1 use crate::ntioapi::{PIO_APC_ROUTINE, PIO_STATUS_BLOCK}; 2 use winapi::shared::ntdef::{ 3 BOOLEAN, HANDLE, LARGE_INTEGER, NTSTATUS, OBJECT_ATTRIBUTES, PHANDLE, POBJECT_ATTRIBUTES, 4 PULONG, PUNICODE_STRING, PVOID, UCHAR, ULONG, UNICODE_STRING, USHORT, WCHAR, 5 }; 6 use winapi::um::winnt::ACCESS_MASK; 7 pub const REG_INIT_BOOT_SM: USHORT = 0x0000; 8 pub const REG_INIT_BOOT_SETUP: USHORT = 0x0001; 9 pub const REG_INIT_BOOT_ACCEPTED_BASE: USHORT = 0x0002; 10 pub const REG_INIT_BOOT_ACCEPTED_MAX: USHORT = REG_INIT_BOOT_ACCEPTED_BASE; 11 pub const REG_MAX_KEY_VALUE_NAME_LENGTH: u32 = 32767; 12 pub const REG_MAX_KEY_NAME_LENGTH: u32 = 512; 13 ENUM!{enum KEY_INFORMATION_CLASS { 14 KeyBasicInformation = 0, 15 KeyNodeInformation = 1, 16 KeyFullInformation = 2, 17 KeyNameInformation = 3, 18 KeyCachedInformation = 4, 19 KeyFlagsInformation = 5, 20 KeyVirtualizationInformation = 6, 21 KeyHandleTagsInformation = 7, 22 KeyTrustInformation = 8, 23 KeyLayerInformation = 9, 24 MaxKeyInfoClass = 10, 25 }} 26 STRUCT!{struct KEY_BASIC_INFORMATION { 27 LastWriteTime: LARGE_INTEGER, 28 TitleIndex: ULONG, 29 NameLength: ULONG, 30 Name: [WCHAR; 1], 31 }} 32 pub type PKEY_BASIC_INFORMATION = *mut KEY_BASIC_INFORMATION; 33 STRUCT!{struct KEY_NODE_INFORMATION { 34 LastWriteTime: LARGE_INTEGER, 35 TitleIndex: ULONG, 36 ClassOffset: ULONG, 37 ClassLength: ULONG, 38 NameLength: ULONG, 39 Name: [WCHAR; 1], 40 }} 41 pub type PKEY_NODE_INFORMATION = *mut KEY_NODE_INFORMATION; 42 STRUCT!{struct KEY_FULL_INFORMATION { 43 LastWriteTime: LARGE_INTEGER, 44 TitleIndex: ULONG, 45 ClassOffset: ULONG, 46 ClassLength: ULONG, 47 SubKeys: ULONG, 48 MaxNameLen: ULONG, 49 MaxClassLen: ULONG, 50 Values: ULONG, 51 MaxValueNameLen: ULONG, 52 MaxValueDataLen: ULONG, 53 Class: [WCHAR; 1], 54 }} 55 pub type PKEY_FULL_INFORMATION = *mut KEY_FULL_INFORMATION; 56 STRUCT!{struct KEY_NAME_INFORMATION { 57 NameLength: ULONG, 58 Name: [WCHAR; 1], 59 }} 60 pub type PKEY_NAME_INFORMATION = *mut KEY_NAME_INFORMATION; 61 STRUCT!{struct KEY_CACHED_INFORMATION { 62 LastWriteTime: LARGE_INTEGER, 63 TitleIndex: ULONG, 64 SubKeys: ULONG, 65 MaxNameLen: ULONG, 66 Values: ULONG, 67 MaxValueNameLen: ULONG, 68 MaxValueDataLen: ULONG, 69 NameLength: ULONG, 70 Name: [WCHAR; 1], 71 }} 72 pub type PKEY_CACHED_INFORMATION = *mut KEY_CACHED_INFORMATION; 73 STRUCT!{struct KEY_FLAGS_INFORMATION { 74 UserFlags: ULONG, 75 }} 76 pub type PKEY_FLAGS_INFORMATION = *mut KEY_FLAGS_INFORMATION; 77 STRUCT!{struct KEY_VIRTUALIZATION_INFORMATION { 78 Bitfields: ULONG, 79 }} 80 BITFIELD!{KEY_VIRTUALIZATION_INFORMATION Bitfields: ULONG [ 81 VirtualizationCandidate set_VirtualizationCandidate[0..1], 82 VirtualizationEnabled set_VirtualizationEnabled[1..2], 83 VirtualTarget set_VirtualTarget[2..3], 84 VirtualStore set_VirtualStore[3..4], 85 VirtualSource set_VirtualSource[4..5], 86 Reserved set_Reserved[5..32], 87 ]} 88 pub type PKEY_VIRTUALIZATION_INFORMATION = *mut KEY_VIRTUALIZATION_INFORMATION; 89 STRUCT!{struct KEY_TRUST_INFORMATION { 90 Bitfields: ULONG, 91 }} 92 BITFIELD!{KEY_TRUST_INFORMATION Bitfields: ULONG [ 93 TrustedKey set_TrustedKey[0..1], 94 Reserved set_Reserved[1..32], 95 ]} 96 pub type PKEY_TRUST_INFORMATION = *mut KEY_TRUST_INFORMATION; 97 STRUCT!{struct KEY_LAYER_INFORMATION { 98 IsTombstone: ULONG, 99 IsSupersedeLocal: ULONG, 100 IsSupersedeTree: ULONG, 101 ClassIsInherited: ULONG, 102 Reserved: ULONG, 103 }} 104 pub type PKEY_LAYER_INFORMATION = *mut KEY_LAYER_INFORMATION; 105 ENUM!{enum KEY_SET_INFORMATION_CLASS { 106 KeyWriteTimeInformation = 0, 107 KeyWow64FlagsInformation = 1, 108 KeyControlFlagsInformation = 2, 109 KeySetVirtualizationInformation = 3, 110 KeySetDebugInformation = 4, 111 KeySetHandleTagsInformation = 5, 112 KeySetLayerInformation = 6, 113 MaxKeySetInfoClass = 7, 114 }} 115 STRUCT!{struct KEY_WRITE_TIME_INFORMATION { 116 LastWriteTime: LARGE_INTEGER, 117 }} 118 pub type PKEY_WRITE_TIME_INFORMATION = *mut KEY_WRITE_TIME_INFORMATION; 119 STRUCT!{struct KEY_WOW64_FLAGS_INFORMATION { 120 UserFlags: ULONG, 121 }} 122 pub type PKEY_WOW64_FLAGS_INFORMATION = *mut KEY_WOW64_FLAGS_INFORMATION; 123 STRUCT!{struct KEY_HANDLE_TAGS_INFORMATION { 124 HandleTags: ULONG, 125 }} 126 pub type PKEY_HANDLE_TAGS_INFORMATION = *mut KEY_HANDLE_TAGS_INFORMATION; 127 STRUCT!{struct KEY_SET_LAYER_INFORMATION { 128 Bitfields: ULONG, 129 }} 130 BITFIELD!{KEY_SET_LAYER_INFORMATION Bitfields: ULONG [ 131 IsTombstone set_IsTombstone[0..1], 132 IsSupersedeLocal set_IsSupersedeLocal[1..2], 133 IsSupersedeTree set_IsSupersedeTree[2..3], 134 ClassIsInherited set_ClassIsInherited[3..4], 135 Reserved set_Reserved[4..32], 136 ]} 137 pub type PKEY_SET_LAYER_INFORMATION = *mut KEY_SET_LAYER_INFORMATION; 138 STRUCT!{struct KEY_CONTROL_FLAGS_INFORMATION { 139 ControlFlags: ULONG, 140 }} 141 pub type PKEY_CONTROL_FLAGS_INFORMATION = *mut KEY_CONTROL_FLAGS_INFORMATION; 142 STRUCT!{struct KEY_SET_VIRTUALIZATION_INFORMATION { 143 HandleTags: ULONG, 144 }} 145 BITFIELD!{KEY_SET_VIRTUALIZATION_INFORMATION HandleTags: ULONG [ 146 VirtualTarget set_VirtualTarget[0..1], 147 VirtualStore set_VirtualStore[1..2], 148 VirtualSource set_VirtualSource[2..3], 149 Reserved set_Reserved[3..32], 150 ]} 151 pub type PKEY_SET_VIRTUALIZATION_INFORMATION = *mut KEY_SET_VIRTUALIZATION_INFORMATION; 152 ENUM!{enum KEY_VALUE_INFORMATION_CLASS { 153 KeyValueBasicInformation = 0, 154 KeyValueFullInformation = 1, 155 KeyValuePartialInformation = 2, 156 KeyValueFullInformationAlign64 = 3, 157 KeyValuePartialInformationAlign64 = 4, 158 KeyValueLayerInformation = 5, 159 MaxKeyValueInfoClass = 6, 160 }} 161 STRUCT!{struct KEY_VALUE_BASIC_INFORMATION { 162 TitleIndex: ULONG, 163 Type: ULONG, 164 NameLength: ULONG, 165 Name: [WCHAR; 1], 166 }} 167 pub type PKEY_VALUE_BASIC_INFORMATION = *mut KEY_VALUE_BASIC_INFORMATION; 168 STRUCT!{struct KEY_VALUE_FULL_INFORMATION { 169 TitleIndex: ULONG, 170 Type: ULONG, 171 DataOffset: ULONG, 172 DataLength: ULONG, 173 NameLength: ULONG, 174 Name: [WCHAR; 1], 175 }} 176 pub type PKEY_VALUE_FULL_INFORMATION = *mut KEY_VALUE_FULL_INFORMATION; 177 STRUCT!{struct KEY_VALUE_PARTIAL_INFORMATION { 178 TitleIndex: ULONG, 179 Type: ULONG, 180 DataLength: ULONG, 181 Data: [UCHAR; 1], 182 }} 183 pub type PKEY_VALUE_PARTIAL_INFORMATION = *mut KEY_VALUE_PARTIAL_INFORMATION; 184 STRUCT!{struct KEY_VALUE_PARTIAL_INFORMATION_ALIGN64 { 185 Type: ULONG, 186 DataLength: ULONG, 187 Data: [UCHAR; 1], 188 }} 189 pub type PKEY_VALUE_PARTIAL_INFORMATION_ALIGN64 = *mut KEY_VALUE_PARTIAL_INFORMATION_ALIGN64; 190 STRUCT!{struct KEY_VALUE_LAYER_INFORMATION { 191 IsTombstone: ULONG, 192 Reserved: ULONG, 193 }} 194 pub type PKEY_VALUE_LAYER_INFORMATION = *mut KEY_VALUE_LAYER_INFORMATION; 195 STRUCT!{struct KEY_VALUE_ENTRY { 196 ValueName: PUNICODE_STRING, 197 DataLength: ULONG, 198 DataOffset: ULONG, 199 Type: ULONG, 200 }} 201 pub type PKEY_VALUE_ENTRY = *mut KEY_VALUE_ENTRY; 202 ENUM!{enum REG_ACTION { 203 KeyAdded = 0, 204 KeyRemoved = 1, 205 KeyModified = 2, 206 }} 207 STRUCT!{struct REG_NOTIFY_INFORMATION { 208 NextEntryOffset: ULONG, 209 Action: REG_ACTION, 210 KeyLength: ULONG, 211 Key: [WCHAR; 1], 212 }} 213 pub type PREG_NOTIFY_INFORMATION = *mut REG_NOTIFY_INFORMATION; 214 STRUCT!{struct KEY_PID_ARRAY { 215 PID: HANDLE, 216 KeyName: UNICODE_STRING, 217 }} 218 pub type PKEY_PID_ARRAY = *mut KEY_PID_ARRAY; 219 STRUCT!{struct KEY_OPEN_SUBKEYS_INFORMATION { 220 Count: ULONG, 221 KeyArray: [KEY_PID_ARRAY; 1], 222 }} 223 pub type PKEY_OPEN_SUBKEYS_INFORMATION = *mut KEY_OPEN_SUBKEYS_INFORMATION; 224 EXTERN!{extern "system" { 225 fn NtCreateKey( 226 KeyHandle: PHANDLE, 227 DesiredAccess: ACCESS_MASK, 228 ObjectAttributes: POBJECT_ATTRIBUTES, 229 TitleIndex: ULONG, 230 Class: PUNICODE_STRING, 231 CreateOptions: ULONG, 232 Disposition: PULONG, 233 ) -> NTSTATUS; 234 fn NtCreateKeyTransacted( 235 KeyHandle: PHANDLE, 236 DesiredAccess: ACCESS_MASK, 237 ObjectAttributes: POBJECT_ATTRIBUTES, 238 TitleIndex: ULONG, 239 Class: PUNICODE_STRING, 240 CreateOptions: ULONG, 241 TransactionHandle: HANDLE, 242 Disposition: PULONG, 243 ) -> NTSTATUS; 244 fn NtOpenKey( 245 KeyHandle: PHANDLE, 246 DesiredAccess: ACCESS_MASK, 247 ObjectAttributes: POBJECT_ATTRIBUTES, 248 ) -> NTSTATUS; 249 fn NtOpenKeyTransacted( 250 KeyHandle: PHANDLE, 251 DesiredAccess: ACCESS_MASK, 252 ObjectAttributes: POBJECT_ATTRIBUTES, 253 TransactionHandle: HANDLE, 254 ) -> NTSTATUS; 255 fn NtOpenKeyEx( 256 KeyHandle: PHANDLE, 257 DesiredAccess: ACCESS_MASK, 258 ObjectAttributes: POBJECT_ATTRIBUTES, 259 OpenOptions: ULONG, 260 ) -> NTSTATUS; 261 fn NtOpenKeyTransactedEx( 262 KeyHandle: PHANDLE, 263 DesiredAccess: ACCESS_MASK, 264 ObjectAttributes: POBJECT_ATTRIBUTES, 265 OpenOptions: ULONG, 266 TransactionHandle: HANDLE, 267 ) -> NTSTATUS; 268 fn NtDeleteKey( 269 KeyHandle: HANDLE, 270 ) -> NTSTATUS; 271 fn NtRenameKey( 272 KeyHandle: HANDLE, 273 NewName: PUNICODE_STRING, 274 ) -> NTSTATUS; 275 fn NtDeleteValueKey( 276 KeyHandle: HANDLE, 277 ValueName: PUNICODE_STRING, 278 ) -> NTSTATUS; 279 fn NtQueryKey( 280 KeyHandle: HANDLE, 281 KeyInformationClass: KEY_INFORMATION_CLASS, 282 KeyInformation: PVOID, 283 Length: ULONG, 284 ResultLength: PULONG, 285 ) -> NTSTATUS; 286 fn NtSetInformationKey( 287 KeyHandle: HANDLE, 288 KeySetInformationClass: KEY_SET_INFORMATION_CLASS, 289 KeySetInformation: PVOID, 290 KeySetInformationLength: ULONG, 291 ) -> NTSTATUS; 292 fn NtQueryValueKey( 293 KeyHandle: HANDLE, 294 ValueName: PUNICODE_STRING, 295 KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS, 296 KeyValueInformation: PVOID, 297 Length: ULONG, 298 ResultLength: PULONG, 299 ) -> NTSTATUS; 300 fn NtSetValueKey( 301 KeyHandle: HANDLE, 302 ValueName: PUNICODE_STRING, 303 TitleIndex: ULONG, 304 Type: ULONG, 305 Data: PVOID, 306 DataSize: ULONG, 307 ) -> NTSTATUS; 308 fn NtQueryMultipleValueKey( 309 KeyHandle: HANDLE, 310 ValueEntries: PKEY_VALUE_ENTRY, 311 EntryCount: ULONG, 312 ValueBuffer: PVOID, 313 BufferLength: PULONG, 314 RequiredBufferLength: PULONG, 315 ) -> NTSTATUS; 316 fn NtEnumerateKey( 317 KeyHandle: HANDLE, 318 Index: ULONG, 319 KeyInformationClass: KEY_INFORMATION_CLASS, 320 KeyInformation: PVOID, 321 Length: ULONG, 322 ResultLength: PULONG, 323 ) -> NTSTATUS; 324 fn NtEnumerateValueKey( 325 KeyHandle: HANDLE, 326 Index: ULONG, 327 KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS, 328 KeyValueInformation: PVOID, 329 Length: ULONG, 330 ResultLength: PULONG, 331 ) -> NTSTATUS; 332 fn NtFlushKey( 333 KeyHandle: HANDLE, 334 ) -> NTSTATUS; 335 fn NtCompactKeys( 336 Count: ULONG, 337 KeyArray: *mut HANDLE, 338 ) -> NTSTATUS; 339 fn NtCompressKey( 340 Key: HANDLE, 341 ) -> NTSTATUS; 342 fn NtLoadKey( 343 TargetKey: POBJECT_ATTRIBUTES, 344 SourceFile: POBJECT_ATTRIBUTES, 345 ) -> NTSTATUS; 346 fn NtLoadKey2( 347 TargetKey: POBJECT_ATTRIBUTES, 348 SourceFile: POBJECT_ATTRIBUTES, 349 Flags: ULONG, 350 ) -> NTSTATUS; 351 fn NtLoadKeyEx( 352 TargetKey: POBJECT_ATTRIBUTES, 353 SourceFile: POBJECT_ATTRIBUTES, 354 Flags: ULONG, 355 TrustClassKey: HANDLE, 356 Event: HANDLE, 357 DesiredAccess: ACCESS_MASK, 358 RootHandle: PHANDLE, 359 IoStatus: PIO_STATUS_BLOCK, 360 ) -> NTSTATUS; 361 fn NtReplaceKey( 362 NewFile: POBJECT_ATTRIBUTES, 363 TargetHandle: HANDLE, 364 OldFile: POBJECT_ATTRIBUTES, 365 ) -> NTSTATUS; 366 fn NtSaveKey( 367 KeyHandle: HANDLE, 368 FileHandle: HANDLE, 369 ) -> NTSTATUS; 370 fn NtSaveKeyEx( 371 KeyHandle: HANDLE, 372 FileHandle: HANDLE, 373 Format: ULONG, 374 ) -> NTSTATUS; 375 fn NtSaveMergedKeys( 376 HighPrecedenceKeyHandle: HANDLE, 377 LowPrecedenceKeyHandle: HANDLE, 378 FileHandle: HANDLE, 379 ) -> NTSTATUS; 380 fn NtRestoreKey( 381 KeyHandle: HANDLE, 382 FileHandle: HANDLE, 383 Flags: ULONG, 384 ) -> NTSTATUS; 385 fn NtUnloadKey( 386 TargetKey: POBJECT_ATTRIBUTES, 387 ) -> NTSTATUS; 388 }} 389 pub const REG_FORCE_UNLOAD: ULONG = 1; 390 pub const REG_UNLOAD_LEGAL_FLAGS: ULONG = REG_FORCE_UNLOAD; 391 EXTERN!{extern "system" { 392 fn NtUnloadKey2( 393 TargetKey: POBJECT_ATTRIBUTES, 394 Flags: ULONG, 395 ) -> NTSTATUS; 396 fn NtUnloadKeyEx( 397 TargetKey: POBJECT_ATTRIBUTES, 398 Event: HANDLE, 399 ) -> NTSTATUS; 400 fn NtNotifyChangeKey( 401 KeyHandle: HANDLE, 402 Event: HANDLE, 403 ApcRoutine: PIO_APC_ROUTINE, 404 ApcContext: PVOID, 405 IoStatusBlock: PIO_STATUS_BLOCK, 406 CompletionFilter: ULONG, 407 WatchTree: BOOLEAN, 408 Buffer: PVOID, 409 BufferSize: ULONG, 410 Asynchronous: BOOLEAN, 411 ) -> NTSTATUS; 412 fn NtNotifyChangeMultipleKeys( 413 MasterKeyHandle: HANDLE, 414 Count: ULONG, 415 SubordinateObjects: *mut OBJECT_ATTRIBUTES, 416 Event: HANDLE, 417 ApcRoutine: PIO_APC_ROUTINE, 418 ApcContext: PVOID, 419 IoStatusBlock: PIO_STATUS_BLOCK, 420 CompletionFilter: ULONG, 421 WatchTree: BOOLEAN, 422 Buffer: PVOID, 423 BufferSize: ULONG, 424 Asynchronous: BOOLEAN, 425 ) -> NTSTATUS; 426 fn NtQueryOpenSubKeys( 427 TargetKey: POBJECT_ATTRIBUTES, 428 HandleCount: PULONG, 429 ) -> NTSTATUS; 430 fn NtQueryOpenSubKeysEx( 431 TargetKey: POBJECT_ATTRIBUTES, 432 BufferLength: ULONG, 433 Buffer: PVOID, 434 RequiredSize: PULONG, 435 ) -> NTSTATUS; 436 fn NtInitializeRegistry( 437 BootCondition: USHORT, 438 ) -> NTSTATUS; 439 fn NtLockRegistryKey( 440 KeyHandle: HANDLE, 441 ) -> NTSTATUS; 442 fn NtLockProductActivationKeys( 443 pPrivateVer: *mut ULONG, 444 pSafeMode: *mut ULONG, 445 ) -> NTSTATUS; 446 fn NtFreezeRegistry( 447 TimeOutInSeconds: ULONG, 448 ) -> NTSTATUS; 449 fn NtThawRegistry() -> NTSTATUS; 450 }} 451