[SOLVED] Why does this c++ syntax with WINAPI mean?

Why does this c++ syntax with WINAPI mean?

BOOL (WINAPI *ZTSQueryUserToken)(ULONG SessionId, PHANDLE phToken) = NULL;

To me it looks like a variable being created for a struct or something but I've never seen this type of syntax so can someone break it down for me?

Solution

WINAPI convention is usually used to call Win32 API functions.

WINAPI is simply __stdcall:

#define WINAPI __stdcall

The __stdcall calling convention has following characteristics in general:

Passing arguments from right to left, and placed on the stack.
Cleanup of Stack is performed by the called function (which is the main difference between __stdcalland __cdecl).
The function name is prefixed with an underscore character and suffixed with a '@' character and the number of bytes of stack space it expects (it will clean this amount of bytes, so they must be there on the stack).

So leaving behind __stdcall, use the "Spiral Rule" to get

            +----------------------+
            |   +----------------+ |
            |   |                | |
            |   ^                | |
BOOL (WINAPI* ZTSQueryUserToken  ) ( ULONG SessionId, PHANDLE phToken) 
 ^          ^                    | |
 |          +--------------------+ |
 +---------------------------------+

Thus, Identifier:

ZTSQueryUserToken is a
pointer to a (__stdcall) function having arguments of types ULONG and PHANDLE
returning BOOL

And the pointer is assigned to NULL in your case.