From 33f0926a453f3e7c4e738ecde24e887dd256eaa3 Mon Sep 17 00:00:00 2001 From: OxCZR1 Date: Sat, 31 Jan 2026 22:42:30 +0200 Subject: [PATCH] Add SystemBasicProcessInformation (252) and SystemShadowStackInformation (221) --- src/ntexapi.rs | 17 ++++++++++++++++- tests/layout_aarch64.rs | 4 ++++ tests/layout_x86.rs | 4 ++++ tests/layout_x86_64.rs | 4 ++++ 4 files changed, 28 insertions(+), 1 deletion(-) diff --git a/src/ntexapi.rs b/src/ntexapi.rs index 7bc73a0..a260f03 100644 --- a/src/ntexapi.rs +++ b/src/ntexapi.rs @@ -940,7 +940,8 @@ ENUM!{enum SYSTEM_INFORMATION_CLASS { SystemCodeIntegrityUnlockModeInformation = 205, SystemLeapSecondInformation = 206, SystemFlags2Information = 207, - MaxSystemInfoClass = 208, + SystemShadowStackInformation = 221, + SystemBasicProcessInformation = 252, }} STRUCT!{struct SYSTEM_BASIC_INFORMATION { Reserved: ULONG, @@ -1118,6 +1119,16 @@ STRUCT!{struct SYSTEM_PROCESS_INFORMATION { Threads: [SYSTEM_THREAD_INFORMATION; 1], }} pub type PSYSTEM_PROCESS_INFORMATION = *mut SYSTEM_PROCESS_INFORMATION; + +STRUCT!{struct SYSTEM_BASICPROCESS_INFORMATION { + NextEntryOffset: ULONG, + UniqueProcessId: HANDLE, + InheritedFromUniqueProcessId: HANDLE, + SequenceNumber: ULONG64, + ImageName: UNICODE_STRING, +}} +pub type PSYSTEM_BASICPROCESS_INFORMATION = *mut SYSTEM_BASICPROCESS_INFORMATION; + STRUCT!{struct SYSTEM_CALL_COUNT_INFORMATION { Length: ULONG, NumberOfTables: ULONG, @@ -2462,6 +2473,10 @@ STRUCT!{struct SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION { }} pub type PSYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION = *mut SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION; +STRUCT!{struct SYSTEM_SHADOW_STACK_INFORMATION { + Flags: ULONG, +}} +pub type PSYSTEM_SHADOW_STACK_INFORMATION = *mut SYSTEM_SHADOW_STACK_INFORMATION; EXTERN!{extern "system" { fn NtQuerySystemInformation( SystemInformationClass: SYSTEM_INFORMATION_CLASS, diff --git a/tests/layout_aarch64.rs b/tests/layout_aarch64.rs index b99d799..0904937 100644 --- a/tests/layout_aarch64.rs +++ b/tests/layout_aarch64.rs @@ -87,6 +87,8 @@ fn ntexapi() { assert_eq!(align_of::(), 8); assert_eq!(size_of::(), 336); assert_eq!(align_of::(), 8); + assert_eq!(size_of::(), 48); + assert_eq!(align_of::(), 8); assert_eq!(size_of::(), 8); assert_eq!(align_of::(), 4); assert_eq!(size_of::(), 24); @@ -97,6 +99,8 @@ fn ntexapi() { assert_eq!(align_of::(), 4); assert_eq!(size_of::(), 16); assert_eq!(align_of::(), 8); + assert_eq!(size_of::(), 4); + assert_eq!(align_of::(), 4); assert_eq!(size_of::(), 48); assert_eq!(align_of::(), 8); assert_eq!(size_of::(), 56); diff --git a/tests/layout_x86.rs b/tests/layout_x86.rs index 9c9c883..17a4e0a 100644 --- a/tests/layout_x86.rs +++ b/tests/layout_x86.rs @@ -87,6 +87,8 @@ fn ntexapi() { assert_eq!(align_of::(), 8); assert_eq!(size_of::(), 248); assert_eq!(align_of::(), 8); + assert_eq!(size_of::(), 32); + assert_eq!(align_of::(), 8); assert_eq!(size_of::(), 8); assert_eq!(align_of::(), 4); assert_eq!(size_of::(), 24); @@ -97,6 +99,8 @@ fn ntexapi() { assert_eq!(align_of::(), 4); assert_eq!(size_of::(), 16); assert_eq!(align_of::(), 8); + assert_eq!(size_of::(), 4); + assert_eq!(align_of::(), 4); assert_eq!(size_of::(), 36); assert_eq!(align_of::(), 4); assert_eq!(size_of::(), 40); diff --git a/tests/layout_x86_64.rs b/tests/layout_x86_64.rs index e4f32eb..a1605d8 100644 --- a/tests/layout_x86_64.rs +++ b/tests/layout_x86_64.rs @@ -87,6 +87,8 @@ fn ntexapi() { assert_eq!(align_of::(), 8); assert_eq!(size_of::(), 336); assert_eq!(align_of::(), 8); + assert_eq!(size_of::(), 48); + assert_eq!(align_of::(), 8); assert_eq!(size_of::(), 8); assert_eq!(align_of::(), 4); assert_eq!(size_of::(), 24); @@ -97,6 +99,8 @@ fn ntexapi() { assert_eq!(align_of::(), 4); assert_eq!(size_of::(), 16); assert_eq!(align_of::(), 8); + assert_eq!(size_of::(), 4); + assert_eq!(align_of::(), 4); assert_eq!(size_of::(), 48); assert_eq!(align_of::(), 8); assert_eq!(size_of::(), 56);