1 use core::mem::size_of;
2 use crate::ntapi_base::CLIENT_ID32;
3 use crate::ntldr::{LDR_DDAG_STATE, LDR_DLL_LOAD_REASON};
4 use crate::ntpsapi::GDI_HANDLE_BUFFER32;
5 use crate::ntrtl::RTL_MAX_DRIVE_LETTERS;
6 use crate::string::{UTF16Const, UTF8Const};
7 use winapi::shared::guiddef::GUID;
8 use winapi::shared::ntdef::{
9 BOOLEAN, CHAR, LARGE_INTEGER, LCID, LIST_ENTRY32, LONG, NTSTATUS, PROCESSOR_NUMBER,
10 SINGLE_LIST_ENTRY32, STRING32, UCHAR, ULARGE_INTEGER, ULONG, ULONGLONG, UNICODE_STRING,
11 UNICODE_STRING32, USHORT, WCHAR,
12 };
13 use winapi::um::winnt::{FLS_MAXIMUM_AVAILABLE, NT_TIB32};
14 pub const WOW64_SYSTEM_DIRECTORY: UTF8Const = UTF8Const("SysWOW64\0");
15 /// "SysWOW64"
16 pub const WOW64_SYSTEM_DIRECTORY_U: UTF16Const = UTF16Const(&[
17 0x0053, 0x0079, 0x0073, 0x0057, 0x004F, 0x0057, 0x0036, 0x0034, 0u16,
18 ]);
19 pub const WOW64_X86_TAG: UTF8Const = UTF8Const(" (x86)\0");
20 /// " (x86)"
21 pub const WOW64_X86_TAG_U: UTF16Const = UTF16Const(&[
22 0x0020, 0x0028, 0x0078, 0x0038, 0x0036, 0x0029, 0u16,
23 ]);
24 ENUM!{enum WOW64_SHARED_INFORMATION {
25 SharedNtdll32LdrInitializeThunk = 0,
26 SharedNtdll32KiUserExceptionDispatcher = 1,
27 SharedNtdll32KiUserApcDispatcher = 2,
28 SharedNtdll32KiUserCallbackDispatcher = 3,
29 SharedNtdll32ExpInterlockedPopEntrySListFault = 4,
30 SharedNtdll32ExpInterlockedPopEntrySListResume = 5,
31 SharedNtdll32ExpInterlockedPopEntrySListEnd = 6,
32 SharedNtdll32RtlUserThreadStart = 7,
33 SharedNtdll32pQueryProcessDebugInformationRemote = 8,
34 SharedNtdll32BaseAddress = 9,
35 SharedNtdll32LdrSystemDllInitBlock = 10,
36 Wow64SharedPageEntriesCount = 11,
37 }}
38 STRUCT!{struct RTL_BALANCED_NODE32_u_s {
39 Left: ULONG, // WOW64_POINTER
40 Right: ULONG, // WOW64_POINTER
41 }}
42 UNION!{union RTL_BALANCED_NODE32_u {
43 Children: [ULONG; 2], // WOW64_POINTER
44 s: RTL_BALANCED_NODE32_u_s,
45 }}
46 STRUCT!{struct RTL_BALANCED_NODE32 {
47 u: RTL_BALANCED_NODE32_u,
48 ParentValue: ULONG,
49 }}
50 pub type PRTL_BALANCED_NODE32 = *mut RTL_BALANCED_NODE32;
51 STRUCT!{struct RTL_RB_TREE32 {
52 Root: ULONG, // WOW64_POINTER
53 Min: ULONG, // WOW64_POINTER
54 }}
55 pub type PRTL_RB_TREE32 = *mut RTL_RB_TREE32;
56 STRUCT!{struct PEB_LDR_DATA32 {
57 Length: ULONG,
58 Initialized: BOOLEAN,
59 SsHandle: ULONG,
60 InLoadOrderModuleList: LIST_ENTRY32,
61 InMemoryOrderModuleList: LIST_ENTRY32,
62 InInitializationOrderModuleList: LIST_ENTRY32,
63 EntryInProgress: ULONG,
64 ShutdownInProgress: BOOLEAN,
65 ShutdownThreadId: ULONG,
66 }}
67 pub type PPEB_LDR_DATA32 = *mut PEB_LDR_DATA32;
68 STRUCT!{struct LDR_SERVICE_TAG_RECORD32 {
69 Next: ULONG,
70 ServiceTag: ULONG,
71 }}
72 pub type PLDR_SERVICE_TAG_RECORD32 = *mut LDR_SERVICE_TAG_RECORD32;
73 STRUCT!{struct LDRP_CSLIST32 {
74 Tail: ULONG, // WOW64_POINTER
75 }}
76 pub type PLDRP_CSLIST32 = *mut LDRP_CSLIST32;
77 UNION!{union LDR_DDAG_NODE32_u {
78 Dependencies: LDRP_CSLIST32,
79 RemovalLink: SINGLE_LIST_ENTRY32,
80 }}
81 STRUCT!{struct LDR_DDAG_NODE32 {
82 Modules: LIST_ENTRY32,
83 ServiceTagList: ULONG, // WOW64_POINTER
84 LoadCount: ULONG,
85 LoadWhileUnloadingCount: ULONG,
86 LowestLink: ULONG,
87 u: LDR_DDAG_NODE32_u,
88 IncomingDependencies: LDRP_CSLIST32,
89 State: LDR_DDAG_STATE,
90 CondenseLink: SINGLE_LIST_ENTRY32,
91 PreorderNumber: ULONG,
92 }}
93 pub type PLDR_DDAG_NODE32 = *mut LDR_DDAG_NODE32;
94 pub const LDR_DATA_TABLE_ENTRY_SIZE_WINXP_32: usize = 80;
95 pub const LDR_DATA_TABLE_ENTRY_SIZE_WIN7_32: usize = 144;
96 pub const LDR_DATA_TABLE_ENTRY_SIZE_WIN8_32: usize = 152;
97 UNION!{union LDR_DATA_TABLE_ENTRY32_u1 {
98 InInitializationOrderLinks: LIST_ENTRY32,
99 InProgressLinks: LIST_ENTRY32,
100 }}
101 UNION!{union LDR_DATA_TABLE_ENTRY32_u2 {
102 FlagGroup: [UCHAR; 4],
103 Flags: ULONG,
104 }}
105 STRUCT!{struct LDR_DATA_TABLE_ENTRY32 {
106 InLoadOrderLinks: LIST_ENTRY32,
107 InMemoryOrderLinks: LIST_ENTRY32,
108 u1: LDR_DATA_TABLE_ENTRY32_u1,
109 DllBase: ULONG, // WOW64_POINTER
110 EntryPoint: ULONG, // WOW64_POINTER
111 SizeOfImage: ULONG,
112 FullDllName: UNICODE_STRING32,
113 BaseDllName: UNICODE_STRING32,
114 u2: LDR_DATA_TABLE_ENTRY32_u2,
115 ObsoleteLoadCount: USHORT,
116 TlsIndex: USHORT,
117 HashLinks: LIST_ENTRY32,
118 TimeDateStamp: ULONG,
119 EntryPointActivationContext: ULONG, // WOW64_POINTER
120 Lock: ULONG, // WOW64_POINTER
121 DdagNode: ULONG, // WOW64_POINTER
122 NodeModuleLink: LIST_ENTRY32,
123 LoadContext: ULONG, // WOW64_POINTER
124 ParentDllBase: ULONG, // WOW64_POINTER
125 SwitchBackContext: ULONG, // WOW64_POINTER
126 BaseAddressIndexNode: RTL_BALANCED_NODE32,
127 MappingInfoIndexNode: RTL_BALANCED_NODE32,
128 OriginalBase: ULONG,
129 LoadTime: LARGE_INTEGER,
130 BaseNameHashValue: ULONG,
131 LoadReason: LDR_DLL_LOAD_REASON,
132 ImplicitPathOptions: ULONG,
133 ReferenceCount: ULONG,
134 DependentLoadFlags: ULONG,
135 SigningLevel: UCHAR,
136 }}
137 BITFIELD!{unsafe LDR_DATA_TABLE_ENTRY32_u2 Flags: ULONG [
138 PackagedBinary set_PackagedBinary[0..1],
139 MarkedForRemoval set_MarkedForRemoval[1..2],
140 ImageDll set_ImageDll[2..3],
141 LoadNotificationsSent set_LoadNotificationsSent[3..4],
142 TelemetryEntryProcessed set_TelemetryEntryProcessed[4..5],
143 ProcessStaticImport set_ProcessStaticImport[5..6],
144 InLegacyLists set_InLegacyLists[6..7],
145 InIndexes set_InIndexes[7..8],
146 ShimDll set_ShimDll[8..9],
147 InExceptionTable set_InExceptionTable[9..10],
148 ReservedFlags1 set_ReservedFlags1[10..12],
149 LoadInProgress set_LoadInProgress[12..13],
150 LoadConfigProcessed set_LoadConfigProcessed[13..14],
151 EntryProcessed set_EntryProcessed[14..15],
152 ProtectDelayLoad set_ProtectDelayLoad[15..16],
153 ReservedFlags3 set_ReservedFlags3[16..18],
154 DontCallForThreads set_DontCallForThreads[18..19],
155 ProcessAttachCalled set_ProcessAttachCalled[19..20],
156 ProcessAttachFailed set_ProcessAttachFailed[20..21],
157 CorDeferredValidate set_CorDeferredValidate[21..22],
158 CorImage set_CorImage[22..23],
159 DontRelocate set_DontRelocate[23..24],
160 CorILOnly set_CorILOnly[24..25],
161 ReservedFlags5 set_ReservedFlags5[25..28],
162 Redirected set_Redirected[28..29],
163 ReservedFlags6 set_ReservedFlags6[29..31],
164 CompatDatabaseProcessed set_CompatDatabaseProcessed[31..32],
165 ]}
166 pub type PLDR_DATA_TABLE_ENTRY32 = *mut LDR_DATA_TABLE_ENTRY32;
167 STRUCT!{struct CURDIR32 {
168 DosPath: UNICODE_STRING32,
169 Handle: ULONG, // WOW64_POINTER
170 }}
171 pub type PCURDIR32 = *mut CURDIR32;
172 STRUCT!{struct RTL_DRIVE_LETTER_CURDIR32 {
173 Flags: USHORT,
174 Length: USHORT,
175 TimeStamp: ULONG,
176 DosPath: STRING32,
177 }}
178 pub type PRTL_DRIVE_LETTER_CURDIR32 = *mut RTL_DRIVE_LETTER_CURDIR32;
179 STRUCT!{struct RTL_USER_PROCESS_PARAMETERS32 {
180 MaximumLength: ULONG,
181 Length: ULONG,
182 Flags: ULONG,
183 DebugFlags: ULONG,
184 ConsoleHandle: ULONG, // WOW64_POINTER
185 ConsoleFlags: ULONG,
186 StandardInput: ULONG, // WOW64_POINTER
187 StandardOutput: ULONG, // WOW64_POINTER
188 StandardError: ULONG, // WOW64_POINTER
189 CurrentDirectory: CURDIR32,
190 DllPath: UNICODE_STRING32,
191 ImagePathName: UNICODE_STRING32,
192 CommandLine: UNICODE_STRING32,
193 Environment: ULONG, // WOW64_POINTER
194 StartingX: ULONG,
195 StartingY: ULONG,
196 CountX: ULONG,
197 CountY: ULONG,
198 CountCharsX: ULONG,
199 CountCharsY: ULONG,
200 FillAttribute: ULONG,
201 WindowFlags: ULONG,
202 ShowWindowFlags: ULONG,
203 WindowTitle: UNICODE_STRING32,
204 DesktopInfo: UNICODE_STRING32,
205 ShellInfo: UNICODE_STRING32,
206 RuntimeData: UNICODE_STRING32,
207 CurrentDirectories: [RTL_DRIVE_LETTER_CURDIR32; RTL_MAX_DRIVE_LETTERS],
208 EnvironmentSize: ULONG,
209 EnvironmentVersion: ULONG,
210 PackageDependencyData: ULONG, // WOW64_POINTER
211 ProcessGroupId: ULONG,
212 LoaderThreads: ULONG,
213 }}
214 pub type PRTL_USER_PROCESS_PARAMETERS32 = *mut RTL_USER_PROCESS_PARAMETERS32;
215 UNION!{union PEB32_u {
216 KernelCallbackTable: ULONG, // WOW64_POINTER
217 UserSharedInfoPtr: ULONG, // WOW64_POINTER
218 }}
219 STRUCT!{struct PEB32 {
220 InheritedAddressSpace: BOOLEAN,
221 ReadImageFileExecOptions: BOOLEAN,
222 BeingDebugged: BOOLEAN,
223 BitField: BOOLEAN,
224 Mutant: ULONG, // WOW64_POINTER
225 ImageBaseAddress: ULONG, // WOW64_POINTER
226 Ldr: ULONG, // WOW64_POINTER
227 ProcessParameters: ULONG, // WOW64_POINTER
228 SubSystemData: ULONG, // WOW64_POINTER
229 ProcessHeap: ULONG, // WOW64_POINTER
230 FastPebLock: ULONG, // WOW64_POINTER
231 AtlThunkSListPtr: ULONG, // WOW64_POINTER
232 IFEOKey: ULONG, // WOW64_POINTER
233 CrossProcessFlags: ULONG,
234 u: PEB32_u,
235 SystemReserved: [ULONG; 1],
236 AtlThunkSListPtr32: ULONG,
237 ApiSetMap: ULONG, // WOW64_POINTER
238 TlsExpansionCounter: ULONG,
239 TlsBitmap: ULONG, // WOW64_POINTER
240 TlsBitmapBits: [ULONG; 2],
241 ReadOnlySharedMemoryBase: ULONG, // WOW64_POINTER
242 HotpatchInformation: ULONG, // WOW64_POINTER
243 ReadOnlyStaticServerData: ULONG, // WOW64_POINTER
244 AnsiCodePageData: ULONG, // WOW64_POINTER
245 OemCodePageData: ULONG, // WOW64_POINTER
246 UnicodeCaseTableData: ULONG, // WOW64_POINTER
247 NumberOfProcessors: ULONG,
248 NtGlobalFlag: ULONG,
249 CriticalSectionTimeout: LARGE_INTEGER,
250 HeapSegmentReserve: ULONG,
251 HeapSegmentCommit: ULONG,
252 HeapDeCommitTotalFreeThreshold: ULONG,
253 HeapDeCommitFreeBlockThreshold: ULONG,
254 NumberOfHeaps: ULONG,
255 MaximumNumberOfHeaps: ULONG,
256 ProcessHeaps: ULONG, // WOW64_POINTER
257 GdiSharedHandleTable: ULONG, // WOW64_POINTER
258 ProcessStarterHelper: ULONG, // WOW64_POINTER
259 GdiDCAttributeList: ULONG,
260 LoaderLock: ULONG, // WOW64_POINTER
261 OSMajorVersion: ULONG,
262 OSMinorVersion: ULONG,
263 OSBuildNumber: USHORT,
264 OSCSDVersion: USHORT,
265 OSPlatformId: ULONG,
266 ImageSubsystem: ULONG,
267 ImageSubsystemMajorVersion: ULONG,
268 ImageSubsystemMinorVersion: ULONG,
269 ActiveProcessAffinityMask: ULONG,
270 GdiHandleBuffer: GDI_HANDLE_BUFFER32,
271 PostProcessInitRoutine: ULONG, // WOW64_POINTER
272 TlsExpansionBitmap: ULONG, // WOW64_POINTER
273 TlsExpansionBitmapBits: [ULONG; 32],
274 SessionId: ULONG,
275 AppCompatFlags: ULARGE_INTEGER,
276 AppCompatFlagsUser: ULARGE_INTEGER,
277 pShimData: ULONG, // WOW64_POINTER
278 AppCompatInfo: ULONG, // WOW64_POINTER
279 CSDVersion: UNICODE_STRING32,
280 ActivationContextData: ULONG, // WOW64_POINTER
281 ProcessAssemblyStorageMap: ULONG, // WOW64_POINTER
282 SystemDefaultActivationContextData: ULONG, // WOW64_POINTER
283 SystemAssemblyStorageMap: ULONG, // WOW64_POINTER
284 MinimumStackCommit: ULONG,
285 FlsCallback: ULONG, // WOW64_POINTER
286 FlsListHead: LIST_ENTRY32,
287 FlsBitmap: ULONG, // WOW64_POINTER
288 FlsBitmapBits: [ULONG; FLS_MAXIMUM_AVAILABLE as usize / (size_of::<ULONG>() * 8)],
289 FlsHighIndex: ULONG,
290 WerRegistrationData: ULONG, // WOW64_POINTER
291 WerShipAssertPtr: ULONG, // WOW64_POINTER
292 pContextData: ULONG, // WOW64_POINTER
293 pImageHeaderHash: ULONG, // WOW64_POINTER
294 TracingFlags: ULONG,
295 CsrServerReadOnlySharedMemoryBase: ULONGLONG,
296 TppWorkerpListLock: ULONG, // WOW64_POINTER
297 TppWorkerpList: LIST_ENTRY32,
298 WaitOnAddressHashTable: [ULONG; 128], // WOW64_POINTER
299 TelemetryCoverageHeader: ULONG, // WOW64_POINTER
300 CloudFileFlags: ULONG,
301 CloudFileDiagFlags: ULONG,
302 PlaceholderCompatibilityMode: CHAR,
303 PlaceholderCompatibilityModeReserved: [CHAR; 7],
304 }}
305 BITFIELD!{PEB32 BitField: BOOLEAN [
306 ImageUsesLargePages set_ImageUsesLargePages[0..1],
307 IsProtectedProcess set_IsProtectedProcess[1..2],
308 IsImageDynamicallyRelocated set_IsImageDynamicallyRelocated[2..3],
309 SkipPatchingUser32Forwarders set_SkipPatchingUser32Forwarders[3..4],
310 IsPackagedProcess set_IsPackagedProcess[4..5],
311 IsAppContainer set_IsAppContainer[5..6],
312 IsProtectedProcessLight set_IsProtectedProcessLight[6..7],
313 IsLongPathAwareProcess set_IsLongPathAwareProcess[7..8],
314 ]}
315 BITFIELD!{PEB32 CrossProcessFlags: ULONG [
316 ProcessInJob set_ProcessInJob[0..1],
317 ProcessInitializing set_ProcessInitializing[1..2],
318 ProcessUsingVEH set_ProcessUsingVEH[2..3],
319 ProcessUsingVCH set_ProcessUsingVCH[3..4],
320 ProcessUsingFTH set_ProcessUsingFTH[4..5],
321 ReservedBits0 set_ReservedBits0[5..32],
322 ]}
323 BITFIELD!{PEB32 TracingFlags: ULONG [
324 HeapTracingEnabled set_HeapTracingEnabled[0..1],
325 CritSecTracingEnabled set_CritSecTracingEnabled[1..2],
326 LibLoaderTracingEnabled set_LibLoaderTracingEnabled[2..3],
327 SpareTracingBits set_SpareTracingBits[3..32],
328 ]}
329 pub type PPEB32 = *mut PEB32;
330 pub const GDI_BATCH_BUFFER_SIZE: usize = 310;
331 STRUCT!{struct GDI_TEB_BATCH32 {
332 Offset: ULONG,
333 HDC: ULONG,
334 Buffer: [ULONG; GDI_BATCH_BUFFER_SIZE],
335 }}
336 pub type PGDI_TEB_BATCH32 = *mut GDI_TEB_BATCH32;
337 STRUCT!{struct TEB32_u_s {
338 ReservedPad0: UCHAR,
339 ReservedPad1: UCHAR,
340 ReservedPad2: UCHAR,
341 IdealProcessor: UCHAR,
342 }}
343 UNION!{union TEB32_u {
344 CurrentIdealProcessor: PROCESSOR_NUMBER,
345 IdealProcessorValue: ULONG,
346 s: TEB32_u_s,
347 }}
348 STRUCT!{struct TEB32 {
349 NtTib: NT_TIB32,
350 EnvironmentPointer: ULONG, // WOW64_POINTER
351 ClientId: CLIENT_ID32,
352 ActiveRpcHandle: ULONG, // WOW64_POINTER
353 ThreadLocalStoragePointer: ULONG, // WOW64_POINTER
354 ProcessEnvironmentBlock: ULONG, // WOW64_POINTER
355 LastErrorValue: ULONG,
356 CountOfOwnedCriticalSections: ULONG,
357 CsrClientThread: ULONG, // WOW64_POINTER
358 Win32ThreadInfo: ULONG, // WOW64_POINTER
359 User32Reserved: [ULONG; 26],
360 UserReserved: [ULONG; 5],
361 WOW32Reserved: ULONG, // WOW64_POINTER
362 CurrentLocale: LCID,
363 FpSoftwareStatusRegister: ULONG,
364 ReservedForDebuggerInstrumentation: [ULONG; 16], // WOW64_POINTER
365 SystemReserved1: [ULONG; 36], // WOW64_POINTER
366 WorkingOnBehalfTicket: [UCHAR; 8],
367 ExceptionCode: NTSTATUS,
368 ActivationContextStackPointer: ULONG, // WOW64_POINTER
369 InstrumentationCallbackSp: ULONG,
370 InstrumentationCallbackPreviousPc: ULONG,
371 InstrumentationCallbackPreviousSp: ULONG,
372 InstrumentationCallbackDisabled: BOOLEAN,
373 SpareBytes: [UCHAR; 23],
374 TxFsContext: ULONG,
375 GdiTebBatch: GDI_TEB_BATCH32,
376 RealClientId: CLIENT_ID32,
377 GdiCachedProcessHandle: ULONG, // WOW64_POINTER
378 GdiClientPID: ULONG,
379 GdiClientTID: ULONG,
380 GdiThreadLocalInfo: ULONG, // WOW64_POINTER
381 Win32ClientInfo: [ULONG; 62],
382 glDispatchTable: [ULONG; 233], // WOW64_POINTER
383 glReserved1: [ULONG; 29], // WOW64_POINTER
384 glReserved2: ULONG, // WOW64_POINTER
385 glSectionInfo: ULONG, // WOW64_POINTER
386 glSection: ULONG, // WOW64_POINTER
387 glTable: ULONG, // WOW64_POINTER
388 glCurrentRC: ULONG, // WOW64_POINTER
389 glContext: ULONG, // WOW64_POINTER
390 LastStatusValue: NTSTATUS,
391 StaticUnicodeString: UNICODE_STRING32,
392 StaticUnicodeBuffer: [WCHAR; 261],
393 DeallocationStack: ULONG, // WOW64_POINTER
394 TlsSlots: [ULONG; 64], // WOW64_POINTER
395 TlsLinks: LIST_ENTRY32,
396 Vdm: ULONG, // WOW64_POINTER
397 ReservedForNtRpc: ULONG, // WOW64_POINTER
398 DbgSsReserved: [ULONG; 2], // WOW64_POINTER
399 HardErrorMode: ULONG,
400 Instrumentation: [ULONG; 9], // WOW64_POINTER
401 ActivityId: GUID,
402 SubProcessTag: ULONG, // WOW64_POINTER
403 PerflibData: ULONG, // WOW64_POINTER
404 EtwTraceData: ULONG, // WOW64_POINTER
405 WinSockData: ULONG, // WOW64_POINTER
406 GdiBatchCount: ULONG,
407 u: TEB32_u,
408 GuaranteedStackBytes: ULONG,
409 ReservedForPerf: ULONG, // WOW64_POINTER
410 ReservedForOle: ULONG, // WOW64_POINTER
411 WaitingOnLoaderLock: ULONG,
412 SavedPriorityState: ULONG, // WOW64_POINTER
413 ReservedForCodeCoverage: ULONG,
414 ThreadPoolData: ULONG, // WOW64_POINTER
415 TlsExpansionSlots: ULONG, // WOW64_POINTER
416 MuiGeneration: ULONG,
417 IsImpersonating: ULONG,
418 NlsCache: ULONG, // WOW64_POINTER
419 pShimData: ULONG, // WOW64_POINTER
420 HeapVirtualAffinity: USHORT,
421 LowFragHeapDataSlot: USHORT,
422 CurrentTransactionHandle: ULONG, // WOW64_POINTER
423 ActiveFrame: ULONG, // WOW64_POINTER
424 FlsData: ULONG, // WOW64_POINTER
425 PreferredLanguages: ULONG, // WOW64_POINTER
426 UserPrefLanguages: ULONG, // WOW64_POINTER
427 MergedPrefLanguages: ULONG, // WOW64_POINTER
428 MuiImpersonation: ULONG,
429 CrossTebFlags: USHORT,
430 SameTebFlags: USHORT,
431 TxnScopeEnterCallback: ULONG, // WOW64_POINTER
432 TxnScopeExitCallback: ULONG, // WOW64_POINTER
433 TxnScopeContext: ULONG, // WOW64_POINTER
434 LockCount: ULONG,
435 WowTebOffset: LONG,
436 ResourceRetValue: ULONG, // WOW64_POINTER
437 ReservedForWdf: ULONG, // WOW64_POINTER
438 ReservedForCrt: ULONGLONG,
439 EffectiveContainerId: GUID,
440 }}
441 BITFIELD!{TEB32 SameTebFlags: USHORT [
442 SafeThunkCall set_SafeThunkCall[0..1],
443 InDebugPrint set_InDebugPrint[1..2],
444 HasFiberData set_HasFiberData[2..3],
445 SkipThreadAttach set_SkipThreadAttach[3..4],
446 WerInShipAssertCode set_WerInShipAssertCode[4..5],
447 RanProcessInit set_RanProcessInit[5..6],
448 ClonedThread set_ClonedThread[6..7],
449 SuppressDebugMsg set_SuppressDebugMsg[7..8],
450 DisableUserStackWalk set_DisableUserStackWalk[8..9],
451 RtlExceptionAttached set_RtlExceptionAttached[9..10],
452 InitialThread set_InitialThread[10..11],
453 SessionAware set_SessionAware[11..12],
454 LoadOwner set_LoadOwner[12..13],
455 LoaderWorker set_LoaderWorker[13..14],
456 SpareSameTebBits set_SpareSameTebBits[14..16],
457 ]}
458 pub type PTEB32 = *mut TEB32;
459 #[inline]
UStr32ToUStr( Destination: &mut UNICODE_STRING, Source: &UNICODE_STRING32, )460 pub fn UStr32ToUStr(
461 Destination: &mut UNICODE_STRING,
462 Source: &UNICODE_STRING32,
463 ) {
464 Destination.Length = Source.Length;
465 Destination.MaximumLength = Source.MaximumLength;
466 Destination.Buffer = Source.Buffer as *mut u16;
467 }
468 #[inline]
UStrToUStr32( Destination: &mut UNICODE_STRING32, Source: &UNICODE_STRING, )469 pub fn UStrToUStr32(
470 Destination: &mut UNICODE_STRING32,
471 Source: &UNICODE_STRING,
472 ) {
473 Destination.Length = Source.Length;
474 Destination.MaximumLength = Source.MaximumLength;
475 Destination.Buffer = Source.Buffer as u32;
476 }
477