Bump systeminformer to 9f5340cb1

[github-actions]

diff --git a/phnt/README.md b/phnt/README.md
index d042a01db..ac35a0db4 100644
--- a/phnt/README.md
+++ b/phnt/README.md
@@ -14,12 +14,12 @@ These header files are designed to be used by user-mode programs. Instead of `#i
 at the top of your program. The first line provides access to the Win32 API as well as the `NTSTATUS` values. The second line provides access to the entire Native API. By default, only definitions present in Windows XP are included into your program. To change this, use one of the following:
 

-#define PHNT_VERSION PHNT_WINXP // Windows XP
-#define PHNT_VERSION PHNT_WS03 // Windows Server 2003
-#define PHNT_VERSION PHNT_VISTA // Windows Vista
-#define PHNT_VERSION PHNT_WIN7 // Windows 7
-#define PHNT_VERSION PHNT_WIN8 // Windows 8
-#define PHNT_VERSION PHNT_WINBLUE // Windows 8.1
-#define PHNT_VERSION PHNT_THRESHOLD // Windows 10
-#define PHNT_VERSION PHNT_WIN11 // Windows 11
+#define PHNT_VERSION PHNT_WINDOWS_XP // Windows XP
+#define PHNT_VERSION PHNT_WINDOWS_SERVER_2003 // Windows Server 2003
+#define PHNT_VERSION PHNT_WINDOWS_VISTA // Windows Vista
+#define PHNT_VERSION PHNT_WINDOWS_7 // Windows 7
+#define PHNT_VERSION PHNT_WINDOWS_8 // Windows 8
+#define PHNT_VERSION PHNT_WINDOWS_8_1 // Windows 8.1
+#define PHNT_VERSION PHNT_WINDOWS_10 // Windows 10
+#define PHNT_VERSION PHNT_WINDOWS_11 // Windows 11

diff --git a/phnt/include/ntbcd.h b/phnt/include/ntbcd.h
index 79607cc65..6953c5178 100644
--- a/phnt/include/ntbcd.h
+++ b/phnt/include/ntbcd.h
@@ -7,6 +7,10 @@
#ifndef _NTBCD_H
#define _NTBCD_H

+//
+// BCD.dll Exported Types
+//
+
#ifndef PHNT_INLINE_BCD_GUIDS
// 5189B25C-5558-4BF2-BCA4-289B11BD29E2 // {badmemory}
DEFINE_GUID(GUID_BAD_MEMORY_GROUP, 0x5189B25C, 0x5558, 0x4BF2, 0xBC, 0xA4, 0x28, 0x9B, 0x11, 0xBD, 0x29, 0xE2);
@@ -54,6 +58,8 @@ DEFINE_GUID(GUID_WINDOWS_SETUP_RAMDISK_OPTIONS, 0xAE5534E0, 0xA924, 0x466C, 0xB8
DEFINE_GUID(GUID_WINDOWS_SETUP_BOOT_ENTRY, 0x7619dcc9, 0xfafe, 0x11d9, 0xb4, 0x11, 0x00, 0x04, 0x76, 0xeb, 0xa2, 0x5f);
// {a62c8016-ca4e-4687-8032-d666c51a280c}
DEFINE_GUID(GUID_VHD_BOOT_OPTIONS, 0xa62c8016, 0xca4e, 0x4687, 0x80, 0x32, 0xd6, 0x66, 0xc5, 0x1a, 0x28, 0x0c);
+// c63c9bdf-5fa5-4208-b03f-6b458b365592
+DEFINE_GUID(GUID_VMBFS_BOOT_INSTANCE, 0xc63c9bdf, 0x5fa5, 0x4208, 0xb0, 0x3f, 0x6b, 0x45, 0x8b, 0x36, 0x55, 0x92);
// ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
DEFINE_GUID(PARTITION_BASIC_DATA_GUID, 0xebd0a0a2, 0xb9e5, 0x4433, 0x87, 0xc0, 0x68, 0xb6, 0xb7, 0x26, 0x99, 0xc7);
// db97dba9-0840-4bae-97f0-ffb9a327c7e1
@@ -107,7 +113,7 @@ NTSYSAPI GUID PARTITION_MSFT_RESERVED_GUID;
NTSYSAPI GUID PARTITION_MSFT_SNAPSHOT_GUID;
NTSYSAPI GUID PARTITION_SPACES_GUID;
NTSYSAPI GUID PARTITION_SYSTEM_GUID;
-#endif
+#endif // PHNT_INLINE_BCD_GUIDS

typedef enum _BCD_MESSAGE_TYPE
{
@@ -231,7 +237,7 @@ BcdExportStore(
    _In_ PCUNICODE_STRING BcdFilePath
    );

-#if (PHNT_VERSION > PHNT_WIN11)
+#if (PHNT_VERSION > PHNT_WINDOWS_11)
/**
 * Exports the BCD store to a file with additional flags.
 *
@@ -248,7 +254,7 @@ BcdExportStoreEx(
    _In_ ULONG Flags,
    _In_ PCUNICODE_STRING BcdFilePath
    );
-#endif
+#endif // PHNT_VERSION > PHNT_WINDOWS_11

/**
 * Imports a BCD store from a file.
@@ -2295,4 +2301,4 @@ typedef enum _BcdOSLoaderElementTypes
    BcdOSLoaderString_HypervisorDebuggerNetHostIpv6 = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 353),
} BcdOSLoaderElementTypes;

-#endif
+#endif // _NTBCD_H
diff --git a/phnt/include/ntdbg.h b/phnt/include/ntdbg.h
index 7bec3f21a..cf990eb53 100644
--- a/phnt/include/ntdbg.h
+++ b/phnt/include/ntdbg.h
@@ -7,7 +7,9 @@
#ifndef _NTDBG_H
#define _NTDBG_H

+//
// Debugging
+//

NTSYSAPI
VOID
@@ -111,7 +113,9 @@ DbgPrompt(
    _In_ ULONG Length
    );

+//
// Definitions
+//

typedef struct _DBGKM_EXCEPTION
{
@@ -220,7 +224,9 @@ typedef enum _DEBUGOBJECTINFOCLASS
    MaxDebugObjectInfoClass
} DEBUGOBJECTINFOCLASS, *PDEBUGOBJECTINFOCLASS;

+//
// System calls
+//

NTSYSCALLAPI
NTSTATUS
@@ -278,7 +284,9 @@ NtWaitForDebugEvent(
    _Out_ PDBGUI_WAIT_STATE_CHANGE WaitStateChange
    );

+//
// Debugging UI
+//

NTSYSAPI
NTSTATUS
@@ -385,4 +393,4 @@ EtwEventRegister(
    _Out_ PREGHANDLE RegHandle
    );

-#endif
+#endif // _NTDBG_H
diff --git a/phnt/include/ntexapi.h b/phnt/include/ntexapi.h
index 13fd1a6b9..6284805ca 100644
--- a/phnt/include/ntexapi.h
+++ b/phnt/include/ntexapi.h
@@ -245,7 +245,7 @@ typedef struct _EFI_DRIVER_ENTRY_LIST
    EFI_DRIVER_ENTRY DriverEntry;
} EFI_DRIVER_ENTRY_LIST, *PEFI_DRIVER_ENTRY_LIST;

-#if (PHNT_VERSION >= PHNT_WINXP)
+#if (PHNT_VERSION >= PHNT_WINDOWS_XP)
/**
 * The NtAddBootEntry routine adds a new boot entry to the system boot configuration.
 *
@@ -380,9 +380,9 @@ NtTranslateFilePath(
    _Out_writes_bytes_opt_(*OutputFilePathLength) PFILE_PATH OutputFilePath,
    _Inout_opt_ PULONG OutputFilePathLength
    );
-#endif
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_XP)

-#if (PHNT_VERSION >= PHNT_WS03)
+#if (PHNT_VERSION >= PHNT_WINDOWS_SERVER_2003)
/**
 * The NtAddDriverEntry routine adds a new driver entry to the system boot configuration.
 *
@@ -468,7 +468,7 @@ NtSetDriverEntryOrder(
    _In_reads_(Count) PULONG Ids,
    _In_ ULONG Count
    );
-#endif
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_SERVER_2003)

typedef enum _FILTER_BOOT_OPTION_OPERATION
{
@@ -478,7 +478,7 @@ typedef enum _FILTER_BOOT_OPTION_OPERATION
    FilterBootOptionOperationMax
} FILTER_BOOT_OPTION_OPERATION;

-#if (PHNT_VERSION >= PHNT_WIN8)
+#if (PHNT_VERSION >= PHNT_WINDOWS_8)
/**
 * The NtFilterBootOption routine filters boot options based on the specified operation, object type, and element type.
 *
@@ -499,7 +499,7 @@ NtFilterBootOption(
    _In_reads_bytes_opt_(DataSize) PVOID Data,
    _In_ ULONG DataSize
    );
-#endif
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_8)

//
// Event
@@ -583,7 +583,7 @@ NtSetEvent(
    _Out_opt_ PLONG PreviousState
    );

-#if (PHNT_VERSION >= PHNT_WIN11)
+#if (PHNT_VERSION >= PHNT_WINDOWS_11)
/**
 * The NtSetEventEx routine sets an event object to the signaled state and optionally acquires a lock.
 *
@@ -598,7 +598,7 @@ NtSetEventEx(
    _In_ HANDLE ThreadId,
    _In_opt_ PRTL_SRWLOCK Lock
    );
-#endif
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_11)

/**
 * The NtSetEventBoostPriority routine sets an event object to the signaled state and boosts the priority of threads waiting on the event.
@@ -1097,7 +1097,7 @@ NtSetTimer(
    _Out_opt_ PBOOLEAN PreviousState
    );

-#if (PHNT_VERSION >= PHNT_WIN7)
+#if (PHNT_VERSION >= PHNT_WINDOWS_7)
NTSYSCALLAPI
NTSTATUS
NTAPI
@@ -1107,7 +1107,7 @@ NtSetTimerEx(
    _Inout_updates_bytes_opt_(TimerSetInformationLength) PVOID TimerSetInformation,
    _In_ ULONG TimerSetInformationLength
    );
-#endif
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_7)

NTSYSCALLAPI
NTSTATUS
@@ -1128,7 +1128,7 @@ NtQueryTimer(
    _Out_opt_ PULONG ReturnLength
    );

-#if (PHNT_VERSION >= PHNT_WIN8)
+#if (PHNT_VERSION >= PHNT_WINDOWS_8)

NTSYSCALLAPI
NTSTATUS
@@ -1147,9 +1147,9 @@ NtSetIRTimer(
    _In_opt_ PLARGE_INTEGER DueTime
    );

-#endif
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_8)

-#if (PHNT_VERSION >= PHNT_THRESHOLD)
+#if (PHNT_VERSION >= PHNT_WINDOWS_10)

NTSYSCALLAPI
NTSTATUS
@@ -1162,7 +1162,7 @@ NtCreateTimer2(
    _In_ ACCESS_MASK DesiredAccess
    );

-#endif
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_10)

typedef struct _T2_SET_PARAMETERS_V0
{
@@ -1173,7 +1173,7 @@ typedef struct _T2_SET_PARAMETERS_V0

typedef PVOID PT2_CANCEL_PARAMETERS;

-#if (PHNT_VERSION >= PHNT_THRESHOLD)
+#if (PHNT_VERSION >= PHNT_WINDOWS_10)

NTSYSCALLAPI
NTSTATUS
@@ -1193,9 +1193,11 @@ NtCancelTimer2(
    _In_ PT2_CANCEL_PARAMETERS Parameters
    );

-#endif
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_10)

+//
// Profile
+//

#define PROFILE_CONTROL 0x0001
#define PROFILE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | PROFILE_CONTROL)
@@ -1215,7 +1217,7 @@ NtCreateProfile(
    _In_ KAFFINITY Affinity
    );

-#if (PHNT_VERSION >= PHNT_WIN7)
+#if (PHNT_VERSION >= PHNT_WINDOWS_7)
NTSYSCALLAPI
NTSTATUS
NTAPI
@@ -1231,7 +1233,7 @@ NtCreateProfileEx(
    _In_ USHORT GroupCount,
    _In_reads_(GroupCount) PGROUP_AFFINITY GroupAffinity
    );
-#endif
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_7)

NTSYSCALLAPI
NTSTATUS
@@ -1309,18 +1311,22 @@ NtWaitForKeyedEvent(
    _In_opt_ PLARGE_INTEGER Timeout
    );

+//
// UMS
+//

-#if (PHNT_VERSION >= PHNT_WIN7)
+#if (PHNT_VERSION >= PHNT_WINDOWS_7)
NTSYSCALLAPI
NTSTATUS
NTAPI
NtUmsThreadYield(
    _In_ PVOID SchedulerParam
    );
-#endif
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_7)

+//
// WNF
+//

// begin_private

@@ -1379,7 +1385,7 @@ typedef struct _WNF_DELIVERY_DESCRIPTOR

// end_private

-#if (PHNT_VERSION >= PHNT_WIN8)
+#if (PHNT_VERSION >= PHNT_WINDOWS_8)

NTSYSCALLAPI
NTSTATUS
@@ -1430,8 +1436,8 @@ NtQueryWnfStateData(
    _In_opt_ PCWNF_TYPE_ID TypeId,
    _In_opt_ const VOID* ExplicitScope,
    _Out_ PWNF_CHANGE_STAMP ChangeStamp,
-    _Out_writes_bytes_opt_(*BufferSize) PVOID Buffer,
-    _Inout_ PULONG BufferSize
+    _Out_writes_bytes_opt_(*BufferLength) PVOID Buffer,
+    _Inout_ PULONG BufferLength
    );

NTSYSCALLAPI
@@ -1441,8 +1447,8 @@ NtQueryWnfStateNameInformation(
    _In_ PCWNF_STATE_NAME StateName,
    _In_ WNF_STATE_NAME_INFORMATION NameInfoClass,
    _In_opt_ const VOID* ExplicitScope,
-    _Out_writes_bytes_(InfoBufferSize) PVOID InfoBuffer,
-    _In_ ULONG InfoBufferSize
+    _Out_writes_bytes_(BufferLength) PVOID Buffer,
+    _In_ ULONG BufferLength
    );

NTSYSCALLAPI
@@ -1462,9 +1468,9 @@ NtUnsubscribeWnfStateChange(
    _In_ PCWNF_STATE_NAME StateName
    );

-#endif
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_8)

-#if (PHNT_VERSION >= PHNT_THRESHOLD)
+#if (PHNT_VERSION >= PHNT_WINDOWS_10)

NTSYSCALLAPI
NTSTATUS
@@ -1485,9 +1491,11 @@ NtSetWnfProcessNotificationEvent(
    _In_ HANDLE NotificationEvent
    );

-#endif
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_10)

+//
// Worker factory
+//

// begin_rev

@@ -1563,7 +1571,7 @@ typedef struct _WORKER_FACTORY_BASIC_INFORMATION

// end_private

-#if (PHNT_VERSION >= PHNT_VISTA)
+#if (PHNT_VERSION >= PHNT_WINDOWS_VISTA)

NTSYSCALLAPI
NTSTATUS
@@ -1632,7 +1640,7 @@ typedef struct _WORKER_FACTORY_DEFERRED_WORK
    ULONG Flags;
} WORKER_FACTORY_DEFERRED_WORK, *PWORKER_FACTORY_DEFERRED_WORK;

-#if (PHNT_VERSION >= PHNT_WIN8)
+#if (PHNT_VERSION >= PHNT_WINDOWS_8)

NTSYSCALLAPI
NTSTATUS
@@ -1655,9 +1663,9 @@ NtWaitForWorkViaWorkerFactory(
    _Out_ PFILE_IO_COMPLETION_INFORMATION MiniPacket
    );

-#endif
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_8)

-#endif
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_VISTA)

//
// Time
@@ -1729,7 +1737,7 @@ NtSetTimerResolution(
    );

//
-// Performance Counter
+// Performance Counters
//

NTSYSCALLAPI
@@ -1740,8 +1748,15 @@ NtQueryPerformanceCounter(
    _Out_opt_ PLARGE_INTEGER PerformanceFrequency
    );

-#if (PHNT_VERSION >= PHNT_REDSTONE2)
+#if (PHNT_VERSION >= PHNT_WINDOWS_10_RS2)
// rev
+/**
+ * The NtQueryAuxiliaryCounterFrequency routine queries the auxiliary counter frequency. (The auxiliary counter is generally the HPET hardware timer).
+ *
+ * @param AuxiliaryCounterFrequency A pointer to an output buffer that contains the specified auxiliary counter frequency. If the auxiliary counter is not supported, the value in the output buffer will be undefined.
+ * @return NTSTATUS Successful or errant status.
+ * @see https://learn.microsoft.com/en-us/windows/win32/api/realtimeapiset/nf-realtimeapiset-queryauxiliarycounterfrequency
+ */
NTSYSCALLAPI
NTSTATUS
NTAPI
@@ -1750,6 +1765,17 @@ NtQueryAuxiliaryCounterFrequency(
    );

// rev
+/**
+ * The NtConvertBetweenAuxiliaryCounterAndPerformanceCounter routine converts the specified performance counter value to the corresponding auxiliary counter value;
+ * optionally provides the estimated conversion error in nanoseconds due to latencies and maximum possible drift.
+ *
+ * @param ConvertAuxiliaryToPerformanceCounter  If TRUE, the value will be converted from AUX to QPC. If FALSE, the value will be converted from QPC to AUX.
+ * @param PerformanceOrAuxiliaryCounterValue The performance counter value to convert.
+ * @param ConvertedValue On success, contains the converted auxiliary counter value. Will be undefined if the function fails.
+ * @param ConversionError On success, contains the estimated conversion error, in nanoseconds. Will be undefined if the function fails.
+ * @return NTSTATUS Successful or errant status.
+ * @see https://learn.microsoft.com/en-us/windows/win32/api/realtimeapiset/nf-realtimeapiset-convertperformancecountertoauxiliarycounter
+ */
NTSYSCALLAPI
NTSTATUS
NTAPI
@@ -1759,9 +1785,11 @@ NtConvertBetweenAuxiliaryCounterAndPerformanceCounter(
    _Out_ PULONG64 ConvertedValue,
    _Out_opt_ PULONG64 ConversionError
    );
-#endif
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_10_RS2)

+//
// LUIDs
+//

NTSYSCALLAPI
NTSTATUS
@@ -1770,7 +1798,9 @@ NtAllocateLocallyUniqueId(
    _Out_ PLUID Luid
    );

+//
// UUIDs
+//

NTSYSCALLAPI
NTSTATUS
@@ -1789,10 +1819,12 @@ NtAllocateUuids(
    _Out_ PCHAR Seed
    );

-// System Information
-
#endif // (PHNT_MODE != PHNT_MODE_KERNEL)

+//
+// System Information
+//
+
// rev
// private
typedef enum _SYSTEM_INFORMATION_CLASS
@@ -2222,7 +2254,7 @@ typedef struct _SYSTEM_PROCESS_INFORMATION
    ULONG HardFaultCount;                   // since WIN7
    ULONG NumberOfThreadsHighWatermark;     // The peak number of threads that were running at any given point in time, indicative of potential performance bottlenecks related to thread management.
    ULONGLONG CycleTime;                    // The sum of the cycle time of all threads in the process.
-    LARGE_INTEGER CreateTime;               // Number of 100-nanosecond intervals since the creation time of the process. Not updated during system timezone changes resullting in an incorrect value.
+    LARGE_INTEGER CreateTime;               // Number of 100-nanosecond intervals since the creation time of the process. Not updated during system timezone changes.
    LARGE_INTEGER UserTime;
    LARGE_INTEGER KernelTime;
    UNICODE_STRING ImageName;               // The file name of the executable image.
@@ -2253,14 +2285,6 @@ typedef struct _SYSTEM_PROCESS_INFORMATION
    SYSTEM_THREAD_INFORMATION Threads[1];   // This type is not defined in the structure but was added for convenience.
} SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;

-#define SYSTEM_PROCESS_INFORMATION_SIZE RTL_SIZEOF_THROUGH_FIELD(SYSTEM_PROCESS_INFORMATION, OtherTransferCount)
-
-#ifdef _WIN64
-static_assert(SYSTEM_PROCESS_INFORMATION_SIZE == 0x100, "SYSTEM_PROCESS_INFORMATION_SIZE must equal SIZEOF_THROUGH_FIELD(OtherTransferCount)");
-#else
-static_assert(SYSTEM_PROCESS_INFORMATION_SIZE == 0xB8, "SYSTEM_PROCESS_INFORMATION_SIZE must equal SIZEOF_THROUGH_FIELD(OtherTransferCount)");
-#endif
-
// private
typedef struct _SYSTEM_EXTENDED_THREAD_INFORMATION
{
@@ -2331,14 +2355,6 @@ typedef struct _SYSTEM_EXTENDED_PROCESS_INFORMATION
    // SYSTEM_PROCESS_INFORMATION_EXTENSION // SystemFullProcessInformation
} SYSTEM_EXTENDED_PROCESS_INFORMATION, *PSYSTEM_EXTENDED_PROCESS_INFORMATION;

-#define SYSTEM_EXTENDED_PROCESS_INFORMATION_SIZE RTL_SIZEOF_THROUGH_FIELD(SYSTEM_EXTENDED_PROCESS_INFORMATION, OtherTransferCount)
-
-#ifdef _WIN64
-static_assert(SYSTEM_EXTENDED_PROCESS_INFORMATION_SIZE == 0x100, "SYSTEM_EXTENDED_PROCESS_INFORMATION_SIZE must equal SIZEOF_THROUGH_FIELD(OtherTransferCount)");
-#else
-static_assert(SYSTEM_EXTENDED_PROCESS_INFORMATION_SIZE == 0xB8, "SYSTEM_EXTENDED_PROCESS_INFORMATION_SIZE must equal SIZEOF_THROUGH_FIELD(OtherTransferCount)");
-#endif
-
typedef struct _SYSTEM_CALL_COUNT_INFORMATION
{
    ULONG Length;
@@ -3083,7 +3099,7 @@ typedef struct _SYSTEM_GDI_DRIVER_INFORMATION
    PIMAGE_EXPORT_DIRECTORY ExportSectionPointer;
    ULONG ImageLength;
} SYSTEM_GDI_DRIVER_INFORMATION, *PSYSTEM_GDI_DRIVER_INFORMATION;
-#endif
+#endif // (PHNT_MODE != PHNT_MODE_KERNEL)

// geoffchappell
#ifdef _WIN64
@@ -3278,7 +3294,7 @@ typedef struct _SYSTEM_FIRMWARE_TABLE_INFORMATION
    ULONG TableBufferLength;
    _Field_size_bytes_(TableBufferLength) UCHAR TableBuffer[1];
} SYSTEM_FIRMWARE_TABLE_INFORMATION, *PSYSTEM_FIRMWARE_TABLE_INFORMATION;
-#endif
+#endif // (PHNT_MODE != PHNT_MODE_KERNEL)

#if (PHNT_MODE != PHNT_MODE_KERNEL)
// private
@@ -3294,7 +3310,7 @@ typedef struct _SYSTEM_FIRMWARE_TABLE_HANDLER
    PFNFTH FirmwareTableHandler;
    PVOID DriverObject;
} SYSTEM_FIRMWARE_TABLE_HANDLER, *PSYSTEM_FIRMWARE_TABLE_HANDLER;
-#endif
+#endif // (PHNT_MODE != PHNT_MODE_KERNEL)

// private
typedef struct _SYSTEM_MEMORY_LIST_INFORMATION
@@ -5022,9 +5038,12 @@ typedef struct _SYSTEM_SUPPORTED_PROCESSOR_ARCHITECTURES_INFORMATION
    ULONG WoW64Container : 1;
    ULONG ReservedZero0 : 11;
} SYSTEM_SUPPORTED_PROCESSOR_ARCHITECTURES_INFORMATION, *PSYSTEM_SUPPORTED_PROCESSOR_ARCHITECTURES_INFORMATION;
-#endif
+#endif // NTDDI_WIN10_FE

// private
+/**
+ * The SYSTEM_MEMORY_USAGE_INFORMATION structure contains information about the memory usage of the system.
+ */
typedef struct _SYSTEM_MEMORY_USAGE_INFORMATION
{
    ULONGLONG TotalPhysicalBytes;
@@ -5607,7 +5626,7 @@ NtQuerySystemInformation(
    _Out_opt_ PULONG ReturnLength
    );

-#if (PHNT_VERSION >= PHNT_WIN7)
+#if (PHNT_VERSION >= PHNT_WINDOWS_7)
NTSYSCALLAPI
NTSTATUS
NTAPI
@@ -5619,7 +5638,7 @@ NtQuerySystemInformationEx(
    _In_ ULONG SystemInformationLength,
    _Out_opt_ PULONG ReturnLength
    );
-#endif
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_7)

NTSYSCALLAPI
NTSTATUS
@@ -6722,7 +6741,9 @@ NtGetTickCount(
#endif
}

+//
// Locale
+//

NTSYSCALLAPI
NTSTATUS
@@ -6747,7 +6768,7 @@ NtQueryInstallUILanguage(
    _Out_ LANGID *InstallUILanguageId
    );

-#if (PHNT_VERSION >= PHNT_VISTA)
+#if (PHNT_VERSION >= PHNT_WINDOWS_VISTA)
// private
NTSYSCALLAPI
NTSTATUS
@@ -6756,7 +6777,7 @@ NtFlushInstallUILanguage(
    _In_ LANGID InstallUILanguage,
    _In_ ULONG SetComittedFlag
    );
-#endif
+#endif // PHNT_VERSION >= PHNT_WINDOWS_VISTA

NTSYSCALLAPI
NTSTATUS
@@ -6772,7 +6793,7 @@ NtSetDefaultUILanguage(
    _In_ LANGID DefaultUILanguageId
    );

-#if (PHNT_VERSION >= PHNT_VISTA)
+#if (PHNT_VERSION >= PHNT_WINDOWS_VISTA)
// private
NTSYSCALLAPI
NTSTATUS
@@ -6780,13 +6801,13 @@ NTAPI
NtIsUILanguageComitted(
    VOID
    );
-#endif
+#endif // PHNT_VERSION >= PHNT_WINDOWS_VISTA

// NLS

// begin_private

-#if (PHNT_VERSION >= PHNT_VISTA)
+#if (PHNT_VERSION >= PHNT_WINDOWS_VISTA)

NTSYSCALLAPI
NTSTATUS
@@ -6809,7 +6830,7 @@ NtGetNlsSectionPtr(
    _Out_ PULONG SectionSize
    );

-#if (PHNT_VERSION < PHNT_WIN7)
+#if (PHNT_VERSION < PHNT_WINDOWS_7)

NTSYSCALLAPI
NTSTATUS
@@ -6827,7 +6848,7 @@ NtReleaseCMFViewOwnership(
    VOID
    );

-#endif
+#endif // PHNT_VERSION < PHNT_WINDOWS_7

NTSYSCALLAPI
NTSTATUS
@@ -6850,11 +6871,13 @@ NtGetMUIRegistryInfo(
    _Out_ PVOID Data
    );

-#endif
+#endif // PHNT_VERSION >= PHNT_WINDOWS_VISTA

// end_private

+//
// Global atoms
+//

NTSYSCALLAPI
NTSTATUS
@@ -6865,7 +6888,7 @@ NtAddAtom(
    _Out_opt_ PRTL_ATOM Atom
    );

-#if (PHNT_VERSION >= PHNT_WIN8)
+#if (PHNT_VERSION >= PHNT_WINDOWS_8)

#define ATOM_FLAG_GLOBAL 0x2

@@ -6880,7 +6903,7 @@ NtAddAtomEx(
    _In_ ULONG Flags
    );

-#endif
+#endif // PHNT_VERSION >= PHNT_WINDOWS_8

NTSYSCALLAPI
NTSTATUS
@@ -6929,7 +6952,9 @@ NtQueryInformationAtom(
    _Out_opt_ PULONG ReturnLength
    );

+//
// Global flags
+//

#define FLG_STOP_ON_EXCEPTION 0x00000001 // uk
#define FLG_SHOW_LDR_SNAPS 0x00000002 // uk
@@ -7010,7 +7035,7 @@ NtQueryInformationAtom(
    FLG_ENABLE_HANDLE_EXCEPTIONS)

// Licensing
-#if (PHNT_VERSION >= PHNT_VISTA)
+#if (PHNT_VERSION >= PHNT_WINDOWS_VISTA)
NTSYSCALLAPI
NTSTATUS
NTAPI
@@ -7058,7 +7083,7 @@ NtDisplayString(

// Boot graphics

-#if (PHNT_VERSION >= PHNT_WIN7)
+#if (PHNT_VERSION >= PHNT_WINDOWS_7)
// rev
NTSYSCALLAPI
NTSTATUS
@@ -7106,10 +7131,6 @@ typedef struct _MANAGE_HOT_PATCH_LOAD_PATCH
    HOT_PATCH_IMAGE_INFO BaseInfo;
} MANAGE_HOT_PATCH_LOAD_PATCH, *PMANAGE_HOT_PATCH_LOAD_PATCH;

-#ifdef WIN64
-static_assert(sizeof(MANAGE_HOT_PATCH_LOAD_PATCH) == 0x68, "Size of MANAGE_HOT_PATCH_LOAD_PATCH is incorrect");
-#endif
-
typedef struct _MANAGE_HOT_PATCH_UNLOAD_PATCH
{
    ULONG Version;
@@ -7121,10 +7142,6 @@ typedef struct _MANAGE_HOT_PATCH_UNLOAD_PATCH
    } UserSid;
} MANAGE_HOT_PATCH_UNLOAD_PATCH, *PMANAGE_HOT_PATCH_UNLOAD_PATCH;

-#ifdef WIN64
-static_assert(sizeof(MANAGE_HOT_PATCH_LOAD_PATCH) == 0x68, "Size of MANAGE_HOT_PATCH_LOAD_PATCH is incorrect");
-#endif
-
typedef struct _MANAGE_HOT_PATCH_QUERY_PATCHES
{
    ULONG Version;
@@ -7201,9 +7218,9 @@ static_assert(sizeof(MANAGE_HOT_PATCH_APPLY_IMAGE_PATCH) == 0x20, "Size of MANAG
static_assert(sizeof(MANAGE_HOT_PATCH_QUERY_SINGLE_PATCH) == 0x30, "Size of MANAGE_HOT_PATCH_QUERY_SINGLE_PATCH is incorrect");
static_assert(sizeof(MANAGE_HOT_PATCH_CHECK_ENABLED) == 0x8, "Size of MANAGE_HOT_PATCH_CHECK_ENABLED is incorrect");
static_assert(sizeof(MANAGE_HOT_PATCH_CREATE_PATCH_SECTION) == 0x28, "Size of MANAGE_HOT_PATCH_CREATE_PATCH_SECTION is incorrect");
-#endif
+#endif // WIN64

-#if (PHNT_VERSION >= PHNT_WIN11)
+#if (PHNT_VERSION >= PHNT_WINDOWS_11)
// rev
NTSYSCALLAPI
NTSTATUS
@@ -7214,8 +7231,8 @@ NtManageHotPatch(
    _In_ ULONG HotPatchInformationLength,
    _Out_opt_ PULONG ReturnLength
    );
-#endif
+#endif // PHNT_VERSION >= PHNT_WINDOWS_11

#endif // (PHNT_MODE != PHNT_MODE_KERNEL)

-#endif
+#endif // _NTEXAPI_H
diff --git a/phnt/include/ntgdi.h b/phnt/include/ntgdi.h
index bf70b71b2..9a95d21a6 100644
--- a/phnt/include/ntgdi.h
+++ b/phnt/include/ntgdi.h
@@ -124,4 +124,4 @@ typedef struct _GDI_SHARED_MEMORY
    GDI_HANDLE_ENTRY Handles[GDI_MAX_HANDLE_COUNT];
} GDI_SHARED_MEMORY, *PGDI_SHARED_MEMORY;

-#endif
+#endif // _NTGDI_H
diff --git a/phnt/include/ntimage.h b/phnt/include/ntimage.h
index f73e69d0f..fe99f8d38 100644
--- a/phnt/include/ntimage.h
+++ b/phnt/include/ntimage.h
@@ -13,7 +13,7 @@
#define IMAGE_FILE_MACHINE_CHPE_X86          0x3A64
#define IMAGE_FILE_MACHINE_ARM64EC           0xA641
#define IMAGE_FILE_MACHINE_ARM64X            0xA64E
-#endif
+#endif // (PHNT_MODE != PHNT_MODE_KERNEL)

typedef struct _IMAGE_DEBUG_POGO_ENTRY
{
@@ -208,11 +208,11 @@ typedef struct _IMAGE_BDD_DYNAMIC_RELOCATION {
#define IMAGE_FUNCTION_OVERRIDE_X64_REL32       1  // 32-bit relative address from byte following reloc
#define IMAGE_FUNCTION_OVERRIDE_ARM64_BRANCH26  2  // 26 bit offset << 2 & sign ext. for B & BL
#define IMAGE_FUNCTION_OVERRIDE_ARM64_THUNK     3
-#endif
+#endif // !defined(NTDDI_WIN10_NI) || (NTDDI_VERSION < NTDDI_WIN10_NI)

#if !defined(NTDDI_WIN11_GE) || (NTDDI_VERSION < NTDDI_WIN11_GE)
#define IMAGE_DLLCHARACTERISTICS_EX_FORWARD_CFI_COMPAT                          0x40
#define IMAGE_DLLCHARACTERISTICS_EX_HOTPATCH_COMPATIBLE                         0x80
-#endif
+#endif // !defined(NTDDI_WIN11_GE) || (NTDDI_VERSION < NTDDI_WIN11_GE)

-#endif
+#endif // _NTIMAGE_H
diff --git a/phnt/include/ntioapi.h b/phnt/include/ntioapi.h
index 439992751..c89bf5715 100644
--- a/phnt/include/ntioapi.h
+++ b/phnt/include/ntioapi.h
@@ -324,10 +324,10 @@ typedef enum _FILE_INFORMATION_CLASS

/**
 * The FILE_BASIC_INFORMATION structure contains timestamps and basic attributes of a file.
- * \li If you specify a value of zero for any of the XxxTime members, the file system keeps a file's current value for that time.
- * \li If you specify a value of -1 for any of the XxxTime members, time stamp updates are disabled for I/O operations preformed on the file handle.
- * \li If you specify a value of -2 for any of the XxxTime members, time stamp updates are enabled for I/O operations preformed on the file handle.
- * \remarks To set the members of this structure, the caller must have FILE_WRITE_ATTRIBUTES access to the file.
+ * @li If you specify a value of zero for any of the XxxTime members, the file system keeps a file's current value for that time.
+ * @li If you specify a value of -1 for any of the XxxTime members, time stamp updates are disabled for I/O operations preformed on the file handle.
+ * @li If you specify a value of -2 for any of the XxxTime members, time stamp updates are enabled for I/O operations preformed on the file handle.
+ * @remarks To set the members of this structure, the caller must have FILE_WRITE_ATTRIBUTES access to the file.
 */
typedef struct _FILE_BASIC_INFORMATION
{
@@ -340,7 +340,7 @@ typedef struct _FILE_BASIC_INFORMATION

/**
 * The FILE_STANDARD_INFORMATION structure contains standard information of a file.
- * \remarks EndOfFile specifies the byte offset to the end of the file.
+ * @remarks EndOfFile specifies the byte offset to the end of the file.
 * Because this value is zero-based, it actually refers to the first free byte in the file; that is, it is the offset to the byte immediately following the last valid byte in the file.
 */
typedef struct _FILE_STANDARD_INFORMATION
@@ -462,7 +462,7 @@ typedef struct _FILE_END_OF_FILE_INFORMATION
    LARGE_INTEGER EndOfFile;
} FILE_END_OF_FILE_INFORMATION, *PFILE_END_OF_FILE_INFORMATION;

-//#if (PHNT_VERSION >= PHNT_REDSTONE5)
+//#if (PHNT_VERSION >= PHNT_WINDOWS_10_RS5)
#define FLAGS_END_OF_FILE_INFO_EX_EXTEND_PAGING             0x00000001
#define FLAGS_END_OF_FILE_INFO_EX_NO_EXTRA_PAGING_EXTEND    0x00000002
#define FLAGS_END_OF_FILE_INFO_EX_TIME_CONSTRAINED          0x00000004
@@ -572,7 +572,7 @@ typedef struct _FILE_TRACKING_INFORMATION
/**
 * The FILE_COMPLETION_INFORMATION structure contains the port handle and key for an I/O completion port created for a file handle.
 *
- * \remarks he FILE_COMPLETION_INFORMATION structure is used to replace the completion information for a port handle set in Port.
+ * @remarks he FILE_COMPLETION_INFORMATION structure is used to replace the completion information for a port handle set in Port.
 * Completion information is replaced with the ZwSetInformationFile routine with the FileInformationClass parameter set to FileReplaceCompletionInformation.
 * The Port and Key members of FILE_COMPLETION_INFORMATION are set to their new values. To remove an existing completion port for a file handle, Port is set to NULL.
 *
@@ -587,7 +587,7 @@ typedef struct _FILE_COMPLETION_INFORMATION
/**
 * The FILE_PIPE_INFORMATION structure contains information about a named pipe that is not specific to the local or the remote end of the pipe.
 *
- * \remarks If ReadMode is set to FILE_PIPE_BYTE_STREAM_MODE, any attempt to change it must fail with a STATUS_INVALID_PARAMETER error code.
+ * @remarks If ReadMode is set to FILE_PIPE_BYTE_STREAM_MODE, any attempt to change it must fail with a STATUS_INVALID_PARAMETER error code.
 * When CompletionMode is set to FILE_PIPE_QUEUE_OPERATION, if the pipe is connected to, read to, or written from,
 * the operation is not completed until there is data to read, all data is written, or a client is connected.
 * When CompletionMode is set to FILE_PIPE_COMPLETE_OPERATION, if the pipe is being connected to, read to, or written from, the operation is completed immediately.
@@ -603,7 +603,7 @@ typedef struct _FILE_PIPE_INFORMATION
/**
 * The FILE_PIPE_LOCAL_INFORMATION structure contains information about the local end of a named pipe.
 *
- * \remarks https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/ns-ntifs-_file_pipe_local_information
+ * @remarks https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/ns-ntifs-_file_pipe_local_information
 */
typedef struct _FILE_PIPE_LOCAL_INFORMATION
{
@@ -622,7 +622,7 @@ typedef struct _FILE_PIPE_LOCAL_INFORMATION
/**
 * The FILE_PIPE_REMOTE_INFORMATION structure contains information about the remote end of a named pipe.
 *
- * \remarks Remote information is not available for local pipes or for the server end of a remote pipe.
+ * @remarks Remote information is not available for local pipes or for the server end of a remote pipe.
 * https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/ns-ntifs-_file_pipe_remote_information
 */
typedef struct _FILE_PIPE_REMOTE_INFORMATION
@@ -634,7 +634,7 @@ typedef struct _FILE_PIPE_REMOTE_INFORMATION
/**
 * The FILE_MAILSLOT_QUERY_INFORMATION structure contains information about a mailslot.
 *
- * \remarks https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/ns-ntifs-_file_mailslot_query_information
+ * @remarks https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/ns-ntifs-_file_mailslot_query_information
 */
typedef struct _FILE_MAILSLOT_QUERY_INFORMATION
{
@@ -648,7 +648,7 @@ typedef struct _FILE_MAILSLOT_QUERY_INFORMATION
/**
 * The FILE_MAILSLOT_SET_INFORMATION structure is used to set a value on a mailslot.
 *
- * \remarks https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/ns-ntifs-_file_mailslot_set_information
+ * @remarks https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/ns-ntifs-_file_mailslot_set_information
 */
typedef struct _FILE_MAILSLOT_SET_INFORMATION
{
@@ -842,7 +842,7 @@ typedef struct _FILE_VOLUME_NAME_INFORMATION

#ifndef FILE_INVALID_FILE_ID
#define FILE_INVALID_FILE_ID ((LONGLONG)-1LL)
-#endif
+#endif // FILE_INVALID_FILE_ID

#define FILE_ID_IS_INVALID(FID) ((FID).QuadPart == FILE_INVALID_FILE_ID)

@@ -1104,7 +1104,7 @@ typedef struct _FILE_STAT_BASIC_INFORMATION
    LARGE_INTEGER VolumeSerialNumber;
    FILE_ID_128 FileId128;
} FILE_STAT_BASIC_INFORMATION, *PFILE_STAT_BASIC_INFORMATION;
-#endif
+#endif // NTDDI_WIN11_GE

typedef struct _FILE_MEMORY_PARTITION_INFORMATION
{
@@ -1148,7 +1148,7 @@ typedef struct _FILE_STAT_LX_INFORMATION
    ULONG LxDeviceIdMajor;
    ULONG LxDeviceIdMinor;
} FILE_STAT_LX_INFORMATION, *PFILE_STAT_LX_INFORMATION;
-#endif
+#endif // NTDDI_WIN11_GE

typedef struct _FILE_STORAGE_RESERVE_ID_INFORMATION
{
@@ -1162,7 +1162,7 @@ typedef struct _FILE_CASE_SENSITIVE_INFORMATION
{
    ULONG Flags;
} FILE_CASE_SENSITIVE_INFORMATION, *PFILE_CASE_SENSITIVE_INFORMATION;
-#endif
+#endif // NTDDI_WIN11_GE

typedef enum _FILE_KNOWN_FOLDER_TYPE
{
@@ -1736,7 +1736,7 @@ NtFlushBuffersFile(
#define FLUSH_FLAGS_FLUSH_AND_PURGE 0x00000008 // 24H2


-#if (PHNT_VERSION >= PHNT_WIN8)
+#if (PHNT_VERSION >= PHNT_WINDOWS_8)
NTSYSCALLAPI
NTSTATUS
NTAPI
@@ -1747,7 +1747,7 @@ NtFlushBuffersFileEx(
    _In_ ULONG ParametersSize,
    _Out_ PIO_STATUS_BLOCK IoStatusBlock
    );
-#endif
+#endif // PHNT_VERSION >= PHNT_WINDOWS_8

NTSYSCALLAPI
NTSTATUS
@@ -1760,7 +1760,7 @@ NtQueryInformationFile(
    _In_ FILE_INFORMATION_CLASS FileInformationClass
    );

-#if (PHNT_VERSION >= PHNT_REDSTONE2)
+#if (PHNT_VERSION >= PHNT_WINDOWS_10_RS2)
NTSYSCALLAPI
NTSTATUS
NTAPI
@@ -1771,7 +1771,7 @@ NtQueryInformationByName(
    _In_ ULONG Length,
    _In_ FILE_INFORMATION_CLASS FileInformationClass
    );
-#endif
+#endif // PHNT_VERSION >= PHNT_WINDOWS_10_RS2

NTSYSCALLAPI
NTSTATUS
@@ -1808,7 +1808,7 @@ NtQueryDirectoryFile(
#define FILE_QUERY_RETURN_ON_DISK_ENTRIES_ONLY 0x00000008
#define FILE_QUERY_NO_CURSOR_UPDATE 0x00000010 // RS5

-#if (PHNT_VERSION >= PHNT_REDSTONE3)
+#if (PHNT_VERSION >= PHNT_WINDOWS_10_RS3)
NTSYSCALLAPI
NTSTATUS
NTAPI
@@ -1824,7 +1824,7 @@ NtQueryDirectoryFileEx(
    _In_ ULONG QueryFlags,
    _In_opt_ PUNICODE_STRING FileName
    );
-#endif
+#endif // PHNT_VERSION >= PHNT_WINDOWS_10_RS3

NTSYSCALLAPI
NTSTATUS
@@ -1906,7 +1906,7 @@ NtCancelIoFile(
    _Out_ PIO_STATUS_BLOCK IoStatusBlock
    );

-#if (PHNT_VERSION >= PHNT_VISTA)
+#if (PHNT_VERSION >= PHNT_WINDOWS_VISTA)
NTSYSCALLAPI
NTSTATUS
NTAPI
@@ -1915,9 +1915,9 @@ NtCancelIoFileEx(
    _In_opt_ PIO_STATUS_BLOCK IoRequestToCancel,
    _Out_ PIO_STATUS_BLOCK IoStatusBlock
    );
-#endif
+#endif // PHNT_VERSION >= PHNT_WINDOWS_VISTA

-#if (PHNT_VERSION >= PHNT_VISTA)
+#if (PHNT_VERSION >= PHNT_WINDOWS_VISTA)
NTSYSCALLAPI
NTSTATUS
NTAPI
@@ -1926,7 +1926,7 @@ NtCancelSynchronousIoFile(
    _In_opt_ PIO_STATUS_BLOCK IoRequestToCancel,
    _Out_ PIO_STATUS_BLOCK IoStatusBlock
    );
-#endif
+#endif // PHNT_VERSION >= PHNT_WINDOWS_VISTA

NTSYSCALLAPI
NTSTATUS
@@ -2144,7 +2144,7 @@ typedef struct _FILE_NOTIFY_EXTENDED_INFORMATION
    ULONG FileNameLength;
    WCHAR FileName[1];
} FILE_NOTIFY_EXTENDED_INFORMATION, *PFILE_NOTIFY_EXTENDED_INFORMATION;
-#endif
+#endif // NTDDI_WIN10_RS5

#define FILE_NAME_FLAG_HARDLINK      0    // not part of a name pair
#define FILE_NAME_FLAG_NTFS          0x01 // NTFS name in a name pair
@@ -2176,9 +2176,9 @@ typedef struct _FILE_NOTIFY_FULL_INFORMATION
    BYTE Reserved;
    WCHAR FileName[1];
} FILE_NOTIFY_FULL_INFORMATION, *PFILE_NOTIFY_FULL_INFORMATION;
-#endif
+#endif // NTDDI_WIN10_NI

-#if (PHNT_VERSION >= PHNT_REDSTONE3)
+#if (PHNT_VERSION >= PHNT_WINDOWS_10_RS3)
NTSYSCALLAPI
NTSTATUS
NTAPI
@@ -2194,12 +2194,12 @@ NtNotifyChangeDirectoryFileEx(
    _In_ BOOLEAN WatchTree,
    _In_opt_ DIRECTORY_NOTIFY_INFORMATION_CLASS DirectoryNotifyInformationClass
    );
-#endif
+#endif // PHNT_VERSION >= PHNT_WINDOWS_10_RS3

/**
- * \brief The NtLoadDriver function loads a driver specified by the DriverServiceName parameter.
- * \param DriverServiceName A pointer to a UNICODE_STRING structure that specifies the name of the driver service to load.
- * \return NTSTATUS The status code returned by the function. Possible values include, but are not limited to:
+ * @brief The NtLoadDriver function loads a driver specified by the DriverServiceName parameter.
+ * @param DriverServiceName A pointer to a UNICODE_STRING structure that specifies the name of the driver service to load.
+ * @return NTSTATUS The status code returned by the function. Possible values include, but are not limited to:
 * - STATUS_SUCCESS: The driver was successfully loaded.
 * - STATUS_INVALID_PARAMETER: The DriverServiceName parameter is invalid.
 * - STATUS_INSUFFICIENT_RESOURCES: There are insufficient resources to load the driver.
@@ -2215,9 +2215,9 @@ NtLoadDriver(
    );

/**
- * \brief The NtUnloadDriver function unloads a driver specified by the DriverServiceName parameter.
- * \param DriverServiceName A pointer to a UNICODE_STRING structure that specifies the name of the driver service to unload.
- * \return NTSTATUS The status code returned by the function. Possible values include, but are not limited to:
+ * @brief The NtUnloadDriver function unloads a driver specified by the DriverServiceName parameter.
+ * @param DriverServiceName A pointer to a UNICODE_STRING structure that specifies the name of the driver service to unload.
+ * @return NTSTATUS The status code returned by the function. Possible values include, but are not limited to:
 * - STATUS_SUCCESS: The driver was successfully unloaded.
 * - STATUS_INVALID_PARAMETER: The DriverServiceName parameter is invalid.
 * - STATUS_OBJECT_NAME_NOT_FOUND: The specified driver service name was not found.
@@ -2231,7 +2231,9 @@ NtUnloadDriver(
    _In_ PUNICODE_STRING DriverServiceName
    );

+//
// I/O completion port
+//

#ifndef IO_COMPLETION_QUERY_STATE
#define IO_COMPLETION_QUERY_STATE 0x0001
@@ -2296,7 +2298,7 @@ NtSetIoCompletion(
    _In_ ULONG_PTR IoStatusInformation
    );

-#if (PHNT_VERSION >= PHNT_WIN7)
+#if (PHNT_VERSION >= PHNT_WINDOWS_7)
NTSYSCALLAPI
NTSTATUS
NTAPI
@@ -2321,7 +2323,7 @@ NtRemoveIoCompletion(
    _In_opt_ PLARGE_INTEGER Timeout
    );

-#if (PHNT_VERSION >= PHNT_VISTA)
+#if (PHNT_VERSION >= PHNT_WINDOWS_VISTA)
// private
typedef struct _FILE_IO_COMPLETION_INFORMATION
{
@@ -2341,11 +2343,13 @@ NtRemoveIoCompletionEx(
    _In_opt_ PLARGE_INTEGER Timeout,
    _In_ BOOLEAN Alertable
    );
-#endif
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_VISTA)

+//
// Wait completion packet
+//

-#if (PHNT_VERSION >= PHNT_WIN8)
+#if (PHNT_VERSION >= PHNT_WINDOWS_8)

NTSYSCALLAPI
NTSTATUS
@@ -2378,71 +2382,31 @@ NtCancelWaitCompletionPacket(
    _In_ BOOLEAN RemoveSignaledPacket
    );

-#endif
-
-// Sessions
-
-typedef enum _IO_SESSION_EVENT
-{
-    IoSessionEventIgnore,
-    IoSessionEventCreated,
-    IoSessionEventTerminated,
-    IoSessionEventConnected,
-    IoSessionEventDisconnected,
-    IoSessionEventLogon,
-    IoSessionEventLogoff,
-    IoSessionEventMax
-} IO_SESSION_EVENT;
-
-typedef enum _IO_SESSION_STATE
-{
-    IoSessionStateCreated = 1,
-    IoSessionStateInitialized = 2,
-    IoSessionStateConnected = 3,
-    IoSessionStateDisconnected = 4,
-    IoSessionStateDisconnectedLoggedOn = 5,
-    IoSessionStateLoggedOn = 6,
-    IoSessionStateLoggedOff = 7,
-    IoSessionStateTerminated = 8,
-    IoSessionStateMax
-} IO_SESSION_STATE;
-
-// Sessions
-
-#if (PHNT_MODE != PHNT_MODE_KERNEL)
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_8)

-#if (PHNT_VERSION >= PHNT_VISTA)
+#if (PHNT_VERSION >= PHNT_WINDOWS_11)
NTSYSCALLAPI
NTSTATUS
NTAPI
-NtOpenSession(
-    _Out_ PHANDLE SessionHandle,
-    _In_ ACCESS_MASK DesiredAccess,
-    _In_ POBJECT_ATTRIBUTES ObjectAttributes
-    );
-#endif
-
-#endif
-
-#if (PHNT_VERSION >= PHNT_WIN7)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtNotifyChangeSession(
-    _In_ HANDLE SessionHandle,
-    _In_ ULONG ChangeSequenceNumber,
-    _In_ PLARGE_INTEGER ChangeTimeStamp,
-    _In_ IO_SESSION_EVENT Event,
-    _In_ IO_SESSION_STATE NewState,
-    _In_ IO_SESSION_STATE PreviousState,
-    _In_reads_bytes_opt_(PayloadSize) PVOID Payload,
-    _In_ ULONG PayloadSize
+NtCopyFileChunk(
+    _In_ HANDLE SourceHandle,
+    _In_ HANDLE DestinationHandle,
+    _In_opt_ HANDLE EventHandle,
+    _Out_ PIO_STATUS_BLOCK IoStatusBlock,
+    _In_ ULONG Length,
+    _In_ PLARGE_INTEGER SourceOffset,
+    _In_ PLARGE_INTEGER DestOffset,
+    _In_opt_ PULONG SourceKey,
+    _In_opt_ PULONG DestKey,
+    _In_ ULONG Flags
    );
-#endif
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_11)

+//
// I/O Ring
+//

-#if (PHNT_VERSION >= PHNT_WIN11)
+#if (PHNT_VERSION >= PHNT_WINDOWS_11)
NTSYSCALLAPI
NTSTATUS
NTAPI
@@ -2481,9 +2445,11 @@ NtSetInformationIoRing(
    _In_ ULONG IoRingInformationLength,
    _In_ PVOID IoRingInformation
    );
-#endif
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_11)

+//
// Other types
+//

typedef enum _INTERFACE_TYPE
{
@@ -2843,7 +2809,9 @@ typedef struct _FILE_MAILSLOT_PEEK_BUFFER
    ULONG MessageLength;
} FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER;

+//
// Mount manager FS control definitions
+//

#define MOUNTMGR_DEVICE_NAME L"\\Device\\MountPointManager"
#define MOUNTMGRCONTROLTYPE 0x0000006D // 'm'
@@ -3050,7 +3018,12 @@ typedef struct _MOUNTMGR_VOLUME_PATHS
     (s)->Length == 98 && \
     (s)->Buffer[1] == '?')

+//
// Filter manager
+//
+
+#define FLT_PORT_CONNECT 0x0001
+#define FLT_PORT_ALL_ACCESS (FLT_PORT_CONNECT | STANDARD_RIGHTS_ALL)

// rev
#define FLT_SYMLINK_NAME     L"\\Global??\\FltMgr"
@@ -3190,7 +3163,9 @@ typedef struct _FLT_ATTACH
    USHORT AltitudeOffset; // to WCHAR[] from this struct
} FLT_ATTACH, *PFLT_ATTACH;

+//
// Multiple UNC Provider
+//

// rev // FSCTLs for \Device\Mup
#define FSCTL_MUP_GET_UNC_CACHE_INFO                CTL_CODE(FILE_DEVICE_MULTI_UNC_PROVIDER, 11, METHOD_BUFFERED, FILE_ANY_ACCESS) // out: MUP_FSCTL_UNC_CACHE_INFORMATION
diff --git a/phnt/include/ntkeapi.h b/phnt/include/ntkeapi.h
index 107e66fe0..746a1aaa1 100644
--- a/phnt/include/ntkeapi.h
+++ b/phnt/include/ntkeapi.h
@@ -12,7 +12,7 @@
#define LOW_REALTIME_PRIORITY 16 // Lowest realtime priority level
#define HIGH_PRIORITY 31 // Highest thread priority level
#define MAXIMUM_PRIORITY 32 // Number of thread priority levels
-#endif
+#endif // (PHNT_MODE != PHNT_MODE_KERNEL)

typedef enum _KTHREAD_STATE
{
@@ -126,7 +126,7 @@ typedef enum _KPROFILE_SOURCE
    ProfileMaximum
} KPROFILE_SOURCE;

-#endif
+#endif // (PHNT_MODE != PHNT_MODE_KERNEL)

#if (PHNT_MODE != PHNT_MODE_KERNEL)

@@ -139,15 +139,6 @@ NtCallbackReturn(
    _In_ NTSTATUS Status
    );

-#if (PHNT_VERSION >= PHNT_VISTA)
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtFlushProcessWriteBuffers(
-    VOID
-    );
-#endif
-
NTSYSCALLAPI
NTSTATUS
NTAPI
@@ -172,6 +163,6 @@ NtYieldExecution(
    VOID
    );

-#endif
+#endif // (PHNT_MODE != PHNT_MODE_KERNEL)

#endif
diff --git a/phnt/include/ntldr.h b/phnt/include/ntldr.h
index 9917010ad..65c839e08 100644
--- a/phnt/include/ntldr.h
+++ b/phnt/include/ntldr.h
@@ -262,7 +262,7 @@ LdrGetDllHandleEx(
    _Out_ PVOID *DllHandle
    );

-#if (PHNT_VERSION >= PHNT_WIN7)
+#if (PHNT_VERSION >= PHNT_WINDOWS_7)
// rev
NTSYSAPI
NTSTATUS
@@ -273,7 +273,7 @@ LdrGetDllHandleByMapping(
    );
#endif

-#if (PHNT_VERSION >= PHNT_WIN7)
+#if (PHNT_VERSION >= PHNT_WINDOWS_7)
// rev
NTSYSAPI
NTSTATUS
@@ -285,7 +285,7 @@ LdrGetDllHandleByName(
    );
#endif

-#if (PHNT_VERSION >= PHNT_WIN8)
+#if (PHNT_VERSION >= PHNT_WINDOWS_8)
// rev
NTSYSAPI
NTSTATUS
@@ -346,7 +346,7 @@ LdrGetProcedureAddress(
// rev
#define LDR_GET_PROCEDURE_ADDRESS_DONT_RECORD_FORWARDER 0x00000001

-#if (PHNT_VERSION >= PHNT_VISTA)
+#if (PHNT_VERSION >= PHNT_WINDOWS_VISTA)
// private
NTSYSAPI
NTSTATUS
@@ -369,7 +369,7 @@ LdrGetKnownDllSectionHandle(
    _Out_ PHANDLE Section
    );

-#if (PHNT_VERSION >= PHNT_THRESHOLD)
+#if (PHNT_VERSION >= PHNT_WINDOWS_10)
// rev
NTSYSAPI
NTSTATUS
@@ -443,7 +443,7 @@ LdrProcessRelocationBlock(
    _In_ LONG_PTR Diff
    );

-#if (PHNT_VERSION >= PHNT_WIN8)
+#if (PHNT_VERSION >= PHNT_WINDOWS_8)
NTSYSAPI
PIMAGE_BASE_RELOCATION
NTAPI
@@ -509,7 +509,7 @@ typedef struct _LDR_VERIFY_IMAGE_INFO
    USHORT ImageCharacteristics;
} LDR_VERIFY_IMAGE_INFO, *PLDR_VERIFY_IMAGE_INFO;

-#if (PHNT_VERSION >= PHNT_VISTA)
+#if (PHNT_VERSION >= PHNT_WINDOWS_VISTA)
// private
NTSYSAPI
NTSTATUS
@@ -520,7 +520,7 @@ LdrVerifyImageMatchesChecksumEx(
    );
#endif

-#if (PHNT_VERSION >= PHNT_VISTA)
+#if (PHNT_VERSION >= PHNT_WINDOWS_VISTA)
// private
NTSYSAPI
NTSTATUS
@@ -569,7 +569,7 @@ VOID NTAPI LDR_DLL_NOTIFICATION_FUNCTION(
    );
typedef LDR_DLL_NOTIFICATION_FUNCTION* PLDR_DLL_NOTIFICATION_FUNCTION;

-#if (PHNT_VERSION >= PHNT_VISTA)
+#if (PHNT_VERSION >= PHNT_WINDOWS_VISTA)
/**
 * Registers for notification when a DLL is first loaded. This notification occurs before dynamic linking takes place.
 *
@@ -622,7 +622,7 @@ typedef struct _LDR_FAILURE_DATA
    WCHAR AdditionalInfo[0x20];
} LDR_FAILURE_DATA, *PLDR_FAILURE_DATA;

-#if (PHNT_VERSION >= PHNT_WINBLUE)
+#if (PHNT_VERSION >= PHNT_WINDOWS_8_1)
NTSYSAPI
PLDR_FAILURE_DATA
NTAPI
@@ -676,7 +676,7 @@ typedef struct _PS_SYSTEM_DLL_INIT_BLOCK
} PS_SYSTEM_DLL_INIT_BLOCK, *PPS_SYSTEM_DLL_INIT_BLOCK;

// rev
-#if (PHNT_VERSION >= PHNT_THRESHOLD)
+#if (PHNT_VERSION >= PHNT_WINDOWS_10)
NTSYSAPI PS_SYSTEM_DLL_INIT_BLOCK LdrSystemDllInitBlock;
#endif

@@ -715,7 +715,7 @@ typedef struct _RTL_SCPCFG_NTDLL_EXPORTS
} RTL_SCPCFG_NTDLL_EXPORTS, *PRTL_SCPCFG_NTDLL_EXPORTS;

// rev
-#if (PHNT_VERSION >= PHNT_WIN11_24H2)
+#if (PHNT_VERSION >= PHNT_WINDOWS_11_24H2)
NTSYSAPI RTL_SCPCFG_NTDLL_EXPORTS RtlpScpCfgNtdllExports;
#endif

@@ -723,7 +723,7 @@ NTSYSAPI RTL_SCPCFG_NTDLL_EXPORTS RtlpScpCfgNtdllExports;
// Load as data table
//

-#if (PHNT_VERSION >= PHNT_VISTA)
+#if (PHNT_VERSION >= PHNT_WINDOWS_VISTA)

// private
NTSYSAPI
@@ -757,7 +757,7 @@ LdrGetFileNameFromLoadAsDataTable(
    _Out_ PVOID *pFileNamePrt
    );

-#endif
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_VISTA)

NTSYSAPI
NTSTATUS
@@ -770,6 +770,16 @@ LdrDisableThreadCalloutsForDll(
// Resources
//

+/**
+ * The LdrAccessResource function returns a pointer to the first byte of the specified resource in memory.
+ *
+ * @param DllHandle A handle to the DLL.
+ * @param ResourceDataEntry The resource information block.
+ * @param ResourceBuffer The pointer to the specified resource in memory.
+ * @param ResourceLength The size, in bytes, of the specified resource.
+ * @return NTSTATUS Successful or errant status.
+ * @sa https://learn.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadresource
+ */
NTSYSAPI
NTSTATUS
NTAPI
@@ -792,6 +802,16 @@ typedef struct _LDR_RESOURCE_INFO
#define RESOURCE_LANGUAGE_LEVEL 2
#define RESOURCE_DATA_LEVEL 3

+/**
+ * The LdrFindResource_U function determines the location of a resource in a DLL.
+ *
+ * @param DllHandle A handle to the DLL.
+ * @param ResourceInfo The type and name of the resource.
+ * @param Level The level of resource information.
+ * @param ResourceDataEntry The resource information block.
+ * @return NTSTATUS Successful or errant status.
+ * @sa https://learn.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-findresourceexw
+ */
NTSYSAPI
NTSTATUS
NTAPI
@@ -823,7 +843,7 @@ LdrFindResourceDirectory_U(
    _Out_ PIMAGE_RESOURCE_DIRECTORY *ResourceDirectory
    );

-#if (PHNT_VERSION >= PHNT_WIN8)
+#if (PHNT_VERSION >= PHNT_WINDOWS_8)
/**
 * The LdrResFindResource function finds a resource in a DLL.
 *
@@ -953,7 +973,7 @@ LdrResRelease(
    _In_opt_ ULONG_PTR CultureNameOrId, // MAKEINTRESOURCE
    _In_ ULONG Flags
    );
-#endif
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_8)

// private
typedef struct _LDR_ENUM_RESOURCE_ENTRY
@@ -996,13 +1016,22 @@ LdrFindEntryForAddress(
    );

// rev
+/**
+ * Returns a handle to the language-specific dynamic-link library (DLL) resource module associated with a DLL that is already loaded for the calling process.
+ *
+ * \param DllHandle A handle to the DLL module to search for a MUI resource. If the language-specific DLL for the MUI is available, loads the specified module into the address space of the calling process and returns a handle to the module.
+ * \param BaseAddress The base address of the mapped view.
+ * \param Size The size of the mapped view.
+ * \param Flags Reserved
+ * \return Successful or errant status.
+ */
NTSYSAPI
NTSTATUS
NTAPI
LdrLoadAlternateResourceModule(
    _In_ PVOID DllHandle,
-    _Out_ PVOID *ResourceDllBase,
-    _Out_opt_ ULONG_PTR *ResourceOffset,
+    _Out_ PVOID *BaseAddress,
+    _Out_opt_ SIZE_T *Size,
    _In_ ULONG Flags
    );

@@ -1013,12 +1042,18 @@ NTAPI
LdrLoadAlternateResourceModuleEx(
    _In_ PVOID DllHandle,
    _In_ LANGID LanguageId,
-    _Out_ PVOID *ResourceDllBase,
-    _Out_opt_ ULONG_PTR *ResourceOffset,
+    _Out_ PVOID *BaseAddress,
+    _Out_opt_ SIZE_T *Size,
    _In_ ULONG Flags
    );

// rev
+/**
+ * Frees the language-specific dynamic-link library (DLL) resource module previously loaded by LdrLoadAlternateResourceModule function.
+ *
+ * \param DllHandle The base address of the mapped view.
+ * \return Successful or errant status.
+ */
NTSYSAPI
BOOLEAN
NTAPI
@@ -1201,7 +1236,7 @@ PVOID NTAPI DELAYLOAD_FAILURE_SYSTEM_ROUTINE(
    );
typedef DELAYLOAD_FAILURE_SYSTEM_ROUTINE* PDELAYLOAD_FAILURE_SYSTEM_ROUTINE;

-#if (PHNT_VERSION >= PHNT_THRESHOLD)
+#if (PHNT_VERSION >= PHNT_WINDOWS_10)
// rev from QueryOptionalDelayLoadedAPI
/**
 * Determines whether the specified function in a delay-loaded DLL is available on the system.
@@ -1224,7 +1259,7 @@ LdrQueryOptionalDelayLoadedAPI(
    );
#endif

-#if (PHNT_VERSION >= PHNT_WIN8)
+#if (PHNT_VERSION >= PHNT_WINDOWS_8)
// rev from ResolveDelayLoadedAPI
/**
 * Locates the target function of the specified import and replaces the function pointer in the import thunk with the target of the function implementation.
@@ -1337,7 +1372,7 @@ LdrShutdownThread(
    VOID
    );

-#if (PHNT_VERSION >= PHNT_WINBLUE)
+#if (PHNT_VERSION >= PHNT_WINDOWS_8_1)
// rev
NTSYSAPI
NTSTATUS
@@ -1347,7 +1382,7 @@ LdrSetImplicitPathOptions(
    );
#endif

-#if (PHNT_VERSION >= PHNT_THRESHOLD)
+#if (PHNT_VERSION >= PHNT_WINDOWS_10)
#ifdef PHNT_INLINE_TYPEDEFS
/**
 * The LdrControlFlowGuardEnforced function checks if Control Flow Guard is enforced.
@@ -1379,7 +1414,7 @@ LdrControlFlowGuardEnforced(
#endif
#endif

-#if (PHNT_VERSION >= PHNT_THRESHOLD)
+#if (PHNT_VERSION >= PHNT_WINDOWS_10)
/**
 * The LdrControlFlowGuardEnforcedWithExportSuppression function checks if Control Flow Guard is
 * enforced with export suppression.
@@ -1399,7 +1434,7 @@ LdrControlFlowGuardEnforcedWithExportSuppression(
}
#endif

-#if (PHNT_VERSION >= PHNT_19H1)
+#if (PHNT_VERSION >= PHNT_WINDOWS_10_19H1)
// rev
NTSYSAPI
BOOLEAN
@@ -1409,7 +1444,7 @@ LdrIsModuleSxsRedirected(
    );
#endif

-#if (PHNT_VERSION >= PHNT_THRESHOLD)
+#if (PHNT_VERSION >= PHNT_WINDOWS_10)
// rev
NTSYSAPI
NTSTATUS
@@ -1441,7 +1476,7 @@ typedef struct _LDR_SOFTWARE_ENCLAVE
    PLDR_DATA_TABLE_ENTRY BCryptPrimitivesModule;
} LDR_SOFTWARE_ENCLAVE, *PLDR_SOFTWARE_ENCLAVE;

-#if (PHNT_VERSION >= PHNT_THRESHOLD)
+#if (PHNT_VERSION >= PHNT_WINDOWS_10)

// rev from CreateEnclave
/**
@@ -1552,7 +1587,7 @@ LdrLoadEnclaveModule(
    _In_ PUNICODE_STRING DllName
    );

-#endif
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_10)

/**
 * This function forcefully terminates the calling program if it is invoked inside a loader callout. Otherwise, it has no effect.
@@ -1597,7 +1632,7 @@ LdrSetDllManifestProber(
    _In_ PVOID Routine
    );

-#if (PHNT_VERSION >= PHNT_THRESHOLD)
+#if (PHNT_VERSION >= PHNT_WINDOWS_10)
NTSYSAPI BOOLEAN LdrpChildNtdll; // DATA export
#endif

diff --git a/phnt/include/ntlpcapi.h b/phnt/include/ntlpcapi.h
index f945fded2..6527a05ef 100644
--- a/phnt/include/ntlpcapi.h
+++ b/phnt/include/ntlpcapi.h
@@ -654,7 +654,7 @@ typedef struct _ALPC_MESSAGE_HANDLE_INFORMATION

// begin_private

-#if (PHNT_VERSION >= PHNT_VISTA)
+#if (PHNT_VERSION >= PHNT_WINDOWS_VISTA)

//
// System calls
@@ -823,7 +823,7 @@ NtAlpcConnectPort(
    _In_opt_ PLARGE_INTEGER Timeout
    );

-#if (PHNT_VERSION >= PHNT_WIN8)
+#if (PHNT_VERSION >= PHNT_WINDOWS_8)
NTSYSCALLAPI
NTSTATUS
NTAPI
@@ -897,7 +897,7 @@ NtAlpcImpersonateClientOfPort(
    _In_ PVOID Flags
    );

-#if (PHNT_VERSION >= PHNT_THRESHOLD)
+#if (PHNT_VERSION >= PHNT_WINDOWS_10)
NTSYSCALLAPI
NTSTATUS
NTAPI
@@ -990,7 +990,7 @@ AlpcUnregisterCompletionList(
    _In_ HANDLE PortHandle
    );

-#if (PHNT_VERSION >= PHNT_WIN7)
+#if (PHNT_VERSION >= PHNT_WINDOWS_7)
// rev
NTSYSAPI
NTSTATUS
@@ -1062,7 +1062,7 @@ AlpcGetCompletionListMessageAttributes(
    _In_ PPORT_MESSAGE Message
    );

-#endif
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_VISTA)

// end_private

diff --git a/phnt/include/ntmisc.h b/phnt/include/ntmisc.h
index 7fe70df6e..33c23bdb9 100644
--- a/phnt/include/ntmisc.h
+++ b/phnt/include/ntmisc.h
@@ -7,12 +7,260 @@
#ifndef _NTMISC_H
#define _NTMISC_H

-// Filter manager
+//
+// Apphelp
+//

-#define FLT_PORT_CONNECT 0x0001
-#define FLT_PORT_ALL_ACCESS (FLT_PORT_CONNECT | STANDARD_RIGHTS_ALL)
+typedef enum _AHC_INFO_CLASS 
+{
+    AhcInfoClassSdbQueryResult          = 0x00000001,
+    AhcInfoClassSdbSxsOverrideManifest  = 0x00000002,
+    AhcInfoClassSdbRunlevelFlags        = 0x00000004,
+    AhcInfoClassSdbFusionFlags          = 0x00000008,
+    AhcInfoClassSdbInstallerFlags       = 0x00000010,
+    AhcInfoClassFusionFlags             = 0x00000020,
+    AhcInfoClassTelemetryFlags          = 0x00000040,
+    AhcInfoClassInstallDetect           = 0x00000080,
+    AhcInfoClassRacEventSent            = 0x00000100,
+    AhcInfoClassIsSystemFile            = 0x00000200,
+    AhcInfoClassMonitoringFlags         = 0x00000400,
+    AhcInfoClassExeType                 = 0x00000800,
+} AHC_INFO_CLASS, *PAHC_INFO_CLASS;
+
+#define AHC_INFO_CLASS_FILTER_ON_FILETIME_CHANGE            \
+    (AHC_INFO_CLASS)(AhcInfoClassSdbQueryResult |           \
+                     AhcInfoClassSdbSxsOverrideManifest |   \
+                     AhcInfoClassSdbRunlevelFlags |         \
+                     AhcInfoClassSdbFusionFlags |           \
+                     AhcInfoClassSdbInstallerFlags |        \
+                     AhcInfoClassFusionFlags |              \
+                     AhcInfoClassRacEventSent)
+
+#define AHC_INFO_CLASS_FILTER_ON_SDB_CHANGE                 \
+    (AHC_INFO_CLASS)(AhcInfoClassSdbQueryResult |           \
+                     AhcInfoClassSdbSxsOverrideManifest |   \
+                     AhcInfoClassSdbRunlevelFlags |         \
+                     AhcInfoClassSdbFusionFlags |           \
+                     AhcInfoClassSdbInstallerFlags |        \
+                     AhcInfoClassInstallDetect)
+
+#define AHC_INFO_CLASS_ALL                                  \
+    (AHC_INFO_CLASS)(AhcInfoClassSdbQueryResult |           \
+                     AhcInfoClassSdbSxsOverrideManifest |   \
+                     AhcInfoClassSdbRunlevelFlags |         \
+                     AhcInfoClassSdbFusionFlags |           \
+                     AhcInfoClassSdbInstallerFlags |        \
+                     AhcInfoClassFusionFlags |              \
+                     AhcInfoClassTelemetryFlags |           \
+                     AhcInfoClassInstallDetect |            \
+                     AhcInfoClassRacEventSent |             \
+                     AhcInfoClassIsSystemFile |             \
+                     AhcInfoClassMonitoringFlags |          \
+                     AhcInfoClassExeType)
+
+#define AHC_INFO_CLASS_INTERNALLY_COMPUTED                  \
+    (AHC_INFO_CLASS)(AhcInfoClassSdbQueryResult |           \
+                     AhcInfoClassSdbSxsOverrideManifest |   \
+                     AhcInfoClassSdbRunlevelFlags |         \
+                     AhcInfoClassSdbFusionFlags |           \
+                     AhcInfoClassSdbInstallerFlags |        \
+                     AhcInfoClassTelemetryFlags |           \
+                     AhcInfoClassIsSystemFile |             \
+                     AhcInfoClassMonitoringFlags |          \
+                     AhcInfoClassExeType)
+
+#define AHC_INFO_CLASS_SAFE_FOR_UNPRIVILEGED_UPDATE         \
+    (AHC_INFO_CLASS)(AhcInfoClassInstallDetect |            \
+                     AhcInfoClassRacEventSent |             \
+                     AhcInfoClassTelemetryFlags |           \
+                     AhcInfoClassMonitoringFlags)
+
+//
+// Cache structures and APIs.
+//
+
+typedef enum _AHC_SERVICE_CLASS 
+{
+    ApphelpCacheServiceLookup = 0,
+    ApphelpCacheServiceRemove = 1,
+    ApphelpCacheServiceUpdate = 2,
+    ApphelpCacheServiceClear = 3,
+    ApphelpCacheServiceSnapStatistics = 4,
+    ApphelpCacheServiceSnapCache = 5,
+    ApphelpCacheServiceLookupCdb = 6,
+    ApphelpCacheServiceRefreshCdb = 7,
+    ApphelpCacheServiceMapQuirks = 8,
+    ApphelpCacheServiceHwIdQuery = 9,
+    ApphelpCacheServiceInitProcessData = 10,
+    ApphelpCacheServiceLookupAndWriteToProcess = 11,
+    ApphelpCacheServiceMax
+} AHC_SERVICE_CLASS;
+
+typedef struct _AHC_SERVICE_LOOKUP 
+{
+    AHC_INFO_CLASS InfoClass;                   // Information to lookup.
+    UINT HintFlags;                             // Hint flags about cache query.
+    UNICODE_STRING PackageAlias;                // Aliased package moniker in a packed string.
+    HANDLE FileHandle;                          // User space handle to file.
+    HANDLE ProcessHandle;                       // User space process handle.
+    USHORT ExeType;                             // Executable bitness.
+    USHORT Padding;                             // Padding to even USHORTs.
+    UNICODE_STRING ExeSignature;                // Executable file signature.
+    PCZZWSTR Environment;                       // Environment block.
+    UINT EnvironmentSize;                       // Size of environment block in bytes.
+} AHC_SERVICE_LOOKUP, *PAHC_SERVICE_LOOKUP;
+
+typedef struct _AHC_SERVICE_REMOVE 
+{
+    AHC_INFO_CLASS InfoClass;
+    UNICODE_STRING PackageAlias;
+    HANDLE FileHandle;
+    UNICODE_STRING ExeSignature;
+} AHC_SERVICE_REMOVE, *PAHC_SERVICE_REMOVE;
+
+typedef struct _AHC_SERVICE_UPDATE 
+{
+    AHC_INFO_CLASS InfoClass;
+    UNICODE_STRING PackageAlias;
+    HANDLE FileHandle;
+    UNICODE_STRING ExeSignature;
+    PVOID Data;
+    ULONG DataSize;
+} AHC_SERVICE_UPDATE, *PAHC_SERVICE_UPDATE;
+
+typedef struct _AHC_SERVICE_CLEAR 
+{
+    AHC_INFO_CLASS InfoClass;
+} AHC_SERVICE_CLEAR, *PAHC_SERVICE_CLEAR;
+
+typedef struct _AHC_SERVICE_LOOKUP_CDB 
+{
+    UNICODE_STRING Name;
+} AHC_SERVICE_LOOKUP_CDB, *PAHC_SERVICE_LOOKUP_CDB;
+
+//
+// AHC_HINT_* flags are used in the HintFlags variable.
+//
+
+#define AHC_HINT_FORCE_BYPASS                           0x00000001
+#define AHC_HINT_REMOVABLE_MEDIA                        0x00000002
+#define AHC_HINT_TEMPORARY_DIRECTORY                    0x00000004
+#define AHC_HINT_USER_PERM_LAYER                        0x00000008
+#define AHC_HINT_CREATE_PROCESS                         0x00000010
+#define AHC_HINT_NATIVE_EXE                             0x00000020
+
+#define SHIM_CACHE_MAIN_DATABASE_PATH32                 L"\\AppPatch\\sysmain.sdb"
+#define SHIM_CACHE_MAIN_DATABASE_PATH64                 L"\\AppPatch\\AppPatch64\\sysmain.sdb"
+
+//
+// Flag definitions for various flag-type information in cache.
+//

+#define AHC_CACHE_FLAG_MONITORING_IS_CANDIDATE          0x00000001 // Candidate for monitoring.
+#define AHC_CACHE_FLAG_MONITORING_IS_COMPLETE           0x00000002 // Monitoring has completed.
+#define AHC_CACHE_FLAG_MONITORING_VALID_MASK            (AHC_CACHE_FLAG_MONITORING_IS_CANDIDATE | \
+                                                         AHC_CACHE_FLAG_MONITORING_IS_COMPLETE)
+
+#define AHC_CACHE_FLAG_TELEMETRY_IS_CANDIDATE           0x00000001 // Candidate for telemetry.
+#define AHC_CACHE_FLAG_TELEMETRY_HAS_SAMPLED            0x00000002 // Telemetry has run.
+#define AHC_CACHE_FLAG_TELEMETRY_VALID_MASK             (AHC_CACHE_FLAG_TELEMETRY_IS_CANDIDATE | \
+                                                         AHC_CACHE_FLAG_TELEMETRY_HAS_SAMPLED)
+
+#define AHC_CACHE_FLAG_FUSION_HASDOTLOCAL               0x00000001 // Dot local file exists.
+#define AHC_CACHE_FLAG_FUSION_HASMANIFESTFILE           0x00000002 // Fusion manifest exists.
+#define AHC_CACHE_FLAG_FUSION_HASMANIFESTRESOURCE       0x00000004 // Fusion manifest resource exists.
+#define AHC_CACHE_FLAG_FUSION_VALID_MASK                (AHC_CACHE_FLAG_FUSION_HASDOTLOCAL | \
+                                                         AHC_CACHE_FLAG_FUSION_HASMANIFESTFILE | \
+                                                         AHC_CACHE_FLAG_FUSION_HASMANIFESTRESOURCE)
+
+#define AHC_CACHE_FLAG_RAC_EVENTSENT                    0x00000001 // Rac event has been sent.
+#define AHC_CACHE_FLAG_RAC_VALID_MASK                   (AHC_CACHE_FLAG_RAC_EVENTSENT)
+
+#define AHC_CACHE_FLAG_INSTALLDETECT_CLAIMED            0x00000001 // InstallDetect claimed.
+#define AHC_CACHE_FLAG_INSTALLDETECT_VALID_MASK         (AHC_CACHE_FLAG_RAC_EVENTSENT)
+
+//
+// Statistics.
+//
+
+typedef struct _AHC_MAIN_STATISTICS
+{
+    ULONG Lookup;                               // Count of lookup calls.
+    ULONG Remove;                               // Count of remove calls.
+    ULONG Update;                               // Count of update calls.
+    ULONG Clear;                                // Count of clear calls.
+    ULONG SnapStatistics;                       // Count of snap statistics calls.
+    ULONG SnapCache;                            // Count of snap store calls.
+} AHC_MAIN_STATISTICS, *PAHC_MAIN_STATISTICS;
+
+typedef struct _AHC_STORE_STATISTICS 
+{
+    ULONG LookupHits;                           // Count of lookup hits.
+    ULONG LookupMisses;                         // Count of lookup misses.
+    ULONG Inserted;                             // Count of inserted.
+    ULONG Replaced;                             // Count of replaced.
+    ULONG Updated;                              // Count of updates.
+} AHC_STORE_STATISTICS, *PAHC_STORE_STATISTICS;
+
+typedef struct _AHC_STATISTICS 
+{
+    ULONG Size;                                 // Size of the structure.
+    AHC_MAIN_STATISTICS Main;                   // Main statistics.
+    AHC_STORE_STATISTICS Store;                 // Store statistics.
+} AHC_STATISTICS, *PAHC_STATISTICS;
+
+typedef struct _AHC_SERVICE_DATAQUERY 
+{
+    AHC_STATISTICS Stats;                       // Statistics.
+    ULONG DataSize;                             // Size of data.
+    PBYTE Data;                                 // Data.
+} AHC_SERVICE_DATAQUERY, *PAHC_SERVICE_DATAQUERY;
+
+typedef struct _AHC_SERVICE_DATACACHE 
+{
+    HANDLE FileHandle;                          // User space handle to file.
+    USHORT ExeType;                             // Executable bitness.
+    USHORT Padding;                             // Padding to even USHORTs.
+    UINT HintFlags;                             // Metadata flags about cache query.
+    HANDLE ProcessHandle;                       // User space process handle.
+    UNICODE_STRING FileName;                    // Executable file name.
+    UNICODE_STRING Environment;                 // Environment block.
+    UNICODE_STRING PackageAlias;                // Aliased package moniker in a packed string.
+    ULONG CustomDataSize;                       // Size of the custom data to cache.
+    PBYTE CustomData;                           // Pointer to the custom data.
+} AHC_SERVICE_DATACACHE, *PAHC_SERVICE_DATACACHE;
+
+typedef struct _AHC_SERVICE_HWID_QUERY 
+{
+    BOOLEAN QueryResult;                        // Query result
+    UNICODE_STRING HwId;                        // Query HwId; can contain wildcards
+} AHC_SERVICE_HWID_QUERY, *PAHC_SERVICE_HWID_QUERY;
+
+typedef struct _AHC_SERVICE_DATA 
+{
+    AHC_SERVICE_LOOKUP Lookup;                  // Lookup EXE/Package.
+    AHC_SERVICE_UPDATE Update;                  // Updating flags for a given exe/package.
+    AHC_SERVICE_DATACACHE Cache;                // For cache operations.
+    AHC_SERVICE_LOOKUP_CDB LookupCdb;           // Lookup cdb.
+    AHC_SERVICE_CLEAR Clear;                    // Clear flags for all exes/packages.
+    AHC_SERVICE_REMOVE Remove;                  // Remove EXE/Package.
+    AHC_SERVICE_HWID_QUERY HwIdQuery;           // For HWID cache queries.
+    NTSTATUS DriverStatus;                      // Receive the status from the cache driver. Set error code in IoStatus block causes driver verifier violation.
+    PVOID ParamsOut;                            // Parameters out data.
+    ULONG ParamsOutSize;                        // Parameters out size.
+} AHC_SERVICE_DATA, *PAHC_SERVICE_DATA;
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtApphelpCacheControl(
+    _In_ AHC_SERVICE_CLASS ServiceClass,
+    _Inout_opt_ PVOID ServiceContext // AHC_SERVICE_DATA
+    );
+
+//
// VDM
+//

typedef enum _VDMSERVICECLASS
{
@@ -42,7 +290,69 @@ NtVdmControl(
    _Inout_ PVOID ServiceData
    );

+//
+// Sessions
+//
+
+typedef enum _IO_SESSION_EVENT
+{
+    IoSessionEventIgnore,
+    IoSessionEventCreated,
+    IoSessionEventTerminated,
+    IoSessionEventConnected,
+    IoSessionEventDisconnected,
+    IoSessionEventLogon,
+    IoSessionEventLogoff,
+    IoSessionEventMax
+} IO_SESSION_EVENT;
+
+typedef enum _IO_SESSION_STATE
+{
+    IoSessionStateCreated = 1,
+    IoSessionStateInitialized = 2,
+    IoSessionStateConnected = 3,
+    IoSessionStateDisconnected = 4,
+    IoSessionStateDisconnectedLoggedOn = 5,
+    IoSessionStateLoggedOn = 6,
+    IoSessionStateLoggedOff = 7,
+    IoSessionStateTerminated = 8,
+    IoSessionStateMax
+} IO_SESSION_STATE;
+
+#if (PHNT_MODE != PHNT_MODE_KERNEL)
+
+#if (PHNT_VERSION >= PHNT_WINDOWS_VISTA)
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtOpenSession(
+    _Out_ PHANDLE SessionHandle,
+    _In_ ACCESS_MASK DesiredAccess,
+    _In_ POBJECT_ATTRIBUTES ObjectAttributes
+    );
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_VISTA)
+
+#if (PHNT_VERSION >= PHNT_WINDOWS_7)
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtNotifyChangeSession(
+    _In_ HANDLE SessionHandle,
+    _In_ ULONG ChangeSequenceNumber,
+    _In_ PLARGE_INTEGER ChangeTimeStamp,
+    _In_ IO_SESSION_EVENT Event,
+    _In_ IO_SESSION_STATE NewState,
+    _In_ IO_SESSION_STATE PreviousState,
+    _In_reads_bytes_opt_(PayloadSize) PVOID Payload,
+    _In_ ULONG PayloadSize
+    );
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_7)
+
+#endif // (PHNT_MODE != PHNT_MODE_KERNEL)
+
+//
// ApiSet
+//

NTSYSAPI
BOOL
@@ -70,7 +380,7 @@ typedef enum _SECURE_SETTING_VALUE_TYPE
    SecureSettingValueTypeUnknown = 4
} SECURE_SETTING_VALUE_TYPE, *PSECURE_SETTING_VALUE_TYPE;

-#if (PHNT_VERSION >= PHNT_REDSTONE)
+#if (PHNT_VERSION >= PHNT_WINDOWS_10_RS1)
// rev
NTSYSCALLAPI
NTSTATUS
@@ -83,9 +393,9 @@ NtQuerySecurityPolicy(
    _Out_writes_bytes_opt_(*ValueSize) PVOID Value,
    _Inout_ PULONG ValueSize
    );
-#endif
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_10_RS1)

-#if (PHNT_VERSION >= PHNT_20H1)
+#if (PHNT_VERSION >= PHNT_WINDOWS_10_20H1)
// rev
NTSYSCALLAPI
NTSTATUS
@@ -120,7 +430,9 @@ NtAcquireCrossVmMutant(
    _In_ HANDLE CrossVmMutant,
    _In_ PLARGE_INTEGER Timeout
    );
+#endif // (PHNT_VERSION >= PHNT_WINDOWS_10_20H1)

+#if (PHNT_VERSION >= PHNT_WINDOWS_10_20H1)
// rev
NTSYSCALLAPI
NTSTATUS
@@ -132,9 +444,9 @@ NtDirectGraphicsCall(
    _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
    _Out_ PULONG ReturnLength
    );
-#endif
+#```