diff --git a/phnt/include/ntobapi.h b/phnt/include/ntobapi.h
index 31303cf43073..fe0dfb4eb32b 100644
--- a/phnt/include/ntobapi.h
+++ b/phnt/include/ntobapi.h
@@ -36,7 +36,9 @@
 
 #if (PHNT_MODE != PHNT_MODE_KERNEL)
 #define SYMBOLIC_LINK_QUERY 0x0001
+#define SYMBOLIC_LINK_SET 0x0002
 #define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
+#define SYMBOLIC_LINK_ALL_ACCESS_EX (STANDARD_RIGHTS_REQUIRED | 0xFFFF)
 #endif
 
 #ifndef OBJ_PROTECT_CLOSE
@@ -436,6 +438,7 @@ typedef enum _SYMBOLIC_LINK_INFO_CLASS
     MaxnSymbolicLinkInfoClass
 } SYMBOLIC_LINK_INFO_CLASS;
 
+#if (PHNT_VERSION >= PHNT_THRESHOLD)
 NTSYSCALLAPI
 NTSTATUS
 NTAPI
@@ -445,6 +448,7 @@ NtSetInformationSymbolicLink(
     _In_reads_bytes_(SymbolicLinkInformationLength) PVOID SymbolicLinkInformation,
     _In_ ULONG SymbolicLinkInformationLength
     );
+#endif
 
 #endif
 
diff --git a/phnt/include/ntpsapi.h b/phnt/include/ntpsapi.h
index 8e6218a2073e..6b5b0566c198 100644
--- a/phnt/include/ntpsapi.h
+++ b/phnt/include/ntpsapi.h
@@ -1198,14 +1198,25 @@ NtCreateProcess(
     _In_ BOOLEAN InheritObjectTable,
     _In_opt_ HANDLE SectionHandle,
     _In_opt_ HANDLE DebugPort,
-    _In_opt_ HANDLE ExceptionPort
+    _In_opt_ HANDLE TokenHandle
     );
 
-#define PROCESS_CREATE_FLAGS_BREAKAWAY 0x00000001
-#define PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT 0x00000002
-#define PROCESS_CREATE_FLAGS_INHERIT_HANDLES 0x00000004
-#define PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE 0x00000008
-#define PROCESS_CREATE_FLAGS_LARGE_PAGES 0x00000010
+// begin_rev
+#define PROCESS_CREATE_FLAGS_BREAKAWAY 0x00000001 // NtCreateProcessEx & NtCreateUserProcess
+#define PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT 0x00000002 // NtCreateProcessEx & NtCreateUserProcess
+#define PROCESS_CREATE_FLAGS_INHERIT_HANDLES 0x00000004 // NtCreateProcessEx & NtCreateUserProcess
+#define PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE 0x00000008 // NtCreateProcessEx only
+#define PROCESS_CREATE_FLAGS_LARGE_PAGES 0x00000010 // NtCreateProcessEx only, requires SeLockMemory
+#define PROCESS_CREATE_FLAGS_LARGE_PAGE_SYSTEM_DLL 0x00000020 // NtCreateProcessEx only, requires SeLockMemory
+#define PROCESS_CREATE_FLAGS_PROTECTED_PROCESS 0x00000040 // NtCreateUserProcess only
+#define PROCESS_CREATE_FLAGS_CREATE_SESSION 0x00000080 // NtCreateProcessEx & NtCreateUserProcess, requires SeLoadDriver
+#define PROCESS_CREATE_FLAGS_INHERIT_FROM_PARENT 0x00000100 // NtCreateProcessEx & NtCreateUserProcess
+#define PROCESS_CREATE_FLAGS_SUSPENDED 0x00000200 // NtCreateProcessEx & NtCreateUserProcess
+#define PROCESS_CREATE_FLAGS_FORCE_BREAKAWAY 0x00000400 // NtCreateProcessEx & NtCreateUserProcess, requires SeTcb
+#define PROCESS_CREATE_FLAGS_MINIMAL_PROCESS 0x00000800 // NtCreateProcessEx only
+#define PROCESS_CREATE_FLAGS_RELEASE_SECTION 0x00001000 // NtCreateProcessEx & NtCreateUserProcess
+#define PROCESS_CREATE_FLAGS_AUXILIARY_PROCESS 0x00008000 // NtCreateProcessEx & NtCreateUserProcess, requires SeTcb
+// end_rev
 
 NTSYSCALLAPI
 NTSTATUS
@@ -1215,10 +1226,10 @@ NtCreateProcessEx(
     _In_ ACCESS_MASK DesiredAccess,
     _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
     _In_ HANDLE ParentProcess,
-    _In_ ULONG Flags,
+    _In_ ULONG Flags, // PROCESS_CREATE_FLAGS_*
     _In_opt_ HANDLE SectionHandle,
     _In_opt_ HANDLE DebugPort,
-    _In_opt_ HANDLE ExceptionPort,
+    _In_opt_ HANDLE TokenHandle,
     _Reserved_ ULONG Reserved // JobMemberLevel
     );
 
@@ -1306,7 +1317,7 @@ NTSTATUS
 NTAPI
 NtGetNextThread(
     _In_ HANDLE ProcessHandle,
-    _In_ HANDLE ThreadHandle,
+    _In_opt_ HANDLE ThreadHandle,
     _In_ ACCESS_MASK DesiredAccess,
     _In_ ULONG HandleAttributes,
     _In_ ULONG Flags,
@@ -1991,21 +2002,6 @@ typedef struct _PS_CREATE_INFO
 
 // end_private
 
-// begin_rev
-#define PROCESS_CREATE_FLAGS_BREAKAWAY 0x00000001
-#define PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT 0x00000002
-#define PROCESS_CREATE_FLAGS_INHERIT_HANDLES 0x00000004
-#define PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE 0x00000008
-#define PROCESS_CREATE_FLAGS_LARGE_PAGES 0x00000010
-#define PROCESS_CREATE_FLAGS_LARGE_PAGE_SYSTEM_DLL 0x00000020
-// Extended PROCESS_CREATE_FLAGS_*
-#define PROCESS_CREATE_FLAGS_PROTECTED_PROCESS 0x00000040
-#define PROCESS_CREATE_FLAGS_CREATE_SESSION 0x00000080 // ?
-#define PROCESS_CREATE_FLAGS_INHERIT_FROM_PARENT 0x00000100
-#define PROCESS_CREATE_FLAGS_SUSPENDED 0x00000200
-#define PROCESS_CREATE_FLAGS_EXTENDED_UNKNOWN 0x00000400
-// end_rev
-
 #if (PHNT_VERSION >= PHNT_VISTA)
 NTSYSCALLAPI
 NTSTATUS
@@ -2026,13 +2022,13 @@ NtCreateUserProcess(
 #endif
 
 // begin_rev
-#define THREAD_CREATE_FLAGS_CREATE_SUSPENDED 0x00000001
-#define THREAD_CREATE_FLAGS_SKIP_THREAD_ATTACH 0x00000002 // ?
-#define THREAD_CREATE_FLAGS_HIDE_FROM_DEBUGGER 0x00000004
-#define THREAD_CREATE_FLAGS_HAS_SECURITY_DESCRIPTOR 0x00000010 // ?
-#define THREAD_CREATE_FLAGS_ACCESS_CHECK_IN_TARGET 0x00000020 // ?
-#define THREAD_CREATE_FLAGS_BYPASS_PROCESS_FREEZE 0x00000040 // ?
-#define THREAD_CREATE_FLAGS_INITIAL_THREAD 0x00000080
+#define THREAD_CREATE_FLAGS_CREATE_SUSPENDED 0x00000001 // NtCreateUserProcess & NtCreateThreadEx
+#define THREAD_CREATE_FLAGS_SKIP_THREAD_ATTACH 0x00000002 // NtCreateThreadEx only
+#define THREAD_CREATE_FLAGS_HIDE_FROM_DEBUGGER 0x00000004 // NtCreateThreadEx only
+#define THREAD_CREATE_FLAGS_LOADER_WORKER 0x00000010 // NtCreateThreadEx only
+#define THREAD_CREATE_FLAGS_SKIP_LOADER_INIT 0x00000020 // NtCreateThreadEx only
+#define THREAD_CREATE_FLAGS_BYPASS_PROCESS_FREEZE 0x00000040 // NtCreateThreadEx only
+#define THREAD_CREATE_FLAGS_INITIAL_THREAD 0x00000080 // ?
 // end_rev
 
 #if (PHNT_VERSION >= PHNT_VISTA)
diff --git a/phnt/include/ntrtl.h b/phnt/include/ntrtl.h
index 0a5f3d47422e..06a0900f45e1 100644
--- a/phnt/include/ntrtl.h
+++ b/phnt/include/ntrtl.h
@@ -4627,7 +4627,7 @@ NTSYSAPI
 LOGICAL
 NTAPI
 RtlSetCurrentTransaction(
-    _In_ HANDLE TransactionHandle
+    _In_opt_ HANDLE TransactionHandle
     );
 #endif
 
diff --git a/phnt/include/ntsam.h b/phnt/include/ntsam.h
index ce8a3aaa2c03..0fb72055d2c5 100644
--- a/phnt/include/ntsam.h
+++ b/phnt/include/ntsam.h
@@ -208,19 +208,19 @@ SamShutdownSamServer(
 
 typedef enum _DOMAIN_INFORMATION_CLASS
 {
-    DomainPasswordInformation = 1,
-    DomainGeneralInformation,
-    DomainLogoffInformation,
-    DomainOemInformation,
-    DomainNameInformation,
-    DomainReplicationInformation,
-    DomainServerRoleInformation,
-    DomainModifiedInformation,
-    DomainStateInformation,
-    DomainUasInformation,
-    DomainGeneralInformation2,
-    DomainLockoutInformation,
-    DomainModifiedInformation2
+    DomainPasswordInformation = 1, // q; s: DOMAIN_PASSWORD_INFORMATION
+    DomainGeneralInformation, // q: DOMAIN_GENERAL_INFORMATION
+    DomainLogoffInformation, // q; s: DOMAIN_LOGOFF_INFORMATION
+    DomainOemInformation, // q; s: DOMAIN_OEM_INFORMATION
+    DomainNameInformation, // q: DOMAIN_NAME_INFORMATION
+    DomainReplicationInformation, // q; s: DOMAIN_REPLICATION_INFORMATION
+    DomainServerRoleInformation, // q; s: DOMAIN_SERVER_ROLE_INFORMATION
+    DomainModifiedInformation, // q: DOMAIN_MODIFIED_INFORMATION
+    DomainStateInformation, // q; s: DOMAIN_STATE_INFORMATION
+    DomainUasInformation, // q; s: DOMAIN_UAS_INFORMATION
+    DomainGeneralInformation2, // q: DOMAIN_GENERAL_INFORMATION2
+    DomainLockoutInformation, // q; s: DOMAIN_LOCKOUT_INFORMATION
+    DomainModifiedInformation2 // q: DOMAIN_MODIFIED_INFORMATION2
 } DOMAIN_INFORMATION_CLASS;
 
 typedef enum _DOMAIN_SERVER_ENABLE_STATE
@@ -351,11 +351,11 @@ typedef struct _DOMAIN_LOCKOUT_INFORMATION
 
 typedef enum _DOMAIN_DISPLAY_INFORMATION
 {
-    DomainDisplayUser = 1,
-    DomainDisplayMachine,
-    DomainDisplayGroup,
-    DomainDisplayOemUser,
-    DomainDisplayOemGroup,
+    DomainDisplayUser = 1, // DOMAIN_DISPLAY_USER
+    DomainDisplayMachine, // DOMAIN_DISPLAY_MACHINE
+    DomainDisplayGroup, // DOMAIN_DISPLAY_GROUP
+    DomainDisplayOemUser, // DOMAIN_DISPLAY_OEM_USER
+    DomainDisplayOemGroup, // DOMAIN_DISPLAY_OEM_GROUP
     DomainDisplayServer
 } DOMAIN_DISPLAY_INFORMATION, *PDOMAIN_DISPLAY_INFORMATION;
 
@@ -563,10 +563,10 @@ typedef struct _GROUP_MEMBERSHIP
 
 typedef enum _GROUP_INFORMATION_CLASS
 {
-    GroupGeneralInformation = 1,
-    GroupNameInformation,
-    GroupAttributeInformation,
-    GroupAdminCommentInformation,
+    GroupGeneralInformation = 1, // q: GROUP_GENERAL_INFORMATION
+    GroupNameInformation, // q; s: GROUP_NAME_INFORMATION
+    GroupAttributeInformation, // q; s: GROUP_ATTRIBUTE_INFORMATION
+    GroupAdminCommentInformation, // q; s: GROUP_ADM_COMMENT_INFORMATION
     GroupReplicationInformation
 } GROUP_INFORMATION_CLASS;
 
@@ -718,9 +718,9 @@ SamSetMemberAttributesOfGroup(
 
 typedef enum _ALIAS_INFORMATION_CLASS
 {
-    AliasGeneralInformation = 1,
-    AliasNameInformation,
-    AliasAdminCommentInformation,
+    AliasGeneralInformation = 1, // q: ALIAS_GENERAL_INFORMATION
+    AliasNameInformation, // q; s: ALIAS_NAME_INFORMATION
+    AliasAdminCommentInformation, // q; s: ALIAS_ADM_COMMENT_INFORMATION
     AliasReplicationInformation,
     AliasExtendedInformation,
 } ALIAS_INFORMATION_CLASS;
@@ -1001,26 +1001,26 @@ typedef struct _SR_SECURITY_DESCRIPTOR
 
 typedef enum _USER_INFORMATION_CLASS
 {
-    UserGeneralInformation = 1, // USER_GENERAL_INFORMATION
-    UserPreferencesInformation, // USER_PREFERENCES_INFORMATION
-    UserLogonInformation, // USER_LOGON_INFORMATION
-    UserLogonHoursInformation, // USER_LOGON_HOURS_INFORMATION
-    UserAccountInformation, // USER_ACCOUNT_INFORMATION
-    UserNameInformation, // USER_NAME_INFORMATION
-    UserAccountNameInformation, // USER_ACCOUNT_NAME_INFORMATION
-    UserFullNameInformation, // USER_FULL_NAME_INFORMATION
-    UserPrimaryGroupInformation, // USER_PRIMARY_GROUP_INFORMATION
-    UserHomeInformation, // USER_HOME_INFORMATION // 10
-    UserScriptInformation, // USER_SCRIPT_INFORMATION
-    UserProfileInformation, // USER_PROFILE_INFORMATION
-    UserAdminCommentInformation, // USER_ADMIN_COMMENT_INFORMATION
-    UserWorkStationsInformation, // USER_WORKSTATIONS_INFORMATION
-    UserSetPasswordInformation, // USER_SET_PASSWORD_INFORMATION
-    UserControlInformation, // USER_CONTROL_INFORMATION
-    UserExpiresInformation, // USER_EXPIRES_INFORMATION
+    UserGeneralInformation = 1, // q: USER_GENERAL_INFORMATION
+    UserPreferencesInformation, // q; s: USER_PREFERENCES_INFORMATION
+    UserLogonInformation, // q: USER_LOGON_INFORMATION
+    UserLogonHoursInformation, // q; s: USER_LOGON_HOURS_INFORMATION
+    UserAccountInformation, // q: USER_ACCOUNT_INFORMATION
+    UserNameInformation, // q; s: USER_NAME_INFORMATION
+    UserAccountNameInformation, // q; s: USER_ACCOUNT_NAME_INFORMATION
+    UserFullNameInformation, // q; s: USER_FULL_NAME_INFORMATION
+    UserPrimaryGroupInformation, // q; s: USER_PRIMARY_GROUP_INFORMATION
+    UserHomeInformation, // q; s: USER_HOME_INFORMATION // 10
+    UserScriptInformation, // q; s: USER_SCRIPT_INFORMATION
+    UserProfileInformation, // q; s: USER_PROFILE_INFORMATION
+    UserAdminCommentInformation, // q; s: USER_ADMIN_COMMENT_INFORMATION
+    UserWorkStationsInformation, // q; s: USER_WORKSTATIONS_INFORMATION
+    UserSetPasswordInformation, // s: USER_SET_PASSWORD_INFORMATION
+    UserControlInformation, // q; s: USER_CONTROL_INFORMATION
+    UserExpiresInformation, // q; s: USER_EXPIRES_INFORMATION
     UserInternal1Information, // USER_INTERNAL1_INFORMATION
     UserInternal2Information, // USER_INTERNAL2_INFORMATION
-    UserParametersInformation, // USER_PARAMETERS_INFORMATION // 20
+    UserParametersInformation, // q; s: USER_PARAMETERS_INFORMATION // 20
     UserAllInformation, // USER_ALL_INFORMATION
     UserInternal3Information, // USER_INTERNAL3_INFORMATION
     UserInternal4Information, // USER_INTERNAL4_INFORMATION
@@ -1647,7 +1647,7 @@ SamQueryDisplayInformation(
     _In_ ULONG Index,
     _In_ ULONG EntryCount,
     _In_ ULONG PreferredMaximumLength,
-    _In_ PULONG TotalAvailable,
+    _Out_ PULONG TotalAvailable,
     _Out_ PULONG TotalReturned,
     _Out_ PULONG ReturnedEntryCount,
     _Outptr_ PVOID *SortedBuffer
diff --git a/phnt/include/ntseapi.h b/phnt/include/ntseapi.h
index 52aa16054949..bdad9c665b76 100644
--- a/phnt/include/ntseapi.h
+++ b/phnt/include/ntseapi.h
@@ -113,7 +113,7 @@ typedef enum _TOKEN_INFORMATION_CLASS
     TokenPrivateNameSpace, // q; s: ULONG
     TokenSingletonAttributes, // q: TOKEN_SECURITY_ATTRIBUTES_INFORMATION
     TokenBnoIsolation, // q: TOKEN_BNO_ISOLATION_INFORMATION
-    TokenChildProcessFlags, // q; s: ULONG
+    TokenChildProcessFlags, // s: ULONG
     TokenIsLessPrivilegedAppContainer, // q: ULONG
     TokenIsSandboxed, // q: ULONG
     TokenIsAppSilo, // TokenOriginatingProcessTrustLevel // q: TOKEN_PROCESS_TRUST_LEVEL
diff --git a/phnt/include/winsta.h b/phnt/include/winsta.h
index 6896498ce782..41837f05c085 100644
--- a/phnt/include/winsta.h
+++ b/phnt/include/winsta.h
@@ -630,13 +630,17 @@ typedef enum _SHADOWSTATECLASS
     State_Shadowed // The session is being shadowed by a different session. The current session is referred to as a shadow target.
 } SHADOWSTATECLASS;
 
+#define PROTOCOL_CONSOLE 0
+#define PROTOCOL_OTHERS 1
+#define PROTOCOL_RDP 2
+
 // Retrieves the current shadow state of a session.
 typedef struct _WINSTATIONSHADOW
 {
     SHADOWSTATECLASS ShadowState; // Specifies the current state of shadowing.
     SHADOWCLASS ShadowClass; // Specifies the type of shadowing.
     ULONG SessionId; // Specifies the session ID of the session.
-    ULONG ProtocolType; // Specifies the type of protocol on the session. Can be one of the following values.
+    ULONG ProtocolType; // Specifies the type of protocol on the session. Can be one of PROTOCOL_* values.
 } WINSTATIONSHADOW, *PWINSTATIONSHADOW;
 
 // Retrieves the client product ID and current product ID of the session.
@@ -836,7 +840,7 @@ WinStationFreeMemory(
 HANDLE
 WINAPI
 WinStationOpenServerW(
-    _In_ PWSTR ServerName
+    _In_opt_ PWSTR ServerName
     );
 
 // rev