Add NT syscall wrappers, document coverage, and add console-logon utility

[thepanoc95]

Motivation

• Provide a set of direct NT Native API wrappers routed through the sandbox dispatcher so embedding consumers can call common NT syscalls via NTOS2NDHandleSyscall.
• Expose these wrappers via a header for downstream consumers and include them in the build.
• Add a small admin utility to toggle classic/console-style Windows logon by disabling/restoring authui.dll for online or offline Windows roots.
• Clean up project file clutter so the SDK-managed file includes are used for the WinUI shell.

Description

• Add ntos2nd/NTCall.c which implements NtCloseWrap, NtOpenProcessWrap, NtReadFileWrap, NtWriteFileWrap, and NtAllocateVirtualMemoryWrap using NTOS2NDHandleSyscall and handle/pointer translation.
• Add ntos2nd/NTCall.h declaring the new wrappers for consumers embedding ntos2nd.
• Update ntos2nd/CMakeLists.txt to install the new header by adding NTCall.h to the headers list.
• Update ntos2nd/README.md and top-level README.md to document the new NT wrapper coverage and to document the new utility scripts section.
• Add utils/Enable-ConsoleLogon.ps1, a PowerShell script that can disable or restore authui.dll in System32 and SysWOW64 for the current system or an offline Windows root.
• Simplify mswindows/shell/LibreNT.Shell.csproj by removing explicit <Compile> includes so the SDK auto-includes source files.

Testing

• No automated tests were added or executed as part of this change.

---

Codex Task

[gemini-code-assist]

Code Review

This pull request introduces NT Native API syscall wrappers in ntos2nd and a PowerShell utility for toggling console logon. The review identifies several critical issues in the syscall wrapper implementation, specifically regarding incorrect syscall constant usage, improper mapping of Win32 return codes to NTSTATUS, and type safety mismatches in the header file. Furthermore, the PowerShell script lacks the necessary permission handling to modify system-protected files, and the documentation for the new C wrappers is incorrectly placed within the Rust-specific section of the README.

[gemini-code-assist]

There are several critical issues with the syscall wrapper implementation here:

1. Syscall Number Mismatch: NTOS2NDHandleSyscall (defined in kernel.c) handles NTOS2ND_SYS_* constants, but this code passes SYSCALL_Nt* constants. These are handled by a different dispatcher in syscall.c. This will cause the wrappers to return STATUS_NOT_IMPLEMENTED.
2. Incorrect Return Value: For NtClose, result is a boolean (1 for success, 0 for failure) from CloseHandle. Returning this as an NTSTATUS is incorrect; success should return STATUS_SUCCESS (0).
3. Win32 vs NTSTATUS: NTOS2NDHandleSyscall returns Win32 error codes (e.g., 5 for Access Denied). The NT_SUCCESS macro incorrectly treats these positive values as success, as it only checks if the value is non-negative.

[gemini-code-assist]

Renaming authui.dll in system directories will fail due to Windows Resource Protection (WRP). These files are owned by TrustedInstaller. The script must take ownership and adjust permissions (e.g., using takeown.exe and icacls.exe) before it can successfully rename these files on a live system.

[gemini-code-assist]

The function prototypes use void* for structured NT types, which sacrifices type safety and creates a signature mismatch with the implementation in NTCall.c. Since the header already includes windows.h, it should use the proper types (e.g., POBJECT_ATTRIBUTES) or forward declarations.

[gemini-code-assist]

This section is misplaced. NTCall.c is a core kernel component written in C, but it is being documented here under the 'WinELF' features section, which describes the Rust-based ELF loader subproject.