turborex 0.1.1

data/lib/turborex/windows/security/security_descriptor.rb

@@ -0,0 +1,118 @@
+module TurboRex
+  class Windows < Metasm::WinOS
+    module Security
+      class SecurityDescriptor
+        attr_reader :revision
+        attr_reader :sbzl
+        attr_reader :control
+        attr_reader :owner
+        attr_reader :group
+        attr_reader :sacl
+        attr_reader :dacl
+
+        def initialize(revision, control, owner, group, sacl, dacl, sbzl=0)
+          @revision = revision
+          @sbzl = sbzl
+          @control = control
+          @owner = owner
+          @group = group
+          @sacl = sacl
+          @dacl = dacl
+        end
+
+        # Very few robustness checks, may result in memory-corruption.
+        def self.from_raw(raw)
+          apiproxy_klass = TurboRex::Windows::Win32API
+          sd = apiproxy_klass.alloc_c_ary('BYTE', raw.bytesize)
+          sd.str = raw
+          
+          # Get security descriptor control and revision
+          pcontrol = apiproxy_klass.alloc_c_ptr('SECURITY_DESCRIPTOR_CONTROL')
+          prevision = apiproxy_klass.alloc_c_ptr('DWORD')
+          if apiproxy_klass.getsecuritydescriptorcontrol(sd, pcontrol, prevision) == 0
+            raise_api_call_failure('GetSecurityDescriptorControl')
+          end
+          control = pcontrol[0]
+          revision = prevision[0]
+          
+          # Get owner sid
+          ppsid = apiproxy_klass.alloc_c_ptr('PSID')
+          pownder_default = apiproxy_klass.alloc_c_ptr('BOOL')
+          if apiproxy_klass.getsecuritydescriptorowner(sd, ppsid, pownder_default) == 0
+            raise_api_call_failure('GetSecurityDescriptorOwner')
+          end
+
+          ppszsid = apiproxy_klass.alloc_c_ptr('LPSTR')
+          if apiproxy_klass.convertsidtostringsida(ppsid[0], ppszsid) == 0
+            raise_api_call_failure('ConvertSidToStringSidA')
+          end
+          sz_owner_sid = apiproxy_klass.memory_read_strz(ppszsid[0])
+
+          # Get group sid
+          if apiproxy_klass.getsecuritydescriptorgroup(sd, ppsid, pownder_default) == 0
+            raise_api_call_failure('GetSecurityDescriptorGroup')
+          end
+
+          ppszsid = apiproxy_klass.alloc_c_ptr('LPSTR')
+          if apiproxy_klass.convertsidtostringsida(ppsid[0], ppszsid) == 0
+            raise_api_call_failure('ConvertSidToStringSidA')
+          end
+          sz_group_sid = apiproxy_klass.memory_read_strz(ppszsid[0])          
+          
+          # TODO: parse SACL
+
+
+          # Get DACL
+          ppacl = apiproxy_klass.alloc_c_ptr('PACL')
+          dacl_present = apiproxy_klass.alloc_c_ptr('BOOL')
+          pdacl_default = apiproxy_klass.alloc_c_ptr('BOOL') 
+          if apiproxy_klass.getsecuritydescriptordacl(sd, dacl_present, ppacl, pdacl_default) == 0
+            raise_api_call_failure('GetSecurityDescriptorDacl')
+          end
+
+          acl_revision_info = apiproxy_klass.alloc_c_struct('ACL_REVISION_INFORMATION')
+          if apiproxy_klass.getaclinformation(ppacl[0], acl_revision_info, acl_revision_info.sizeof, apiproxy_klass::ACLREVISIONINFORMATION) == 0
+            raise_api_call_failure('GetAclInformation')
+          end
+          acl_revision = acl_revision_info.AclRevision
+
+          acl_size_info = apiproxy_klass.alloc_c_struct('ACL_SIZE_INFORMATION')
+          if apiproxy_klass.getaclinformation(ppacl[0], acl_size_info, acl_size_info.sizeof, apiproxy_klass::ACLSIZEINFORMATION) == 0
+            raise_api_call_failure('GetAclInformation')
+          end
+          ace_count = acl_size_info.AceCount
+
+          ppace = apiproxy_klass.alloc_c_ptr('LPVOID')
+          aces = []
+          ace_count.times do |i|
+            if apiproxy_klass.getace(ppacl[0], i, ppace) == 0
+              raise_api_call_failure('GetACE')
+            end
+
+            # parse ace
+            aces << parse_ace_from_ptr(ppace[0])
+          end
+
+          dacl = ACL::DACL.new(acl_revision, ace_count, aces)
+
+          new(revision, control, sz_owner_sid, sz_group_sid, nil, dacl)
+        end
+
+        
+        def self.raise_api_call_failure(api_name)
+          raise "Unable to call #{api_name}. GetLastError returns: #{TurboRex::Windows::Win32API.getlasterror}"
+        end
+
+        def self.parse_ace_from_ptr(ptr)
+          ace_header = TurboRex::Windows::Win32API.alloc_c_struct('ACE_HEADER')
+          raw_header = TurboRex::Windows::Utils.read_memory(ptr, ace_header.sizeof)
+          ace_header.str = raw_header
+          size = ace_header.AceSize
+
+          raw_ace = TurboRex::Windows::Utils.read_memory(ptr, size)
+          ACE.from_raw(raw_ace)
+        end
+      end
+    end
+  end
+end

data/lib/turborex/windows/tinysdk.rb

@@ -0,0 +1,89 @@
+require 'singleton'
+
+module TurboRex
+  class Windows < Metasm::WinOS
+    def self.tinysdk
+      TurboRex::Windows::TinySDK.instance
+    end
+
+    class TinySDK
+      DEFAULT_LOAD_FILE = TurboRex.root + '/resources/headers/tinysdk/tinysdk.h'
+
+      include Singleton
+
+      attr_reader :include_path
+      attr_reader :loaded_files
+      attr_reader :np
+
+      def initialize
+        @loaded = false
+        @loaded_files = []
+        set_include_path
+      end
+
+      def load(opts = {})
+        return true if loaded?
+        load!(opts)
+      end
+
+      def load!(opts)
+        opts[:cpu] ||= ::Metasm::Ia32
+
+        opts[:visual_studio] = true
+        opts[:data_model] = 'llp64' if opts[:cpu] == Metasm::X86_64
+        opts[:predefined] = true
+
+        @np = TurboRex::CStruct::NativeParser.new(nil, opts)
+        @cp = @np.parser
+
+        if opts[:files]
+          opts[:files].each {|f| @cp.parse_file(f)}
+          @loaded_files = opts[:files]
+        else
+          @cp.parse_file(DEFAULT_LOAD_FILE)
+          @loaded_files << DEFAULT_LOAD_FILE
+        end
+
+        true
+      end
+
+      def loaded?
+        @loaded
+      end
+
+      ## https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/using-ntstatus-values
+      def self.nt_success?(ntstatus)
+        (0..0x3FFFFFFF).include?(ntstatus) || (0x40000000..0x7FFFFFFF).include?(ntstatus) || ntstatus.nil?
+      end
+
+      def self.nt_information?(ntstatus)
+        (0x40000000..0x7FFFFFFF).include?(ntstatus)
+      end
+
+      def self.nt_warning?(ntstatus)
+        (0x80000000..0xBFFFFFFF).include?(ntstatus)
+      end
+
+      def self.nt_error?(ntstatus)
+        (0xC0000000..0xFFFFFFFF).include?(ntstatus)
+      end
+
+      def self.format_hex_ntstatus(integer, opts = {})
+        integer = 0 unless integer
+        unpacked = [integer].pack('V').unpack('V')[0]
+        if opts[:hex_str]
+          '0x' + unpacked.to_s(16).upcase
+        else
+          unpacked
+        end
+      end
+
+      private
+
+      def set_include_path
+        root = TurboRex.root + '/resources/headers'
+        @include_path = TurboRex::Utils.get_all_subdir(root)
+      end
+    end
+  end
+end

data/lib/turborex/windows/utils.rb

@@ -0,0 +1,138 @@
+require 'turborex/cstruct'
+module TurboRex
+  class Windows < Metasm::WinOS
+    module Utils
+      include ::Win32 if ::OS.windows?
+      include TurboRex::CStruct
+
+      def get_version(path)
+        structmgr = define_structs do
+          struct tagVS_FIXEDFILEINFO {
+            DWORD dwSignature;
+            DWORD dwStrucVersion;
+            DWORD dwFileVersionMS;
+            DWORD dwFileVersionLS;
+            DWORD dwProductVersionMS;
+            DWORD dwProductVersionLS;
+            DWORD dwFileFlagsMask;
+            DWORD dwFileFlags;
+            DWORD dwFileOS;
+            DWORD dwFileType;
+            DWORD dwFileSubtype;
+            DWORD dwFileDateMS;
+            DWORD dwFileDateLS;
+          };
+        end
+
+        fGetFileVersionInfoSize = API.new('GetFileVersionInfoSize', 'PP', 'L', 'version')
+        lpdwHandle = 0
+        lptstrFilename = path
+        buf_len = fGetFileVersionInfoSize.call(lptstrFilename, lpdwHandle)
+
+        fGetFileVersionInfo = API.new('GetFileVersionInfo', 'PLLP', 'I', 'version')
+        buf = 0.chr * buf_len
+        res = fGetFileVersionInfo.call(lptstrFilename, 0, buf_len, buf)
+
+        if res == 1
+          fVerQueryValueW = API.new('VerQueryValue', 'PPPP', 'I', 'version')
+          fileInfo = 0.chr * 8
+          size = 0.chr * 4
+          lpSubBlock = '\\'
+          res = fVerQueryValueW.call(buf, lpSubBlock, fileInfo, size)
+
+          if res == 1
+            fReadProcessMemory = API.new('ReadProcessMemory', 'LPPPP', 'I', 'kernel32')
+            size_i = size.unpack('V')[0]
+            buf = 0.chr * size_i
+            i1 = 0.chr * 8
+            fReadProcessMemory.call(-1, fileInfo.unpack('Q<')[0], buf, size_i, i1)
+            moduleVersion = structmgr['tagVS_FIXEDFILEINFO'].from_str buf
+            return [moduleVersion['dwFileVersionMS'].value, moduleVersion['dwFileVersionLS'].value]
+          end
+        end
+      end
+
+      def self.multibyte_to_widechar(str)
+        fMultiByteToWideChar = API.new('MultiByteToWideChar', 'ILSIPI', 'I', 'kernel32')
+        code_page = 65001 # CP_UTF8
+        flag = 0
+        ilength = fMultiByteToWideChar.call(code_page, flag, str, -1, 0, 0)
+        return false if ilength == 0
+
+        buf = 0.chr * ilength * 2
+        res = fMultiByteToWideChar.call(code_page, flag, str, -1, buf, ilength)
+        return false if res == 0
+        buf
+      end
+
+      def self.read_memory(base, size, handle = -1)
+        fReadProcessMemory = API.new('ReadProcessMemory', 'LPPPP', 'I', 'kernel32')
+        i1 = 0.chr * 8
+        buf = 0.chr * size
+        if fReadProcessMemory.call(handle, base, buf, size, i1) == 1
+          buf
+        else
+          nil
+        end
+      end
+
+      def self.is_wow64?
+        fIsWow64Process = API.new('IsWow64Process', 'PP', 'I', 'kernel32')
+        wow64 = 0.chr
+        raise "Failed to call IsWow64Process" if fIsWow64Process.call(-1, wow64) == 0
+
+        wow64.unpack('C').first == 1
+      end
+
+      def self.process_arch(pid=nil, handle=-1)
+        case Metasm::WinOS::Process.new(pid, handle).addrsz / 8
+        when 4
+          'x86'
+        when 8
+          'x64'
+        end
+      end
+
+      def self.process_arch_x64?(pid=nil, handle=-1)
+        Metasm::WinOS::Process.new(pid, handle).addrsz / 8 == 8
+      end
+
+      def self.find_import_func(func, filenames, stop_when_found = false)
+        found = []
+        filenames.each do |f|
+          dfile = ::Metasm::PE.decode_file_header f
+          dfile.decode_imports
+          imports = dfile.imports
+          next if not imports
+          imports.each do |import_dict|
+            import_dict.imports.each do |import_desc|
+              if import_desc.name == func
+                return f if stop_when_found
+                found << f
+              end
+            end
+          end
+        end
+
+        found
+      end
+
+      def self.find_export_func(func, filenames, stop_when_found = false)
+        found = []
+        filenames.each do |f|
+          dfile = ::Metasm::PE.decode_file_header f
+          dfile.decode_exports
+          export = dfile.export
+          next if !export
+          next if !export.exports
+          export.exports.each do |exp|
+            if exp.name == func && !exp.forwarder_lib
+              return f if stop_when_found
+              found << f
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/resources/headers/alpc/ntdef.h

@@ -0,0 +1,72 @@
+#include <tinysdk/wintype.h>
+#include <tinysdk/winnt.h>
+
+#define _Out_
+#define _In_opt_
+#define _Inout_
+#define _Out_opt_
+#define _In_
+#define _Inout_opt_
+#define _Reserved_
+
+typedef struct _OBJECT_ATTRIBUTES {
+  ULONG Length;
+  HANDLE RootDirectory;
+  PUNICODE_STRING ObjectName;
+  ULONG Attributes;
+  PVOID SecurityDescriptor;
+  PVOID SecurityQualityOfService;
+} OBJECT_ATTRIBUTES;
+typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES;
+
+typedef short CSHORT;
+#if !defined(_M_IX86)
+ typedef __int64 LONGLONG;
+  typedef unsigned __int64 ULONGLONG;
+#else
+ typedef double LONGLONG;
+  typedef double ULONGLONG;
+#endif
+
+/*
+typedef union _LARGE_INTEGER {
+  struct {
+    DWORD LowPart;
+    LONG  HighPart;
+  } DUMMYSTRUCTNAME;
+  struct {
+    DWORD LowPart;
+    LONG  HighPart;
+  } u;
+  LONGLONG QuadPart;
+} LARGE_INTEGER, *PLARGE_INTEGER;
+*/
+
+typedef struct _CLIENT_ID
+{
+    HANDLE UniqueProcess;
+    HANDLE UniqueThread;
+} CLIENT_ID, *PCLIENT_ID;
+
+typedef struct _CLIENT_ID32
+{
+    ULONG UniqueProcess;
+    ULONG UniqueThread;
+} CLIENT_ID32, *PCLIENT_ID32;
+
+typedef struct _CLIENT_ID64
+{
+    ULONGLONG UniqueProcess;
+    ULONGLONG UniqueThread;
+} CLIENT_ID64, *PCLIENT_ID64;
+
+// from thread
+typedef struct _RTL_SRWLOCK {
+        PVOID Ptr;
+} RTL_SRWLOCK, *PRTL_SRWLOCK;
+typedef RTL_SRWLOCK SRWLOCK, *PSRWLOCK;
+
+void RtlInitUnicodeString(
+  PUNICODE_STRING DestinationString,
+  PCWSTR          SourceString
+);

data/resources/headers/alpc/ntlpcapi.h

@@ -0,0 +1,1014 @@
+#include <ntdef.h>
+
+//from ProcessHacker
+#define NT_WIN2K 50
+#define NT_WINXP 51
+#define NT_WS03 52
+#define NT_VISTA 60
+#define NT_WIN7 61
+#define NT_WIN8 62
+#define NT_WINBLUE 63
+#define NT_THRESHOLD 100
+#ifndef _NTLPCAPI_H
+#define _NTLPCAPI_H
+
+// Local Inter-process Communication
+
+#define PORT_CONNECT 0x0001
+#define PORT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1)
+#define DECLSPEC_ALIGN(x) __declspec(align(x))
+
+typedef struct _PORT_MESSAGE
+{
+    union
+    {
+        struct
+        {
+            CSHORT DataLength;
+            CSHORT TotalLength;
+        } s1;
+        ULONG Length;
+    } u1;
+    union
+    {
+        struct
+        {
+            CSHORT Type;
+            CSHORT DataInfoOffset;
+        } s2;
+        ULONG ZeroInit;
+    } u2;
+    union
+    {
+        CLIENT_ID ClientId;
+        double DoNotUseThisField;
+    };
+    ULONG MessageId;
+    union
+    {
+        SIZE_T ClientViewSize; // only valid for LPC_CONNECTION_REQUEST messages
+        ULONG CallbackId; // only valid for LPC_REQUEST messages
+    };
+} PORT_MESSAGE, *PPORT_MESSAGE;
+
+typedef struct _PORT_DATA_ENTRY
+{
+    PVOID Base;
+    ULONG Size;
+} PORT_DATA_ENTRY, *PPORT_DATA_ENTRY;
+
+typedef struct _PORT_DATA_INFORMATION
+{
+    ULONG CountDataEntries;
+    PORT_DATA_ENTRY DataEntries[1];
+} PORT_DATA_INFORMATION, *PPORT_DATA_INFORMATION;
+
+#define LPC_REQUEST 1
+#define LPC_REPLY 2
+#define LPC_DATAGRAM 3
+#define LPC_LOST_REPLY 4
+#define LPC_PORT_CLOSED 5
+#define LPC_CLIENT_DIED 6
+#define LPC_EXCEPTION 7
+#define LPC_DEBUG_EVENT 8
+#define LPC_ERROR_EVENT 9
+#define LPC_CONNECTION_REQUEST 10
+
+#define LPC_KERNELMODE_MESSAGE (CSHORT)0x8000
+#define LPC_NO_IMPERSONATE (CSHORT)0x4000
+
+#define PORT_VALID_OBJECT_ATTRIBUTES OBJ_CASE_INSENSITIVE
+
+#ifdef _WIN64
+#define PORT_MAXIMUM_MESSAGE_LENGTH 512
+#else
+#define PORT_MAXIMUM_MESSAGE_LENGTH 256
+#endif
+
+#define LPC_MAX_CONNECTION_INFO_SIZE (16 * sizeof(ULONG_PTR))
+
+#define PORT_TOTAL_MAXIMUM_MESSAGE_LENGTH \
+    ((PORT_MAXIMUM_MESSAGE_LENGTH + sizeof(PORT_MESSAGE) + LPC_MAX_CONNECTION_INFO_SIZE + 0xf) & ~0xf)
+
+typedef struct _LPC_CLIENT_DIED_MSG
+{
+    PORT_MESSAGE PortMsg;
+    LARGE_INTEGER CreateTime;
+} LPC_CLIENT_DIED_MSG, *PLPC_CLIENT_DIED_MSG;
+
+typedef struct _PORT_VIEW
+{
+    ULONG Length;
+    HANDLE SectionHandle;
+    ULONG SectionOffset;
+    SIZE_T ViewSize;
+    PVOID ViewBase;
+    PVOID ViewRemoteBase;
+} PORT_VIEW, *PPORT_VIEW;
+
+typedef struct _REMOTE_PORT_VIEW
+{
+    ULONG Length;
+    SIZE_T ViewSize;
+    PVOID ViewBase;
+} REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW;
+
+// WOW64 definitions
+
+// Except in a small number of special cases, WOW64 programs using the LPC APIs must use the 64-bit versions of the
+// PORT_MESSAGE, PORT_VIEW and REMOTE_PORT_VIEW data structures. Note that we take a different approach than the
+// official NT headers, which produce 64-bit versions in a 32-bit environment when USE_LPC6432 is defined.
+
+typedef struct _PORT_MESSAGE64
+{
+    union
+    {
+        struct
+        {
+            CSHORT DataLength;
+            CSHORT TotalLength;
+        } s1;
+        ULONG Length;
+    } u1;
+    union
+    {
+        struct
+        {
+            CSHORT Type;
+            CSHORT DataInfoOffset;
+        } s2;
+        ULONG ZeroInit;
+    } u2;
+    union
+    {
+        CLIENT_ID64 ClientId;
+        double DoNotUseThisField;
+    };
+    ULONG MessageId;
+    union
+    {
+        ULONGLONG ClientViewSize; // only valid for LPC_CONNECTION_REQUEST messages
+        ULONG CallbackId; // only valid for LPC_REQUEST messages
+    };
+} PORT_MESSAGE64, *PPORT_MESSAGE64;
+
+typedef struct _LPC_CLIENT_DIED_MSG64
+{
+    PORT_MESSAGE64 PortMsg;
+    LARGE_INTEGER CreateTime;
+} LPC_CLIENT_DIED_MSG64, *PLPC_CLIENT_DIED_MSG64;
+
+typedef struct _PORT_VIEW64
+{
+    ULONG Length;
+    ULONGLONG SectionHandle;
+    ULONG SectionOffset;
+    ULONGLONG ViewSize;
+    ULONGLONG ViewBase;
+    ULONGLONG ViewRemoteBase;
+} PORT_VIEW64, *PPORT_VIEW64;
+
+typedef struct _REMOTE_PORT_VIEW64
+{
+    ULONG Length;
+    ULONGLONG ViewSize;
+    ULONGLONG ViewBase;
+} REMOTE_PORT_VIEW64, *PREMOTE_PORT_VIEW64;
+
+// Port creation
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtCreatePort(
+    _Out_ PHANDLE PortHandle,
+    _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
+    _In_ ULONG MaxConnectionInfoLength,
+    _In_ ULONG MaxMessageLength,
+    _In_opt_ ULONG MaxPoolUsage
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtCreateWaitablePort(
+    _Out_ PHANDLE PortHandle,
+    _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
+    _In_ ULONG MaxConnectionInfoLength,
+    _In_ ULONG MaxMessageLength,
+    _In_opt_ ULONG MaxPoolUsage
+    );
+
+// Port connection (client)
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtConnectPort(
+    _Out_ PHANDLE PortHandle,
+    _In_ PUNICODE_STRING PortName,
+    _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQos,
+    _Inout_opt_ PPORT_VIEW ClientView,
+    _Inout_opt_ PREMOTE_PORT_VIEW ServerView,
+    _Out_opt_ PULONG MaxMessageLength,
+    PVOID ConnectionInformation,
+    _Inout_opt_ PULONG ConnectionInformationLength
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtSecureConnectPort(
+    _Out_ PHANDLE PortHandle,
+    _In_ PUNICODE_STRING PortName,
+    _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQos,
+    _Inout_opt_ PPORT_VIEW ClientView,
+    _In_opt_ PSID RequiredServerSid,
+    _Inout_opt_ PREMOTE_PORT_VIEW ServerView,
+    _Out_opt_ PULONG MaxMessageLength,
+    PVOID ConnectionInformation,
+    _Inout_opt_ PULONG ConnectionInformationLength
+    );
+
+// Port connection (server)
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtListenPort(
+    _In_ HANDLE PortHandle,
+    _Out_ PPORT_MESSAGE ConnectionRequest
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAcceptConnectPort(
+    _Out_ PHANDLE PortHandle,
+    _In_opt_ PVOID PortContext,
+    _In_ PPORT_MESSAGE ConnectionRequest,
+    _In_ BOOLEAN AcceptConnection,
+    _Inout_opt_ PPORT_VIEW ServerView,
+    _Out_opt_ PREMOTE_PORT_VIEW ClientView
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtCompleteConnectPort(
+    _In_ HANDLE PortHandle
+    );
+
+// General
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtRequestPort(
+    _In_ HANDLE PortHandle,
+    PPORT_MESSAGE RequestMessage
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtRequestWaitReplyPort(
+    _In_ HANDLE PortHandle,
+    PPORT_MESSAGE RequestMessage,
+    _Out_ PPORT_MESSAGE ReplyMessage
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtReplyPort(
+    _In_ HANDLE PortHandle,
+    PPORT_MESSAGE ReplyMessage
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtReplyWaitReplyPort(
+    _In_ HANDLE PortHandle,
+    _Inout_ PPORT_MESSAGE ReplyMessage
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtReplyWaitReceivePort(
+    _In_ HANDLE PortHandle,
+    _Out_opt_ PVOID *PortContext,
+    PPORT_MESSAGE ReplyMessage,
+    _Out_ PPORT_MESSAGE ReceiveMessage
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtReplyWaitReceivePortEx(
+    _In_ HANDLE PortHandle,
+    _Out_opt_ PVOID *PortContext,
+    PPORT_MESSAGE ReplyMessage,
+    _Out_ PPORT_MESSAGE ReceiveMessage,
+    _In_opt_ PLARGE_INTEGER Timeout
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtImpersonateClientOfPort(
+    _In_ HANDLE PortHandle,
+    _In_ PPORT_MESSAGE Message
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtReadRequestData(
+    _In_ HANDLE PortHandle,
+    _In_ PPORT_MESSAGE Message,
+    _In_ ULONG DataEntryIndex,
+    PVOID Buffer,
+    _In_ SIZE_T BufferSize,
+    _Out_opt_ PSIZE_T NumberOfBytesRead
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtWriteRequestData(
+    _In_ HANDLE PortHandle,
+    _In_ PPORT_MESSAGE Message,
+    _In_ ULONG DataEntryIndex,
+    PVOID Buffer,
+    _In_ SIZE_T BufferSize,
+    _Out_opt_ PSIZE_T NumberOfBytesWritten
+    );
+
+typedef enum _PORT_INFORMATION_CLASS
+{
+    PortBasicInformation,
+    PortDumpInformation
+} PORT_INFORMATION_CLASS;
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtQueryInformationPort(
+    _In_ HANDLE PortHandle,
+    _In_ PORT_INFORMATION_CLASS PortInformationClass,
+    PVOID PortInformation,
+    _In_ ULONG Length,
+    _Out_opt_ PULONG ReturnLength
+    );
+
+// Asynchronous Local Inter-process Communication
+
+// rev
+typedef HANDLE ALPC_HANDLE, *PALPC_HANDLE;
+
+#define ALPC_PORFLG_ALLOW_LPC_REQUESTS 0x20000 // rev
+#define ALPC_PORFLG_WAITABLE_PORT 0x40000 // dbg
+#define ALPC_PORFLG_SYSTEM_PROCESS 0x100000 // dbg
+
+// symbols
+typedef struct _ALPC_PORT_ATTRIBUTES
+{
+    ULONG Flags;
+    SECURITY_QUALITY_OF_SERVICE SecurityQos;
+    SIZE_T MaxMessageLength;
+    SIZE_T MemoryBandwidth;
+    SIZE_T MaxPoolUsage;
+    SIZE_T MaxSectionSize;
+    SIZE_T MaxViewSize;
+    SIZE_T MaxTotalSectionSize;
+    ULONG DupObjectTypes;
+#ifdef _WIN64
+    ULONG Reserved;
+#endif
+} ALPC_PORT_ATTRIBUTES, *PALPC_PORT_ATTRIBUTES;
+
+// begin_rev
+#define ALPC_MESSAGE_SECURITY_ATTRIBUTE 0x80000000
+#define ALPC_MESSAGE_VIEW_ATTRIBUTE 0x40000000
+#define ALPC_MESSAGE_CONTEXT_ATTRIBUTE 0x20000000
+// from PythonForWindows
+#define ALPC_MESSAGE_HANDLE_ATTRIBUTE 0x10000000
+#define ALPC_MESSAGE_TOKEN_ATTRIBUTE 0x8000000
+#define ALPC_MESSAGE_DIRECT_ATTRIBUTE 0x4000000
+#define ALPC_MESSAGE_WORK_ON_BEHALF_ATTRIBUTE 0x2000000
+// end_rev
+
+// symbols
+typedef struct _ALPC_MESSAGE_ATTRIBUTES
+{
+    ULONG AllocatedAttributes;
+    ULONG ValidAttributes;
+} ALPC_MESSAGE_ATTRIBUTES, *PALPC_MESSAGE_ATTRIBUTES;
+
+// symbols
+typedef struct _ALPC_COMPLETION_LIST_STATE
+{
+    union
+    {
+        struct
+        {
+            ULONG64 Head : 24;
+            ULONG64 Tail : 24;
+            ULONG64 ActiveThreadCount : 16;
+        } s1;
+        ULONG64 Value;
+    } u1;
+} ALPC_COMPLETION_LIST_STATE, *PALPC_COMPLETION_LIST_STATE;
+
+#define ALPC_COMPLETION_LIST_BUFFER_GRANULARITY_MASK 0x3f // dbg
+
+// symbols
+typedef struct DECLSPEC_ALIGN(128) _ALPC_COMPLETION_LIST_HEADER
+{
+    ULONG64 StartMagic;
+
+    ULONG TotalSize;
+    ULONG ListOffset;
+    ULONG ListSize;
+    ULONG BitmapOffset;
+    ULONG BitmapSize;
+    ULONG DataOffset;
+    ULONG DataSize;
+    ULONG AttributeFlags;
+    ULONG AttributeSize;
+
+    DECLSPEC_ALIGN(128) ALPC_COMPLETION_LIST_STATE State;
+    ULONG LastMessageId;
+    ULONG LastCallbackId;
+    DECLSPEC_ALIGN(128) ULONG PostCount;
+    DECLSPEC_ALIGN(128) ULONG ReturnCount;
+    DECLSPEC_ALIGN(128) ULONG LogSequenceNumber;
+    DECLSPEC_ALIGN(128) RTL_SRWLOCK UserLock;
+
+    ULONG64 EndMagic;
+} ALPC_COMPLETION_LIST_HEADER, *PALPC_COMPLETION_LIST_HEADER;
+
+// private
+typedef struct _ALPC_CONTEXT_ATTR
+{
+    PVOID PortContext;
+    PVOID MessageContext;
+    ULONG Sequence;
+    ULONG MessageId;
+    ULONG CallbackId;
+} ALPC_CONTEXT_ATTR, *PALPC_CONTEXT_ATTR;
+
+// begin_rev
+#define ALPC_HANDLEFLG_DUPLICATE_SAME_ACCESS 0x10000
+#define ALPC_HANDLEFLG_DUPLICATE_SAME_ATTRIBUTES 0x20000
+#define ALPC_HANDLEFLG_DUPLICATE_INHERIT 0x80000
+// end_rev
+
+// private
+typedef struct _ALPC_HANDLE_ATTR32
+{
+    ULONG Flags;
+    ULONG Reserved0;
+    ULONG SameAccess;
+    ULONG SameAttributes;
+    ULONG Indirect;
+    ULONG Inherit;
+    ULONG Reserved1;
+    ULONG Handle;
+    ULONG ObjectType; // ObjectTypeCode, not ObjectTypeIndex
+    ULONG DesiredAccess;
+    ULONG GrantedAccess;
+} ALPC_HANDLE_ATTR32, *PALPC_HANDLE_ATTR32;
+
+// private
+typedef struct _ALPC_HANDLE_ATTR
+{
+    ULONG Flags;
+    ULONG Reserved0;
+    ULONG SameAccess;
+    ULONG SameAttributes;
+    ULONG Indirect;
+    ULONG Inherit;
+    ULONG Reserved1;
+    HANDLE Handle;
+    PALPC_HANDLE_ATTR32 HandleAttrArray;
+    ULONG ObjectType; // ObjectTypeCode, not ObjectTypeIndex
+    ULONG HandleCount;
+    ACCESS_MASK DesiredAccess;
+    ACCESS_MASK GrantedAccess;
+} ALPC_HANDLE_ATTR, *PALPC_HANDLE_ATTR;
+
+#define ALPC_SECFLG_CREATE_HANDLE 0x20000 // dbg
+#define ALPC_SECFLG_NOSECTIONHANDLE 0x40000
+// private
+typedef struct _ALPC_SECURITY_ATTR
+{
+    ULONG Flags;
+    PSECURITY_QUALITY_OF_SERVICE QoS;
+    ALPC_HANDLE ContextHandle; // dbg
+} ALPC_SECURITY_ATTR, *PALPC_SECURITY_ATTR;
+
+// begin_rev
+#define ALPC_VIEWFLG_NOT_SECURE 0x40000
+// end_rev
+
+// private
+typedef struct _ALPC_DATA_VIEW_ATTR
+{
+    ULONG Flags;
+    ALPC_HANDLE SectionHandle;
+    PVOID ViewBase; // must be zero on input
+    SIZE_T ViewSize;
+} ALPC_DATA_VIEW_ATTR, *PALPC_DATA_VIEW_ATTR;
+
+// private
+typedef enum _ALPC_PORT_INFORMATION_CLASS
+{
+    AlpcBasicInformation, // q: out ALPC_BASIC_INFORMATION
+    AlpcPortInformation, // s: in ALPC_PORT_ATTRIBUTES
+    AlpcAssociateCompletionPortInformation, // s: in ALPC_PORT_ASSOCIATE_COMPLETION_PORT
+    AlpcConnectedSIDInformation, // q: in SID
+    AlpcServerInformation, // q: inout ALPC_SERVER_INFORMATION
+    AlpcMessageZoneInformation, // s: in ALPC_PORT_MESSAGE_ZONE_INFORMATION
+    AlpcRegisterCompletionListInformation, // s: in ALPC_PORT_COMPLETION_LIST_INFORMATION
+    AlpcUnregisterCompletionListInformation, // s: VOID
+    AlpcAdjustCompletionListConcurrencyCountInformation, // s: in ULONG
+    AlpcRegisterCallbackInformation, // kernel-mode only
+    AlpcCompletionListRundownInformation, // s: VOID
+    AlpcWaitForPortReferences
+} ALPC_PORT_INFORMATION_CLASS;
+
+// private
+typedef struct _ALPC_BASIC_INFORMATION
+{
+    ULONG Flags;
+    ULONG SequenceNo;
+    PVOID PortContext;
+} ALPC_BASIC_INFORMATION, *PALPC_BASIC_INFORMATION;
+
+// private
+typedef struct _ALPC_PORT_ASSOCIATE_COMPLETION_PORT
+{
+    PVOID CompletionKey;
+    HANDLE CompletionPort;
+} ALPC_PORT_ASSOCIATE_COMPLETION_PORT, *PALPC_PORT_ASSOCIATE_COMPLETION_PORT;
+
+// private
+typedef struct _ALPC_SERVER_INFORMATION
+{
+    union
+    {
+        struct
+        {
+            HANDLE ThreadHandle;
+        } In;
+        struct
+        {
+            BOOLEAN ThreadBlocked;
+            HANDLE ConnectedProcessId;
+            UNICODE_STRING ConnectionPortName;
+        } Out;
+    };
+} ALPC_SERVER_INFORMATION, *PALPC_SERVER_INFORMATION;
+
+// private
+typedef struct _ALPC_PORT_MESSAGE_ZONE_INFORMATION
+{
+    PVOID Buffer;
+    ULONG Size;
+} ALPC_PORT_MESSAGE_ZONE_INFORMATION, *PALPC_PORT_MESSAGE_ZONE_INFORMATION;
+
+// private
+typedef struct _ALPC_PORT_COMPLETION_LIST_INFORMATION
+{
+    PVOID Buffer; // PALPC_COMPLETION_LIST_HEADER
+    ULONG Size;
+    ULONG ConcurrencyCount;
+    ULONG AttributeFlags;
+} ALPC_PORT_COMPLETION_LIST_INFORMATION, *PALPC_PORT_COMPLETION_LIST_INFORMATION;
+
+// private
+typedef enum _ALPC_MESSAGE_INFORMATION_CLASS
+{
+    AlpcMessageSidInformation, // q: out SID
+    AlpcMessageTokenModifiedIdInformation,  // q: out LUID
+    AlpcMessageDirectStatusInformation,
+    AlpcMessageHandleInformation, // ALPC_MESSAGE_HANDLE_INFORMATION
+    MaxAlpcMessageInfoClass
+} ALPC_MESSAGE_INFORMATION_CLASS, *PALPC_MESSAGE_INFORMATION_CLASS;
+
+typedef struct _ALPC_MESSAGE_HANDLE_INFORMATION
+{
+    ULONG Index;
+    ULONG Flags;
+    ULONG Handle;
+    ULONG ObjectType;
+    ACCESS_MASK GrantedAccess;
+} ALPC_MESSAGE_HANDLE_INFORMATION, *PALPC_MESSAGE_HANDLE_INFORMATION;
+
+// begin_private
+
+#if (NT_VERSION >= NT_VISTA)
+
+// System calls
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAlpcCreatePort(
+    _Out_ PHANDLE PortHandle,
+    _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
+    _In_opt_ PALPC_PORT_ATTRIBUTES PortAttributes
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAlpcDisconnectPort(
+    _In_ HANDLE PortHandle,
+    _In_ ULONG Flags
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAlpcQueryInformation(
+    _In_opt_ HANDLE PortHandle,
+    _In_ ALPC_PORT_INFORMATION_CLASS PortInformationClass,
+     PVOID PortInformation,
+    _In_ ULONG Length,
+    _Out_opt_ PULONG ReturnLength
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAlpcSetInformation(
+    _In_ HANDLE PortHandle,
+    _In_ ALPC_PORT_INFORMATION_CLASS PortInformationClass,
+     PVOID PortInformation,
+    _In_ ULONG Length
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAlpcCreatePortSection(
+    _In_ HANDLE PortHandle,
+    _In_ ULONG Flags,
+    _In_opt_ HANDLE SectionHandle,
+    _In_ SIZE_T SectionSize,
+    _Out_ PALPC_HANDLE AlpcSectionHandle,
+    _Out_ PSIZE_T ActualSectionSize
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAlpcDeletePortSection(
+    _In_ HANDLE PortHandle,
+    _Reserved_ ULONG Flags,
+    _In_ ALPC_HANDLE SectionHandle
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAlpcCreateResourceReserve(
+    _In_ HANDLE PortHandle,
+    _Reserved_ ULONG Flags,
+    _In_ SIZE_T MessageSize,
+    _Out_ PALPC_HANDLE ResourceId
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAlpcDeleteResourceReserve(
+    _In_ HANDLE PortHandle,
+    _Reserved_ ULONG Flags,
+    _In_ ALPC_HANDLE ResourceId
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAlpcCreateSectionView(
+    _In_ HANDLE PortHandle,
+    _Reserved_ ULONG Flags,
+    _Inout_ PALPC_DATA_VIEW_ATTR ViewAttributes
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAlpcDeleteSectionView(
+    _In_ HANDLE PortHandle,
+    _Reserved_ ULONG Flags,
+    _In_ PVOID ViewBase
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAlpcCreateSecurityContext(
+    _In_ HANDLE PortHandle,
+    _Reserved_ ULONG Flags,
+    _Inout_ PALPC_SECURITY_ATTR SecurityAttribute
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAlpcDeleteSecurityContext(
+    _In_ HANDLE PortHandle,
+    _Reserved_ ULONG Flags,
+    _In_ ALPC_HANDLE ContextHandle
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAlpcRevokeSecurityContext(
+    _In_ HANDLE PortHandle,
+    _Reserved_ ULONG Flags,
+    _In_ ALPC_HANDLE ContextHandle
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAlpcQueryInformationMessage(
+    _In_ HANDLE PortHandle,
+    _In_ PPORT_MESSAGE PortMessage,
+    _In_ ALPC_MESSAGE_INFORMATION_CLASS MessageInformationClass,
+    _Inout_ PVOID MessageInformation,
+    _In_ ULONG Length,
+    _Out_opt_ PULONG ReturnLength
+    );
+
+#define ALPC_MSGFLG_REPLY_MESSAGE 0x1
+#define ALPC_MSGFLG_LPC_MODE 0x2 // ?
+#define ALPC_MSGFLG_RELEASE_MESSAGE 0x10000 // dbg
+#define ALPC_MSGFLG_SYNC_REQUEST 0x20000 // dbg
+#define ALPC_MSGFLG_WAIT_USER_MODE 0x100000
+#define ALPC_MSGFLG_WAIT_ALERTABLE 0x200000
+#define ALPC_MSGFLG_WOW64_CALL 0x80000000 // dbg
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAlpcConnectPort(
+    _Out_ PHANDLE PortHandle,
+    _In_ PUNICODE_STRING PortName,
+    _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
+    _In_opt_ PALPC_PORT_ATTRIBUTES PortAttributes,
+    _In_ ULONG Flags,
+    _In_opt_ PSID RequiredServerSid,
+     PPORT_MESSAGE ConnectionMessage,
+    _Inout_opt_ PULONG BufferLength,
+    _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES OutMessageAttributes,
+    _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES InMessageAttributes,
+    _In_opt_ PLARGE_INTEGER Timeout
+    );
+
+#if (NT_VERSION >= NT_WIN8)
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAlpcConnectPortEx(
+    _Out_ PHANDLE PortHandle,
+    _In_ POBJECT_ATTRIBUTES ConnectionPortObjectAttributes,
+    _In_opt_ POBJECT_ATTRIBUTES ClientPortObjectAttributes,
+    _In_opt_ PALPC_PORT_ATTRIBUTES PortAttributes,
+    _In_ ULONG Flags,
+    _In_opt_ PSECURITY_DESCRIPTOR ServerSecurityRequirements,
+     PPORT_MESSAGE ConnectionMessage,
+    _Inout_opt_ PSIZE_T BufferLength,
+    _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES OutMessageAttributes,
+    _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES InMessageAttributes,
+    _In_opt_ PLARGE_INTEGER Timeout
+    );
+#endif
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAlpcAcceptConnectPort(
+    _Out_ PHANDLE PortHandle,
+    _In_ HANDLE ConnectionPortHandle,
+    _In_ ULONG Flags,
+    _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
+    _In_opt_ PALPC_PORT_ATTRIBUTES PortAttributes,
+    _In_opt_ PVOID PortContext,
+     PPORT_MESSAGE ConnectionRequest,
+    _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES ConnectionMessageAttributes,
+    _In_ BOOLEAN AcceptConnection
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAlpcSendWaitReceivePort(
+    _In_ HANDLE PortHandle,
+    _In_ ULONG Flags,
+     PPORT_MESSAGE SendMessage,
+    _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES SendMessageAttributes,
+     PPORT_MESSAGE ReceiveMessage,
+    _Inout_opt_ PSIZE_T BufferLength,
+    _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES ReceiveMessageAttributes,
+    _In_opt_ PLARGE_INTEGER Timeout
+    );
+
+#define ALPC_CANCELFLG_TRY_CANCEL 0x1 // dbg
+#define ALPC_CANCELFLG_NO_CONTEXT_CHECK 0x8
+#define ALPC_CANCELFLGP_FLUSH 0x10000 // dbg
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAlpcCancelMessage(
+    _In_ HANDLE PortHandle,
+    _In_ ULONG Flags,
+    _In_ PALPC_CONTEXT_ATTR MessageContext
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAlpcImpersonateClientOfPort(
+    _In_ HANDLE PortHandle,
+    _In_ PPORT_MESSAGE Message,
+    _In_ PVOID Flags
+    );
+
+#if (NT_VERSION >= NT_THRESHOLD)
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAlpcImpersonateClientContainerOfPort(
+    _In_ HANDLE PortHandle,
+    _In_ PPORT_MESSAGE Message,
+    _In_ ULONG Flags
+    );
+#endif
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAlpcOpenSenderProcess(
+    _Out_ PHANDLE ProcessHandle,
+    _In_ HANDLE PortHandle,
+    _In_ PPORT_MESSAGE PortMessage,
+    _In_ ULONG Flags,
+    _In_ ACCESS_MASK DesiredAccess,
+    _In_ POBJECT_ATTRIBUTES ObjectAttributes
+    );
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAlpcOpenSenderThread(
+    _Out_ PHANDLE ThreadHandle,
+    _In_ HANDLE PortHandle,
+    _In_ PPORT_MESSAGE PortMessage,
+    _In_ ULONG Flags,
+    _In_ ACCESS_MASK DesiredAccess,
+    _In_ POBJECT_ATTRIBUTES ObjectAttributes
+    );
+
+// Support functions
+
+NTSYSAPI
+ULONG
+NTAPI
+AlpcMaxAllowedMessageLength(
+    VOID
+    );
+
+NTSYSAPI
+ULONG
+NTAPI
+AlpcGetHeaderSize(
+    _In_ ULONG Flags
+    );
+
+#define ALPC_ATTRFLG_ALLOCATEDATTR 0x20000000
+#define ALPC_ATTRFLG_VALIDATTR 0x40000000
+#define ALPC_ATTRFLG_KEEPRUNNINGATTR 0x60000000
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+AlpcInitializeMessageAttribute(
+    _In_ ULONG AttributeFlags,
+    _Out_opt_ PALPC_MESSAGE_ATTRIBUTES Buffer,
+    _In_ ULONG BufferSize,
+    _Out_ PULONG RequiredBufferSize
+    );
+
+NTSYSAPI
+PVOID
+NTAPI
+AlpcGetMessageAttribute(
+    _In_ PALPC_MESSAGE_ATTRIBUTES Buffer,
+    _In_ ULONG AttributeFlag
+    );
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+AlpcRegisterCompletionList(
+    _In_ HANDLE PortHandle,
+    _Out_ PALPC_COMPLETION_LIST_HEADER Buffer,
+    _In_ ULONG Size,
+    _In_ ULONG ConcurrencyCount,
+    _In_ ULONG AttributeFlags
+    );
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+AlpcUnregisterCompletionList(
+    _In_ HANDLE PortHandle
+    );
+
+#if (NT_VERSION >= NT_WIN7)
+// rev
+NTSYSAPI
+NTSTATUS
+NTAPI
+AlpcRundownCompletionList(
+    _In_ HANDLE PortHandle
+    );
+#endif
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+AlpcAdjustCompletionListConcurrencyCount(
+    _In_ HANDLE PortHandle,
+    _In_ ULONG ConcurrencyCount
+    );
+
+NTSYSAPI
+BOOLEAN
+NTAPI
+AlpcRegisterCompletionListWorkerThread(
+    _Inout_ PVOID CompletionList
+    );
+
+NTSYSAPI
+BOOLEAN
+NTAPI
+AlpcUnregisterCompletionListWorkerThread(
+    _Inout_ PVOID CompletionList
+    );
+
+NTSYSAPI
+VOID
+NTAPI
+AlpcGetCompletionListLastMessageInformation(
+    _In_ PVOID CompletionList,
+    _Out_ PULONG LastMessageId,
+    _Out_ PULONG LastCallbackId
+    );
+
+NTSYSAPI
+ULONG
+NTAPI
+AlpcGetOutstandingCompletionListMessageCount(
+    _In_ PVOID CompletionList
+    );
+
+NTSYSAPI
+PPORT_MESSAGE
+NTAPI
+AlpcGetMessageFromCompletionList(
+    _In_ PVOID CompletionList,
+    _Out_opt_ PALPC_MESSAGE_ATTRIBUTES *MessageAttributes
+    );
+
+NTSYSAPI
+VOID
+NTAPI
+AlpcFreeCompletionListMessage(
+    _Inout_ PVOID CompletionList,
+    _In_ PPORT_MESSAGE Message
+    );
+
+NTSYSAPI
+PALPC_MESSAGE_ATTRIBUTES
+NTAPI
+AlpcGetCompletionListMessageAttributes(
+    _In_ PVOID CompletionList,
+    _In_ PPORT_MESSAGE Message
+    );
+#endif
+
+// end_private
+
+#endif