SECTION,
565 ) -> LOGICAL;
566 fn RtlIsCriticalSectionLocked(
567 CriticalSection: PRTL_CRITICAL_SECTION,
568 ) -> LOGICAL;
569 fn RtlIsCriticalSectionLockedByThread(
570 CriticalSection: PRTL_CRITICAL_SECTION,
571 ) -> LOGICAL;
572 fn RtlGetCriticalSectionRecursionCount(
573 CriticalSection: PRTL_CRITICAL_SECTION,
574 ) -> ULONG;
575 fn RtlSetCriticalSectionSpinCount(
576 CriticalSection: PRTL_CRITICAL_SECTION,
577 SpinCount: ULONG,
578 ) -> ULONG;
579 fn RtlQueryCriticalSectionOwner(
580 EventHandle: HANDLE,
581 ) -> HANDLE;
582 fn RtlCheckForOrphanedCriticalSections(
583 ThreadHandle: HANDLE,
584 );
585 }}
586 STRUCT!{struct RTL_RESOURCE {
587 CriticalSection: RTL_CRITICAL_SECTION,
588 SharedSemaphore: HANDLE,
589 NumberOfWaitingShared: ULONG,
590 ExclusiveSemaphore: HANDLE,
591 NumberOfWaitingExclusive: ULONG,
592 NumberOfActive: LONG,
593 ExclusiveOwnerThread: HANDLE,
594 Flags: ULONG,
595 DebugInfo: PRTL_RESOURCE_DEBUG,
596 }}
597 pub type PRTL_RESOURCE = *mut RTL_RESOURCE;
598 pub const RTL_RESOURCE_FLAG_LONG_TERM: ULONG = 0x00000001;
599 EXTERN!{extern "system" {
600 fn RtlInitializeResource(
601 Resource: PRTL_RESOURCE,
602 );
603 fn RtlDeleteResource(
604 Resource: PRTL_RESOURCE,
605 );
606 fn RtlAcquireResourceShared(
607 Resource: PRTL_RESOURCE,
608 Wait: BOOLEAN,
609 ) -> BOOLEAN;
610 fn RtlAcquireResourceExclusive(
611 Resource: PRTL_RESOURCE,
612 Wait: BOOLEAN,
613 ) -> BOOLEAN;
614 fn RtlReleaseResource(
615 Resource: PRTL_RESOURCE,
616 );
617 fn RtlConvertSharedToExclusive(
618 Resource: PRTL_RESOURCE,
619 );
620 fn RtlConvertExclusiveToShared(
621 Resource: PRTL_RESOURCE,
622 );
623 fn RtlInitializeSRWLock(
624 SRWLock: PRTL_SRWLOCK,
625 );
626 fn RtlAcquireSRWLockExclusive(
627 SRWLock: PRTL_SRWLOCK,
628 );
629 fn RtlAcquireSRWLockShared(
630 SRWLock: PRTL_SRWLOCK,
631 );
632 fn RtlReleaseSRWLockExclusive(
633 SRWLock: PRTL_SRWLOCK,
634 );
635 fn RtlReleaseSRWLockShared(
636 SRWLock: PRTL_SRWLOCK,
637 );
638 fn RtlTryAcquireSRWLockExclusive(
639 SRWLock: PRTL_SRWLOCK,
640 ) -> BOOLEAN;
641 fn RtlTryAcquireSRWLockShared(
642 SRWLock: PRTL_SRWLOCK,
643 ) -> BOOLEAN;
644 fn RtlAcquireReleaseSRWLockExclusive(
645 SRWLock: PRTL_SRWLOCK,
646 );
647 fn RtlInitializeConditionVariable(
648 ConditionVariable: PRTL_CONDITION_VARIABLE,
649 );
650 fn RtlSleepConditionVariableCS(
651 ConditionVariable: PRTL_CONDITION_VARIABLE,
652 CriticalSection: PRTL_CRITICAL_SECTION,
653 Timeout: PLARGE_INTEGER,
654 ) -> NTSTATUS;
655 fn RtlSleepConditionVariableSRW(
656 ConditionVariable: PRTL_CONDITION_VARIABLE,
657 SRWLock: PRTL_SRWLOCK,
658 Timeout: PLARGE_INTEGER,
659 Flags: ULONG,
660 ) -> NTSTATUS;
661 fn RtlWakeConditionVariable(
662 ConditionVariable: PRTL_CONDITION_VARIABLE,
663 );
664 fn RtlWakeAllConditionVariable(
665 ConditionVariable: PRTL_CONDITION_VARIABLE,
666 );
667 }}
668 pub const RTL_BARRIER_FLAGS_SPIN_ONLY: ULONG = 0x00000001;
669 pub const RTL_BARRIER_FLAGS_BLOCK_ONLY: ULONG = 0x00000002;
670 pub const RTL_BARRIER_FLAGS_NO_DELETE: ULONG = 0x00000004;
671 EXTERN!{extern "system" {
672 fn RtlInitBarrier(
673 Barrier: PRTL_BARRIER,
674 TotalThreads: ULONG,
675 SpinCount: ULONG,
676 ) -> NTSTATUS;
677 fn RtlDeleteBarrier(
678 Barrier: PRTL_BARRIER,
679 ) -> NTSTATUS;
680 fn RtlBarrier(
681 Barrier: PRTL_BARRIER,
682 Flags: ULONG,
683 ) -> BOOLEAN;
684 fn RtlBarrierForDelete(
685 Barrier: PRTL_BARRIER,
686 Flags: ULONG,
687 ) -> BOOLEAN;
688 fn RtlWaitOnAddress(
689 Address: *mut VOID,
690 CompareAddress: PVOID,
691 AddressSize: SIZE_T,
692 Timeout: PLARGE_INTEGER,
693 ) -> NTSTATUS;
694 fn RtlWakeAddressAll(
695 Address: PVOID,
696 );
697 fn RtlWakeAddressSingle(
698 Address: PVOID,
699 );
700 fn RtlInitString(
701 DestinationString: PSTRING,
702 SourceString: PCSZ,
703 );
704 fn RtlInitStringEx(
705 DestinationString: PSTRING,
706 SourceString: PCSZ,
707 ) -> NTSTATUS;
708 fn RtlInitAnsiString(
709 DestinationString: PANSI_STRING,
710 SourceString: PCSZ,
711 );
712 fn RtlInitAnsiStringEx(
713 DestinationString: PANSI_STRING,
714 SourceString: PCSZ,
715 ) -> NTSTATUS;
716 fn RtlFreeAnsiString(
717 AnsiString: PANSI_STRING,
718 );
719 fn RtlFreeOemString(
720 OemString: POEM_STRING,
721 );
722 fn RtlCopyString(
723 DestinationString: PSTRING,
724 SourceString: *const STRING,
725 );
726 fn RtlUpperChar(
727 Character: CHAR,
728 ) -> CHAR;
729 fn RtlCompareString(
730 String1: *const STRING,
731 String2: *const STRING,
732 CaseInSensitive: BOOLEAN,
733 ) -> LONG;
734 fn RtlEqualString(
735 String1: *const STRING,
736 String2: *const STRING,
737 CaseInSensitive: BOOLEAN,
738 ) -> BOOLEAN;
739 fn RtlPrefixString(
740 String1: *const STRING,
741 String2: *const STRING,
742 CaseInSensitive: BOOLEAN,
743 ) -> BOOLEAN;
744 fn RtlAppendStringToString(
745 Destination: PSTRING,
746 Source: *const STRING,
747 ) -> NTSTATUS;
748 fn RtlAppendAsciizToString(
749 Destination: PSTRING,
750 Source: PSTR,
751 ) -> NTSTATUS;
752 fn RtlUpperString(
753 DestinationString: PSTRING,
754 SourceString: *const STRING,
755 );
756 }}
757 #[inline]
RtlIsNullOrEmptyUnicodeString(String: PUNICODE_STRING) -> bool758 pub unsafe fn RtlIsNullOrEmptyUnicodeString(String: PUNICODE_STRING) -> bool {
759 String.is_null() || (*String).Length == 0
760 }
761 #[inline]
RtlInitEmptyUnicodeString( UnicodeString: &mut UNICODE_STRING, Buffer: PWCHAR, MaximumLength: USHORT, )762 pub fn RtlInitEmptyUnicodeString(
763 UnicodeString: &mut UNICODE_STRING,
764 Buffer: PWCHAR,
765 MaximumLength: USHORT,
766 ) {
767 UnicodeString.Buffer = Buffer;
768 UnicodeString.MaximumLength = MaximumLength;
769 UnicodeString.Length = 0;
770 }
771 EXTERN!{extern "system" {
772 fn RtlInitUnicodeString(
773 DestinationString: PUNICODE_STRING,
774 SourceString: PCWSTR,
775 );
776 fn RtlInitUnicodeStringEx(
777 DestinationString: PUNICODE_STRING,
778 SourceString: PCWSTR,
779 ) -> NTSTATUS;
780 fn RtlCreateUnicodeString(
781 DestinationString: PUNICODE_STRING,
782 SourceString: PCWSTR,
783 ) -> BOOLEAN;
784 fn RtlCreateUnicodeStringFromAsciiz(
785 DestinationString: PUNICODE_STRING,
786 SourceString: PSTR,
787 ) -> BOOLEAN;
788 fn RtlFreeUnicodeString(
789 UnicodeString: PUNICODE_STRING,
790 );
791 }}
792 pub const RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE: ULONG = 0x00000001;
793 pub const RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING: ULONG = 0x00000002;
794 EXTERN!{extern "system" {
795 fn RtlDuplicateUnicodeString(
796 Flags: ULONG,
797 StringIn: PCUNICODE_STRING,
798 StringOut: PUNICODE_STRING,
799 ) -> NTSTATUS;
800 fn RtlCopyUnicodeString(
801 DestinationString: PUNICODE_STRING,
802 SourceString: PCUNICODE_STRING,
803 );
804 fn RtlUpcaseUnicodeChar(
805 SourceCharacter: WCHAR,
806 ) -> WCHAR;
807 fn RtlDowncaseUnicodeChar(
808 SourceCharacter: WCHAR,
809 ) -> WCHAR;
810 fn RtlCompareUnicodeString(
811 String1: PCUNICODE_STRING,
812 String2: PCUNICODE_STRING,
813 CaseInSensitive: BOOLEAN,
814 ) -> LONG;
815 fn RtlCompareUnicodeStrings(
816 String1: PCWCH,
817 String1Length: SIZE_T,
818 String2: PCWCH,
819 String2Length: SIZE_T,
820 CaseInSensitive: BOOLEAN,
821 ) -> LONG;
822 fn RtlEqualUnicodeString(
823 String1: PCUNICODE_STRING,
824 String2: PCUNICODE_STRING,
825 CaseInSensitive: BOOLEAN,
826 ) -> BOOLEAN;
827 }}
828 pub const HASH_STRING_ALGORITHM_DEFAULT: ULONG = 0;
829 pub const HASH_STRING_ALGORITHM_X65599: ULONG = 1;
830 pub const HASH_STRING_ALGORITHM_INVALID: ULONG = 0xffffffff;
831 EXTERN!{extern "system" {
832 fn RtlHashUnicodeString(
833 String: PCUNICODE_STRING,
834 CaseInSensitive: BOOLEAN,
835 HashAlgorithm: ULONG,
836 HashValue: PULONG,
837 ) -> NTSTATUS;
838 fn RtlValidateUnicodeString(
839 Flags: ULONG,
840 String: PCUNICODE_STRING,
841 ) -> NTSTATUS;
842 fn RtlPrefixUnicodeString(
843 String1: PCUNICODE_STRING,
844 String2: PCUNICODE_STRING,
845 CaseInSensitive: BOOLEAN,
846 ) -> BOOLEAN;
847 fn RtlSuffixUnicodeString(
848 String1: PUNICODE_STRING,
849 String2: PUNICODE_STRING,
850 CaseInSensitive: BOOLEAN,
851 ) -> BOOLEAN;
852 fn RtlFindUnicodeSubstring(
853 FullString: PUNICODE_STRING,
854 SearchString: PUNICODE_STRING,
855 CaseInSensitive: BOOLEAN,
856 ) -> PWCHAR;
857 }}
858 pub const RTL_FIND_CHAR_IN_UNICODE_STRING_START_AT_END: ULONG = 0x00000001;
859 pub const RTL_FIND_CHAR_IN_UNICODE_STRING_COMPLEMENT_CHAR_SET: ULONG = 0x00000002;
860 pub const RTL_FIND_CHAR_IN_UNICODE_STRING_CASE_INSENSITIVE: ULONG = 0x00000004;
861 EXTERN!{extern "system" {
862 fn RtlFindCharInUnicodeString(
863 Flags: ULONG,
864 StringToSearch: PUNICODE_STRING,
865 CharSet: PUNICODE_STRING,
866 NonInclusivePrefixLength: PUSHORT,
867 ) -> NTSTATUS;
868 fn RtlAppendUnicodeStringToString(
869 Destination: PUNICODE_STRING,
870 Source: PCUNICODE_STRING,
871 ) -> NTSTATUS;
872 fn RtlAppendUnicodeToString(
873 Destination: PUNICODE_STRING,
874 Source: PCWSTR,
875 ) -> NTSTATUS;
876 fn RtlUpcaseUnicodeString(
877 DestinationString: PUNICODE_STRING,
878 SourceString: PCUNICODE_STRING,
879 AllocateDestinationString: BOOLEAN,
880 ) -> NTSTATUS;
881 fn RtlDowncaseUnicodeString(
882 DestinationString: PUNICODE_STRING,
883 SourceString: PCUNICODE_STRING,
884 AllocateDestinationString: BOOLEAN,
885 ) -> NTSTATUS;
886 fn RtlEraseUnicodeString(
887 String: PUNICODE_STRING,
888 );
889 fn RtlAnsiStringToUnicodeString(
890 DestinationString: PUNICODE_STRING,
891 SourceString: PCANSI_STRING,
892 AllocateDestinationString: BOOLEAN,
893 ) -> NTSTATUS;
894 fn RtlUnicodeStringToAnsiString(
895 DestinationString: PANSI_STRING,
896 SourceString: PCUNICODE_STRING,
897 AllocateDestinationString: BOOLEAN,
898 ) -> NTSTATUS;
899 fn RtlAnsiCharToUnicodeChar(
900 SourceCharacter: *mut PUCHAR,
901 ) -> WCHAR;
902 fn RtlUpcaseUnicodeStringToAnsiString(
903 DestinationString: PANSI_STRING,
904 SourceString: PUNICODE_STRING,
905 AllocateDestinationString: BOOLEAN,
906 ) -> NTSTATUS;
907 fn RtlOemStringToUnicodeString(
908 DestinationString: PUNICODE_STRING,
909 SourceString: PCOEM_STRING,
910 AllocateDestinationString: BOOLEAN,
911 ) -> NTSTATUS;
912 fn RtlUnicodeStringToOemString(
913 DestinationString: POEM_STRING,
914 SourceString: PCUNICODE_STRING,
915 AllocateDestinationString: BOOLEAN,
916 ) -> NTSTATUS;
917 fn RtlUpcaseUnicodeStringToOemString(
918 DestinationString: POEM_STRING,
919 SourceString: PUNICODE_STRING,
920 AllocateDestinationString: BOOLEAN,
921 ) -> NTSTATUS;
922 fn RtlUnicodeStringToCountedOemString(
923 DestinationString: POEM_STRING,
924 SourceString: PCUNICODE_STRING,
925 AllocateDestinationString: BOOLEAN,
926 ) -> NTSTATUS;
927 fn RtlUpcaseUnicodeStringToCountedOemString(
928 DestinationString: POEM_STRING,
929 SourceString: PCUNICODE_STRING,
930 AllocateDestinationString: BOOLEAN,
931 ) -> NTSTATUS;
932 fn RtlMultiByteToUnicodeN(
933 UnicodeString: PWCH,
934 MaxBytesInUnicodeString: ULONG,
935 BytesInUnicodeString: PULONG,
936 MultiByteString: *const CHAR,
937 BytesInMultiByteString: ULONG,
938 ) -> NTSTATUS;
939 fn RtlMultiByteToUnicodeSize(
940 BytesInUnicodeString: PULONG,
941 MultiByteString: *const CHAR,
942 BytesInMultiByteString: ULONG,
943 ) -> NTSTATUS;
944 fn RtlUnicodeToMultiByteN(
945 MultiByteString: PCHAR,
946 MaxBytesInMultiByteString: ULONG,
947 BytesInMultiByteString: PULONG,
948 UnicodeString: PCWCH,
949 BytesInUnicodeString: ULONG,
950 ) -> NTSTATUS;
951 fn RtlUnicodeToMultiByteSize(
952 BytesInMultiByteString: PULONG,
953 UnicodeString: PCWCH,
954 BytesInUnicodeString: ULONG,
955 ) -> NTSTATUS;
956 fn RtlUpcaseUnicodeToMultiByteN(
957 MultiByteString: PCHAR,
958 MaxBytesInMultiByteString: ULONG,
959 BytesInMultiByteString: PULONG,
960 UnicodeString: PCWCH,
961 BytesInUnicodeString: ULONG,
962 ) -> NTSTATUS;
963 fn RtlOemToUnicodeN(
964 UnicodeString: PWCH,
965 MaxBytesInUnicodeString: ULONG,
966 BytesInUnicodeString: PULONG,
967 OemString: PCCH,
968 BytesInOemString: ULONG,
969 ) -> NTSTATUS;
970 fn RtlUnicodeToOemN(
971 OemString: PCHAR,
972 MaxBytesInOemString: ULONG,
973 BytesInOemString: PULONG,
974 UnicodeString: PCWCH,
975 BytesInUnicodeString: ULONG,
976 ) -> NTSTATUS;
977 fn RtlUpcaseUnicodeToOemN(
978 OemString: PCHAR,
979 MaxBytesInOemString: ULONG,
980 BytesInOemString: PULONG,
981 UnicodeString: PCWCH,
982 BytesInUnicodeString: ULONG,
983 ) -> NTSTATUS;
984 fn RtlConsoleMultiByteToUnicodeN(
985 UnicodeString: PWCH,
986 MaxBytesInUnicodeString: ULONG,
987 BytesInUnicodeString: PULONG,
988 MultiByteString: PCH,
989 BytesInMultiByteString: ULONG,
990 pdwSpecialChar: PULONG,
991 ) -> NTSTATUS;
992 fn RtlUTF8ToUnicodeN(
993 UnicodeStringDestination: PWSTR,
994 UnicodeStringMaxByteCount: ULONG,
995 UnicodeStringActualByteCount: PULONG,
996 UTF8StringSource: PCCH,
997 UTF8StringByteCount: ULONG,
998 ) -> NTSTATUS;
999 fn RtlUnicodeToUTF8N(
1000 UTF8StringDestination: PCHAR,
1001 UTF8StringMaxByteCount: ULONG,
1002 UTF8StringActualByteCount: PULONG,
1003 UnicodeStringSource: PCWCH,
1004 UnicodeStringByteCount: ULONG,
1005 ) -> NTSTATUS;
1006 fn RtlCustomCPToUnicodeN(
1007 CustomCP: PCPTABLEINFO,
1008 UnicodeString: PWCH,
1009 MaxBytesInUnicodeString: ULONG,
1010 BytesInUnicodeString: PULONG,
1011 CustomCPString: PCH,
1012 BytesInCustomCPString: ULONG,
1013 ) -> NTSTATUS;
1014 fn RtlUnicodeToCustomCPN(
1015 CustomCP: PCPTABLEINFO,
1016 CustomCPString: PCH,
1017 MaxBytesInCustomCPString: ULONG,
1018 BytesInCustomCPString: PULONG,
1019 UnicodeString: PWCH,
1020 BytesInUnicodeString: ULONG,
1021 ) -> NTSTATUS;
1022 fn RtlUpcaseUnicodeToCustomCPN(
1023 CustomCP: PCPTABLEINFO,
1024 CustomCPString: PCH,
1025 MaxBytesInCustomCPString: ULONG,
1026 BytesInCustomCPString: PULONG,
1027 UnicodeString: PWCH,
1028 BytesInUnicodeString: ULONG,
1029 ) -> NTSTATUS;
1030 fn RtlInitCodePageTable(
1031 TableBase: PUSHORT,
1032 CodePageTable: PCPTABLEINFO,
1033 );
1034 fn RtlInitNlsTables(
1035 AnsiNlsBase: PUSHORT,
1036 OemNlsBase: PUSHORT,
1037 LanguageNlsBase: PUSHORT,
1038 TableInfo: PNLSTABLEINFO,
1039 );
1040 fn RtlResetRtlTranslations(
1041 TableInfo: PNLSTABLEINFO,
1042 );
1043 fn RtlIsTextUnicode(
1044 Buffer: PVOID,
1045 Size: ULONG,
1046 Result: PULONG,
1047 ) -> BOOLEAN;
1048 }}
1049 ENUM!{enum RTL_NORM_FORM {
1050 NormOther = 0x0,
1051 NormC = 0x1,
1052 NormD = 0x2,
1053 NormKC = 0x5,
1054 NormKD = 0x6,
1055 NormIdna = 0xd,
1056 DisallowUnassigned = 0x100,
1057 NormCDisallowUnassigned = 0x101,
1058 NormDDisallowUnassigned = 0x102,
1059 NormKCDisallowUnassigned = 0x105,
1060 NormKDDisallowUnassigned = 0x106,
1061 NormIdnaDisallowUnassigned = 0x10d,
1062 }}
1063 EXTERN!{extern "system" {
1064 fn RtlNormalizeString(
1065 NormForm: ULONG,
1066 SourceString: PCWSTR,
1067 SourceStringLength: LONG,
1068 DestinationString: PWSTR,
1069 DestinationStringLength: PLONG,
1070 ) -> NTSTATUS;
1071 fn RtlIsNormalizedString(
1072 NormForm: ULONG,
1073 SourceString: PCWSTR,
1074 SourceStringLength: LONG,
1075 Normalized: PBOOLEAN,
1076 ) -> NTSTATUS;
1077 fn RtlIsNameInExpression(
1078 Expression: PUNICODE_STRING,
1079 Name: PUNICODE_STRING,
1080 IgnoreCase: BOOLEAN,
1081 UpcaseTable: PWCH,
1082 ) -> BOOLEAN;
1083 fn RtlIsNameInUnUpcasedExpression(
1084 Expression: PUNICODE_STRING,
1085 Name: PUNICODE_STRING,
1086 IgnoreCase: BOOLEAN,
1087 UpcaseTable: PWCH,
1088 ) -> BOOLEAN;
1089 fn RtlEqualDomainName(
1090 String1: PUNICODE_STRING,
1091 String2: PUNICODE_STRING,
1092 ) -> BOOLEAN;
1093 fn RtlEqualComputerName(
1094 String1: PUNICODE_STRING,
1095 String2: PUNICODE_STRING,
1096 ) -> BOOLEAN;
1097 fn RtlDnsHostNameToComputerName(
1098 ComputerNameString: PUNICODE_STRING,
1099 DnsHostNameString: PUNICODE_STRING,
1100 AllocateComputerNameString: BOOLEAN,
1101 ) -> NTSTATUS;
1102 fn RtlStringFromGUID(
1103 Guid: *const GUID,
1104 GuidString: PUNICODE_STRING,
1105 ) -> NTSTATUS;
1106 fn RtlStringFromGUIDEx(
1107 Guid: *mut GUID,
1108 GuidString: PUNICODE_STRING,
1109 AllocateGuidString: BOOLEAN,
1110 ) -> NTSTATUS;
1111 fn RtlGUIDFromString(
1112 GuidString: PCUNICODE_STRING,
1113 Guid: *mut GUID,
1114 ) -> NTSTATUS;
1115 fn RtlCompareAltitudes(
1116 Altitude1: PCUNICODE_STRING,
1117 Altitude2: PCUNICODE_STRING,
1118 ) -> LONG;
1119 fn RtlIdnToAscii(
1120 Flags: ULONG,
1121 SourceString: PCWSTR,
1122 SourceStringLength: LONG,
1123 DestinationString: PWSTR,
1124 DestinationStringLength: PLONG,
1125 ) -> NTSTATUS;
1126 fn RtlIdnToUnicode(
1127 Flags: ULONG,
1128 SourceString: PCWSTR,
1129 SourceStringLength: LONG,
1130 DestinationString: PWSTR,
1131 DestinationStringLength: PLONG,
1132 ) -> NTSTATUS;
1133 fn RtlIdnToNameprepUnicode(
1134 Flags: ULONG,
1135 SourceString: PCWSTR,
1136 SourceStringLength: LONG,
1137 DestinationString: PWSTR,
1138 DestinationStringLength: PLONG,
1139 ) -> NTSTATUS;
1140 }}
1141 STRUCT!{struct PREFIX_TABLE_ENTRY {
1142 NodeTypeCode: CSHORT,
1143 NameLength: CSHORT,
1144 NextPrefixTree: *mut PREFIX_TABLE_ENTRY,
1145 Links: RTL_SPLAY_LINKS,
1146 Prefix: PSTRING,
1147 }}
1148 pub type PPREFIX_TABLE_ENTRY = *mut PREFIX_TABLE_ENTRY;
1149 STRUCT!{struct PREFIX_TABLE {
1150 NodeTypeCode: CSHORT,
1151 NameLength: CSHORT,
1152 NextPrefixTree: PPREFIX_TABLE_ENTRY,
1153 }}
1154 pub type PPREFIX_TABLE = *mut PREFIX_TABLE;
1155 EXTERN!{extern "system" {
1156 fn PfxInitialize(
1157 PrefixTable: PPREFIX_TABLE,
1158 );
1159 fn PfxInsertPrefix(
1160 PrefixTable: PPREFIX_TABLE,
1161 Prefix: PSTRING,
1162 PrefixTableEntry: PPREFIX_TABLE_ENTRY,
1163 ) -> BOOLEAN;
1164 fn PfxRemovePrefix(
1165 PrefixTable: PPREFIX_TABLE,
1166 PrefixTableEntry: PPREFIX_TABLE_ENTRY,
1167 );
1168 fn PfxFindPrefix(
1169 PrefixTable: PPREFIX_TABLE,
1170 FullName: PSTRING,
1171 ) -> PPREFIX_TABLE_ENTRY;
1172 }}
1173 STRUCT!{struct UNICODE_PREFIX_TABLE_ENTRY {
1174 NodeTypeCode: CSHORT,
1175 NameLength: CSHORT,
1176 NextPrefixTree: *mut UNICODE_PREFIX_TABLE_ENTRY,
1177 CaseMatch: *mut UNICODE_PREFIX_TABLE_ENTRY,
1178 Links: RTL_SPLAY_LINKS,
1179 Prefix: PUNICODE_STRING,
1180 }}
1181 pub type PUNICODE_PREFIX_TABLE_ENTRY = *mut UNICODE_PREFIX_TABLE_ENTRY;
1182 STRUCT!{struct UNICODE_PREFIX_TABLE {
1183 NodeTypeCode: CSHORT,
1184 NameLength: CSHORT,
1185 NextPrefixTree: PUNICODE_PREFIX_TABLE_ENTRY,
1186 LastNextEntry: PUNICODE_PREFIX_TABLE_ENTRY,
1187 }}
1188 pub type PUNICODE_PREFIX_TABLE = *mut UNICODE_PREFIX_TABLE;
1189 EXTERN!{extern "system" {
1190 fn RtlInitializeUnicodePrefix(
1191 PrefixTable: PUNICODE_PREFIX_TABLE,
1192 );
1193 fn RtlInsertUnicodePrefix(
1194 PrefixTable: PUNICODE_PREFIX_TABLE,
1195 Prefix: PUNICODE_STRING,
1196 PrefixTableEntry: PUNICODE_PREFIX_TABLE_ENTRY,
1197 ) -> BOOLEAN;
1198 fn RtlRemoveUnicodePrefix(
1199 PrefixTable: PUNICODE_PREFIX_TABLE,
1200 PrefixTableEntry: PUNICODE_PREFIX_TABLE_ENTRY,
1201 );
1202 fn RtlFindUnicodePrefix(
1203 PrefixTable: PUNICODE_PREFIX_TABLE,
1204 FullName: PCUNICODE_STRING,
1205 CaseInsensitiveIndex: ULONG,
1206 ) -> PUNICODE_PREFIX_TABLE_ENTRY;
1207 fn RtlNextUnicodePrefix(
1208 PrefixTable: PUNICODE_PREFIX_TABLE,
1209 Restart: BOOLEAN,
1210 ) -> PUNICODE_PREFIX_TABLE_ENTRY;
1211 }}
1212 STRUCT!{struct COMPRESSED_DATA_INFO {
1213 CompressionFormatAndEngine: USHORT,
1214 CompressionUnitShift: UCHAR,
1215 ChunkShift: UCHAR,
1216 ClusterShift: UCHAR,
1217 Reserved: UCHAR,
1218 NumberOfChunks: USHORT,
1219 CompressedChunkSizes: [ULONG; 1],
1220 }}
1221 pub type PCOMPRESSED_DATA_INFO = *mut COMPRESSED_DATA_INFO;
1222 EXTERN!{extern "system" {
1223 fn RtlGetCompressionWorkSpaceSize(
1224 CompressionFormatAndEngine: USHORT,
1225 CompressBufferWorkSpaceSize: PULONG,
1226 CompressFragmentWorkSpaceSize: PULONG,
1227 ) -> NTSTATUS;
1228 fn RtlCompressBuffer(
1229 CompressionFormatAndEngine: USHORT,
1230 UncompressedBuffer: PUCHAR,
1231 UncompressedBufferSize: ULONG,
1232 CompressedBuffer: PUCHAR,
1233 CompressedBufferSize: ULONG,
1234 UncompressedChunkSize: ULONG,
1235 FinalCompressedSize: PULONG,
1236 WorkSpace: PVOID,
1237 ) -> NTSTATUS;
1238 fn RtlDecompressBuffer(
1239 CompressionFormat: USHORT,
1240 UncompressedBuffer: PUCHAR,
1241 UncompressedBufferSize: ULONG,
1242 CompressedBuffer: PUCHAR,
1243 CompressedBufferSize: ULONG,
1244 FinalUncompressedSize: PULONG,
1245 ) -> NTSTATUS;
1246 fn RtlDecompressBufferEx(
1247 CompressionFormat: USHORT,
1248 UncompressedBuffer: PUCHAR,
1249 UncompressedBufferSize: ULONG,
1250 CompressedBuffer: PUCHAR,
1251 CompressedBufferSize: ULONG,
1252 FinalUncompressedSize: PULONG,
1253 WorkSpace: PVOID,
1254 ) -> NTSTATUS;
1255 fn RtlDecompressFragment(
1256 CompressionFormat: USHORT,
1257 UncompressedFragment: PUCHAR,
1258 UncompressedFragmentSize: ULONG,
1259 CompressedBuffer: PUCHAR,
1260 CompressedBufferSize: ULONG,
1261 FragmentOffset: ULONG,
1262 FinalUncompressedSize: PULONG,
1263 WorkSpace: PVOID,
1264 ) -> NTSTATUS;
1265 fn RtlDescribeChunk(
1266 CompressionFormat: USHORT,
1267 CompressedBuffer: *mut PUCHAR,
1268 EndOfCompressedBufferPlus1: PUCHAR,
1269 ChunkBuffer: *mut PUCHAR,
1270 ChunkSize: PULONG,
1271 ) -> NTSTATUS;
1272 fn RtlReserveChunk(
1273 CompressionFormat: USHORT,
1274 CompressedBuffer: *mut PUCHAR,
1275 EndOfCompressedBufferPlus1: PUCHAR,
1276 ChunkBuffer: *mut PUCHAR,
1277 ChunkSize: ULONG,
1278 ) -> NTSTATUS;
1279 fn RtlDecompressChunks(
1280 UncompressedBuffer: PUCHAR,
1281 UncompressedBufferSize: ULONG,
1282 CompressedBuffer: PUCHAR,
1283 CompressedBufferSize: ULONG,
1284 CompressedTail: PUCHAR,
1285 CompressedTailSize: ULONG,
1286 CompressedDataInfo: PCOMPRESSED_DATA_INFO,
1287 ) -> NTSTATUS;
1288 fn RtlCompressChunks(
1289 UncompressedBuffer: PUCHAR,
1290 UncompressedBufferSize: ULONG,
1291 CompressedBuffer: PUCHAR,
1292 CompressedBufferSize: ULONG,
1293 CompressedDataInfo: PCOMPRESSED_DATA_INFO,
1294 CompressedDataInfoLength: ULONG,
1295 WorkSpace: PVOID,
1296 ) -> NTSTATUS;
1297 fn RtlConvertLCIDToString(
1298 LcidValue: LCID,
1299 Base: ULONG,
1300 Padding: ULONG,
1301 pResultBuf: PWSTR,
1302 Size: ULONG,
1303 ) -> NTSTATUS;
1304 fn RtlIsValidLocaleName(
1305 LocaleName: PWSTR,
1306 Flags: ULONG,
1307 ) -> BOOLEAN;
1308 fn RtlGetParentLocaleName(
1309 LocaleName: PWSTR,
1310 ParentLocaleName: PUNICODE_STRING,
1311 Flags: ULONG,
1312 AllocateDestinationString: BOOLEAN,
1313 ) -> NTSTATUS;
1314 fn RtlLcidToLocaleName(
1315 lcid: LCID,
1316 LocaleName: PUNICODE_STRING,
1317 Flags: ULONG,
1318 AllocateDestinationString: BOOLEAN,
1319 ) -> NTSTATUS;
1320 fn RtlLocaleNameToLcid(
1321 LocaleName: PWSTR,
1322 lcid: PLCID,
1323 Flags: ULONG,
1324 ) -> NTSTATUS;
1325 fn RtlLCIDToCultureName(
1326 Lcid: LCID,
1327 String: PUNICODE_STRING,
1328 ) -> BOOLEAN;
1329 fn RtlCultureNameToLCID(
1330 String: PUNICODE_STRING,
1331 Lcid: PLCID,
1332 ) -> BOOLEAN;
1333 fn RtlCleanUpTEBLangLists();
1334 fn RtlGetLocaleFileMappingAddress(
1335 BaseAddress: *mut PVOID,
1336 DefaultLocaleId: PLCID,
1337 DefaultCasingTableSize: PLARGE_INTEGER,
1338 ) -> NTSTATUS;
1339 fn RtlGetCurrentPeb() -> PPEB;
1340 fn RtlAcquirePebLock();
1341 fn RtlReleasePebLock();
1342 fn RtlTryAcquirePebLock() -> LOGICAL;
1343 fn RtlAllocateFromPeb(
1344 Size: ULONG,
1345 Block: *mut PVOID,
1346 ) -> NTSTATUS;
1347 fn RtlFreeToPeb(
1348 Block: PVOID,
1349 Size: ULONG,
1350 ) -> NTSTATUS;
1351 }}
1352 pub const DOS_MAX_COMPONENT_LENGTH: u32 = 255;
1353 pub const DOS_MAX_PATH_LENGTH: u32 = DOS_MAX_COMPONENT_LENGTH + 5;
1354 STRUCT!{struct CURDIR {
1355 DosPath: UNICODE_STRING,
1356 Handle: HANDLE,
1357 }}
1358 pub type PCURDIR = *mut CURDIR;
1359 pub const RTL_USER_PROC_CURDIR_CLOSE: u32 = 0x00000002;
1360 pub const RTL_USER_PROC_CURDIR_INHERIT: u32 = 0x00000003;
1361 STRUCT!{struct RTL_DRIVE_LETTER_CURDIR {
1362 Flags: USHORT,
1363 Length: USHORT,
1364 TimeStamp: ULONG,
1365 DosPath: STRING,
1366 }}
1367 pub type PRTL_DRIVE_LETTER_CURDIR = *mut RTL_DRIVE_LETTER_CURDIR;
1368 pub const RTL_MAX_DRIVE_LETTERS: usize = 32;
1369 pub const RTL_DRIVE_LETTER_VALID: USHORT = 0x0001;
1370 STRUCT!{struct RTL_USER_PROCESS_PARAMETERS {
1371 MaximumLength: ULONG,
1372 Length: ULONG,
1373 Flags: ULONG,
1374 DebugFlags: ULONG,
1375 ConsoleHandle: HANDLE,
1376 ConsoleFlags: ULONG,
1377 StandardInput: HANDLE,
1378 StandardOutput: HANDLE,
1379 StandardError: HANDLE,
1380 CurrentDirectory: CURDIR,
1381 DllPath: UNICODE_STRING,
1382 ImagePathName: UNICODE_STRING,
1383 CommandLine: UNICODE_STRING,
1384 Environment: PVOID,
1385 StartingX: ULONG,
1386 StartingY: ULONG,
1387 CountX: ULONG,
1388 CountY: ULONG,
1389 CountCharsX: ULONG,
1390 CountCharsY: ULONG,
1391 FillAttribute: ULONG,
1392 WindowFlags: ULONG,
1393 ShowWindowFlags: ULONG,
1394 WindowTitle: UNICODE_STRING,
1395 DesktopInfo: UNICODE_STRING,
1396 ShellInfo: UNICODE_STRING,
1397 RuntimeData: UNICODE_STRING,
1398 CurrentDirectories: [RTL_DRIVE_LETTER_CURDIR; RTL_MAX_DRIVE_LETTERS],
1399 EnvironmentSize: ULONG_PTR,
1400 EnvironmentVersion: ULONG_PTR,
1401 PackageDependencyData: PVOID,
1402 ProcessGroupId: ULONG,
1403 LoaderThreads: ULONG,
1404 }}
1405 pub type PRTL_USER_PROCESS_PARAMETERS = *mut RTL_USER_PROCESS_PARAMETERS;
1406 pub const RTL_USER_PROC_PARAMS_NORMALIZED: ULONG = 0x00000001;
1407 pub const RTL_USER_PROC_PROFILE_USER: ULONG = 0x00000002;
1408 pub const RTL_USER_PROC_PROFILE_KERNEL: ULONG = 0x00000004;
1409 pub const RTL_USER_PROC_PROFILE_SERVER: ULONG = 0x00000008;
1410 pub const RTL_USER_PROC_RESERVE_1MB: ULONG = 0x00000020;
1411 pub const RTL_USER_PROC_RESERVE_16MB: ULONG = 0x00000040;
1412 pub const RTL_USER_PROC_CASE_SENSITIVE: ULONG = 0x00000080;
1413 pub const RTL_USER_PROC_DISABLE_HEAP_DECOMMIT: ULONG = 0x00000100;
1414 pub const RTL_USER_PROC_DLL_REDIRECTION_LOCAL: ULONG = 0x00001000;
1415 pub const RTL_USER_PROC_APP_MANIFEST_PRESENT: ULONG = 0x00002000;
1416 pub const RTL_USER_PROC_IMAGE_KEY_MISSING: ULONG = 0x00004000;
1417 pub const RTL_USER_PROC_OPTIN_PROCESS: ULONG = 0x00020000;
1418 EXTERN!{extern "system" {
1419 fn RtlCreateProcessParameters(
1420 pProcessParameters: *mut PRTL_USER_PROCESS_PARAMETERS,
1421 ImagePathName: PUNICODE_STRING,
1422 DllPath: PUNICODE_STRING,
1423 CurrentDirectory: PUNICODE_STRING,
1424 CommandLine: PUNICODE_STRING,
1425 Environment: PVOID,
1426 WindowTitle: PUNICODE_STRING,
1427 DesktopInfo: PUNICODE_STRING,
1428 ShellInfo: PUNICODE_STRING,
1429 RuntimeData: PUNICODE_STRING,
1430 ) -> NTSTATUS;
1431 fn RtlCreateProcessParametersEx(
1432 pProcessParameters: *mut PRTL_USER_PROCESS_PARAMETERS,
1433 ImagePathName: PUNICODE_STRING,
1434 DllPath: PUNICODE_STRING,
1435 CurrentDirectory: PUNICODE_STRING,
1436 CommandLine: PUNICODE_STRING,
1437 Environment: PVOID,
1438 WindowTitle: PUNICODE_STRING,
1439 DesktopInfo: PUNICODE_STRING,
1440 ShellInfo: PUNICODE_STRING,
1441 RuntimeData: PUNICODE_STRING,
1442 Flags: ULONG,
1443 ) -> NTSTATUS;
1444 fn RtlDestroyProcessParameters(
1445 ProcessParameters: PRTL_USER_PROCESS_PARAMETERS,
1446 ) -> NTSTATUS;
1447 fn RtlNormalizeProcessParams(
1448 ProcessParameters: PRTL_USER_PROCESS_PARAMETERS,
1449 ) -> PRTL_USER_PROCESS_PARAMETERS;
1450 fn RtlDeNormalizeProcessParams(
1451 ProcessParameters: PRTL_USER_PROCESS_PARAMETERS,
1452 ) -> PRTL_USER_PROCESS_PARAMETERS;
1453 }}
1454 STRUCT!{struct RTL_USER_PROCESS_INFORMATION {
1455 Length: ULONG,
1456 Process: HANDLE,
1457 Thread: HANDLE,
1458 ClientId: CLIENT_ID,
1459 ImageInformation: SECTION_IMAGE_INFORMATION,
1460 }}
1461 pub type PRTL_USER_PROCESS_INFORMATION = *mut RTL_USER_PROCESS_INFORMATION;
1462 EXTERN!{extern "system" {
1463 fn RtlCreateUserProcess(
1464 NtImagePathName: PUNICODE_STRING,
1465 AttributesDeprecated: ULONG,
1466 ProcessParameters: PRTL_USER_PROCESS_PARAMETERS,
1467 ProcessSecurityDescriptor: PSECURITY_DESCRIPTOR,
1468 ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR,
1469 ParentProcess: HANDLE,
1470 InheritHandles: BOOLEAN,
1471 DebugPort: HANDLE,
1472 TokenHandle: HANDLE,
1473 ProcessInformation: PRTL_USER_PROCESS_INFORMATION,
1474 ) -> NTSTATUS;
1475 fn RtlCreateUserProcessEx(
1476 NtImagePathName: PUNICODE_STRING,
1477 ProcessParameters: PRTL_USER_PROCESS_PARAMETERS,
1478 InheritHandles: BOOLEAN,
1479 Flags: ULONG,
1480 ProcessInformation: PRTL_USER_PROCESS_INFORMATION,
1481 ) -> NTSTATUS;
1482 fn RtlExitUserProcess(
1483 ExitStatus: NTSTATUS,
1484 );
1485 }}
1486 pub const RTL_CLONE_PROCESS_FLAGS_CREATE_SUSPENDED: ULONG = 0x00000001;
1487 pub const RTL_CLONE_PROCESS_FLAGS_INHERIT_HANDLES: ULONG = 0x00000002;
1488 pub const RTL_CLONE_PROCESS_FLAGS_NO_SYNCHRONIZE: ULONG = 0x00000004;
1489 EXTERN!{extern "system" {
1490 fn RtlCloneUserProcess(
1491 ProcessFlags: ULONG,
1492 ProcessSecurityDescriptor: PSECURITY_DESCRIPTOR,
1493 ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR,
1494 DebugPort: HANDLE,
1495 ProcessInformation: PRTL_USER_PROCESS_INFORMATION,
1496 ) -> NTSTATUS;
1497 fn RtlUpdateClonedCriticalSection(
1498 CriticalSection: PRTL_CRITICAL_SECTION,
1499 );
1500 fn RtlUpdateClonedSRWLock(
1501 SRWLock: PRTL_SRWLOCK,
1502 Shared: LOGICAL,
1503 );
1504 }}
1505 STRUCT!{struct RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION {
1506 ReflectionProcessHandle: HANDLE,
1507 ReflectionThreadHandle: HANDLE,
1508 ReflectionClientId: CLIENT_ID,
1509 }}
1510 pub type PRTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION =
1511 *mut RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION;
1512 EXTERN!{extern "system" {
1513 fn RtlCreateProcessReflection(
1514 ProcessHandle: HANDLE,
1515 Flags: ULONG,
1516 StartRoutine: PVOID,
1517 StartContext: PVOID,
1518 EventHandle: HANDLE,
1519 ReflectionInformation: PRTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION,
1520 ) -> NTSTATUS;
1521 }}
1522 EXTERN!{extern "C" {
1523 fn RtlSetProcessIsCritical(
1524 NewValue: BOOLEAN,
1525 OldValue: PBOOLEAN,
1526 CheckFlag: BOOLEAN,
1527 ) -> NTSTATUS;
1528 fn RtlSetThreadIsCritical(
1529 NewValue: BOOLEAN,
1530 OldValue: PBOOLEAN,
1531 CheckFlag: BOOLEAN,
1532 ) -> NTSTATUS;
1533 }}
1534 EXTERN!{extern "system" {
1535 fn RtlValidProcessProtection(
1536 ProcessProtection: PS_PROTECTION,
1537 ) -> BOOLEAN;
1538 fn RtlTestProtectedAccess(
1539 Source: PS_PROTECTION,
1540 Target: PS_PROTECTION,
1541 ) -> BOOLEAN;
1542 fn RtlIsCurrentProcess(
1543 ProcessHandle: HANDLE,
1544 ) -> BOOLEAN;
1545 fn RtlIsCurrentThread(
1546 ThreadHandle: HANDLE,
1547 ) -> BOOLEAN;
1548 }}
1549 FN!{stdcall PUSER_THREAD_START_ROUTINE(
1550 ThreadParameter: PVOID,
1551 ) -> NTSTATUS}
1552 EXTERN!{extern "system" {
1553 fn RtlCreateUserThread(
1554 Process: HANDLE,
1555 ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR,
1556 CreateSuspended: BOOLEAN,
1557 ZeroBits: ULONG,
1558 MaximumStackSize: SIZE_T,
1559 CommittedStackSize: SIZE_T,
1560 StartAddress: PUSER_THREAD_START_ROUTINE,
1561 Parameter: PVOID,
1562 Thread: PHANDLE,
1563 ClientId: PCLIENT_ID,
1564 ) -> NTSTATUS;
1565 fn RtlExitUserThread(
1566 ExitStatus: NTSTATUS,
1567 );
1568 fn RtlIsCurrentThreadAttachExempt() -> BOOLEAN;
1569 fn RtlCreateUserStack(
1570 CommittedStackSize: SIZE_T,
1571 MaximumStackSize: SIZE_T,
1572 ZeroBits: ULONG_PTR,
1573 PageSize: SIZE_T,
1574 ReserveAlignment: ULONG_PTR,
1575 InitialTeb: PINITIAL_TEB,
1576 ) -> NTSTATUS;
1577 fn RtlFreeUserStack(
1578 AllocationBase: PVOID,
1579 ) -> NTSTATUS;
1580 }}
1581 STRUCT!{struct CONTEXT_CHUNK {
1582 Offset: LONG,
1583 Length: ULONG,
1584 }}
1585 pub type PCONTEXT_CHUNK = *mut CONTEXT_CHUNK;
1586 STRUCT!{struct CONTEXT_EX {
1587 All: CONTEXT_CHUNK,
1588 Legacy: CONTEXT_CHUNK,
1589 XState: CONTEXT_CHUNK,
1590 }}
1591 pub type PCONTEXT_EX = *mut CONTEXT_EX;
1592 pub const CONTEXT_EX_LENGTH: usize = 4096;
1593 #[macro_export]
1594 macro_rules! RTL_CONTEXT_EX_OFFSET {
1595 ($ContextEx:expr, $Chunk:ident) => {
1596 (*$ContextEx).$Chunk.Offset
1597 };
1598 }
1599 #[macro_export]
1600 macro_rules! RTL_CONTEXT_EX_LENGTH {
1601 ($ContextEx:expr, $Chunk:ident) => {
1602 (*$ContextEx).$Chunk.Length
1603 };
1604 }
1605 #[macro_export]
1606 macro_rules! RTL_CONTEXT_EX_CHUNK {
1607 ($Base:expr, $Layout:expr, $Chunk:ident) => {
1608 ($Base as usize + RTL_CONTEXT_EX_OFFSET!($Layout, $Chunk) as usize) as *mut c_void
1609 };
1610 }
1611 #[macro_export]
1612 macro_rules! RTL_CONTEXT_OFFSET {
1613 ($Context:expr, $Chunk:ident) => {
1614 RTL_CONTEXT_EX_OFFSET!(($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1)
1615 as *const $crate::ntrtl::CONTEXT_EX, $Chunk)
1616 };
1617 }
1618 #[macro_export]
1619 macro_rules! RTL_CONTEXT_LENGTH {
1620 ($Context:expr, $Chunk:ident) => {
1621 RTL_CONTEXT_EX_LENGTH!(($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1)
1622 as *const $crate::ntrtl::CONTEXT_EX, $Chunk)
1623 };
1624 }
1625 #[macro_export]
1626 macro_rules! RTL_CONTEXT_CHUNK {
1627 ($Context:expr, $Chunk:ident) => {
1628 RTL_CONTEXT_EX_CHUNK!(
1629 ($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1)
1630 as *const $crate::ntrtl::CONTEXT_EX,
1631 ($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1)
1632 as *const $crate::ntrtl::CONTEXT_EX,
1633 $Chunk
1634 )
1635 };
1636 }
1637 EXTERN!{extern "system" {
1638 fn RtlInitializeContext(
1639 Process: HANDLE,
1640 Context: PCONTEXT,
1641 Parameter: PVOID,
1642 InitialPc: PVOID,
1643 InitialSp: PVOID,
1644 );
1645 fn RtlInitializeExtendedContext(
1646 Context: PCONTEXT,
1647 ContextFlags: ULONG,
1648 ContextEx: *mut PCONTEXT_EX,
1649 ) -> ULONG;
1650 fn RtlCopyExtendedContext(
1651 Destination: PCONTEXT_EX,
1652 ContextFlags: ULONG,
1653 Source: PCONTEXT_EX,
1654 ) -> ULONG;
1655 fn RtlGetExtendedContextLength(
1656 ContextFlags: ULONG,
1657 ContextLength: PULONG,
1658 ) -> ULONG;
1659 fn RtlGetExtendedFeaturesMask(
1660 ContextEx: PCONTEXT_EX,
1661 ) -> ULONG64;
1662 fn RtlLocateExtendedFeature(
1663 ContextEx: PCONTEXT_EX,
1664 FeatureId: ULONG,
1665 Length: PULONG,
1666 ) -> PVOID;
1667 fn RtlLocateLegacyContext(
1668 ContextEx: PCONTEXT_EX,
1669 Length: PULONG,
1670 ) -> PCONTEXT;
1671 fn RtlSetExtendedFeaturesMask(
1672 ContextEx: PCONTEXT_EX,
1673 FeatureMask: ULONG64,
1674 );
1675 }}
1676 #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
1677 EXTERN!{extern "system" {
1678 fn RtlWow64GetThreadContext(
1679 ThreadHandle: HANDLE,
1680 ThreadContext: PWOW64_CONTEXT,
1681 ) -> NTSTATUS;
1682 fn RtlWow64SetThreadContext(
1683 ThreadHandle: HANDLE,
1684 ThreadContext: PWOW64_CONTEXT,
1685 ) -> NTSTATUS;
1686 }}
1687 EXTERN!{extern "system" {
1688 fn RtlRemoteCall(
1689 Process: HANDLE,
1690 Thread: HANDLE,
1691 CallSite: PVOID,
1692 ArgumentCount: ULONG,
1693 Arguments: PULONG_PTR,
1694 PassContext: BOOLEAN,
1695 AlreadySuspended: BOOLEAN,
1696 ) -> NTSTATUS;
1697 fn RtlAddVectoredExceptionHandler(
1698 First: ULONG,
1699 Handler: PVECTORED_EXCEPTION_HANDLER,
1700 ) -> PVOID;
1701 fn RtlRemoveVectoredExceptionHandler(
1702 Handle: PVOID,
1703 ) -> ULONG;
1704 fn RtlAddVectoredContinueHandler(
1705 First: ULONG,
1706 Handler: PVECTORED_EXCEPTION_HANDLER,
1707 ) -> PVOID;
1708 fn RtlRemoveVectoredContinueHandler(
1709 Handle: PVOID,
1710 ) -> ULONG;
1711 }}
1712 FN!{stdcall PRTLP_UNHANDLED_EXCEPTION_FILTER(
1713 ExceptionInfo: PEXCEPTION_POINTERS,
1714 ) -> ULONG}
1715 EXTERN!{extern "system" {
1716 fn RtlSetUnhandledExceptionFilter(
1717 UnhandledExceptionFilter: PRTLP_UNHANDLED_EXCEPTION_FILTER,
1718 );
1719 fn RtlUnhandledExceptionFilter(
1720 ExceptionPointers: PEXCEPTION_POINTERS,
1721 ) -> LONG;
1722 fn RtlUnhandledExceptionFilter2(
1723 ExceptionPointers: PEXCEPTION_POINTERS,
1724 Flags: ULONG,
1725 ) -> LONG;
1726 fn RtlKnownExceptionFilter(
1727 ExceptionPointers: PEXCEPTION_POINTERS,
1728 ) -> LONG;
1729 }}
1730 #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
1731 IFDEF!{
1732 ENUM!{enum FUNCTION_TABLE_TYPE {
1733 RF_SORTED = 0,
1734 RF_UNSORTED = 1,
1735 RF_CALLBACK = 2,
1736 RF_KERNEL_DYNAMIC = 3,
1737 }}
1738 STRUCT!{struct DYNAMIC_FUNCTION_TABLE {
1739 ListEntry: LIST_ENTRY,
1740 FunctionTable: PRUNTIME_FUNCTION,
1741 TimeStamp: LARGE_INTEGER,
1742 MinimumAddress: ULONG64,
1743 MaximumAddress: ULONG64,
1744 BaseAddress: ULONG64,
1745 Callback: PGET_RUNTIME_FUNCTION_CALLBACK,
1746 Context: PVOID,
1747 OutOfProcessCallbackDll: PWSTR,
1748 Type: FUNCTION_TABLE_TYPE,
1749 EntryCount: ULONG,
1750 TreeNode: RTL_BALANCED_NODE,
1751 }}
1752 pub type PDYNAMIC_FUNCTION_TABLE = *mut DYNAMIC_FUNCTION_TABLE;
1753 EXTERN!{extern "system" {
1754 fn RtlGetFunctionTableListHead() -> PLIST_ENTRY;
1755 }}
1756 }
1757 EXTERN!{extern "system" {
1758 fn RtlImageNtHeader(
1759 BaseOfImage: PVOID,
1760 ) -> PIMAGE_NT_HEADERS;
1761 }}
1762 pub const RTL_IMAGE_NT_HEADER_EX_FLAG_NO_RANGE_CHECK: ULONG = 0x00000001;
1763 EXTERN!{extern "system" {
1764 fn RtlImageNtHeaderEx(
1765 Flags: ULONG,
1766 BaseOfImage: PVOID,
1767 Size: ULONG64,
1768 OutHeaders: *mut PIMAGE_NT_HEADERS,
1769 ) -> NTSTATUS;
1770 fn RtlAddressInSectionTable(
1771 NtHeaders: PIMAGE_NT_HEADERS,
1772 BaseOfImage: PVOID,
1773 VirtualAddress: ULONG,
1774 ) -> PVOID;
1775 fn RtlSectionTableFromVirtualAddress(
1776 NtHeaders: PIMAGE_NT_HEADERS,
1777 BaseOfImage: PVOID,
1778 VirtualAddress: ULONG,
1779 ) -> PIMAGE_SECTION_HEADER;
1780 fn RtlImageDirectoryEntryToData(
1781 BaseOfImage: PVOID,
1782 MappedAsImage: BOOLEAN,
1783 DirectoryEntry: USHORT,
1784 Size: PULONG,
1785 ) -> PVOID;
1786 fn RtlImageRvaToSection(
1787 NtHeaders: PIMAGE_NT_HEADERS,
1788 BaseOfImage: PVOID,
1789 Rva: ULONG,
1790 ) -> PIMAGE_SECTION_HEADER;
1791 fn RtlImageRvaToVa(
1792 NtHeaders: PIMAGE_NT_HEADERS,
1793 BaseOfImage: PVOID,
1794 Rva: ULONG,
1795 LastRvaSection: *mut PIMAGE_SECTION_HEADER,
1796 ) -> PVOID;
1797 fn RtlFindExportedRoutineByName(
1798 BaseOfImage: PVOID,
1799 RoutineName: PSTR,
1800 ) -> PVOID;
1801 fn RtlGuardCheckLongJumpTarget(
1802 PcValue: PVOID,
1803 IsFastFail: BOOL,
1804 IsLongJumpTarget: PBOOL,
1805 ) -> NTSTATUS;
1806 fn RtlCompareMemoryUlong(
1807 Source: PVOID,
1808 Length: SIZE_T,
1809 Pattern: ULONG,
1810 ) -> SIZE_T;
1811 fn RtlFillMemoryUlong(
1812 Destination: PVOID,
1813 Length: SIZE_T,
1814 Pattern: ULONG,
1815 );
1816 fn RtlFillMemoryUlonglong(
1817 Destination: PVOID,
1818 Length: SIZE_T,
1819 Pattern: ULONGLONG,
1820 );
1821 fn RtlCreateEnvironment(
1822 CloneCurrentEnvironment: BOOLEAN,
1823 Environment: *mut PVOID,
1824 ) -> NTSTATUS;
1825 }}
1826 pub const RTL_CREATE_ENVIRONMENT_TRANSLATE: ULONG = 0x1;
1827 pub const RTL_CREATE_ENVIRONMENT_TRANSLATE_FROM_OEM: ULONG = 0x2;
1828 pub const RTL_CREATE_ENVIRONMENT_EMPTY: ULONG = 0x4;
1829 EXTERN!{extern "system" {
1830 fn RtlCreateEnvironmentEx(
1831 SourceEnv: PVOID,
1832 Environment: *mut PVOID,
1833 Flags: ULONG,
1834 ) -> NTSTATUS;
1835 fn RtlDestroyEnvironment(
1836 Environment: PVOID,
1837 ) -> NTSTATUS;
1838 fn RtlSetCurrentEnvironment(
1839 Environment: PVOID,
1840 PreviousEnvironment: *mut PVOID,
1841 ) -> NTSTATUS;
1842 fn RtlSetEnvironmentVar(
1843 Environment: *mut PWSTR,
1844 Name: PWSTR,
1845 NameLength: SIZE_T,
1846 Value: PWSTR,
1847 ValueLength: SIZE_T,
1848 ) -> NTSTATUS;
1849 fn RtlSetEnvironmentVariable(
1850 Environment: *mut PVOID,
1851 Name: PUNICODE_STRING,
1852 Value: PUNICODE_STRING,
1853 ) -> NTSTATUS;
1854 fn RtlQueryEnvironmentVariable(
1855 Environment: PVOID,
1856 Name: PWSTR,
1857 NameLength: SIZE_T,
1858 Value: PWSTR,
1859 ValueLength: SIZE_T,
1860 ReturnLength: PSIZE_T,
1861 ) -> NTSTATUS;
1862 fn RtlQueryEnvironmentVariable_U(
1863 Environment: PVOID,
1864 Name: PUNICODE_STRING,
1865 Value: PUNICODE_STRING,
1866 ) -> NTSTATUS;
1867 fn RtlExpandEnvironmentStrings(
1868 Environment: PVOID,
1869 Src: PWSTR,
1870 SrcLength: SIZE_T,
1871 Dst: PWSTR,
1872 DstLength: SIZE_T,
1873 ReturnLength: PSIZE_T,
1874 ) -> NTSTATUS;
1875 fn RtlExpandEnvironmentStrings_U(
1876 Environment: PVOID,
1877 Source: PUNICODE_STRING,
1878 Destination: PUNICODE_STRING,
1879 ReturnedLength: PULONG,
1880 ) -> NTSTATUS;
1881 fn RtlSetEnvironmentStrings(
1882 NewEnvironment: PWCHAR,
1883 NewEnvironmentSize: SIZE_T,
1884 ) -> NTSTATUS;
1885 }}
1886 STRUCT!{struct RTLP_CURDIR_REF {
1887 ReferenceCount: LONG,
1888 DirectoryHandle: HANDLE,
1889 }}
1890 pub type PRTLP_CURDIR_REF = *mut RTLP_CURDIR_REF;
1891 STRUCT!{struct RTL_RELATIVE_NAME_U {
1892 RelativeName: UNICODE_STRING,
1893 ContainingDirectory: HANDLE,
1894 CurDirRef: PRTLP_CURDIR_REF,
1895 }}
1896 pub type PRTL_RELATIVE_NAME_U = *mut RTL_RELATIVE_NAME_U;
1897 ENUM!{enum RTL_PATH_TYPE {
1898 RtlPathTypeUnknown = 0,
1899 RtlPathTypeUncAbsolute = 1,
1900 RtlPathTypeDriveAbsolute = 2,
1901 RtlPathTypeDriveRelative = 3,
1902 RtlPathTypeRooted = 4,
1903 RtlPathTypeRelative = 5,
1904 RtlPathTypeLocalDevice = 6,
1905 RtlPathTypeRootLocalDevice = 7,
1906 }}
1907 EXTERN!{extern "C" {
1908 static mut RtlDosPathSeperatorsString: UNICODE_STRING;
1909 static mut RtlAlternateDosPathSeperatorString: UNICODE_STRING;
1910 static mut RtlNtPathSeperatorString: UNICODE_STRING;
1911 }}
1912 /// "ntdll.dll"
1913 pub const RtlNtdllName: UTF16Const = UTF16Const(&[
1914 0x006E, 0x0074, 0x0064, 0x006C, 0x006C, 0x002E, 0x0064, 0x006C, 0x006C, 0u16,
1915 ]);
1916 EXTERN!{extern "system" {
1917 fn RtlDetermineDosPathNameType_U(
1918 DosFileName: PWSTR,
1919 ) -> RTL_PATH_TYPE;
1920 fn RtlDetermineDosPathNameType_Ustr(
1921 DosFileName: PCUNICODE_STRING,
1922 ) -> RTL_PATH_TYPE;
1923 fn RtlIsDosDeviceName_U(
1924 DosFileName: PWSTR,
1925 ) -> ULONG;
1926 fn RtlIsDosDeviceName_Ustr(
1927 DosFileName: PUNICODE_STRING,
1928 ) -> ULONG;
1929 fn RtlGetFullPathName_U(
1930 FileName: PWSTR,
1931 BufferLength: ULONG,
1932 Buffer: PWSTR,
1933 FilePart: *mut PWSTR,
1934 ) -> ULONG;
1935 fn RtlGetFullPathName_UEx(
1936 FileName: PWSTR,
1937 BufferLength: ULONG,
1938 Buffer: PWSTR,
1939 FilePart: *mut PWSTR,
1940 BytesRequired: *mut ULONG,
1941 ) -> NTSTATUS;
1942 fn RtlGetFullPathName_UstrEx(
1943 FileName: PUNICODE_STRING,
1944 StaticString: PUNICODE_STRING,
1945 DynamicString: PUNICODE_STRING,
1946 StringUsed: *mut PUNICODE_STRING,
1947 FilePartPrefixCch: *mut SIZE_T,
1948 NameInvalid: PBOOLEAN,
1949 InputPathType: *mut RTL_PATH_TYPE,
1950 BytesRequired: *mut SIZE_T,
1951 ) -> NTSTATUS;
1952 fn RtlGetCurrentDirectory_U(
1953 BufferLength: ULONG,
1954 Buffer: PWSTR,
1955 ) -> ULONG;
1956 fn RtlSetCurrentDirectory_U(
1957 PathName: PUNICODE_STRING,
1958 ) -> NTSTATUS;
1959 fn RtlGetLongestNtPathLength() -> ULONG;
1960 fn RtlDosPathNameToNtPathName_U(
1961 DosFileName: PWSTR,
1962 NtFileName: PUNICODE_STRING,
1963 FilePart: *mut PWSTR,
1964 RelativeName: PRTL_RELATIVE_NAME_U,
1965 ) -> BOOLEAN;
1966 fn RtlDosPathNameToNtPathName_U_WithStatus(
1967 DosFileName: PWSTR,
1968 NtFileName: PUNICODE_STRING,
1969 FilePart: *mut PWSTR,
1970 RelativeName: PRTL_RELATIVE_NAME_U,
1971 ) -> NTSTATUS;
1972 fn RtlDosLongPathNameToNtPathName_U_WithStatus(
1973 DosFileName: PWSTR,
1974 NtFileName: PUNICODE_STRING,
1975 FilePart: *mut PWSTR,
1976 RelativeName: PRTL_RELATIVE_NAME_U,
1977 ) -> NTSTATUS;
1978 fn RtlDosPathNameToRelativeNtPathName_U(
1979 DosFileName: PWSTR,
1980 NtFileName: PUNICODE_STRING,
1981 FilePart: *mut PWSTR,
1982 RelativeName: PRTL_RELATIVE_NAME_U,
1983 ) -> BOOLEAN;
1984 fn RtlDosPathNameToRelativeNtPathName_U_WithStatus(
1985 DosFileName: PWSTR,
1986 NtFileName: PUNICODE_STRING,
1987 FilePart: *mut PWSTR,
1988 RelativeName: PRTL_RELATIVE_NAME_U,
1989 ) -> NTSTATUS;
1990 fn RtlDosLongPathNameToRelativeNtPathName_U_WithStatus(
1991 DosFileName: PWSTR,
1992 NtFileName: PUNICODE_STRING,
1993 FilePart: *mut PWSTR,
1994 RelativeName: PRTL_RELATIVE_NAME_U,
1995 ) -> NTSTATUS;
1996 fn RtlReleaseRelativeName(
1997 RelativeName: PRTL_RELATIVE_NAME_U,
1998 );
1999 fn RtlDosSearchPath_U(
2000 Path: PWSTR,
2001 FileName: PWSTR,
2002 Extension: PWSTR,
2003 BufferLength: ULONG,
2004 Buffer: PWSTR,
2005 FilePart: *mut PWSTR,
2006 ) -> ULONG;
2007 }}
2008 pub const RTL_DOS_SEARCH_PATH_FLAG_APPLY_ISOLATION_REDIRECTION: ULONG = 0x00000001;
2009 pub const RTL_DOS_SEARCH_PATH_FLAG_DISALLOW_DOT_RELATIVE_PATH_SEARCH: ULONG = 0x00000002;
2010 pub const RTL_DOS_SEARCH_PATH_FLAG_APPLY_DEFAULT_EXTENSION_WHEN_NOT_RELATIVE_PATH_EVEN_IF_FILE_HAS_EXTENSION: ULONG = 0x00000004;
2011 EXTERN!{extern "system" {
2012 fn RtlDosSearchPath_Ustr(
2013 Flags: ULONG,
2014 Path: PUNICODE_STRING,
2015 FileName: PUNICODE_STRING,
2016 DefaultExtension: PUNICODE_STRING,
2017 StaticString: PUNICODE_STRING,
2018 DynamicString: PUNICODE_STRING,
2019 FullFileNameOut: *mut PCUNICODE_STRING,
2020 FilePartPrefixCch: *mut SIZE_T,
2021 BytesRequired: *mut SIZE_T,
2022 ) -> NTSTATUS;
2023 fn RtlDoesFileExists_U(
2024 FileName: PWSTR,
2025 ) -> BOOLEAN;
2026 fn RtlGetLengthWithoutLastFullDosOrNtPathElement(
2027 Flags: ULONG,
2028 PathString: PUNICODE_STRING,
2029 Length: PULONG,
2030 ) -> NTSTATUS;
2031 fn RtlGetLengthWithoutTrailingPathSeperators(
2032 Flags: ULONG,
2033 PathString: PUNICODE_STRING,
2034 Length: PULONG,
2035 ) -> NTSTATUS;
2036 }}
2037 STRUCT!{struct GENERATE_NAME_CONTEXT {
2038 Checksum: USHORT,
2039 CheckSumInserted: BOOLEAN,
2040 NameLength: UCHAR,
2041 NameBuffer: [WCHAR; 8],
2042 ExtensionLength: ULONG,
2043 ExtensionBuffer: [WCHAR; 4],
2044 LastIndexValue: ULONG,
2045 }}
2046 pub type PGENERATE_NAME_CONTEXT = *mut GENERATE_NAME_CONTEXT;
2047 EXTERN!{extern "system" {
2048 fn RtlGenerate8dot3Name(
2049 Name: PCUNICODE_STRING,
2050 AllowExtendedCharacters: BOOLEAN,
2051 Context: PGENERATE_NAME_CONTEXT,
2052 Name8dot3: PUNICODE_STRING,
2053 ) -> NTSTATUS;
2054 fn RtlComputePrivatizedDllName_U(
2055 DllName: PUNICODE_STRING,
2056 RealName: PUNICODE_STRING,
2057 LocalName: PUNICODE_STRING,
2058 ) -> NTSTATUS;
2059 fn RtlGetSearchPath(
2060 SearchPathA: *mut PWSTR,
2061 ) -> BOOLEAN;
2062 fn RtlSetSearchPathMode(
2063 Flags: ULONG,
2064 ) -> NTSTATUS;
2065 fn RtlGetExePath() -> PWSTR;
2066 fn RtlGetNtSystemRoot() -> PWSTR;
2067 fn RtlAreLongPathsEnabled() -> BOOLEAN;
2068 fn RtlIsThreadWithinLoaderCallout() -> BOOLEAN;
2069 fn RtlDllShutdownInProgress() -> BOOLEAN;
2070 }}
2071 STRUCT!{struct RTL_HEAP_ENTRY_u_s1 {
2072 Settable: SIZE_T,
2073 Tag: ULONG,
2074 }}
2075 STRUCT!{struct RTL_HEAP_ENTRY_u_s2 {
2076 CommittedSize: SIZE_T,
2077 FirstBlock: PVOID,
2078 }}
2079 UNION!{union RTL_HEAP_ENTRY_u {
2080 s1: RTL_HEAP_ENTRY_u_s1,
2081 s2: RTL_HEAP_ENTRY_u_s2,
2082 }}
2083 STRUCT!{struct RTL_HEAP_ENTRY {
2084 Size: SIZE_T,
2085 Flags: USHORT,
2086 AllocatorBackTraceIndex: USHORT,
2087 u: RTL_HEAP_ENTRY_u,
2088 }}
2089 pub type PRTL_HEAP_ENTRY = *mut RTL_HEAP_ENTRY;
2090 pub const RTL_HEAP_BUSY: USHORT = 0x0001;
2091 pub const RTL_HEAP_SEGMENT: USHORT = 0x0002;
2092 pub const RTL_HEAP_SETTABLE_VALUE: USHORT = 0x0010;
2093 pub const RTL_HEAP_SETTABLE_FLAG1: USHORT = 0x0020;
2094 pub const RTL_HEAP_SETTABLE_FLAG2: USHORT = 0x0040;
2095 pub const RTL_HEAP_SETTABLE_FLAG3: USHORT = 0x0080;
2096 pub const RTL_HEAP_SETTABLE_FLAGS: USHORT = 0x00e0;
2097 pub const RTL_HEAP_UNCOMMITTED_RANGE: USHORT = 0x0100;
2098 pub const RTL_HEAP_PROTECTED_ENTRY: USHORT = 0x0200;
2099 STRUCT!{struct RTL_HEAP_TAG {
2100 NumberOfAllocations: ULONG,
2101 NumberOfFrees: ULONG,
2102 BytesAllocated: SIZE_T,
2103 TagIndex: USHORT,
2104 CreatorBackTraceIndex: USHORT,
2105 TagName: [WCHAR; 24],
2106 }}
2107 pub type PRTL_HEAP_TAG = *mut RTL_HEAP_TAG;
2108 STRUCT!{struct RTL_HEAP_INFORMATION {
2109 BaseAddress: PVOID,
2110 Flags: ULONG,
2111 EntryOverhead: USHORT,
2112 CreatorBackTraceIndex: USHORT,
2113 BytesAllocated: SIZE_T,
2114 BytesCommitted: SIZE_T,
2115 NumberOfTags: ULONG,
2116 NumberOfEntries: ULONG,
2117 NumberOfPseudoTags: ULONG,
2118 PseudoTagGranularity: ULONG,
2119 Reserved: [ULONG; 5],
2120 Tags: PRTL_HEAP_TAG,
2121 Entries: PRTL_HEAP_ENTRY,
2122 }}
2123 pub type PRTL_HEAP_INFORMATION = *mut RTL_HEAP_INFORMATION;
2124 STRUCT!{struct RTL_PROCESS_HEAPS {
2125 NumberOfHeaps: ULONG,
2126 Heaps: [RTL_HEAP_INFORMATION; 1],
2127 }}
2128 pub type PRTL_PROCESS_HEAPS = *mut RTL_PROCESS_HEAPS;
2129 FN!{stdcall PRTL_HEAP_COMMIT_ROUTINE(
2130 Base: PVOID,
2131 CommitAddress: *mut PVOID,
2132 CommitSize: PSIZE_T,
2133 ) -> NTSTATUS}
2134 STRUCT!{struct RTL_HEAP_PARAMETERS {
2135 Length: ULONG,
2136 SegmentReserve: SIZE_T,
2137 SegmentCommit: SIZE_T,
2138 DeCommitFreeBlockThreshold: SIZE_T,
2139 DeCommitTotalFreeThreshold: SIZE_T,
2140 MaximumAllocationSize: SIZE_T,
2141 VirtualMemoryThreshold: SIZE_T,
2142 InitialCommit: SIZE_T,
2143 InitialReserve: SIZE_T,
2144 CommitRoutine: PRTL_HEAP_COMMIT_ROUTINE,
2145 Reserved: [SIZE_T; 2],
2146 }}
2147 pub type PRTL_HEAP_PARAMETERS = *mut RTL_HEAP_PARAMETERS;
2148 pub const HEAP_SETTABLE_USER_VALUE: ULONG = 0x00000100;
2149 pub const HEAP_SETTABLE_USER_FLAG1: ULONG = 0x00000200;
2150 pub const HEAP_SETTABLE_USER_FLAG2: ULONG = 0x00000400;
2151 pub const HEAP_SETTABLE_USER_FLAG3: ULONG = 0x00000800;
2152 pub const HEAP_SETTABLE_USER_FLAGS: ULONG = 0x00000e00;
2153 pub const HEAP_CLASS_0: ULONG = 0x00000000;
2154 pub const HEAP_CLASS_1: ULONG = 0x00001000;
2155 pub const HEAP_CLASS_2: ULONG = 0x00002000;
2156 pub const HEAP_CLASS_3: ULONG = 0x00003000;
2157 pub const HEAP_CLASS_4: ULONG = 0x00004000;
2158 pub const HEAP_CLASS_5: ULONG = 0x00005000;
2159 pub const HEAP_CLASS_6: ULONG = 0x00006000;
2160 pub const HEAP_CLASS_7: ULONG = 0x00007000;
2161 pub const HEAP_CLASS_8: ULONG = 0x00008000;
2162 pub const HEAP_CLASS_MASK: ULONG = 0x0000f000;
2163 EXTERN!{extern "system" {
2164 fn RtlCreateHeap(
2165 Flags: ULONG,
2166 HeapBase: PVOID,
2167 ReserveSize: SIZE_T,
2168 CommitSize: SIZE_T,
2169 Lock: PVOID,
2170 Parameters: PRTL_HEAP_PARAMETERS,
2171 ) -> PVOID;
2172 fn RtlDestroyHeap(
2173 HeapHandle: PVOID,
2174 ) -> PVOID;
2175 fn RtlAllocateHeap(
2176 HeapHandle: PVOID,
2177 Flags: ULONG,
2178 Size: SIZE_T,
2179 ) -> PVOID;
2180 fn RtlFreeHeap(
2181 HeapHandle: PVOID,
2182 Flags: ULONG,
2183 BaseAddress: PVOID,
2184 ) -> BOOLEAN;
2185 fn RtlSizeHeap(
2186 HeapHandle: PVOID,
2187 Flags: ULONG,
2188 BaseAddress: PVOID,
2189 ) -> SIZE_T;
2190 fn RtlZeroHeap(
2191 HeapHandle: PVOID,
2192 Flags: ULONG,
2193 ) -> NTSTATUS;
2194 fn RtlProtectHeap(
2195 HeapHandle: PVOID,
2196 MakeReadOnly: BOOLEAN,
2197 );
2198 }}
2199 #[inline] #[cfg(all(feature = "nightly", not(target_arch = "aarch64")))]
RtlProcessHeap() -> PVOID2200 pub unsafe fn RtlProcessHeap() -> PVOID {
2201 use crate::ntpsapi::NtCurrentPeb;
2202 (*NtCurrentPeb()).ProcessHeap
2203 }
2204 EXTERN!{extern "system" {
2205 fn RtlLockHeap(
2206 HeapHandle: PVOID,
2207 ) -> BOOLEAN;
2208 fn RtlUnlockHeap(
2209 HeapHandle: PVOID,
2210 ) -> BOOLEAN;
2211 fn RtlReAllocateHeap(
2212 HeapHandle: PVOID,
2213 Flags: ULONG,
2214 BaseAddress: PVOID,
2215 Size: SIZE_T,
2216 ) -> PVOID;
2217 fn RtlGetUserInfoHeap(
2218 HeapHandle: PVOID,
2219 Flags: ULONG,
2220 BaseAddress: PVOID,
2221 UserValue: *mut PVOID,
2222 UserFlags: PULONG,
2223 ) -> BOOLEAN;
2224 fn RtlSetUserValueHeap(
2225 HeapHandle: PVOID,
2226 Flags: ULONG,
2227 BaseAddress: PVOID,
2228 UserValue: PVOID,
2229 ) -> BOOLEAN;
2230 fn RtlSetUserFlagsHeap(
2231 HeapHandle: PVOID,
2232 Flags: ULONG,
2233 BaseAddress: PVOID,
2234 UserFlagsReset: ULONG,
2235 UserFlagsSet: ULONG,
2236 ) -> BOOLEAN;
2237 }}
2238 STRUCT!{struct RTL_HEAP_TAG_INFO {
2239 NumberOfAllocations: ULONG,
2240 NumberOfFrees: ULONG,
2241 BytesAllocated: SIZE_T,
2242 }}
2243 pub type PRTL_HEAP_TAG_INFO = *mut RTL_HEAP_TAG_INFO;
2244 EXTERN!{extern "system" {
2245 fn RtlCreateTagHeap(
2246 HeapHandle: PVOID,
2247 Flags: ULONG,
2248 TagPrefix: PWSTR,
2249 TagNames: PWSTR,
2250 ) -> ULONG;
2251 fn RtlQueryTagHeap(
2252 HeapHandle: PVOID,
2253 Flags: ULONG,
2254 TagIndex: USHORT,
2255 ResetCounters: BOOLEAN,
2256 TagInfo: PRTL_HEAP_TAG_INFO,
2257 ) -> PWSTR;
2258 fn RtlExtendHeap(
2259 HeapHandle: PVOID,
2260 Flags: ULONG,
2261 Base: PVOID,
2262 Size: SIZE_T,
2263 ) -> NTSTATUS;
2264 fn RtlCompactHeap(
2265 HeapHandle: PVOID,
2266 Flags: ULONG,
2267 ) -> SIZE_T;
2268 fn RtlValidateHeap(
2269 HeapHandle: PVOID,
2270 Flags: ULONG,
2271 BaseAddress: PVOID,
2272 ) -> BOOLEAN;
2273 fn RtlValidateProcessHeaps() -> BOOLEAN;
2274 fn RtlGetProcessHeaps(
2275 NumberOfHeaps: ULONG,
2276 ProcessHeaps: *mut PVOID,
2277 ) -> ULONG;
2278 }}
2279 FN!{stdcall PRTL_ENUM_HEAPS_ROUTINE(
2280 HeapHandle: PVOID,
2281 Parameter: PVOID,
2282 ) -> NTSTATUS}
2283 EXTERN!{extern "system" {
2284 fn RtlEnumProcessHeaps(
2285 EnumRoutine: PRTL_ENUM_HEAPS_ROUTINE,
2286 Parameter: PVOID,
2287 ) -> NTSTATUS;
2288 }}
2289 STRUCT!{struct RTL_HEAP_USAGE_ENTRY {
2290 Next: *mut RTL_HEAP_USAGE_ENTRY,
2291 Address: PVOID,
2292 Size: SIZE_T,
2293 AllocatorBackTraceIndex: USHORT,
2294 TagIndex: USHORT,
2295 }}
2296 pub type PRTL_HEAP_USAGE_ENTRY = *mut RTL_HEAP_USAGE_ENTRY;
2297 STRUCT!{struct RTL_HEAP_USAGE {
2298 Length: ULONG,
2299 BytesAllocated: SIZE_T,
2300 BytesCommitted: SIZE_T,
2301 BytesReserved: SIZE_T,
2302 BytesReservedMaximum: SIZE_T,
2303 Entries: PRTL_HEAP_USAGE_ENTRY,
2304 AddedEntries: PRTL_HEAP_USAGE_ENTRY,
2305 RemovedEntries: PRTL_HEAP_USAGE_ENTRY,
2306 Reserved: [ULONG_PTR; 8],
2307 }}
2308 pub type PRTL_HEAP_USAGE = *mut RTL_HEAP_USAGE;
2309 pub const HEAP_USAGE_ALLOCATED_BLOCKS: ULONG = HEAP_REALLOC_IN_PLACE_ONLY;
2310 pub const HEAP_USAGE_FREE_BUFFER: ULONG = HEAP_ZERO_MEMORY;
2311 EXTERN!{extern "system" {
2312 fn RtlUsageHeap(
2313 HeapHandle: PVOID,
2314 Flags: ULONG,
2315 Usage: PRTL_HEAP_USAGE,
2316 ) -> NTSTATUS;
2317 }}
2318 STRUCT!{struct RTL_HEAP_WALK_ENTRY_u_Block {
2319 Settable: SIZE_T,
2320 TagIndex: USHORT,
2321 AllocatorBackTraceIndex: USHORT,
2322 Reserved: [ULONG; 2],
2323 }}
2324 STRUCT!{struct RTL_HEAP_WALK_ENTRY_u_Segment {
2325 CommittedSize: ULONG,
2326 UnCommittedSize: ULONG,
2327 FirstEntry: PVOID,
2328 LastEntry: PVOID,
2329 }}
2330 UNION!{union RTL_HEAP_WALK_ENTRY_u {
2331 Block: RTL_HEAP_WALK_ENTRY_u_Block,
2332 Segment: RTL_HEAP_WALK_ENTRY_u_Segment,
2333 }}
2334 STRUCT!{struct RTL_HEAP_WALK_ENTRY {
2335 DataAddress: PVOID,
2336 DataSize: SIZE_T,
2337 OverheadBytes: UCHAR,
2338 SegmentIndex: UCHAR,
2339 Flags: USHORT,
2340 u: RTL_HEAP_WALK_ENTRY_u,
2341 }}
2342 pub type PRTL_HEAP_WALK_ENTRY = *mut RTL_HEAP_WALK_ENTRY;
2343 EXTERN!{extern "system" {
2344 fn RtlWalkHeap(
2345 HeapHandle: PVOID,
2346 Entry: PRTL_HEAP_WALK_ENTRY,
2347 ) -> NTSTATUS;
2348 }}
2349 pub const HeapDetailedFailureInformation: u32 = 0x80000001;
2350 pub const HeapSetDebuggingInformation: u32 = 0x80000002;
2351 ENUM!{enum HEAP_COMPATIBILITY_MODE {
2352 HEAP_COMPATIBILITY_STANDARD = 0,
2353 HEAP_COMPATIBILITY_LAL = 1,
2354 HEAP_COMPATIBILITY_LFH = 2,
2355 }}
2356 STRUCT!{struct PROCESS_HEAP_INFORMATION {
2357 ReserveSize: ULONG_PTR,
2358 CommitSize: ULONG_PTR,
2359 NumberOfHeaps: ULONG,
2360 FirstHeapInformationOffset: ULONG_PTR,
2361 }}
2362 pub type PPROCESS_HEAP_INFORMATION = *mut PROCESS_HEAP_INFORMATION;
2363 STRUCT!{struct HEAP_INFORMATION {
2364 Address: ULONG_PTR,
2365 Mode: ULONG,
2366 ReserveSize: ULONG_PTR,
2367 CommitSize: ULONG_PTR,
2368 FirstRegionInformationOffset: ULONG_PTR,
2369 NextHeapInformationOffset: ULONG_PTR,
2370 }}
2371 pub type PHEAP_INFORMATION = *mut HEAP_INFORMATION;
2372 UNION!{union HEAP_EXTENDED_INFORMATION_u {
2373 ProcessHeapInformation: PROCESS_HEAP_INFORMATION,
2374 HeapInformation: HEAP_INFORMATION,
2375 }}
2376 STRUCT!{struct HEAP_EXTENDED_INFORMATION {
2377 Process: HANDLE,
2378 Heap: ULONG_PTR,
2379 Level: ULONG,
2380 CallbackRoutine: PVOID,
2381 CallbackContext: PVOID,
2382 u: HEAP_EXTENDED_INFORMATION_u,
2383 }}
2384 pub type PHEAP_EXTENDED_INFORMATION = *mut HEAP_EXTENDED_INFORMATION;
2385 FN!{stdcall PRTL_HEAP_LEAK_ENUMERATION_ROUTINE(
2386 Reserved: LONG,
2387 HeapHandle: PVOID,
2388 BaseAddress: PVOID,
2389 BlockSize: SIZE_T,
2390 StackTraceDepth: ULONG,
2391 StackTrace: *mut PVOID,
2392 ) -> NTSTATUS}
2393 STRUCT!{struct HEAP_DEBUGGING_INFORMATION {
2394 InterceptorFunction: PVOID,
2395 InterceptorValue: USHORT,
2396 ExtendedOptions: ULONG,
2397 StackTraceDepth: ULONG,
2398 MinTotalBlockSize: SIZE_T,
2399 MaxTotalBlockSize: SIZE_T,
2400 HeapLeakEnumerationRoutine: PRTL_HEAP_LEAK_ENUMERATION_ROUTINE,
2401 }}
2402 pub type PHEAP_DEBUGGING_INFORMATION = *mut HEAP_DEBUGGING_INFORMATION;
2403 EXTERN!{extern "system" {
2404 fn RtlQueryHeapInformation(
2405 HeapHandle: PVOID,
2406 HeapInformationClass: HEAP_INFORMATION_CLASS,
2407 HeapInformation: PVOID,
2408 HeapInformationLength: SIZE_T,
2409 ReturnLength: PSIZE_T,
2410 ) -> NTSTATUS;
2411 fn RtlSetHeapInformation(
2412 HeapHandle: PVOID,
2413 HeapInformationClass: HEAP_INFORMATION_CLASS,
2414 HeapInformation: PVOID,
2415 HeapInformationLength: SIZE_T,
2416 ) -> NTSTATUS;
2417 fn RtlMultipleAllocateHeap(
2418 HeapHandle: PVOID,
2419 Flags: ULONG,
2420 Size: SIZE_T,
2421 Count: ULONG,
2422 Array: *mut PVOID,
2423 ) -> ULONG;
2424 fn RtlMultipleFreeHeap(
2425 HeapHandle: PVOID,
2426 Flags: ULONG,
2427 Count: ULONG,
2428 Array: *mut PVOID,
2429 ) -> ULONG;
2430 fn RtlDetectHeapLeaks();
2431 fn RtlFlushHeaps();
2432 }}
2433 STRUCT!{struct RTL_MEMORY_ZONE_SEGMENT {
2434 NextSegment: *mut RTL_MEMORY_ZONE_SEGMENT,
2435 Size: SIZE_T,
2436 Next: PVOID,
2437 Limit: PVOID,
2438 }}
2439 pub type PRTL_MEMORY_ZONE_SEGMENT = *mut RTL_MEMORY_ZONE_SEGMENT;
2440 STRUCT!{struct RTL_MEMORY_ZONE {
2441 Segment: RTL_MEMORY_ZONE_SEGMENT,
2442 Lock: RTL_SRWLOCK,
2443 LockCount: ULONG,
2444 FirstSegment: PRTL_MEMORY_ZONE_SEGMENT,
2445 }}
2446 pub type PRTL_MEMORY_ZONE = *mut RTL_MEMORY_ZONE;
2447 EXTERN!{extern "system" {
2448 fn RtlCreateMemoryZone(
2449 MemoryZone: *mut PVOID,
2450 InitialSize: SIZE_T,
2451 Flags: ULONG,
2452 ) -> NTSTATUS;
2453 fn RtlDestroyMemoryZone(
2454 MemoryZone: PVOID,
2455 ) -> NTSTATUS;
2456 fn RtlAllocateMemoryZone(
2457 MemoryZone: PVOID,
2458 BlockSize: SIZE_T,
2459 Block: *mut PVOID,
2460 ) -> NTSTATUS;
2461 fn RtlResetMemoryZone(
2462 MemoryZone: PVOID,
2463 ) -> NTSTATUS;
2464 fn RtlLockMemoryZone(
2465 MemoryZone: PVOID,
2466 ) -> NTSTATUS;
2467 fn RtlUnlockMemoryZone(
2468 MemoryZone: PVOID,
2469 ) -> NTSTATUS;
2470 fn RtlCreateMemoryBlockLookaside(
2471 MemoryBlockLookaside: *mut PVOID,
2472 Flags: ULONG,
2473 InitialSize: ULONG,
2474 MinimumBlockSize: ULONG,
2475 MaximumBlockSize: ULONG,
2476 ) -> NTSTATUS;
2477 fn RtlDestroyMemoryBlockLookaside(
2478 MemoryBlockLookaside: PVOID,
2479 ) -> NTSTATUS;
2480 fn RtlAllocateMemoryBlockLookaside(
2481 MemoryBlockLookaside: PVOID,
2482 BlockSize: ULONG,
2483 Block: *mut PVOID,
2484 ) -> NTSTATUS;
2485 fn RtlFreeMemoryBlockLookaside(
2486 MemoryBlockLookaside: PVOID,
2487 Block: PVOID,
2488 ) -> NTSTATUS;
2489 fn RtlExtendMemoryBlockLookaside(
2490 MemoryBlockLookaside: PVOID,
2491 Increment: ULONG,
2492 ) -> NTSTATUS;
2493 fn RtlResetMemoryBlockLookaside(
2494 MemoryBlockLookaside: PVOID,
2495 ) -> NTSTATUS;
2496 fn RtlLockMemoryBlockLookaside(
2497 MemoryBlockLookaside: PVOID,
2498 ) -> NTSTATUS;
2499 fn RtlUnlockMemoryBlockLookaside(
2500 MemoryBlockLookaside: PVOID,
2501 ) -> NTSTATUS;
2502 fn RtlGetCurrentTransaction() -> HANDLE;
2503 fn RtlSetCurrentTransaction(
2504 TransactionHandle: HANDLE,
2505 ) -> LOGICAL;
2506 }}
2507 #[inline]
RtlIsEqualLuid(L1: &LUID, L2: &LUID) -> bool2508 pub const fn RtlIsEqualLuid(L1: &LUID, L2: &LUID) -> bool {
2509 ((L1.LowPart == L2.LowPart) & (L1.HighPart == L2.HighPart)) as u8 != 0 //fixme
2510 }
2511 #[inline]
RtlIsZeroLuid(L1: &LUID) -> bool2512 pub const fn RtlIsZeroLuid(L1: &LUID) -> bool {
2513 (L1.LowPart | L1.HighPart as u32) == 0
2514 }
2515 #[inline]
RtlConvertLongToLuid(Long: LONG) -> LUID2516 pub const fn RtlConvertLongToLuid(Long: LONG) -> LUID {
2517 LUID { LowPart: Long as u32, HighPart: ((Long as i64) >> 32) as i32 }
2518 }
2519 #[inline]
RtlConvertUlongToLuid(Ulong: ULONG) -> LUID2520 pub const fn RtlConvertUlongToLuid(Ulong: ULONG) -> LUID {
2521 LUID { LowPart: Ulong, HighPart: 0 }
2522 }
2523 EXTERN!{extern "system" {
2524 fn RtlCopyLuid(
2525 DestinationLuid: PLUID,
2526 SourceLuid: PLUID,
2527 );
2528 fn RtlCopyLuidAndAttributesArray(
2529 Count: ULONG,
2530 Src: PLUID_AND_ATTRIBUTES,
2531 Dest: PLUID_AND_ATTRIBUTES,
2532 );
2533 }}
2534 STRUCT!{struct RTL_PROCESS_VERIFIER_OPTIONS {
2535 SizeStruct: ULONG,
2536 Option: ULONG,
2537 OptionData: [UCHAR; 1],
2538 }}
2539 pub type PRTL_PROCESS_VERIFIER_OPTIONS = *mut RTL_PROCESS_VERIFIER_OPTIONS;
2540 UNION!{union RTL_DEBUG_INFORMATION_u {
2541 Modules: *mut RTL_PROCESS_MODULES,
2542 ModulesEx: *mut RTL_PROCESS_MODULE_INFORMATION_EX,
2543 }}
2544 STRUCT!{struct RTL_DEBUG_INFORMATION {
2545 SectionHandleClient: HANDLE,
2546 ViewBaseClient: PVOID,
2547 ViewBaseTarget: PVOID,
2548 ViewBaseDelta: ULONG_PTR,
2549 EventPairClient: HANDLE,
2550 EventPairTarget: HANDLE,
2551 TargetProcessId: HANDLE,
2552 TargetThreadHandle: HANDLE,
2553 Flags: ULONG,
2554 OffsetFree: SIZE_T,
2555 CommitSize: SIZE_T,
2556 ViewSize: SIZE_T,
2557 u: RTL_DEBUG_INFORMATION_u,
2558 BackTraces: *mut RTL_PROCESS_BACKTRACES,
2559 Heaps: *mut RTL_PROCESS_HEAPS,
2560 Locks: *mut RTL_PROCESS_LOCKS,
2561 SpecificHeap: PVOID,
2562 TargetProcessHandle: HANDLE,
2563 VerifierOptions: PRTL_PROCESS_VERIFIER_OPTIONS,
2564 ProcessHeap: PVOID,
2565 CriticalSectionHandle: HANDLE,
2566 CriticalSectionOwnerThread: HANDLE,
2567 Reserved: [PVOID; 4],
2568 }}
2569 pub type PRTL_DEBUG_INFORMATION = *mut RTL_DEBUG_INFORMATION;
2570 EXTERN!{extern "system" {
2571 fn RtlCreateQueryDebugBuffer(
2572 MaximumCommit: ULONG,
2573 UseEventPair: BOOLEAN,
2574 ) -> PRTL_DEBUG_INFORMATION;
2575 fn RtlDestroyQueryDebugBuffer(
2576 Buffer: PRTL_DEBUG_INFORMATION,
2577 ) -> NTSTATUS;
2578 fn RtlCommitDebugInfo(
2579 Buffer: PRTL_DEBUG_INFORMATION,
2580 Size: SIZE_T,
2581 ) -> PVOID;
2582 fn RtlDeCommitDebugInfo(
2583 Buffer: PRTL_DEBUG_INFORMATION,
2584 p: PVOID,
2585 Size: SIZE_T,
2586 );
2587 }}
2588 pub const RTL_QUERY_PROCESS_MODULES: ULONG = 0x00000001;
2589 pub const RTL_QUERY_PROCESS_BACKTRACES: ULONG = 0x00000002;
2590 pub const RTL_QUERY_PROCESS_HEAP_SUMMARY: ULONG = 0x00000004;
2591 pub const RTL_QUERY_PROCESS_HEAP_TAGS: ULONG = 0x00000008;
2592 pub const RTL_QUERY_PROCESS_HEAP_ENTRIES: ULONG = 0x00000010;
2593 pub const RTL_QUERY_PROCESS_LOCKS: ULONG = 0x00000020;
2594 pub const RTL_QUERY_PROCESS_MODULES32: ULONG = 0x00000040;
2595 pub const RTL_QUERY_PROCESS_VERIFIER_OPTIONS: ULONG = 0x00000080;
2596 pub const RTL_QUERY_PROCESS_MODULESEX: ULONG = 0x00000100;
2597 pub const RTL_QUERY_PROCESS_HEAP_ENTRIES_EX: ULONG = 0x00000200;
2598 pub const RTL_QUERY_PROCESS_CS_OWNER: ULONG = 0x00000400;
2599 pub const RTL_QUERY_PROCESS_NONINVASIVE: ULONG = 0x80000000;
2600 EXTERN!{extern "system" {
2601 fn RtlQueryProcessDebugInformation(
2602 UniqueProcessId: HANDLE,
2603 Flags: ULONG,
2604 Buffer: PRTL_DEBUG_INFORMATION,
2605 ) -> NTSTATUS;
2606 fn RtlFindMessage(
2607 DllHandle: PVOID,
2608 MessageTableId: ULONG,
2609 MessageLanguageId: ULONG,
2610 MessageId: ULONG,
2611 MessageEntry: *mut PMESSAGE_RESOURCE_ENTRY,
2612 ) -> NTSTATUS;
2613 fn RtlFormatMessage(
2614 MessageFormat: PWSTR,
2615 MaximumWidth: ULONG,
2616 IgnoreInserts: BOOLEAN,
2617 ArgumentsAreAnsi: BOOLEAN,
2618 ArgumentsAreAnArray: BOOLEAN,
2619 Arguments: *mut va_list,
2620 Buffer: PWSTR,
2621 Length: ULONG,
2622 ReturnLength: PULONG,
2623 ) -> NTSTATUS;
2624 }}
2625 STRUCT!{struct PARSE_MESSAGE_CONTEXT {
2626 fFlags: ULONG,
2627 cwSavColumn: ULONG,
2628 iwSrc: SIZE_T,
2629 iwDst: SIZE_T,
2630 iwDstSpace: SIZE_T,
2631 lpvArgStart: va_list,
2632 }}
2633 pub type PPARSE_MESSAGE_CONTEXT = *mut PARSE_MESSAGE_CONTEXT;
2634 #[inline]
INIT_PARSE_MESSAGE_CONTEXT(ctx: &mut PARSE_MESSAGE_CONTEXT)2635 pub fn INIT_PARSE_MESSAGE_CONTEXT(ctx: &mut PARSE_MESSAGE_CONTEXT) {
2636 ctx.fFlags = 0;
2637 }
2638 #[inline]
TEST_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG2639 pub fn TEST_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG {
2640 ctx.fFlags & flag
2641 }
2642 #[inline]
SET_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG2643 pub fn SET_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG {
2644 ctx.fFlags |= flag;
2645 ctx.fFlags
2646 }
2647 #[inline]
CLEAR_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG2648 pub fn CLEAR_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG {
2649 ctx.fFlags &= !flag;
2650 ctx.fFlags
2651 }
2652 EXTERN!{extern "system" {
2653 fn RtlFormatMessageEx(
2654 MessageFormat: PWSTR,
2655 MaximumWidth: ULONG,
2656 IgnoreInserts: BOOLEAN,
2657 ArgumentsAreAnsi: BOOLEAN,
2658 ArgumentsAreAnArray: BOOLEAN,
2659 Arguments: *mut va_list,
2660 Buffer: PWSTR,
2661 Length: ULONG,
2662 ReturnLength: PULONG,
2663 ParseContext: PPARSE_MESSAGE_CONTEXT,
2664 ) -> NTSTATUS;
2665 fn RtlNtStatusToDosError(
2666 Status: NTSTATUS,
2667 ) -> ULONG;
2668 fn RtlNtStatusToDosErrorNoTeb(
2669 Status: NTSTATUS,
2670 ) -> ULONG;
2671 fn RtlGetLastNtStatus() -> NTSTATUS;
2672 fn RtlGetLastWin32Error() -> LONG;
2673 fn RtlSetLastWin32ErrorAndNtStatusFromNtStatus(
2674 Status: NTSTATUS,
2675 );
2676 fn RtlSetLastWin32Error(
2677 Win32Error: LONG,
2678 );
2679 fn RtlRestoreLastWin32Error(
2680 Win32Error: LONG,
2681 );
2682 }}
2683 pub const RTL_ERRORMODE_FAILCRITICALERRORS: ULONG = 0x0010;
2684 pub const RTL_ERRORMODE_NOGPFAULTERRORBOX: ULONG = 0x0020;
2685 pub const RTL_ERRORMODE_NOOPENFILEERRORBOX: ULONG = 0x0040;
2686 EXTERN!{extern "system" {
2687 fn RtlGetThreadErrorMode() -> ULONG;
2688 fn RtlSetThreadErrorMode(
2689 NewMode: ULONG,
2690 OldMode: PULONG,
2691 ) -> NTSTATUS;
2692 fn RtlReportException(
2693 ExceptionRecord: PEXCEPTION_RECORD,
2694 ContextRecord: PCONTEXT,
2695 Flags: ULONG,
2696 ) -> NTSTATUS;
2697 fn RtlReportExceptionEx(
2698 ExceptionRecord: PEXCEPTION_RECORD,
2699 ContextRecord: PCONTEXT,
2700 Flags: ULONG,
2701 Timeout: PLARGE_INTEGER,
2702 ) -> NTSTATUS;
2703 fn RtlWerpReportException(
2704 ProcessId: ULONG,
2705 CrashReportSharedMem: HANDLE,
2706 Flags: ULONG,
2707 CrashVerticalProcessHandle: PHANDLE,
2708 ) -> NTSTATUS;
2709 fn RtlReportSilentProcessExit(
2710 ProcessHandle: HANDLE,
2711 ExitStatus: NTSTATUS,
2712 ) -> NTSTATUS;
2713 fn RtlUniform(
2714 Seed: PULONG,
2715 ) -> ULONG;
2716 fn RtlRandom(
2717 Seed: PULONG,
2718 ) -> ULONG;
2719 fn RtlRandomEx(
2720 Seed: PULONG,
2721 ) -> ULONG;
2722 fn RtlComputeImportTableHash(
2723 FileHandle: HANDLE,
2724 Hash: PCHAR,
2725 ImportTableHashRevision: ULONG,
2726 ) -> NTSTATUS;
2727 fn RtlIntegerToChar(
2728 Value: ULONG,
2729 Base: ULONG,
2730 OutputLength: LONG,
2731 String: PSTR,
2732 ) -> NTSTATUS;
2733 fn RtlCharToInteger(
2734 String: PCSZ,
2735 Base: ULONG,
2736 Value: PULONG,
2737 ) -> NTSTATUS;
2738 fn RtlLargeIntegerToChar(
2739 Value: PLARGE_INTEGER,
2740 Base: ULONG,
2741 OutputLength: LONG,
2742 String: PSTR,
2743 ) -> NTSTATUS;
2744 fn RtlIntegerToUnicodeString(
2745 Value: ULONG,
2746 Base: ULONG,
2747 String: PUNICODE_STRING,
2748 ) -> NTSTATUS;
2749 fn RtlInt64ToUnicodeString(
2750 Value: ULONGLONG,
2751 Base: ULONG,
2752 String: PUNICODE_STRING,
2753 ) -> NTSTATUS;
2754 fn RtlUnicodeStringToInteger(
2755 String: PCUNICODE_STRING,
2756 Base: ULONG,
2757 Value: PULONG,
2758 ) -> NTSTATUS;
2759 fn RtlIpv4AddressToStringExW(
2760 Address: *const in_addr,
2761 Port: USHORT,
2762 AddressString: PWSTR,
2763 AddressStringLength: PULONG,
2764 ) -> NTSTATUS;
2765 fn RtlIpv6AddressToStringExW(
2766 Address: *const in6_addr,
2767 ScopeId: ULONG,
2768 Port: USHORT,
2769 AddressString: PWSTR,
2770 AddressStringLength: PULONG,
2771 ) -> NTSTATUS;
2772 fn RtlIpv4StringToAddressExW(
2773 AddressString: PCWSTR,
2774 Strict: BOOLEAN,
2775 Address: *mut in_addr,
2776 Port: PUSHORT,
2777 ) -> NTSTATUS;
2778 fn RtlIpv6StringToAddressExW(
2779 AddressString: PCWSTR,
2780 Address: *mut in6_addr,
2781 ScopeId: PULONG,
2782 Port: PUSHORT,
2783 ) -> NTSTATUS;
2784 }}
2785 STRUCT!{struct TIME_FIELDS {
2786 Year: CSHORT,
2787 Month: CSHORT,
2788 Day: CSHORT,
2789 Hour: CSHORT,
2790 Minute: CSHORT,
2791 Second: CSHORT,
2792 Milliseconds: CSHORT,
2793 Weekday: CSHORT,
2794 }}
2795 pub type PTIME_FIELDS = *mut TIME_FIELDS;
2796 EXTERN!{extern "system" {
2797 fn RtlCutoverTimeToSystemTime(
2798 CutoverTime: PTIME_FIELDS,
2799 SystemTime: PLARGE_INTEGER,
2800 CurrentSystemTime: PLARGE_INTEGER,
2801 ThisYear: BOOLEAN,
2802 ) -> BOOLEAN;
2803 fn RtlSystemTimeToLocalTime(
2804 SystemTime: PLARGE_INTEGER,
2805 LocalTime: PLARGE_INTEGER,
2806 ) -> NTSTATUS;
2807 fn RtlLocalTimeToSystemTime(
2808 LocalTime: PLARGE_INTEGER,
2809 SystemTime: PLARGE_INTEGER,
2810 ) -> NTSTATUS;
2811 fn RtlTimeToElapsedTimeFields(
2812 Time: PLARGE_INTEGER,
2813 TimeFields: PTIME_FIELDS,
2814 );
2815 fn RtlTimeToTimeFields(
2816 Time: PLARGE_INTEGER,
2817 TimeFields: PTIME_FIELDS,
2818 );
2819 fn RtlTimeFieldsToTime(
2820 TimeFields: PTIME_FIELDS,
2821 Time: PLARGE_INTEGER,
2822 ) -> BOOLEAN;
2823 fn RtlTimeToSecondsSince1980(
2824 Time: PLARGE_INTEGER,
2825 ElapsedSeconds: PULONG,
2826 ) -> BOOLEAN;
2827 fn RtlSecondsSince1980ToTime(
2828 ElapsedSeconds: ULONG,
2829 Time: PLARGE_INTEGER,
2830 );
2831 fn RtlTimeToSecondsSince1970(
2832 Time: PLARGE_INTEGER,
2833 ElapsedSeconds: PULONG,
2834 ) -> BOOLEAN;
2835 fn RtlSecondsSince1970ToTime(
2836 ElapsedSeconds: ULONG,
2837 Time: PLARGE_INTEGER,
2838 );
2839 }}
2840 STRUCT!{struct RTL_TIME_ZONE_INFORMATION {
2841 Bias: LONG,
2842 StandardName: [WCHAR; 32],
2843 StandardStart: TIME_FIELDS,
2844 StandardBias: LONG,
2845 DaylightName: [WCHAR; 32],
2846 DaylightStart: TIME_FIELDS,
2847 DaylightBias: LONG,
2848 }}
2849 pub type PRTL_TIME_ZONE_INFORMATION = *mut RTL_TIME_ZONE_INFORMATION;
2850 EXTERN!{extern "system" {
2851 fn RtlQueryTimeZoneInformation(
2852 TimeZoneInformation: PRTL_TIME_ZONE_INFORMATION,
2853 ) -> NTSTATUS;
2854 fn RtlSetTimeZoneInformation(
2855 TimeZoneInformation: PRTL_TIME_ZONE_INFORMATION,
2856 ) -> NTSTATUS;
2857 }}
2858 STRUCT!{struct RTL_BITMAP {
2859 SizeOfBitMap: ULONG,
2860 Buffer: PULONG,
2861 }}
2862 pub type PRTL_BITMAP = *mut RTL_BITMAP;
2863 EXTERN!{extern "system" {
2864 fn RtlInitializeBitMap(
2865 BitMapHeader: PRTL_BITMAP,
2866 BitMapBuffer: PULONG,
2867 SizeOfBitMap: ULONG,
2868 );
2869 fn RtlClearBit(
2870 BitMapHeader: PRTL_BITMAP,
2871 BitNumber: ULONG,
2872 );
2873 fn RtlSetBit(
2874 BitMapHeader: PRTL_BITMAP,
2875 BitNumber: ULONG,
2876 );
2877 fn RtlTestBit(
2878 BitMapHeader: PRTL_BITMAP,
2879 BitNumber: ULONG,
2880 ) -> BOOLEAN;
2881 fn RtlClearAllBits(
2882 BitMapHeader: PRTL_BITMAP,
2883 );
2884 fn RtlSetAllBits(
2885 BitMapHeader: PRTL_BITMAP,
2886 );
2887 fn RtlFindClearBits(
2888 BitMapHeader: PRTL_BITMAP,
2889 NumberToFind: ULONG,
2890 HintIndex: ULONG,
2891 ) -> ULONG;
2892 fn RtlFindSetBits(
2893 BitMapHeader: PRTL_BITMAP,
2894 NumberToFind: ULONG,
2895 HintIndex: ULONG,
2896 ) -> ULONG;
2897 fn RtlFindClearBitsAndSet(
2898 BitMapHeader: PRTL_BITMAP,
2899 NumberToFind: ULONG,
2900 HintIndex: ULONG,
2901 ) -> ULONG;
2902 fn RtlFindSetBitsAndClear(
2903 BitMapHeader: PRTL_BITMAP,
2904 NumberToFind: ULONG,
2905 HintIndex: ULONG,
2906 ) -> ULONG;
2907 fn RtlClearBits(
2908 BitMapHeader: PRTL_BITMAP,
2909 StartingIndex: ULONG,
2910 NumberToClear: ULONG,
2911 );
2912 fn RtlSetBits(
2913 BitMapHeader: PRTL_BITMAP,
2914 StartingIndex: ULONG,
2915 NumberToSet: ULONG,
2916 );
2917 fn RtlFindMostSignificantBit(
2918 Set: ULONGLONG,
2919 ) -> CCHAR;
2920 fn RtlFindLeastSignificantBit(
2921 Set: ULONGLONG,
2922 ) -> CCHAR;
2923 }}
2924 STRUCT!{struct RTL_BITMAP_RUN {
2925 StartingIndex: ULONG,
2926 NumberOfBits: ULONG,
2927 }}
2928 pub type PRTL_BITMAP_RUN = *mut RTL_BITMAP_RUN;
2929 EXTERN!{extern "system" {
2930 fn RtlFindClearRuns(
2931 BitMapHeader: PRTL_BITMAP,
2932 RunArray: PRTL_BITMAP_RUN,
2933 SizeOfRunArray: ULONG,
2934 LocateLongestRuns: BOOLEAN,
2935 ) -> ULONG;
2936 fn RtlFindLongestRunClear(
2937 BitMapHeader: PRTL_BITMAP,
2938 StartingIndex: PULONG,
2939 ) -> ULONG;
2940 fn RtlFindFirstRunClear(
2941 BitMapHeader: PRTL_BITMAP,
2942 StartingIndex: PULONG,
2943 ) -> ULONG;
2944 }}
2945 #[inline]
RtlCheckBit(BitMapHeader: &RTL_BITMAP, BitPosition: ULONG) -> u82946 pub unsafe fn RtlCheckBit(BitMapHeader: &RTL_BITMAP, BitPosition: ULONG) -> u8 {
2947 #[cfg(all(target_arch = "x86_64", feature = "nightly"))] {
2948 use crate::winapi_local::um::winnt::_bittest64;
2949 _bittest64(BitMapHeader.Buffer as *const i64, BitPosition as i64)
2950 }
2951 #[cfg(any(
2952 target_arch = "x86",
2953 all(target_arch = "x86_64", not(feature = "nightly")),
2954 target_arch = "aarch64",
2955 ))] {
2956 (*BitMapHeader.Buffer.offset(BitPosition as isize / 32) >> (BitPosition % 32) & 1) as u8
2957 }
2958 }
2959 EXTERN!{extern "system" {
2960 fn RtlNumberOfClearBits(
2961 BitMapHeader: PRTL_BITMAP,
2962 ) -> ULONG;
2963 fn RtlNumberOfSetBits(
2964 BitMapHeader: PRTL_BITMAP,
2965 ) -> ULONG;
2966 fn RtlAreBitsClear(
2967 BitMapHeader: PRTL_BITMAP,
2968 StartingIndex: ULONG,
2969 Length: ULONG,
2970 ) -> BOOLEAN;
2971 fn RtlAreBitsSet(
2972 BitMapHeader: PRTL_BITMAP,
2973 StartingIndex: ULONG,
2974 Length: ULONG,
2975 ) -> BOOLEAN;
2976 fn RtlFindNextForwardRunClear(
2977 BitMapHeader: PRTL_BITMAP,
2978 FromIndex: ULONG,
2979 StartingRunIndex: PULONG,
2980 ) -> ULONG;
2981 fn RtlFindLastBackwardRunClear(
2982 BitMapHeader: PRTL_BITMAP,
2983 FromIndex: ULONG,
2984 StartingRunIndex: PULONG,
2985 ) -> ULONG;
2986 fn RtlNumberOfSetBitsUlongPtr(
2987 Target: ULONG_PTR,
2988 ) -> ULONG;
2989 fn RtlInterlockedClearBitRun(
2990 BitMapHeader: PRTL_BITMAP,
2991 StartingIndex: ULONG,
2992 NumberToClear: ULONG,
2993 );
2994 fn RtlInterlockedSetBitRun(
2995 BitMapHeader: PRTL_BITMAP,
2996 StartingIndex: ULONG,
2997 NumberToSet: ULONG,
2998 );
2999 fn RtlCopyBitMap(
3000 Source: PRTL_BITMAP,
3001 Destination: PRTL_BITMAP,
3002 TargetBit: ULONG,
3003 );
3004 fn RtlExtractBitMap(
3005 Source: PRTL_BITMAP,
3006 Destination: PRTL_BITMAP,
3007 TargetBit: ULONG,
3008 NumberOfBits: ULONG,
3009 );
3010 fn RtlNumberOfClearBitsInRange(
3011 BitMapHeader: PRTL_BITMAP,
3012 StartingIndex: ULONG,
3013 Length: ULONG,
3014 ) -> ULONG;
3015 fn RtlNumberOfSetBitsInRange(
3016 BitMapHeader: PRTL_BITMAP,
3017 StartingIndex: ULONG,
3018 Length: ULONG,
3019 ) -> ULONG;
3020 }}
3021 STRUCT!{struct RTL_BITMAP_EX {
3022 SizeOfBitMap: ULONG64,
3023 Buffer: PULONG64,
3024 }}
3025 pub type PRTL_BITMAP_EX = *mut RTL_BITMAP_EX;
3026 EXTERN!{extern "system" {
3027 fn RtlInitializeBitMapEx(
3028 BitMapHeader: PRTL_BITMAP_EX,
3029 BitMapBuffer: PULONG64,
3030 SizeOfBitMap: ULONG64,
3031 );
3032 fn RtlTestBitEx(
3033 BitMapHeader: PRTL_BITMAP_EX,
3034 BitNumber: ULONG64,
3035 ) -> BOOLEAN;
3036 fn RtlClearAllBitsEx(
3037 BitMapHeader: PRTL_BITMAP_EX,
3038 );
3039 fn RtlClearBitEx(
3040 BitMapHeader: PRTL_BITMAP_EX,
3041 BitNumber: ULONG64,
3042 );
3043 fn RtlSetBitEx(
3044 BitMapHeader: PRTL_BITMAP_EX,
3045 BitNumber: ULONG64,
3046 );
3047 fn RtlFindSetBitsEx(
3048 BitMapHeader: PRTL_BITMAP_EX,
3049 NumberToFind: ULONG64,
3050 HintIndex: ULONG64,
3051 ) -> ULONG64;
3052 fn RtlFindSetBitsAndClearEx(
3053 BitMapHeader: PRTL_BITMAP_EX,
3054 NumberToFind: ULONG64,
3055 HintIndex: ULONG64,
3056 ) -> ULONG64;
3057 }}
3058 UNION!{union RTL_HANDLE_TABLE_ENTRY {
3059 Flags: ULONG,
3060 NextFree: *mut RTL_HANDLE_TABLE_ENTRY,
3061 }}
3062 pub type PRTL_HANDLE_TABLE_ENTRY = *mut RTL_HANDLE_TABLE_ENTRY;
3063 pub const RTL_HANDLE_ALLOCATED: USHORT = 0x0001;
3064 STRUCT!{struct RTL_HANDLE_TABLE {
3065 MaximumNumberOfHandles: ULONG,
3066 SizeOfHandleTableEntry: ULONG,
3067 Reserved: [ULONG; 2],
3068 FreeHandles: PRTL_HANDLE_TABLE_ENTRY,
3069 CommittedHandles: PRTL_HANDLE_TABLE_ENTRY,
3070 UnCommittedHandles: PRTL_HANDLE_TABLE_ENTRY,
3071 MaxReservedHandles: PRTL_HANDLE_TABLE_ENTRY,
3072 }}
3073 pub type PRTL_HANDLE_TABLE = *mut RTL_HANDLE_TABLE;
3074 EXTERN!{extern "system" {
3075 fn RtlInitializeHandleTable(
3076 MaximumNumberOfHandles: ULONG,
3077 SizeOfHandleTableEntry: ULONG,
3078 HandleTable: PRTL_HANDLE_TABLE,
3079 );
3080 fn RtlDestroyHandleTable(
3081 HandleTable: PRTL_HANDLE_TABLE,
3082 ) -> NTSTATUS;
3083 fn RtlAllocateHandle(
3084 HandleTable: PRTL_HANDLE_TABLE,
3085 HandleIndex: PULONG,
3086 ) -> PRTL_HANDLE_TABLE_ENTRY;
3087 fn RtlFreeHandle(
3088 HandleTable: PRTL_HANDLE_TABLE,
3089 Handle: PRTL_HANDLE_TABLE_ENTRY,
3090 ) -> BOOLEAN;
3091 fn RtlIsValidHandle(
3092 HandleTable: PRTL_HANDLE_TABLE,
3093 Handle: PRTL_HANDLE_TABLE_ENTRY,
3094 ) -> BOOLEAN;
3095 fn RtlIsValidIndexHandle(
3096 HandleTable: PRTL_HANDLE_TABLE,
3097 HandleIndex: ULONG,
3098 Handle: *mut PRTL_HANDLE_TABLE_ENTRY,
3099 ) -> BOOLEAN;
3100 }}
3101 pub const RTL_ATOM_MAXIMUM_INTEGER_ATOM: RTL_ATOM = 0xc000;
3102 pub const RTL_ATOM_INVALID_ATOM: RTL_ATOM = 0x0000;
3103 pub const RTL_ATOM_TABLE_DEFAULT_NUMBER_OF_BUCKETS: u32 = 37;
3104 pub const RTL_ATOM_MAXIMUM_NAME_LENGTH: u32 = 255;
3105 pub const RTL_ATOM_PINNED: u32 = 0x01;
3106 EXTERN!{extern "system" {
3107 fn RtlCreateAtomTable(
3108 NumberOfBuckets: ULONG,
3109 AtomTableHandle: *mut PVOID,
3110 ) -> NTSTATUS;
3111 fn RtlDestroyAtomTable(
3112 AtomTableHandle: PVOID,
3113 ) -> NTSTATUS;
3114 fn RtlEmptyAtomTable(
3115 AtomTableHandle: PVOID,
3116 IncludePinnedAtoms: BOOLEAN,
3117 ) -> NTSTATUS;
3118 fn RtlAddAtomToAtomTable(
3119 AtomTableHandle: PVOID,
3120 AtomName: PWSTR,
3121 Atom: PRTL_ATOM,
3122 ) -> NTSTATUS;
3123 fn RtlLookupAtomInAtomTable(
3124 AtomTableHandle: PVOID,
3125 AtomName: PWSTR,
3126 Atom: PRTL_ATOM,
3127 ) -> NTSTATUS;
3128 fn RtlDeleteAtomFromAtomTable(
3129 AtomTableHandle: PVOID,
3130 Atom: RTL_ATOM,
3131 ) -> NTSTATUS;
3132 fn RtlPinAtomInAtomTable(
3133 AtomTableHandle: PVOID,
3134 Atom: RTL_ATOM,
3135 ) -> NTSTATUS;
3136 fn RtlQueryAtomInAtomTable(
3137 AtomTableHandle: PVOID,
3138 Atom: RTL_ATOM,
3139 AtomUsage: PULONG,
3140 AtomFlags: PULONG,
3141 AtomName: PWSTR,
3142 AtomNameLength: PULONG,
3143 ) -> NTSTATUS;
3144 fn RtlGetIntegerAtom(
3145 AtomName: PWSTR,
3146 IntegerAtom: PUSHORT,
3147 ) -> BOOLEAN;
3148 fn RtlValidSid(
3149 Sid: PSID,
3150 ) -> BOOLEAN;
3151 fn RtlEqualSid(
3152 Sid1: PSID,
3153 Sid2: PSID,
3154 ) -> BOOLEAN;
3155 fn RtlEqualPrefixSid(
3156 Sid1: PSID,
3157 Sid2: PSID,
3158 ) -> BOOLEAN;
3159 fn RtlLengthRequiredSid(
3160 SubAuthorityCount: ULONG,
3161 ) -> ULONG;
3162 fn RtlFreeSid(
3163 Sid: PSID,
3164 ) -> PVOID;
3165 fn RtlAllocateAndInitializeSid(
3166 IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY,
3167 SubAuthorityCount: UCHAR,
3168 SubAuthority0: ULONG,
3169 SubAuthority1: ULONG,
3170 SubAuthority2: ULONG,
3171 SubAuthority3: ULONG,
3172 SubAuthority4: ULONG,
3173 SubAuthority5: ULONG,
3174 SubAuthority6: ULONG,
3175 SubAuthority7: ULONG,
3176 Sid: *mut PSID,
3177 ) -> NTSTATUS;
3178 fn RtlInitializeSid(
3179 Sid: PSID,
3180 IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY,
3181 SubAuthorityCount: UCHAR,
3182 ) -> NTSTATUS;
3183 }}
3184 EXTERN!{extern "C" {
3185 fn RtlInitializeSidEx(
3186 Sid: PSID,
3187 IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY,
3188 SubAuthorityCount: UCHAR,
3189 ...
3190 ) -> NTSTATUS;
3191 }}
3192 EXTERN!{extern "system" {
3193 fn RtlIdentifierAuthoritySid(
3194 Sid: PSID,
3195 ) -> PSID_IDENTIFIER_AUTHORITY;
3196 fn RtlSubAuthoritySid(
3197 Sid: PSID,
3198 SubAuthority: ULONG,
3199 ) -> PULONG;
3200 fn RtlSubAuthorityCountSid(
3201 Sid: PSID,
3202 ) -> PUCHAR;
3203 fn RtlLengthSid(
3204 Sid: PSID,
3205 ) -> ULONG;
3206 fn RtlCopySid(
3207 DestinationSidLength: ULONG,
3208 DestinationSid: PSID,
3209 SourceSid: PSID,
3210 ) -> NTSTATUS;
3211 fn RtlCopySidAndAttributesArray(
3212 Count: ULONG,
3213 Src: PSID_AND_ATTRIBUTES,
3214 SidAreaSize: ULONG,
3215 Dest: PSID_AND_ATTRIBUTES,
3216 SidArea: PSID,
3217 RemainingSidArea: *mut PSID,
3218 RemainingSidAreaSize: PULONG,
3219 ) -> NTSTATUS;
3220 fn RtlCreateServiceSid(
3221 ServiceName: PUNICODE_STRING,
3222 ServiceSid: PSID,
3223 ServiceSidLength: PULONG,
3224 ) -> NTSTATUS;
3225 fn RtlSidDominates(
3226 Sid1: PSID,
3227 Sid2: PSID,
3228 Dominates: PBOOLEAN,
3229 ) -> NTSTATUS;
3230 fn RtlSidDominatesForTrust(
3231 Sid1: PSID,
3232 Sid2: PSID,
3233 DominatesTrust: PBOOLEAN,
3234 ) -> NTSTATUS;
3235 fn RtlSidEqualLevel(
3236 Sid1: PSID,
3237 Sid2: PSID,
3238 EqualLevel: PBOOLEAN,
3239 ) -> NTSTATUS;
3240 fn RtlSidIsHigherLevel(
3241 Sid1: PSID,
3242 Sid2: PSID,
3243 HigherLevel: PBOOLEAN,
3244 ) -> NTSTATUS;
3245 fn RtlCreateVirtualAccountSid(
3246 Name: PCUNICODE_STRING,
3247 BaseSubAuthority: ULONG,
3248 Sid: PSID,
3249 SidLength: PULONG,
3250 ) -> NTSTATUS;
3251 fn RtlReplaceSidInSd(
3252 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3253 OldSid: PSID,
3254 NewSid: PSID,
3255 NumChanges: *mut ULONG,
3256 ) -> NTSTATUS;
3257 }}
3258 pub const MAX_UNICODE_STACK_BUFFER_LENGTH: usize = 256;
3259 EXTERN!{extern "system" {
3260 fn RtlConvertSidToUnicodeString(
3261 UnicodeString: PUNICODE_STRING,
3262 Sid: PSID,
3263 AllocateDestinationString: BOOLEAN,
3264 ) -> NTSTATUS;
3265 fn RtlSidHashInitialize(
3266 SidAttr: PSID_AND_ATTRIBUTES,
3267 SidCount: ULONG,
3268 SidAttrHash: PSID_AND_ATTRIBUTES_HASH,
3269 ) -> NTSTATUS;
3270 fn RtlSidHashLookup(
3271 SidAttrHash: PSID_AND_ATTRIBUTES_HASH,
3272 Sid: PSID,
3273 ) -> PSID_AND_ATTRIBUTES;
3274 fn RtlIsElevatedRid(
3275 SidAttr: PSID_AND_ATTRIBUTES,
3276 ) -> BOOLEAN;
3277 fn RtlDeriveCapabilitySidsFromName(
3278 UnicodeString: PUNICODE_STRING,
3279 CapabilityGroupSid: PSID,
3280 CapabilitySid: PSID,
3281 ) -> NTSTATUS;
3282 fn RtlCreateSecurityDescriptor(
3283 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3284 Revision: ULONG,
3285 ) -> NTSTATUS;
3286 fn RtlValidSecurityDescriptor(
3287 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3288 ) -> BOOLEAN;
3289 fn RtlLengthSecurityDescriptor(
3290 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3291 ) -> ULONG;
3292 fn RtlValidRelativeSecurityDescriptor(
3293 SecurityDescriptorInput: PSECURITY_DESCRIPTOR,
3294 SecurityDescriptorLength: ULONG,
3295 RequiredInformation: SECURITY_INFORMATION,
3296 ) -> BOOLEAN;
3297 fn RtlGetControlSecurityDescriptor(
3298 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3299 Control: PSECURITY_DESCRIPTOR_CONTROL,
3300 Revision: PULONG,
3301 ) -> NTSTATUS;
3302 fn RtlSetControlSecurityDescriptor(
3303 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3304 ControlBitsOfInterest: SECURITY_DESCRIPTOR_CONTROL,
3305 ControlBitsToSet: SECURITY_DESCRIPTOR_CONTROL,
3306 ) -> NTSTATUS;
3307 fn RtlSetAttributesSecurityDescriptor(
3308 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3309 Control: SECURITY_DESCRIPTOR_CONTROL,
3310 Revision: PULONG,
3311 ) -> NTSTATUS;
3312 fn RtlGetSecurityDescriptorRMControl(
3313 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3314 RMControl: PUCHAR,
3315 ) -> BOOLEAN;
3316 fn RtlSetSecurityDescriptorRMControl(
3317 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3318 RMControl: PUCHAR,
3319 );
3320 fn RtlSetDaclSecurityDescriptor(
3321 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3322 DaclPresent: BOOLEAN,
3323 Dacl: PACL,
3324 DaclDefaulted: BOOLEAN,
3325 ) -> NTSTATUS;
3326 fn RtlGetDaclSecurityDescriptor(
3327 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3328 DaclPresent: PBOOLEAN,
3329 Dacl: *mut PACL,
3330 DaclDefaulted: PBOOLEAN,
3331 ) -> NTSTATUS;
3332 fn RtlSetSaclSecurityDescriptor(
3333 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3334 SaclPresent: BOOLEAN,
3335 Sacl: PACL,
3336 SaclDefaulted: BOOLEAN,
3337 ) -> NTSTATUS;
3338 fn RtlGetSaclSecurityDescriptor(
3339 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3340 SaclPresent: PBOOLEAN,
3341 Sacl: *mut PACL,
3342 SaclDefaulted: PBOOLEAN,
3343 ) -> NTSTATUS;
3344 fn RtlSetOwnerSecurityDescriptor(
3345 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3346 Owner: PSID,
3347 OwnerDefaulted: BOOLEAN,
3348 ) -> NTSTATUS;
3349 fn RtlGetOwnerSecurityDescriptor(
3350 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3351 Owner: *mut PSID,
3352 OwnerDefaulted: PBOOLEAN,
3353 ) -> NTSTATUS;
3354 fn RtlSetGroupSecurityDescriptor(
3355 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3356 Group: PSID,
3357 GroupDefaulted: BOOLEAN,
3358 ) -> NTSTATUS;
3359 fn RtlGetGroupSecurityDescriptor(
3360 SecurityDescriptor: PSECURITY_DESCRIPTOR,
3361 Group: *mut PSID,
3362 GroupDefaulted: PBOOLEAN,
3363 ) -> NTSTATUS;
3364 fn RtlMakeSelfRelativeSD(
3365 AbsoluteSecurityDescriptor: PSECURITY_DESCRIPTOR,
3366 SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR,
3367 BufferLength: PULONG,
3368 ) -> NTSTATUS;
3369 fn RtlAbsoluteToSelfRelativeSD(
3370 AbsoluteSecurityDescriptor: PSECURITY_DESCRIPTOR,
3371 SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR,
3372 BufferLength: PULONG,
3373 ) -> NTSTATUS;
3374 fn RtlSelfRelativeToAbsoluteSD(
3375 SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR,
3376 AbsoluteSecurityDescriptor: PSECURITY_DESCRIPTOR,
3377 AbsoluteSecurityDescriptorSize: PULONG,
3378 Dacl: PACL,
3379 DaclSize: PULONG,
3380 Sacl: PACL,
3381 SaclSize: PULONG,
3382 Owner: PSID,
3383 OwnerSize: PULONG,
3384 PrimaryGroup: PSID,
3385 PrimaryGroupSize: PULONG,
3386 ) -> NTSTATUS;
3387 fn RtlSelfRelativeToAbsoluteSD2(
3388 pSelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR,
3389 pBufferSize: PULONG,
3390 ) -> NTSTATUS;
3391 fn RtlAreAllAccessesGranted(
3392 GrantedAccess: ACCESS_MASK,
3393 DesiredAccess: ACCESS_MASK,
3394 ) -> BOOLEAN;
3395 fn RtlAreAnyAccessesGranted(
3396 GrantedAccess: ACCESS_MASK,
3397 DesiredAccess: ACCESS_MASK,
3398 ) -> BOOLEAN;
3399 fn RtlMapGenericMask(
3400 AccessMask: PACCESS_MASK,
3401 GenericMapping: PGENERIC_MAPPING,
3402 );
3403 fn RtlCreateAcl(
3404 Acl: PACL,
3405 AclLength: ULONG,
3406 AclRevision: ULONG,
3407 ) -> NTSTATUS;
3408 fn RtlValidAcl(
3409 Acl: PACL,
3410 ) -> BOOLEAN;
3411 fn RtlQueryInformationAcl(
3412 Acl: PACL,
3413 AclInformation: PVOID,
3414 AclInformationLength: ULONG,
3415 AclInformationClass: ACL_INFORMATION_CLASS,
3416 ) -> NTSTATUS;
3417 fn RtlSetInformationAcl(
3418 Acl: PACL,
3419 AclInformation: PVOID,
3420 AclInformationLength: ULONG,
3421 AclInformationClass: ACL_INFORMATION_CLASS,
3422 ) -> NTSTATUS;
3423 fn RtlAddAce(
3424 Acl: PACL,
3425 AceRevision: ULONG,
3426 StartingAceIndex: ULONG,
3427 AceList: PVOID,
3428 AceListLength: ULONG,
3429 ) -> NTSTATUS;
3430 fn RtlDeleteAce(
3431 Acl: PACL,
3432 AceIndex: ULONG,
3433 ) -> NTSTATUS;
3434 fn RtlGetAce(
3435 Acl: PACL,
3436 AceIndex: ULONG,
3437 Ace: *mut PVOID,
3438 ) -> NTSTATUS;
3439 fn RtlFirstFreeAce(
3440 Acl: PACL,
3441 FirstFree: *mut PVOID,
3442 ) -> BOOLEAN;
3443 fn RtlFindAceByType(
3444 pAcl: PACL,
3445 AceType: UCHAR,
3446 pIndex: PULONG,
3447 ) -> PVOID;
3448 fn RtlOwnerAcesPresent(
3449 pAcl: PACL,
3450 ) -> BOOLEAN;
3451 fn RtlAddAccessAllowedAce(
3452 Acl: PACL,
3453 AceRevision: ULONG,
3454 AccessMask: ACCESS_MASK,
3455 Sid: PSID,
3456 ) -> NTSTATUS;
3457 fn RtlAddAccessAllowedAceEx(
3458 Acl: PACL,
3459 AceRevision: ULONG,
3460 AceFlags: ULONG,
3461 AccessMask: ACCESS_MASK,
3462 Sid: PSID,
3463 ) -> NTSTATUS;
3464 fn RtlAddAccessDeniedAce(
3465 Acl: PACL,
3466 AceRevision: ULONG,
3467 AccessMask: ACCESS_MASK,
3468 Sid: PSID,
3469 ) -> NTSTATUS;
3470 fn RtlAddAccessDeniedAceEx(
3471 Acl: PACL,
3472 AceRevision: ULONG,
3473 AceFlags: ULONG,
3474 AccessMask: ACCESS_MASK,
3475 Sid: PSID,
3476 ) -> NTSTATUS;
3477 fn RtlAddAuditAccessAce(
3478 Acl: PACL,
3479 AceRevision: ULONG,
3480 AccessMask: ACCESS_MASK,
3481 Sid: PSID,
3482 AuditSuccess: BOOLEAN,
3483 AuditFailure: BOOLEAN,
3484 ) -> NTSTATUS;
3485 fn RtlAddAuditAccessAceEx(
3486 Acl: PACL,
3487 AceRevision: ULONG,
3488 AceFlags: ULONG,
3489 AccessMask: ACCESS_MASK,
3490 Sid: PSID,
3491 AuditSuccess: BOOLEAN,
3492 AuditFailure: BOOLEAN,
3493 ) -> NTSTATUS;
3494 fn RtlAddAccessAllowedObjectAce(
3495 Acl: PACL,
3496 AceRevision: ULONG,
3497 AceFlags: ULONG,
3498 AccessMask: ACCESS_MASK,
3499 ObjectTypeGuid: *mut GUID,
3500 InheritedObjectTypeGuid: *mut GUID,
3501 Sid: PSID,
3502 ) -> NTSTATUS;
3503 fn RtlAddAccessDeniedObjectAce(
3504 Acl: PACL,
3505 AceRevision: ULONG,
3506 AceFlags: ULONG,
3507 AccessMask: ACCESS_MASK,
3508 ObjectTypeGuid: *mut GUID,
3509 InheritedObjectTypeGuid: *mut GUID,
3510 Sid: PSID,
3511 ) -> NTSTATUS;
3512 fn RtlAddAuditAccessObjectAce(
3513 Acl: PACL,
3514 AceRevision: ULONG,
3515 AceFlags: ULONG,
3516 AccessMask: ACCESS_MASK,
3517 ObjectTypeGuid: *mut GUID,
3518 InheritedObjectTypeGuid: *mut GUID,
3519 Sid: PSID,
3520 AuditSuccess: BOOLEAN,
3521 AuditFailure: BOOLEAN,
3522 ) -> NTSTATUS;
3523 fn RtlAddCompoundAce(
3524 Acl: PACL,
3525 AceRevision: ULONG,
3526 AceType: UCHAR,
3527 AccessMask: ACCESS_MASK,
3528 ServerSid: PSID,
3529 ClientSid: PSID,
3530 ) -> NTSTATUS;
3531 fn RtlAddMandatoryAce(
3532 Acl: PACL,
3533 AceRevision: ULONG,
3534 AceFlags: ULONG,
3535 Sid: PSID,
3536 AceType: UCHAR,
3537 AccessMask: ACCESS_MASK,
3538 ) -> NTSTATUS;
3539 fn RtlDefaultNpAcl(
3540 Acl: *mut PACL,
3541 ) -> NTSTATUS;
3542 fn RtlNewSecurityObject(
3543 ParentDescriptor: PSECURITY_DESCRIPTOR,
3544 CreatorDescriptor: PSECURITY_DESCRIPTOR,
3545 NewDescriptor: *mut PSECURITY_DESCRIPTOR,
3546 IsDirectoryObject: BOOLEAN,
3547 Token: HANDLE,
3548 GenericMapping: PGENERIC_MAPPING,
3549 ) -> NTSTATUS;
3550 fn RtlNewSecurityObjectEx(
3551 ParentDescriptor: PSECURITY_DESCRIPTOR,
3552 CreatorDescriptor: PSECURITY_DESCRIPTOR,
3553 NewDescriptor: *mut PSECURITY_DESCRIPTOR,
3554 ObjectType: *mut GUID,
3555 IsDirectoryObject: BOOLEAN,
3556 AutoInheritFlags: ULONG,
3557 Token: HANDLE,
3558 GenericMapping: PGENERIC_MAPPING,
3559 ) -> NTSTATUS;
3560 fn RtlNewSecurityObjectWithMultipleInheritance(
3561 ParentDescriptor: PSECURITY_DESCRIPTOR,
3562 CreatorDescriptor: PSECURITY_DESCRIPTOR,
3563 NewDescriptor: *mut PSECURITY_DESCRIPTOR,
3564 ObjectType: *mut *mut GUID,
3565 GuidCount: ULONG,
3566 IsDirectoryObject: BOOLEAN,
3567 AutoInheritFlags: ULONG,
3568 Token: HANDLE,
3569 GenericMapping: PGENERIC_MAPPING,
3570 ) -> NTSTATUS;
3571 fn RtlDeleteSecurityObject(
3572 ObjectDescriptor: *mut PSECURITY_DESCRIPTOR,
3573 ) -> NTSTATUS;
3574 fn RtlQuerySecurityObject(
3575 ObjectDescriptor: PSECURITY_DESCRIPTOR,
3576 SecurityInformation: SECURITY_INFORMATION,
3577 ResultantDescriptor: PSECURITY_DESCRIPTOR,
3578 DescriptorLength: ULONG,
3579 ReturnLength: PULONG,
3580 ) -> NTSTATUS;
3581 fn RtlSetSecurityObject(
3582 SecurityInformation: SECURITY_INFORMATION,
3583 ModificationDescriptor: PSECURITY_DESCRIPTOR,
3584 ObjectsSecurityDescriptor: *mut PSECURITY_DESCRIPTOR,
3585 GenericMapping: PGENERIC_MAPPING,
3586 Token: HANDLE,
3587 ) -> NTSTATUS;
3588 fn RtlSetSecurityObjectEx(
3589 SecurityInformation: SECURITY_INFORMATION,
3590 ModificationDescriptor: PSECURITY_DESCRIPTOR,
3591 ObjectsSecurityDescriptor: *mut PSECURITY_DESCRIPTOR,
3592 AutoInheritFlags: ULONG,
3593 GenericMapping: PGENERIC_MAPPING,
3594 Token: HANDLE,
3595 ) -> NTSTATUS;
3596 fn RtlConvertToAutoInheritSecurityObject(
3597 ParentDescriptor: PSECURITY_DESCRIPTOR,
3598 CurrentSecurityDescriptor: PSECURITY_DESCRIPTOR,
3599 NewSecurityDescriptor: *mut PSECURITY_DESCRIPTOR,
3600 ObjectType: *mut GUID,
3601 IsDirectoryObject: BOOLEAN,
3602 GenericMapping: PGENERIC_MAPPING,
3603 ) -> NTSTATUS;
3604 fn RtlNewInstanceSecurityObject(
3605 ParentDescriptorChanged: BOOLEAN,
3606 CreatorDescriptorChanged: BOOLEAN,
3607 OldClientTokenModifiedId: PLUID,
3608 NewClientTokenModifiedId: PLUID,
3609 ParentDescriptor: PSECURITY_DESCRIPTOR,
3610 CreatorDescriptor: PSECURITY_DESCRIPTOR,
3611 NewDescriptor: *mut PSECURITY_DESCRIPTOR,
3612 IsDirectoryObject: BOOLEAN,
3613 Token: HANDLE,
3614 GenericMapping: PGENERIC_MAPPING,
3615 ) -> NTSTATUS;
3616 fn RtlCopySecurityDescriptor(
3617 InputSecurityDescriptor: PSECURITY_DESCRIPTOR,
3618 OutputSecurityDescriptor: *mut PSECURITY_DESCRIPTOR,
3619 ) -> NTSTATUS;
3620 fn RtlRunEncodeUnicodeString(
3621 Seed: PUCHAR,
3622 String: PUNICODE_STRING,
3623 );
3624 fn RtlRunDecodeUnicodeString(
3625 Seed: UCHAR,
3626 String: PUNICODE_STRING,
3627 );
3628 fn RtlImpersonateSelf(
3629 ImpersonationLevel: SECURITY_IMPERSONATION_LEVEL,
3630 ) -> NTSTATUS;
3631 fn RtlImpersonateSelfEx(
3632 ImpersonationLevel: SECURITY_IMPERSONATION_LEVEL,
3633 AdditionalAccess: ACCESS_MASK,
3634 ThreadToken: PHANDLE,
3635 ) -> NTSTATUS;
3636 fn RtlAdjustPrivilege(
3637 Privilege: ULONG,
3638 Enable: BOOLEAN,
3639 Client: BOOLEAN,
3640 WasEnabled: PBOOLEAN,
3641 ) -> NTSTATUS;
3642 }}
3643 pub const RTL_ACQUIRE_PRIVILEGE_REVERT: ULONG = 0x00000001;
3644 pub const RTL_ACQUIRE_PRIVILEGE_PROCESS: ULONG = 0x00000002;
3645 EXTERN!{extern "system" {
3646 fn RtlAcquirePrivilege(
3647 Privilege: PULONG,
3648 NumPriv: ULONG,
3649 Flags: ULONG,
3650 ReturnedState: *mut PVOID,
3651 ) -> NTSTATUS;
3652 fn RtlReleasePrivilege(
3653 StatePointer: PVOID,
3654 );
3655 fn RtlRemovePrivileges(
3656 TokenHandle: HANDLE,
3657 PrivilegesToKeep: PULONG,
3658 PrivilegeCount: ULONG,
3659 ) -> NTSTATUS;
3660 fn RtlIsUntrustedObject(
3661 Handle: HANDLE,
3662 Object: PVOID,
3663 IsUntrustedObject: PBOOLEAN,
3664 ) -> NTSTATUS;
3665 fn RtlQueryValidationRunlevel(
3666 ComponentName: PUNICODE_STRING,
3667 ) -> ULONG;
3668 fn RtlCreateBoundaryDescriptor(
3669 Name: PUNICODE_STRING,
3670 Flags: ULONG,
3671 ) -> PVOID;
3672 fn RtlDeleteBoundaryDescriptor(
3673 BoundaryDescriptor: PVOID,
3674 );
3675 fn RtlAddSIDToBoundaryDescriptor(
3676 BoundaryDescriptor: *mut PVOID,
3677 RequiredSid: PSID,
3678 ) -> NTSTATUS;
3679 fn RtlAddIntegrityLabelToBoundaryDescriptor(
3680 BoundaryDescriptor: *mut PVOID,
3681 IntegrityLabel: PSID,
3682 ) -> NTSTATUS;
3683 fn RtlGetVersion(
3684 lpVersionInformation: PRTL_OSVERSIONINFOW,
3685 ) -> NTSTATUS;
3686 fn RtlVerifyVersionInfo(
3687 VersionInfo: PRTL_OSVERSIONINFOEXW,
3688 TypeMask: ULONG,
3689 ConditionMask: ULONGLONG,
3690 ) -> NTSTATUS;
3691 fn RtlGetNtVersionNumbers(
3692 NtMajorVersion: PULONG,
3693 NtMinorVersion: PULONG,
3694 NtBuildNumber: PULONG,
3695 );
3696 fn RtlGetNtGlobalFlags() -> ULONG;
3697 fn RtlGetNtProductType(
3698 NtProductType: PNT_PRODUCT_TYPE,
3699 ) -> BOOLEAN;
3700 fn RtlGetSuiteMask() -> ULONG;
3701 fn RtlRegisterWait(
3702 WaitHandle: PHANDLE,
3703 Handle: HANDLE,
3704 Function: WAITORTIMERCALLBACKFUNC,
3705 Context: PVOID,
3706 Milliseconds: ULONG,
3707 Flags: ULONG,
3708 ) -> NTSTATUS;
3709 fn RtlDeregisterWait(
3710 WaitHandle: HANDLE,
3711 ) -> NTSTATUS;
3712 fn RtlDeregisterWaitEx(
3713 WaitHandle: HANDLE,
3714 Event: HANDLE,
3715 ) -> NTSTATUS;
3716 fn RtlQueueWorkItem(
3717 Function: WORKERCALLBACKFUNC,
3718 Context: PVOID,
3719 Flags: ULONG,
3720 ) -> NTSTATUS;
3721 fn RtlSetIoCompletionCallback(
3722 FileHandle: HANDLE,
3723 CompletionProc: APC_CALLBACK_FUNCTION,
3724 Flags: ULONG,
3725 ) -> NTSTATUS;
3726 }}
3727 FN!{stdcall PRTL_START_POOL_THREAD(
3728 Function: PTHREAD_START_ROUTINE,
3729 Parameter: PVOID,
3730 ThreadHandle: PHANDLE,
3731 ) -> NTSTATUS}
3732 FN!{stdcall PRTL_EXIT_POOL_THREAD(
3733 ExitStatus: NTSTATUS,
3734 ) -> NTSTATUS}
3735 EXTERN!{extern "system" {
3736 fn RtlSetThreadPoolStartFunc(
3737 StartPoolThread: PRTL_START_POOL_THREAD,
3738 ExitPoolThread: PRTL_EXIT_POOL_THREAD,
3739 ) -> NTSTATUS;
3740 fn RtlUserThreadStart(
3741 Function: PTHREAD_START_ROUTINE,
3742 Parameter: PVOID,
3743 );
3744 fn LdrInitializeThunk(
3745 ContextRecord: PCONTEXT,
3746 Parameter: PVOID,
3747 );
3748 fn RtlCreateTimerQueue(
3749 TimerQueueHandle: PHANDLE,
3750 ) -> NTSTATUS;
3751 fn RtlCreateTimer(
3752 TimerQueueHandle: HANDLE,
3753 Handle: PHANDLE,
3754 Function: WAITORTIMERCALLBACKFUNC,
3755 Context: PVOID,
3756 DueTime: ULONG,
3757 Period: ULONG,
3758 Flags: ULONG,
3759 ) -> NTSTATUS;
3760 fn RtlUpdateTimer(
3761 TimerQueueHandle: HANDLE,
3762 TimerHandle: HANDLE,
3763 DueTime: ULONG,
3764 Period: ULONG,
3765 ) -> NTSTATUS;
3766 fn RtlDeleteTimer(
3767 TimerQueueHandle: HANDLE,
3768 TimerToCancel: HANDLE,
3769 Event: HANDLE,
3770 ) -> NTSTATUS;
3771 fn RtlDeleteTimerQueue(
3772 TimerQueueHandle: HANDLE,
3773 ) -> NTSTATUS;
3774 fn RtlDeleteTimerQueueEx(
3775 TimerQueueHandle: HANDLE,
3776 Event: HANDLE,
3777 ) -> NTSTATUS;
3778 fn RtlFormatCurrentUserKeyPath(
3779 CurrentUserKeyPath: PUNICODE_STRING,
3780 ) -> NTSTATUS;
3781 fn RtlOpenCurrentUser(
3782 DesiredAccess: ACCESS_MASK,
3783 CurrentUserKey: PHANDLE,
3784 ) -> NTSTATUS;
3785 }}
3786 pub const RTL_REGISTRY_ABSOLUTE: ULONG = 0;
3787 pub const RTL_REGISTRY_SERVICES: ULONG = 1;
3788 pub const RTL_REGISTRY_CONTROL: ULONG = 2;
3789 pub const RTL_REGISTRY_WINDOWS_NT: ULONG = 3;
3790 pub const RTL_REGISTRY_DEVICEMAP: ULONG = 4;
3791 pub const RTL_REGISTRY_USER: ULONG = 5;
3792 pub const RTL_REGISTRY_MAXIMUM: ULONG = 6;
3793 pub const RTL_REGISTRY_HANDLE: ULONG = 0x40000000;
3794 pub const RTL_REGISTRY_OPTIONAL: ULONG = 0x80000000;
3795 EXTERN!{extern "system" {
3796 fn RtlCreateRegistryKey(
3797 RelativeTo: ULONG,
3798 Path: PWSTR,
3799 ) -> NTSTATUS;
3800 fn RtlCheckRegistryKey(
3801 RelativeTo: ULONG,
3802 Path: PWSTR,
3803 ) -> NTSTATUS;
3804 }}
3805 FN!{stdcall PRTL_QUERY_REGISTRY_ROUTINE(
3806 ValueName: PWSTR,
3807 ValueType: ULONG,
3808 ValueData: PVOID,
3809 ValueLength: ULONG,
3810 Context: PVOID,
3811 EntryContext: PVOID,
3812 ) -> NTSTATUS}
3813 STRUCT!{struct RTL_QUERY_REGISTRY_TABLE {
3814 QueryRoutine: PRTL_QUERY_REGISTRY_ROUTINE,
3815 Flags: ULONG,
3816 Name: PWSTR,
3817 EntryContext: PVOID,
3818 DefaultType: ULONG,
3819 DefaultData: PVOID,
3820 DefaultLength: ULONG,
3821 }}
3822 pub type PRTL_QUERY_REGISTRY_TABLE = *mut RTL_QUERY_REGISTRY_TABLE;
3823 pub const RTL_QUERY_REGISTRY_SUBKEY: ULONG = 0x00000001;
3824 pub const RTL_QUERY_REGISTRY_TOPKEY: ULONG = 0x00000002;
3825 pub const RTL_QUERY_REGISTRY_REQUIRED: ULONG = 0x00000004;
3826 pub const RTL_QUERY_REGISTRY_NOVALUE: ULONG = 0x00000008;
3827 pub const RTL_QUERY_REGISTRY_NOEXPAND: ULONG = 0x00000010;
3828 pub const RTL_QUERY_REGISTRY_DIRECT: ULONG = 0x00000020;
3829 pub const RTL_QUERY_REGISTRY_DELETE: ULONG = 0x00000040;
3830 EXTERN!{extern "system" {
3831 fn RtlQueryRegistryValues(
3832 RelativeTo: ULONG,
3833 Path: PCWSTR,
3834 QueryTable: PRTL_QUERY_REGISTRY_TABLE,
3835 Context: PVOID,
3836 Environment: PVOID,
3837 ) -> NTSTATUS;
3838 fn RtlQueryRegistryValuesEx(
3839 RelativeTo: ULONG,
3840 Path: PWSTR,
3841 QueryTable: PRTL_QUERY_REGISTRY_TABLE,
3842 Context: PVOID,
3843 Environment: PVOID,
3844 ) -> NTSTATUS;
3845 fn RtlWriteRegistryValue(
3846 RelativeTo: ULONG,
3847 Path: PCWSTR,
3848 ValueName: PCWSTR,
3849 ValueType: ULONG,
3850 ValueData: PVOID,
3851 ValueLength: ULONG,
3852 ) -> NTSTATUS;
3853 fn RtlDeleteRegistryValue(
3854 RelativeTo: ULONG,
3855 Path: PCWSTR,
3856 ValueName: PCWSTR,
3857 ) -> NTSTATUS;
3858 fn RtlEnableThreadProfiling(
3859 ThreadHandle: HANDLE,
3860 Flags: ULONG,
3861 HardwareCounters: ULONG64,
3862 PerformanceDataHandle: *mut PVOID,
3863 ) -> NTSTATUS;
3864 fn RtlDisableThreadProfiling(
3865 PerformanceDataHandle: PVOID,
3866 ) -> NTSTATUS;
3867 fn RtlQueryThreadProfiling(
3868 ThreadHandle: HANDLE,
3869 Enabled: PBOOLEAN,
3870 ) -> NTSTATUS;
3871 fn RtlReadThreadProfilingData(
3872 PerformanceDataHandle: HANDLE,
3873 Flags: ULONG,
3874 PerformanceData: PPERFORMANCE_DATA,
3875 ) -> NTSTATUS;
3876 fn RtlGetNativeSystemInformation(
3877 SystemInformationClass: ULONG,
3878 NativeSystemInformation: PVOID,
3879 InformationLength: ULONG,
3880 ReturnLength: PULONG,
3881 ) -> NTSTATUS;
3882 fn RtlQueueApcWow64Thread(
3883 ThreadHandle: HANDLE,
3884 ApcRoutine: PPS_APC_ROUTINE,
3885 ApcArgument1: PVOID,
3886 ApcArgument2: PVOID,
3887 ApcArgument3: PVOID,
3888 ) -> NTSTATUS;
3889 fn RtlWow64EnableFsRedirection(
3890 Wow64FsEnableRedirection: BOOLEAN,
3891 ) -> NTSTATUS;
3892 fn RtlWow64EnableFsRedirectionEx(
3893 Wow64FsEnableRedirection: PVOID,
3894 OldFsRedirectionLevel: *mut PVOID,
3895 ) -> NTSTATUS;
3896 fn RtlComputeCrc32(
3897 PartialCrc: ULONG32,
3898 Buffer: PVOID,
3899 Length: ULONG,
3900 ) -> ULONG32;
3901 fn RtlEncodePointer(
3902 Ptr: PVOID,
3903 ) -> PVOID;
3904 fn RtlDecodePointer(
3905 Ptr: PVOID,
3906 ) -> PVOID;
3907 fn RtlEncodeSystemPointer(
3908 Ptr: PVOID,
3909 ) -> PVOID;
3910 fn RtlDecodeSystemPointer(
3911 Ptr: PVOID,
3912 ) -> PVOID;
3913 fn RtlEncodeRemotePointer(
3914 ProcessHandle: HANDLE,
3915 Pointer: PVOID,
3916 EncodedPointer: *mut PVOID,
3917 ) -> NTSTATUS;
3918 fn RtlDecodeRemotePointer(
3919 ProcessHandle: HANDLE,
3920 Pointer: PVOID,
3921 DecodedPointer: *mut PVOID,
3922 ) -> NTSTATUS;
3923 fn RtlIsProcessorFeaturePresent(
3924 ProcessorFeature: ULONG,
3925 ) -> BOOLEAN;
3926 fn RtlGetCurrentProcessorNumber() -> ULONG;
3927 fn RtlGetCurrentProcessorNumberEx(
3928 ProcessorNumber: PPROCESSOR_NUMBER,
3929 );
3930 fn RtlPushFrame(
3931 Frame: PTEB_ACTIVE_FRAME,
3932 );
3933 fn RtlPopFrame(
3934 Frame: PTEB_ACTIVE_FRAME,
3935 );
3936 fn RtlGetFrame() -> PTEB_ACTIVE_FRAME;
3937 }}
3938 pub const RTL_WALK_USER_MODE_STACK: ULONG = 0x00000001;
3939 pub const RTL_WALK_VALID_FLAGS: ULONG = 0x00000001;
3940 pub const RTL_STACK_WALKING_MODE_FRAMES_TO_SKIP_SHIFT: ULONG = 0x00000008;
3941 EXTERN!{extern "system" {
3942 fn RtlWalkFrameChain(
3943 Callers: *mut PVOID,
3944 Count: ULONG,
3945 Flags: ULONG,
3946 ) -> ULONG;
3947 fn RtlGetCallersAddress(
3948 CallersAddress: *mut PVOID,
3949 CallersCaller: *mut PVOID,
3950 );
3951 fn RtlGetEnabledExtendedFeatures(
3952 FeatureMask: ULONG64,
3953 ) -> ULONG64;
3954 fn RtlGetEnabledExtendedAndSupervisorFeatures(
3955 FeatureMask: ULONG64,
3956 ) -> ULONG64;
3957 fn RtlLocateSupervisorFeature(
3958 XStateHeader: PXSAVE_AREA_HEADER,
3959 FeatureId: ULONG,
3960 Length: PULONG,
3961 ) -> PVOID;
3962 }}
3963 STRUCT!{struct RTL_ELEVATION_FLAGS {
3964 Flags: ULONG,
3965 }}
3966 BITFIELD!{RTL_ELEVATION_FLAGS Flags: ULONG [
3967 ElevationEnabled set_ElevationEnabled[0..1],
3968 VirtualizationEnabled set_VirtualizationEnabled[1..2],
3969 InstallerDetectEnabled set_InstallerDetectEnabled[2..3],
3970 ReservedBits set_ReservedBits[3..32],
3971 ]}
3972 pub type PRTL_ELEVATION_FLAGS = *mut RTL_ELEVATION_FLAGS;
3973 EXTERN!{extern "system" {
3974 fn RtlQueryElevationFlags(
3975 Flags: PRTL_ELEVATION_FLAGS,
3976 ) -> NTSTATUS;
3977 fn RtlRegisterThreadWithCsrss() -> NTSTATUS;
3978 fn RtlLockCurrentThread() -> NTSTATUS;
3979 fn RtlUnlockCurrentThread() -> NTSTATUS;
3980 fn RtlLockModuleSection(
3981 Address: PVOID,
3982 ) -> NTSTATUS;
3983 fn RtlUnlockModuleSection(
3984 Address: PVOID,
3985 ) -> NTSTATUS;
3986 }}
3987 pub const RTL_UNLOAD_EVENT_TRACE_NUMBER: u32 = 64;
3988 STRUCT!{struct RTL_UNLOAD_EVENT_TRACE {
3989 BaseAddress: PVOID,
3990 SizeOfImage: SIZE_T,
3991 Sequence: ULONG,
3992 TimeDateStamp: ULONG,
3993 CheckSum: ULONG,
3994 ImageName: [WCHAR; 32],
3995 Version: [ULONG; 2],
3996 }}
3997 pub type PRTL_UNLOAD_EVENT_TRACE = *mut RTL_UNLOAD_EVENT_TRACE;
3998 STRUCT!{struct RTL_UNLOAD_EVENT_TRACE32 {
3999 BaseAddress: ULONG,
4000 SizeOfImage: ULONG,
4001 Sequence: ULONG,
4002 TimeDateStamp: ULONG,
4003 CheckSum: ULONG,
4004 ImageName: [WCHAR; 32],
4005 Version: [ULONG; 2],
4006 }}
4007 pub type PRTL_UNLOAD_EVENT_TRACE32 = *mut RTL_UNLOAD_EVENT_TRACE32;
4008 EXTERN!{extern "system" {
4009 fn RtlGetUnloadEventTrace() -> PRTL_UNLOAD_EVENT_TRACE;
4010 fn RtlGetUnloadEventTraceEx(
4011 ElementSize: *mut PULONG,
4012 ElementCount: *mut PULONG,
4013 EventTrace: *mut PVOID,
4014 );
4015 fn RtlQueryPerformanceCounter(
4016 PerformanceCounter: PLARGE_INTEGER,
4017 ) -> LOGICAL;
4018 fn RtlQueryPerformanceFrequency(
4019 PerformanceFrequency: PLARGE_INTEGER,
4020 ) -> LOGICAL;
4021 }}
4022 ENUM!{enum IMAGE_MITIGATION_POLICY {
4023 ImageDepPolicy = 0,
4024 ImageAslrPolicy = 1,
4025 ImageDynamicCodePolicy = 2,
4026 ImageStrictHandleCheckPolicy = 3,
4027 ImageSystemCallDisablePolicy = 4,
4028 ImageMitigationOptionsMask = 5,
4029 ImageExtensionPointDisablePolicy = 6,
4030 ImageControlFlowGuardPolicy = 7,
4031 ImageSignaturePolicy = 8,
4032 ImageFontDisablePolicy = 9,
4033 ImageImageLoadPolicy = 10,
4034 ImagePayloadRestrictionPolicy = 11,
4035 ImageChildProcessPolicy = 12,
4036 ImageSehopPolicy = 13,
4037 ImageHeapPolicy = 14,
4038 MaxImageMitigationPolicy = 15,
4039 }}
4040 UNION!{union RTL_IMAGE_MITIGATION_POLICY {
4041 Bitfields1: ULONG64,
4042 Bitfields2: ULONG64,
4043 }}
4044 BITFIELD!{unsafe RTL_IMAGE_MITIGATION_POLICY Bitfields1: ULONG64 [
4045 AuditState set_AuditState[0..2],
4046 AuditFlag set_AuditFlag[2..3],
4047 EnableAdditionalAuditingOption set_EnableAdditionalAuditingOption[3..4],
4048 Reserved set_Reserved[4..64],
4049 ]}
4050 BITFIELD!{unsafe RTL_IMAGE_MITIGATION_POLICY Bitfields2: ULONG64 [
4051 PolicyState set_PolicyState[0..2],
4052 AlwaysInherit set_AlwaysInherit[2..3],
4053 EnableAdditionalPolicyOption set_EnableAdditionalPolicyOption[3..4],
4054 AuditReserved set_AuditReserved[4..64],
4055 ]}
4056 pub type PRTL_IMAGE_MITIGATION_POLICY = *mut RTL_IMAGE_MITIGATION_POLICY;
4057 STRUCT!{struct RTL_IMAGE_MITIGATION_DEP_POLICY {
4058 Dep: RTL_IMAGE_MITIGATION_POLICY,
4059 }}
4060 pub type PRTL_IMAGE_MITIGATION_DEP_POLICY = *mut RTL_IMAGE_MITIGATION_DEP_POLICY;
4061 STRUCT!{struct RTL_IMAGE_MITIGATION_ASLR_POLICY {
4062 ForceRelocateImages: RTL_IMAGE_MITIGATION_POLICY,
4063 BottomUpRandomization: RTL_IMAGE_MITIGATION_POLICY,
4064 HighEntropyRandomization: RTL_IMAGE_MITIGATION_POLICY,
4065 }}
4066 pub type PRTL_IMAGE_MITIGATION_ASLR_POLICY = *mut RTL_IMAGE_MITIGATION_ASLR_POLICY;
4067 STRUCT!{struct RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY {
4068 BlockDynamicCode: RTL_IMAGE_MITIGATION_POLICY,
4069 }}
4070 pub type PRTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY = *mut RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY;
4071 STRUCT!{struct RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY {
4072 StrictHandleChecks: RTL_IMAGE_MITIGATION_POLICY,
4073 }}
4074 pub type PRTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY =
4075 *mut RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY;
4076 STRUCT!{struct RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY {
4077 BlockWin32kSystemCalls: RTL_IMAGE_MITIGATION_POLICY,
4078 }}
4079 pub type PRTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY =
4080 *mut RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY;
4081 STRUCT!{struct RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY {
4082 DisableExtensionPoints: RTL_IMAGE_MITIGATION_POLICY,
4083 }}
4084 pub type PRTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY =
4085 *mut RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY;
4086 STRUCT!{struct RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY {
4087 ControlFlowGuard: RTL_IMAGE_MITIGATION_POLICY,
4088 StrictControlFlowGuard: RTL_IMAGE_MITIGATION_POLICY,
4089 }}
4090 pub type PRTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY =
4091 *mut RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY;
4092 STRUCT!{struct RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY {
4093 BlockNonMicrosoftSignedBinaries: RTL_IMAGE_MITIGATION_POLICY,
4094 EnforceSigningOnModuleDependencies: RTL_IMAGE_MITIGATION_POLICY,
4095 }}
4096 pub type PRTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY =
4097 *mut RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY;
4098 STRUCT!{struct RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY {
4099 DisableNonSystemFonts: RTL_IMAGE_MITIGATION_POLICY,
4100 }}
4101 pub type PRTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY = *mut RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY;
4102 STRUCT!{struct RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY {
4103 BlockRemoteImageLoads: RTL_IMAGE_MITIGATION_POLICY,
4104 BlockLowLabelImageLoads: RTL_IMAGE_MITIGATION_POLICY,
4105 PreferSystem32: RTL_IMAGE_MITIGATION_POLICY,
4106 }}
4107 pub type PRTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY = *mut RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY;
4108 STRUCT!{struct RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY {
4109 EnableExportAddressFilter: RTL_IMAGE_MITIGATION_POLICY,
4110 EnableExportAddressFilterPlus: RTL_IMAGE_MITIGATION_POLICY,
4111 EnableImportAddressFilter: RTL_IMAGE_MITIGATION_POLICY,
4112 EnableRopStackPivot: RTL_IMAGE_MITIGATION_POLICY,
4113 EnableRopCallerCheck: RTL_IMAGE_MITIGATION_POLICY,
4114 EnableRopSimExec: RTL_IMAGE_MITIGATION_POLICY,
4115 }}
4116 pub type PRTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY =
4117 *mut RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY;
4118 STRUCT!{struct RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY {
4119 DisallowChildProcessCreation: RTL_IMAGE_MITIGATION_POLICY,
4120 }}
4121 pub type PRTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY =
4122 *mut RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY;
4123 STRUCT!{struct RTL_IMAGE_MITIGATION_SEHOP_POLICY {
4124 Sehop: RTL_IMAGE_MITIGATION_POLICY,
4125 }}
4126 pub type PRTL_IMAGE_MITIGATION_SEHOP_POLICY = *mut RTL_IMAGE_MITIGATION_SEHOP_POLICY;
4127 STRUCT!{struct RTL_IMAGE_MITIGATION_HEAP_POLICY {
4128 TerminateOnHeapErrors: RTL_IMAGE_MITIGATION_POLICY,
4129 }}
4130 pub type PRTL_IMAGE_MITIGATION_HEAP_POLICY = *mut RTL_IMAGE_MITIGATION_HEAP_POLICY;
4131 ENUM!{enum RTL_IMAGE_MITIGATION_OPTION_STATE {
4132 RtlMitigationOptionStateNotConfigured = 0,
4133 RtlMitigationOptionStateOn = 1,
4134 RtlMitigationOptionStateOff = 2,
4135 }}
4136 pub const RTL_IMAGE_MITIGATION_FLAG_RESET: ULONG = 0x1;
4137 pub const RTL_IMAGE_MITIGATION_FLAG_REMOVE: ULONG = 0x2;
4138 pub const RTL_IMAGE_MITIGATION_FLAG_OSDEFAULT: ULONG = 0x4;
4139 pub const RTL_IMAGE_MITIGATION_FLAG_AUDIT: ULONG = 0x8;
4140 EXTERN!{extern "system" {
4141 fn RtlQueryImageMitigationPolicy(
4142 ImagePath: PWSTR,
4143 Policy: IMAGE_MITIGATION_POLICY,
4144 Flags: ULONG,
4145 Buffer: PVOID,
4146 BufferSize: ULONG,
4147 ) -> NTSTATUS;
4148 fn RtlSetImageMitigationPolicy(
4149 ImagePath: PWSTR,
4150 Policy: IMAGE_MITIGATION_POLICY,
4151 Flags: ULONG,
4152 Buffer: PVOID,
4153 BufferSize: ULONG,
4154 ) -> NTSTATUS;
4155 fn RtlGetCurrentServiceSessionId() -> ULONG;
4156 fn RtlGetActiveConsoleId() -> ULONG;
4157 fn RtlGetConsoleSessionForegroundProcessId() -> ULONGLONG;
4158 fn RtlGetTokenNamedObjectPath(
4159 Token: HANDLE,
4160 Sid: PSID,
4161 ObjectPath: PUNICODE_STRING,
4162 ) -> NTSTATUS;
4163 fn RtlGetAppContainerNamedObjectPath(
4164 Token: HANDLE,
4165 AppContainerSid: PSID,
4166 RelativePath: BOOLEAN,
4167 ObjectPath: PUNICODE_STRING,
4168 ) -> NTSTATUS;
4169 fn RtlGetAppContainerParent(
4170 AppContainerSid: PSID,
4171 AppContainerSidParent: *mut PSID,
4172 ) -> NTSTATUS;
4173 fn RtlCheckSandboxedToken(
4174 TokenHandle: HANDLE,
4175 IsSandboxed: PBOOLEAN,
4176 ) -> NTSTATUS;
4177 fn RtlCheckTokenCapability(
4178 TokenHandle: HANDLE,
4179 CapabilitySidToCheck: PSID,
4180 HasCapability: PBOOLEAN,
4181 ) -> NTSTATUS;
4182 fn RtlCapabilityCheck(
4183 TokenHandle: HANDLE,
4184 CapabilityName: PUNICODE_STRING,
4185 HasCapability: PBOOLEAN,
4186 ) -> NTSTATUS;
4187 fn RtlCheckTokenMembership(
4188 TokenHandle: HANDLE,
4189 SidToCheck: PSID,
4190 IsMember: PBOOLEAN,
4191 ) -> NTSTATUS;
4192 fn RtlCheckTokenMembershipEx(
4193 TokenHandle: HANDLE,
4194 SidToCheck: PSID,
4195 Flags: ULONG,
4196 IsMember: PBOOLEAN,
4197 ) -> NTSTATUS;
4198 fn RtlIsParentOfChildAppContainer(
4199 ParentAppContainerSid: PSID,
4200 ChildAppContainerSid: PSID,
4201 ) -> NTSTATUS;
4202 fn RtlIsCapabilitySid(
4203 Sid: PSID,
4204 ) -> BOOLEAN;
4205 fn RtlIsPackageSid(
4206 Sid: PSID,
4207 ) -> BOOLEAN;
4208 fn RtlIsValidProcessTrustLabelSid(
4209 Sid: PSID,
4210 ) -> BOOLEAN;
4211 fn RtlIsStateSeparationEnabled() -> BOOLEAN;
4212 }}
4213 ENUM!{enum APPCONTAINER_SID_TYPE {
4214 NotAppContainerSidType = 0,
4215 ChildAppContainerSidType = 1,
4216 ParentAppContainerSidType = 2,
4217 InvalidAppContainerSidType = 3,
4218 MaxAppContainerSidType = 4,
4219 }}
4220 pub type PAPPCONTAINER_SID_TYPE = *mut APPCONTAINER_SID_TYPE;
4221 EXTERN!{extern "system" {
4222 fn RtlGetAppContainerSidType(
4223 AppContainerSid: PSID,
4224 AppContainerSidType: PAPPCONTAINER_SID_TYPE,
4225 ) -> NTSTATUS;
4226 fn RtlFlsAlloc(
4227 Callback: PFLS_CALLBACK_FUNCTION,
4228 FlsIndex: PULONG,
4229 ) -> NTSTATUS;
4230 fn RtlFlsFree(
4231 FlsIndex: ULONG,
4232 ) -> NTSTATUS;
4233 }}
4234 ENUM!{enum STATE_LOCATION_TYPE {
4235 LocationTypeRegistry = 0,
4236 LocationTypeFileSystem = 1,
4237 LocationTypeMaximum = 2,
4238 }}
4239 EXTERN!{extern "system" {
4240 fn RtlGetPersistedStateLocation(
4241 SourceID: PCWSTR,
4242 CustomValue: PCWSTR,
4243 DefaultPath: PCWSTR,
4244 StateLocationType: STATE_LOCATION_TYPE,
4245 TargetPath: PWCHAR,
4246 BufferLengthIn: ULONG,
4247 BufferLengthOut: PULONG,
4248 ) -> NTSTATUS;
4249 fn RtlIsCloudFilesPlaceholder(
4250 FileAttributes: ULONG,
4251 ReparseTag: ULONG,
4252 ) -> BOOLEAN;
4253 fn RtlIsPartialPlaceholder(
4254 FileAttributes: ULONG,
4255 ReparseTag: ULONG,
4256 ) -> BOOLEAN;
4257 fn RtlIsPartialPlaceholderFileHandle(
4258 FileHandle: HANDLE,
4259 IsPartialPlaceholder: PBOOLEAN,
4260 ) -> NTSTATUS;
4261 fn RtlIsPartialPlaceholderFileInfo(
4262 InfoBuffer: *const c_void,
4263 InfoClass: FILE_INFORMATION_CLASS,
4264 IsPartialPlaceholder: PBOOLEAN,
4265 ) -> NTSTATUS;
4266 fn RtlIsNonEmptyDirectoryReparsePointAllowed(
4267 ReparseTag: ULONG,
4268 ) -> BOOLEAN;
4269 fn RtlAppxIsFileOwnedByTrustedInstaller(
4270 FileHandle: HANDLE,
4271 IsFileOwnedByTrustedInstaller: PBOOLEAN,
4272 ) -> NTSTATUS;
4273 }}
4274 STRUCT!{struct PS_PKG_CLAIM {
4275 Flags: ULONGLONG,
4276 Origin: ULONGLONG,
4277 }}
4278 pub type PPS_PKG_CLAIM = *mut PS_PKG_CLAIM;
4279 EXTERN!{extern "system" {
4280 fn RtlQueryPackageClaims(
4281 TokenHandle: HANDLE,
4282 PackageFullName: PWSTR,
4283 PackageSize: PSIZE_T,
4284 AppId: PWSTR,
4285 AppIdSize: PSIZE_T,
4286 DynamicId: *mut GUID,
4287 PkgClaim: PPS_PKG_CLAIM,
4288 AttributesPresent: PULONG64,
4289 ) -> NTSTATUS;
4290 fn RtlQueryProtectedPolicy(
4291 PolicyGuid: *mut GUID,
4292 PolicyValue: PULONG_PTR,
4293 ) -> NTSTATUS;
4294 fn RtlSetProtectedPolicy(
4295 PolicyGuid: *mut GUID,
4296 PolicyValue: ULONG_PTR,
4297 OldPolicyValue: PULONG_PTR,
4298 ) -> NTSTATUS;
4299 fn RtlIsMultiSessionSku() -> BOOLEAN;
4300 fn RtlIsMultiUsersInSessionSku() -> BOOLEAN;
4301 }}
4302 ENUM!{enum RTL_BSD_ITEM_TYPE {
4303 RtlBsdItemVersionNumber = 0,
4304 RtlBsdItemProductType = 1,
4305 RtlBsdItemAabEnabled = 2,
4306 RtlBsdItemAabTimeout = 3,
4307 RtlBsdItemBootGood = 4,
4308 RtlBsdItemBootShutdown = 5,
4309 RtlBsdSleepInProgress = 6,
4310 RtlBsdPowerTransition = 7,
4311 RtlBsdItemBootAttemptCount = 8,
4312 RtlBsdItemBootCheckpoint = 9,
4313 RtlBsdItemBootId = 10,
4314 RtlBsdItemShutdownBootId = 11,
4315 RtlBsdItemReportedAbnormalShutdownBootId = 12,
4316 RtlBsdItemErrorInfo = 13,
4317 RtlBsdItemPowerButtonPressInfo = 14,
4318 RtlBsdItemChecksum = 15,
4319 RtlBsdItemMax = 16,
4320 }}
4321 STRUCT!{struct RTL_BSD_ITEM {
4322 Type: RTL_BSD_ITEM_TYPE,
4323 DataBuffer: PVOID,
4324 DataLength: ULONG,
4325 }}
4326 pub type PRTL_BSD_ITEM = *mut RTL_BSD_ITEM;
4327 EXTERN!{extern "system" {
4328 fn RtlCreateBootStatusDataFile() -> NTSTATUS;
4329 fn RtlLockBootStatusData(
4330 FileHandle: PHANDLE,
4331 ) -> NTSTATUS;
4332 fn RtlUnlockBootStatusData(
4333 FileHandle: HANDLE,
4334 ) -> NTSTATUS;
4335 fn RtlGetSetBootStatusData(
4336 FileHandle: HANDLE,
4337 Read: BOOLEAN,
4338 DataClass: RTL_BSD_ITEM_TYPE,
4339 Buffer: PVOID,
4340 BufferSize: ULONG,
4341 ReturnLength: PULONG,
4342 ) -> NTSTATUS;
4343 fn RtlCheckBootStatusIntegrity(
4344 FileHandle: HANDLE,
4345 Verified: PBOOLEAN,
4346 ) -> NTSTATUS;
4347 fn RtlCheckPortableOperatingSystem(
4348 IsPortable: PBOOLEAN,
4349 ) -> NTSTATUS;
4350 fn RtlSetPortableOperatingSystem(
4351 IsPortable: BOOLEAN,
4352 ) -> NTSTATUS;
4353 }}
4354 EXTERN!{extern "system" {
4355 fn RtlOsDeploymentState(
4356 Flags: DWORD,
4357 ) -> OS_DEPLOYEMENT_STATE_VALUES;
4358 fn RtlFindClosestEncodableLength(
4359 SourceLength: ULONGLONG,
4360 TargetLength: PULONGLONG,
4361 ) -> NTSTATUS;
4362 }}
4363 FN!{stdcall PRTL_SECURE_MEMORY_CACHE_CALLBACK(
4364 Address: PVOID,
4365 Length: SIZE_T,
4366 ) -> NTSTATUS}
4367 EXTERN!{extern "system" {
4368 fn RtlRegisterSecureMemoryCacheCallback(
4369 Callback: PRTL_SECURE_MEMORY_CACHE_CALLBACK,
4370 ) -> NTSTATUS;
4371 fn RtlDeregisterSecureMemoryCacheCallback(
4372 Callback: PRTL_SECURE_MEMORY_CACHE_CALLBACK,
4373 ) -> NTSTATUS;
4374 fn RtlFlushSecureMemoryCache(
4375 MemoryCache: PVOID,
4376 MemoryLength: SIZE_T,
4377 ) -> BOOLEAN;
4378 }}
4379