Some shortcomings in windows kernel support related to function prototypes

[op2786]

Functions listed below does not have prototype (I guess there are others I'm not able to notice):

• towupper
• strchr
• _vsnprintf
• wcsstr
• strstr
• ExInterlockedInsertHeadList
• ExInterlockedRemoveHeadList
• RtlFreeAnsiString
• RtlUnicodeStringToAnsiString
• Functions those starts with BCrypt*, InitSecurityInterfaceW
• ExDeleteNPagedLookasideList
• ExDeletePagedLookasideList
• ExInitializeNPagedLookasideList
• ExInitializePagedLookasideList
• WskDeregister, WskReleaseProviderNPI, WskCaptureProviderNPI, WskRegister

There are also undocumented functions. Some of them are well known so I guess we can at least have prototype for them:

• PsGetProcessImageFileName
• ZwQueryInformationProcess
• ZwQueryInformationThread
• PsGetProcessSessionId
• ObReferenceObjectByName
• ZwOpenThread
• ExfUnblockPushLock
• PsReferenceProcessFilePointer
• PsGetProcessWow64Process
• PsIsProcessBeingDebugged
• RtlImageNtHeaderEx
• ZwQuerySection

Functions that does not have correct types:

• ExGetPreviousMode. Should return KPROCESSOR_MODE instead of char. (Even if KPROCESSOR_MODE is just a typedef for char)
• KeAcquireSpinLockRaiseToDpc. Should return KIRQL instead of uint64_t. Also it should take PKSPIN_LOCK as parameter, not void*.
• KeReleaseSpinLock. Should take PKSPIN_LOCK and KIRQL as parameter.
• KeAcquireSpinLockAtDpcLevel, KeReleaseSpinLockFromDpcLevel, ExAcquireSpinLockExclusive, ExAcquireSpinLockShared
• FltDeletePushLock, FltAcquirePushLockSharedEx, FltAcquirePushLockExclusiveEx
• KeGetCurrentIrql
• KeQueryPerformanceCounter

There are also some other variables that does not have correct type:

• PsProcessType
• PsInitialSystemProcess
• LpcPortObjectType
• PsThreadType

[xusheng6]

Related to https://github.com/Vector35/binaryninja-api/issues/4829