master
1const std = @import("../../std.zig");
2const windows = std.os.windows;
3
4const BOOL = windows.BOOL;
5const DWORD = windows.DWORD;
6const DWORD64 = windows.DWORD64;
7const ULONG = windows.ULONG;
8const ULONG_PTR = windows.ULONG_PTR;
9const NTSTATUS = windows.NTSTATUS;
10const WORD = windows.WORD;
11const HANDLE = windows.HANDLE;
12const ACCESS_MASK = windows.ACCESS_MASK;
13const IO_APC_ROUTINE = windows.IO_APC_ROUTINE;
14const BOOLEAN = windows.BOOLEAN;
15const OBJECT_ATTRIBUTES = windows.OBJECT_ATTRIBUTES;
16const PVOID = windows.PVOID;
17const IO_STATUS_BLOCK = windows.IO_STATUS_BLOCK;
18const LARGE_INTEGER = windows.LARGE_INTEGER;
19const OBJECT_INFORMATION_CLASS = windows.OBJECT_INFORMATION_CLASS;
20const FILE_INFORMATION_CLASS = windows.FILE_INFORMATION_CLASS;
21const FS_INFORMATION_CLASS = windows.FS_INFORMATION_CLASS;
22const UNICODE_STRING = windows.UNICODE_STRING;
23const RTL_OSVERSIONINFOW = windows.RTL_OSVERSIONINFOW;
24const FILE_BASIC_INFORMATION = windows.FILE_BASIC_INFORMATION;
25const SIZE_T = windows.SIZE_T;
26const CURDIR = windows.CURDIR;
27const PCWSTR = windows.PCWSTR;
28const RTL_QUERY_REGISTRY_TABLE = windows.RTL_QUERY_REGISTRY_TABLE;
29const CONTEXT = windows.CONTEXT;
30const UNWIND_HISTORY_TABLE = windows.UNWIND_HISTORY_TABLE;
31const RUNTIME_FUNCTION = windows.RUNTIME_FUNCTION;
32const KNONVOLATILE_CONTEXT_POINTERS = windows.KNONVOLATILE_CONTEXT_POINTERS;
33const EXCEPTION_ROUTINE = windows.EXCEPTION_ROUTINE;
34const SYSTEM_INFORMATION_CLASS = windows.SYSTEM_INFORMATION_CLASS;
35const THREADINFOCLASS = windows.THREADINFOCLASS;
36const PROCESSINFOCLASS = windows.PROCESSINFOCLASS;
37const LPVOID = windows.LPVOID;
38const LPCVOID = windows.LPCVOID;
39const SECTION_INHERIT = windows.SECTION_INHERIT;
40const VECTORED_EXCEPTION_HANDLER = windows.VECTORED_EXCEPTION_HANDLER;
41const CRITICAL_SECTION = windows.CRITICAL_SECTION;
42const SRWLOCK = windows.SRWLOCK;
43const CONDITION_VARIABLE = windows.CONDITION_VARIABLE;
44
45pub extern "ntdll" fn NtQueryInformationProcess(
46 ProcessHandle: HANDLE,
47 ProcessInformationClass: PROCESSINFOCLASS,
48 ProcessInformation: *anyopaque,
49 ProcessInformationLength: ULONG,
50 ReturnLength: ?*ULONG,
51) callconv(.winapi) NTSTATUS;
52
53pub extern "ntdll" fn NtQueryInformationThread(
54 ThreadHandle: HANDLE,
55 ThreadInformationClass: THREADINFOCLASS,
56 ThreadInformation: *anyopaque,
57 ThreadInformationLength: ULONG,
58 ReturnLength: ?*ULONG,
59) callconv(.winapi) NTSTATUS;
60
61pub extern "ntdll" fn NtQuerySystemInformation(
62 SystemInformationClass: SYSTEM_INFORMATION_CLASS,
63 SystemInformation: PVOID,
64 SystemInformationLength: ULONG,
65 ReturnLength: ?*ULONG,
66) callconv(.winapi) NTSTATUS;
67
68pub extern "ntdll" fn NtSetInformationThread(
69 ThreadHandle: HANDLE,
70 ThreadInformationClass: THREADINFOCLASS,
71 ThreadInformation: *const anyopaque,
72 ThreadInformationLength: ULONG,
73) callconv(.winapi) NTSTATUS;
74
75pub extern "ntdll" fn RtlGetVersion(
76 lpVersionInformation: *RTL_OSVERSIONINFOW,
77) callconv(.winapi) NTSTATUS;
78pub extern "ntdll" fn RtlCaptureStackBackTrace(
79 FramesToSkip: DWORD,
80 FramesToCapture: DWORD,
81 BackTrace: **anyopaque,
82 BackTraceHash: ?*DWORD,
83) callconv(.winapi) WORD;
84pub extern "ntdll" fn RtlCaptureContext(ContextRecord: *CONTEXT) callconv(.winapi) void;
85pub extern "ntdll" fn RtlLookupFunctionEntry(
86 ControlPc: DWORD64,
87 ImageBase: *DWORD64,
88 HistoryTable: *UNWIND_HISTORY_TABLE,
89) callconv(.winapi) ?*RUNTIME_FUNCTION;
90pub extern "ntdll" fn RtlVirtualUnwind(
91 HandlerType: DWORD,
92 ImageBase: DWORD64,
93 ControlPc: DWORD64,
94 FunctionEntry: *RUNTIME_FUNCTION,
95 ContextRecord: *CONTEXT,
96 HandlerData: *?PVOID,
97 EstablisherFrame: *DWORD64,
98 ContextPointers: ?*KNONVOLATILE_CONTEXT_POINTERS,
99) callconv(.winapi) *EXCEPTION_ROUTINE;
100pub extern "ntdll" fn RtlGetSystemTimePrecise() callconv(.winapi) LARGE_INTEGER;
101pub extern "ntdll" fn NtQueryInformationFile(
102 FileHandle: HANDLE,
103 IoStatusBlock: *IO_STATUS_BLOCK,
104 FileInformation: *anyopaque,
105 Length: ULONG,
106 FileInformationClass: FILE_INFORMATION_CLASS,
107) callconv(.winapi) NTSTATUS;
108pub extern "ntdll" fn NtSetInformationFile(
109 FileHandle: HANDLE,
110 IoStatusBlock: *IO_STATUS_BLOCK,
111 FileInformation: PVOID,
112 Length: ULONG,
113 FileInformationClass: FILE_INFORMATION_CLASS,
114) callconv(.winapi) NTSTATUS;
115
116pub extern "ntdll" fn NtQueryAttributesFile(
117 ObjectAttributes: *OBJECT_ATTRIBUTES,
118 FileAttributes: *FILE_BASIC_INFORMATION,
119) callconv(.winapi) NTSTATUS;
120
121pub extern "ntdll" fn RtlQueryPerformanceCounter(PerformanceCounter: *LARGE_INTEGER) callconv(.winapi) BOOL;
122pub extern "ntdll" fn RtlQueryPerformanceFrequency(PerformanceFrequency: *LARGE_INTEGER) callconv(.winapi) BOOL;
123pub extern "ntdll" fn NtQueryPerformanceCounter(
124 PerformanceCounter: *LARGE_INTEGER,
125 PerformanceFrequency: ?*LARGE_INTEGER,
126) callconv(.winapi) NTSTATUS;
127
128pub extern "ntdll" fn NtCreateFile(
129 FileHandle: *HANDLE,
130 DesiredAccess: ACCESS_MASK,
131 ObjectAttributes: *OBJECT_ATTRIBUTES,
132 IoStatusBlock: *IO_STATUS_BLOCK,
133 AllocationSize: ?*LARGE_INTEGER,
134 FileAttributes: ULONG,
135 ShareAccess: ULONG,
136 CreateDisposition: ULONG,
137 CreateOptions: ULONG,
138 EaBuffer: ?*anyopaque,
139 EaLength: ULONG,
140) callconv(.winapi) NTSTATUS;
141pub extern "ntdll" fn NtCreateSection(
142 SectionHandle: *HANDLE,
143 DesiredAccess: ACCESS_MASK,
144 ObjectAttributes: ?*OBJECT_ATTRIBUTES,
145 MaximumSize: ?*LARGE_INTEGER,
146 SectionPageProtection: ULONG,
147 AllocationAttributes: ULONG,
148 FileHandle: ?HANDLE,
149) callconv(.winapi) NTSTATUS;
150pub extern "ntdll" fn NtMapViewOfSection(
151 SectionHandle: HANDLE,
152 ProcessHandle: HANDLE,
153 BaseAddress: *PVOID,
154 ZeroBits: ?*ULONG,
155 CommitSize: SIZE_T,
156 SectionOffset: ?*LARGE_INTEGER,
157 ViewSize: *SIZE_T,
158 InheritDispostion: SECTION_INHERIT,
159 AllocationType: ULONG,
160 Win32Protect: ULONG,
161) callconv(.winapi) NTSTATUS;
162pub extern "ntdll" fn NtUnmapViewOfSection(
163 ProcessHandle: HANDLE,
164 BaseAddress: PVOID,
165) callconv(.winapi) NTSTATUS;
166pub extern "ntdll" fn NtDeviceIoControlFile(
167 FileHandle: HANDLE,
168 Event: ?HANDLE,
169 ApcRoutine: ?IO_APC_ROUTINE,
170 ApcContext: ?*anyopaque,
171 IoStatusBlock: *IO_STATUS_BLOCK,
172 IoControlCode: ULONG,
173 InputBuffer: ?*const anyopaque,
174 InputBufferLength: ULONG,
175 OutputBuffer: ?PVOID,
176 OutputBufferLength: ULONG,
177) callconv(.winapi) NTSTATUS;
178pub extern "ntdll" fn NtFsControlFile(
179 FileHandle: HANDLE,
180 Event: ?HANDLE,
181 ApcRoutine: ?IO_APC_ROUTINE,
182 ApcContext: ?*anyopaque,
183 IoStatusBlock: *IO_STATUS_BLOCK,
184 FsControlCode: ULONG,
185 InputBuffer: ?*const anyopaque,
186 InputBufferLength: ULONG,
187 OutputBuffer: ?PVOID,
188 OutputBufferLength: ULONG,
189) callconv(.winapi) NTSTATUS;
190pub extern "ntdll" fn NtClose(Handle: HANDLE) callconv(.winapi) NTSTATUS;
191pub extern "ntdll" fn RtlDosPathNameToNtPathName_U(
192 DosPathName: [*:0]const u16,
193 NtPathName: *UNICODE_STRING,
194 NtFileNamePart: ?*?[*:0]const u16,
195 DirectoryInfo: ?*CURDIR,
196) callconv(.winapi) BOOL;
197pub extern "ntdll" fn RtlFreeUnicodeString(UnicodeString: *UNICODE_STRING) callconv(.winapi) void;
198
199/// Returns the number of bytes written to `Buffer`.
200/// If the returned count is larger than `BufferByteLength`, the buffer was too small.
201/// If the returned count is zero, an error occurred.
202pub extern "ntdll" fn RtlGetFullPathName_U(
203 FileName: [*:0]const u16,
204 BufferByteLength: ULONG,
205 Buffer: [*]u16,
206 ShortName: ?*[*:0]const u16,
207) callconv(.winapi) windows.ULONG;
208
209pub extern "ntdll" fn NtQueryDirectoryFile(
210 FileHandle: HANDLE,
211 Event: ?HANDLE,
212 ApcRoutine: ?IO_APC_ROUTINE,
213 ApcContext: ?*anyopaque,
214 IoStatusBlock: *IO_STATUS_BLOCK,
215 FileInformation: *anyopaque,
216 Length: ULONG,
217 FileInformationClass: FILE_INFORMATION_CLASS,
218 ReturnSingleEntry: BOOLEAN,
219 FileName: ?*UNICODE_STRING,
220 RestartScan: BOOLEAN,
221) callconv(.winapi) NTSTATUS;
222
223pub extern "ntdll" fn NtCreateKeyedEvent(
224 KeyedEventHandle: *HANDLE,
225 DesiredAccess: ACCESS_MASK,
226 ObjectAttributes: ?PVOID,
227 Flags: ULONG,
228) callconv(.winapi) NTSTATUS;
229
230pub extern "ntdll" fn NtReleaseKeyedEvent(
231 EventHandle: ?HANDLE,
232 Key: ?*const anyopaque,
233 Alertable: BOOLEAN,
234 Timeout: ?*const LARGE_INTEGER,
235) callconv(.winapi) NTSTATUS;
236
237pub extern "ntdll" fn NtWaitForKeyedEvent(
238 EventHandle: ?HANDLE,
239 Key: ?*const anyopaque,
240 Alertable: BOOLEAN,
241 Timeout: ?*const LARGE_INTEGER,
242) callconv(.winapi) NTSTATUS;
243
244pub extern "ntdll" fn RtlSetCurrentDirectory_U(PathName: *UNICODE_STRING) callconv(.winapi) NTSTATUS;
245
246pub extern "ntdll" fn NtQueryObject(
247 Handle: HANDLE,
248 ObjectInformationClass: OBJECT_INFORMATION_CLASS,
249 ObjectInformation: PVOID,
250 ObjectInformationLength: ULONG,
251 ReturnLength: ?*ULONG,
252) callconv(.winapi) NTSTATUS;
253
254pub extern "ntdll" fn NtQueryVolumeInformationFile(
255 FileHandle: HANDLE,
256 IoStatusBlock: *IO_STATUS_BLOCK,
257 FsInformation: *anyopaque,
258 Length: ULONG,
259 FsInformationClass: FS_INFORMATION_CLASS,
260) callconv(.winapi) NTSTATUS;
261
262pub extern "ntdll" fn RtlWakeAddressAll(
263 Address: ?*const anyopaque,
264) callconv(.winapi) void;
265
266pub extern "ntdll" fn RtlWakeAddressSingle(
267 Address: ?*const anyopaque,
268) callconv(.winapi) void;
269
270pub extern "ntdll" fn RtlWaitOnAddress(
271 Address: ?*const anyopaque,
272 CompareAddress: ?*const anyopaque,
273 AddressSize: SIZE_T,
274 Timeout: ?*const LARGE_INTEGER,
275) callconv(.winapi) NTSTATUS;
276
277pub extern "ntdll" fn RtlEqualUnicodeString(
278 String1: *const UNICODE_STRING,
279 String2: *const UNICODE_STRING,
280 CaseInSensitive: BOOLEAN,
281) callconv(.winapi) BOOLEAN;
282
283pub extern "ntdll" fn RtlUpcaseUnicodeChar(
284 SourceCharacter: u16,
285) callconv(.winapi) u16;
286
287pub extern "ntdll" fn NtLockFile(
288 FileHandle: HANDLE,
289 Event: ?HANDLE,
290 ApcRoutine: ?*IO_APC_ROUTINE,
291 ApcContext: ?*anyopaque,
292 IoStatusBlock: *IO_STATUS_BLOCK,
293 ByteOffset: *const LARGE_INTEGER,
294 Length: *const LARGE_INTEGER,
295 Key: ?*ULONG,
296 FailImmediately: BOOLEAN,
297 ExclusiveLock: BOOLEAN,
298) callconv(.winapi) NTSTATUS;
299
300pub extern "ntdll" fn NtUnlockFile(
301 FileHandle: HANDLE,
302 IoStatusBlock: *IO_STATUS_BLOCK,
303 ByteOffset: *const LARGE_INTEGER,
304 Length: *const LARGE_INTEGER,
305 Key: ?*ULONG,
306) callconv(.winapi) NTSTATUS;
307
308pub extern "ntdll" fn NtOpenKey(
309 KeyHandle: *HANDLE,
310 DesiredAccess: ACCESS_MASK,
311 ObjectAttributes: OBJECT_ATTRIBUTES,
312) callconv(.winapi) NTSTATUS;
313
314pub extern "ntdll" fn RtlQueryRegistryValues(
315 RelativeTo: ULONG,
316 Path: PCWSTR,
317 QueryTable: [*]RTL_QUERY_REGISTRY_TABLE,
318 Context: ?*anyopaque,
319 Environment: ?*anyopaque,
320) callconv(.winapi) NTSTATUS;
321
322pub extern "ntdll" fn NtReadVirtualMemory(
323 ProcessHandle: HANDLE,
324 BaseAddress: ?PVOID,
325 Buffer: LPVOID,
326 NumberOfBytesToRead: SIZE_T,
327 NumberOfBytesRead: ?*SIZE_T,
328) callconv(.winapi) NTSTATUS;
329
330pub extern "ntdll" fn NtWriteVirtualMemory(
331 ProcessHandle: HANDLE,
332 BaseAddress: ?PVOID,
333 Buffer: LPCVOID,
334 NumberOfBytesToWrite: SIZE_T,
335 NumberOfBytesWritten: ?*SIZE_T,
336) callconv(.winapi) NTSTATUS;
337
338pub extern "ntdll" fn NtProtectVirtualMemory(
339 ProcessHandle: HANDLE,
340 BaseAddress: *?PVOID,
341 NumberOfBytesToProtect: *SIZE_T,
342 NewAccessProtection: ULONG,
343 OldAccessProtection: *ULONG,
344) callconv(.winapi) NTSTATUS;
345
346pub extern "ntdll" fn RtlExitUserProcess(
347 ExitStatus: u32,
348) callconv(.winapi) noreturn;
349
350pub extern "ntdll" fn NtCreateNamedPipeFile(
351 FileHandle: *HANDLE,
352 DesiredAccess: ULONG,
353 ObjectAttributes: *OBJECT_ATTRIBUTES,
354 IoStatusBlock: *IO_STATUS_BLOCK,
355 ShareAccess: ULONG,
356 CreateDisposition: ULONG,
357 CreateOptions: ULONG,
358 NamedPipeType: ULONG,
359 ReadMode: ULONG,
360 CompletionMode: ULONG,
361 MaximumInstances: ULONG,
362 InboundQuota: ULONG,
363 OutboundQuota: ULONG,
364 DefaultTimeout: *LARGE_INTEGER,
365) callconv(.winapi) NTSTATUS;
366
367pub extern "ntdll" fn NtAllocateVirtualMemory(
368 ProcessHandle: HANDLE,
369 BaseAddress: ?*PVOID,
370 ZeroBits: ULONG_PTR,
371 RegionSize: ?*SIZE_T,
372 AllocationType: ULONG,
373 PageProtection: ULONG,
374) callconv(.winapi) NTSTATUS;
375
376pub extern "ntdll" fn NtFreeVirtualMemory(
377 ProcessHandle: HANDLE,
378 BaseAddress: ?*PVOID,
379 RegionSize: *SIZE_T,
380 FreeType: ULONG,
381) callconv(.winapi) NTSTATUS;
382
383pub extern "ntdll" fn RtlAddVectoredExceptionHandler(
384 First: ULONG,
385 Handler: ?VECTORED_EXCEPTION_HANDLER,
386) callconv(.winapi) ?LPVOID;
387pub extern "ntdll" fn RtlRemoveVectoredExceptionHandler(
388 Handle: HANDLE,
389) callconv(.winapi) ULONG;
390
391pub extern "ntdll" fn RtlInitializeCriticalSection(
392 lpCriticalSection: *CRITICAL_SECTION,
393) callconv(.winapi) NTSTATUS;
394pub extern "ntdll" fn RtlEnterCriticalSection(
395 lpCriticalSection: *CRITICAL_SECTION,
396) callconv(.winapi) NTSTATUS;
397pub extern "ntdll" fn RtlLeaveCriticalSection(
398 lpCriticalSection: *CRITICAL_SECTION,
399) callconv(.winapi) NTSTATUS;
400pub extern "ntdll" fn RtlDeleteCriticalSection(
401 lpCriticalSection: *CRITICAL_SECTION,
402) callconv(.winapi) NTSTATUS;
403
404pub extern "ntdll" fn RtlTryAcquireSRWLockExclusive(
405 SRWLock: *SRWLOCK,
406) callconv(.winapi) BOOLEAN;
407pub extern "ntdll" fn RtlAcquireSRWLockExclusive(
408 SRWLock: *SRWLOCK,
409) callconv(.winapi) void;
410pub extern "ntdll" fn RtlReleaseSRWLockExclusive(
411 SRWLock: *SRWLOCK,
412) callconv(.winapi) void;
413
414pub extern "ntdll" fn RtlWakeConditionVariable(
415 ConditionVariable: *CONDITION_VARIABLE,
416) callconv(.winapi) void;
417pub extern "ntdll" fn RtlWakeAllConditionVariable(
418 ConditionVariable: *CONDITION_VARIABLE,
419) callconv(.winapi) void;
420
421pub extern "ntdll" fn RtlReAllocateHeap(
422 HeapHandle: HANDLE,
423 Flags: ULONG,
424 BaseAddress: PVOID,
425 Size: SIZE_T,
426) callconv(.winapi) ?PVOID;
427pub extern "ntdll" fn RtlAllocateHeap(
428 HeapHandle: HANDLE,
429 Flags: ULONG,
430 Size: SIZE_T,
431) callconv(.winapi) ?PVOID;