[SYNC] Sync phnt

winsiderss/systeminformer@06af915

Author: RatinCN

Source/Include/KNSoft/NDK/NT/Afd.h

@@ -28,15 +28,19 @@ typedef struct _AFD_ENDPOINT_FLAGS
             UCHAR ConnectionLess : 1;
             UCHAR : 3;
             UCHAR MessageMode : 1;
+            UCHAR : 3;
             UCHAR Raw : 1;
             UCHAR : 3;
             UCHAR Multipoint : 1;
+            UCHAR : 3;
             UCHAR C_Root : 1;
             UCHAR : 3;
             UCHAR D_Root : 1;
+            UCHAR : 3;
             UCHAR IgnoreTDI : 1;
             UCHAR : 3;
             UCHAR RioSocket : 1;
+            UCHAR : 3;
         };
         ULONG EndpointFlags;
     };
@@ -1019,6 +1023,15 @@ typedef enum _AFD_RIO_NOTIFICATION_COMPLETION_TYPE
     AfdRioIocpCompletion = 2,
 } AFD_RIO_NOTIFICATION_COMPLETION_TYPE, *PAFD_RIO_NOTIFICATION_COMPLETION_TYPE;
 
+// private
+typedef struct _AFD_RIO_COMPLETION_QUEUE
+{
+    ULONG QHead;
+    ULONG QTail;
+    BOOLEAN Corrupted;
+    RIORESULT QEntry[ANYSIZE_ARRAY];
+} AFD_RIO_COMPLETION_QUEUE, *PAFD_RIO_COMPLETION_QUEUE;
+
 // private
 typedef struct _AFD_RIO_COMMAND_CREATE_CQ
 {
@@ -1029,7 +1042,7 @@ typedef struct _AFD_RIO_COMMAND_CREATE_CQ
     ULONGLONG NotificationContext;
     ULONGLONG NotificationContext2;
     ULONG BufferSize;
-    ULONGLONG Buffer;
+    ULONGLONG Buffer; // PAFD_RIO_COMPLETION_QUEUE
 } AFD_RIO_COMMAND_CREATE_CQ, *PAFD_RIO_COMMAND_CREATE_CQ;
 
 // private
@@ -1052,6 +1065,35 @@ typedef struct _AFD_RIO_COMMAND_NOTIFY_CQ
     ULONG Index;
 } AFD_RIO_COMMAND_NOTIFY_CQ, *PAFD_RIO_COMMAND_NOTIFY_CQ;
 
+// private
+typedef struct _AFD_RIO_BUF
+{
+    ULONG BufferId;
+    ULONG Offset;
+    ULONG Length;
+} AFD_RIO_BUF, *PAFD_RIO_BUF;
+
+// private
+typedef struct _AFD_RIO_REQUEST_QUEUE_ENTRY
+{
+    AFD_RIO_BUF Data;
+    AFD_RIO_BUF SourceAddress;
+    AFD_RIO_BUF DestinationAddress;
+    AFD_RIO_BUF Control;
+    AFD_RIO_BUF FlagsBuffer;
+    ULONG Flags;
+    ULONGLONG Context;
+} AFD_RIO_REQUEST_QUEUE_ENTRY, *PAFD_RIO_REQUEST_QUEUE_ENTRY;
+
+// private
+typedef struct _AFD_RIO_REQUEST_QUEUE
+{
+    ULONG Start;
+    ULONG End;
+    BOOLEAN PokeRequired;
+    AFD_RIO_REQUEST_QUEUE_ENTRY Entries[ANYSIZE_ARRAY];
+} AFD_RIO_REQUEST_QUEUE, *PAFD_RIO_REQUEST_QUEUE;
+
 // private
 typedef struct _AFD_RIO_COMMAND_CREATE_RQ_PAIR
 {
@@ -1060,10 +1102,10 @@ typedef struct _AFD_RIO_COMMAND_CREATE_RQ_PAIR
     ULONG ReceiveCompletionQueue;
     ULONG SendQueueEntryCount;
     ULONG SendQueueBufferSize;
-    ULONGLONG SendQueueBuffer;
+    ULONGLONG SendQueueBuffer; // PAFD_RIO_REQUEST_QUEUE
     ULONG ReceiveQueueEntryCount;
     ULONG ReceiveQueueBufferSize;
-    ULONGLONG ReceiveQueueBuffer;
+    ULONGLONG ReceiveQueueBuffer; // PAFD_RIO_REQUEST_QUEUE
     ULONGLONG EndpointHandle;
     ULONGLONG SocketContext;
 } AFD_RIO_COMMAND_CREATE_RQ_PAIR, *PAFD_RIO_COMMAND_CREATE_RQ_PAIR;

Source/Include/KNSoft/NDK/NT/Etw.h

@@ -2668,6 +2668,7 @@ typedef struct _ETW_OBJECT_TYPE_EVENT
     WCHAR Name[ANYSIZE_ARRAY];
 } ETW_OBJECT_TYPE_EVENT, *PETW_OBJECT_TYPE_EVENT;
 
+#include <pshpack1.h>
 typedef struct _ETW_OBJECT_HANDLE_EVENT
 {
     PVOID Object;
@@ -2676,6 +2677,7 @@ typedef struct _ETW_OBJECT_HANDLE_EVENT
     USHORT ObjectType;
     WCHAR ObjectName[ANYSIZE_ARRAY];
 } ETW_OBJECT_HANDLE_EVENT, *PETW_OBJECT_HANDLE_EVENT;
+#include <poppack.h>
 
 typedef struct _ETW_REFDEREF_OBJECT_EVENT
 {

Source/Include/KNSoft/NDK/NT/Ex/Boot.h

@@ -135,7 +135,7 @@ typedef struct _VARIABLE_NAME_AND_VALUE
 
 /**
  * The NtEnumerateSystemEnvironmentValuesEx routine enumerates system environment values with extended information.
- * 
+ *
  * \param InformationClass The class of system environment information to retrieve.
  * \param Buffer Pointer to a buffer that receives the system environment values data.
  * \param BufferLength Pointer to a ULONG variable that specifies the size of the Buffer on input.

Source/Include/KNSoft/NDK/NT/Ex/SysInfo.h

@@ -104,7 +104,7 @@ typedef enum _SYSTEM_INFORMATION_CLASS
     SystemRefTraceInformation,                              // qs: SYSTEM_REF_TRACE_INFORMATION // ObQueryRefTraceInformation
     SystemSpecialPoolInformation,                           // qs: SYSTEM_SPECIAL_POOL_INFORMATION (requires SeDebugPrivilege) // MmSpecialPoolTag, then MmSpecialPoolCatchOverruns != 0
     SystemProcessIdInformation,                             // q: SYSTEM_PROCESS_ID_INFORMATION
-    SystemErrorPortInformation,                             // s: (requires SeTcbPrivilege)
+    SystemErrorPortInformation,                             // s: HANDLE (requires SeTcbPrivilege)
     SystemBootEnvironmentInformation,                       // q: SYSTEM_BOOT_ENVIRONMENT_INFORMATION // 90
     SystemHypervisorInformation,                            // q: SYSTEM_HYPERVISOR_QUERY_INFORMATION
     SystemVerifierInformationEx,                            // qs: SYSTEM_VERIFIER_INFORMATION_EX
@@ -269,7 +269,7 @@ typedef enum _SYSTEM_INFORMATION_CLASS
     SystemRefTraceInformationEx,                            // q: SYSTEM_REF_TRACE_INFORMATION_EX
     SystemBasicProcessInformation,                          // q: SYSTEM_BASICPROCESS_INFORMATION
     SystemHandleCountInformation,                           // q: SYSTEM_HANDLECOUNT_INFORMATION
-    SystemRuntimeAttestationReport,                         // q:
+    SystemRuntimeAttestationReport,                         // q: SYSTEM_RUNTIME_REPORT_INPUT
     SystemPoolTagInformation2,                              // q: SYSTEM_POOLTAG_INFORMATION2 // since 26H1
     MaxSystemInfoClass
 } SYSTEM_INFORMATION_CLASS;
@@ -2601,7 +2601,7 @@ typedef struct _SYSTEM_SECUREBOOT_POLICY_INFORMATION
 _Struct_size_bytes_(NextEntryOffset)
 typedef struct _SYSTEM_PAGEFILE_INFORMATION_EX
 {
-    union // HACK union declaration for convenience (dmex)
+    union // union declaration for convenience (dmex)
     {
         SYSTEM_PAGEFILE_INFORMATION Info;
         struct
@@ -3963,6 +3963,100 @@ typedef struct _SYSTEM_HANDLECOUNT_INFORMATION
     ULONG HandleCount;
 } SYSTEM_HANDLECOUNT_INFORMATION, *PSYSTEM_HANDLECOUNT_INFORMATION;
 
+//
+// Code Integrity Report Definitions.
+//
+
+typedef struct _CODE_INTEGRITY_RUNTIME_REPORT
+{
+    //
+    // The Code Integrity runtime report header.
+    //
+
+    RUNTIME_REPORT_HEADER Header;
+
+    //
+    // The number of generations (updates) of policy there have been since boot.
+    // The initial generation at boot is 1.
+    //
+
+    UINT64 CurrentGeneration;
+
+    //
+    // The number of generations of policy that are in this report. This is
+    // non-zero with the current generation reported first, followed by prior
+    // generations in order of ascending age.
+    //
+
+    ULONG NumberOfGenerations;
+
+} CODE_INTEGRITY_RUNTIME_REPORT;
+
+#define CODE_INTEGRITY_REPORT_GENERATION_VERSION_CURRENT    (1)
+
+typedef struct _CODE_INTEGRITY_REPORT_GENERATION_HEADER
+{
+    //
+    // Version of this structure.
+    //
+
+    USHORT Version;
+
+    //
+    // Reserved Field.
+    //
+
+    USHORT Reserved;
+
+    //
+    // The number of bytes consumed by this generation, including this header
+    // and all CODE_INTEGRITY_REPORT_RECORD_HEADER structures and payloads.
+    //
+
+    ULONG RecordSize;
+
+    //
+    // Secure Kernel / Hypervisor secure time reference when this policy was
+    // commited.
+    //
+
+    ULONG64 CommitTime;
+
+} CODE_INTEGRITY_REPORT_GENERATION_HEADER;
+
+#define CODE_INTEGRITY_REPORT_RECORD_VERSION_CURRENT    (1)
+
+typedef struct _CODE_INTEGRITY_REPORT_RECORD_HEADER
+{
+    //
+    // Version of this structure.
+    //
+
+    USHORT Version;
+
+    //
+    // Reserved Field.
+    //
+
+    USHORT Reserved;
+
+    //
+    // The number of bytes consumed by this record, including this header.
+    //
+
+	ULONG RecordSize;
+
+    //
+    // The event code (type) of this record. The same codes as the Measured
+    // Boot TCG Log are used, for example SIPAEVENT_OS_REVOCATION_LIST, and
+    // indicate the structure type of the payload that immediately follows
+    // this header.
+    //
+
+	ULONG SipaEventCode;
+
+} CODE_INTEGRITY_REPORT_RECORD_HEADER;
+
 /**
  * The SYSTEM_POOLTAG2 structure describes allocation statistics for a single
  * pool tag, including paged and nonpaged usage.

Source/Include/KNSoft/NDK/NT/Ldr.h

@@ -1309,7 +1309,7 @@ LdrResSearchResource(
     _In_ ULONG Flags,
     _Out_opt_ PVOID* ResourceBuffer,
     _Out_opt_ PSIZE_T ResourceLength,
-    _Out_writes_bytes_opt_(*CultureNameLength) PVOID CultureName, // WCHAR buffer[6]
+    _Out_writes_bytes_opt_(*CultureNameLength) PWSTR CultureName, // WCHAR buffer[6]
     _Out_opt_ PULONG CultureNameLength
     );
 

Source/Include/KNSoft/NDK/NT/MinDef.h

@@ -377,7 +377,7 @@ typedef const GUID* PCGUID;
 typedef struct _WNF_STATE_NAME
 {
     union
-    {   
+    {
         ULONGLONG Value;
         ULONG Data[2];
         struct

Source/Include/KNSoft/NDK/NT/Ob/Misc.h

@@ -483,23 +483,26 @@ NtQueryDirectoryObject(
 // private
 typedef enum _BOUNDARY_ENTRY_TYPE
 {
-    OBNS_Invalid,
-    OBNS_Name,
-    OBNS_SID,
-    OBNS_IL
+    BOUNDARY_ENTRY_TYPE_INVALID,
+    BOUNDARY_ENTRY_TYPE_NAME,
+    BOUNDARY_ENTRY_TYPE_SID,
+    BOUNDARY_ENTRY_TYPE_IL
 } BOUNDARY_ENTRY_TYPE;
 
+// private
+typedef union _OBJECT_BOUNDARY_VALUE
+{
+    WCHAR Name[1];
+    PSID Sid;
+    PSID IntegrityLabel;
+} OBJECT_BOUNDARY_VALUE, *POBJECT_BOUNDARY_VALUE;
+
 // private
 typedef struct _OBJECT_BOUNDARY_ENTRY
 {
-    BOUNDARY_ENTRY_TYPE EntryType;
-    ULONG EntrySize;
-    //union
-    //{
-    //    WCHAR Name[1];
-    //    PSID Sid;
-    //    PSID IntegrityLabel;
-    //};
+    BOUNDARY_ENTRY_TYPE Type;
+    ULONG Size;
+    // OBJECT_BOUNDARY_VALUE Value;
 } OBJECT_BOUNDARY_ENTRY, *POBJECT_BOUNDARY_ENTRY;
 
 // rev

Source/Include/KNSoft/NDK/NT/Ps/Basic.h

@@ -120,14 +120,14 @@ typedef struct _RTL_USER_PROCESS_PARAMETERS
 
     PVOID PackageDependencyData;
     ULONG ProcessGroupId;
-    ULONG LoaderThreads;
+    ULONG LoaderThreads; // THRESHOLD
 
-    UNICODE_STRING RedirectionDllName; // REDSTONE4
+    UNICODE_STRING RedirectionDllName; // REDSTONE5
     UNICODE_STRING HeapPartitionName; // 19H1
     PULONGLONG DefaultThreadpoolCpuSetMasks;
     ULONG DefaultThreadpoolCpuSetMaskCount;
-    ULONG DefaultThreadpoolThreadMaximum;
-    ULONG HeapMemoryTypeMask; // WIN11
+    ULONG DefaultThreadpoolThreadMaximum; // 20H1
+    ULONG HeapMemoryTypeMask; // WIN11 22H2
 } RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;
 
 typedef struct _RTL_USER_PROCESS_PARAMETERS64