File content as of revision 2:5853bf44af9f:
/*
* ntapi.h
*
* Windows NT Native API
*
* Most structures in this file is obtained from Windows NT/2000 Native API
* Reference by Gary Nebbett, ISBN 1578701996.
*
* This file is part of the w32api package.
*
* Contributors:
* Created by Casper S. Hornstrup <chorns@users.sourceforge.net>
*
* THIS SOFTWARE IS NOT COPYRIGHTED
*
* This source code is offered for use in the public domain. You may
* use, modify or distribute it freely.
*
* This code is distributed in the hope that it will be useful but
* WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
* DISCLAIMED. This includes but is not limited to warranties of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*
*/
#ifndef __NTAPI_H
#define __NTAPI_H
#if __GNUC__ >= 3
#pragma GCC system_header
#endif
#ifdef __cplusplus
extern "C" {
#endif
#include <stdarg.h>
#include <winbase.h>
#include "ntddk.h"
#include "ntpoapi.h"
#pragma pack(push,4)
typedef struct _PEB *PPEB;
/* FIXME: Unknown definitions */
typedef PVOID POBJECT_TYPE_LIST;
typedef PVOID PEXECUTION_STATE;
typedef PVOID PLANGID;
#ifndef NtCurrentProcess
#define NtCurrentProcess() ((HANDLE)0xFFFFFFFF)
#endif /* NtCurrentProcess */
#ifndef NtCurrentThread
#define NtCurrentThread() ((HANDLE)0xFFFFFFFE)
#endif /* NtCurrentThread */
/* System information and control */
typedef enum _SYSTEM_INFORMATION_CLASS {
SystemInformationClassMin = 0,
SystemBasicInformation = 0,
SystemProcessorInformation = 1,
SystemPerformanceInformation = 2,
SystemTimeOfDayInformation = 3,
SystemPathInformation = 4,
SystemNotImplemented1 = 4,
SystemProcessInformation = 5,
SystemProcessesAndThreadsInformation = 5,
SystemCallCountInfoInformation = 6,
SystemCallCounts = 6,
SystemDeviceInformation = 7,
SystemConfigurationInformation = 7,
SystemProcessorPerformanceInformation = 8,
SystemProcessorTimes = 8,
SystemFlagsInformation = 9,
SystemGlobalFlag = 9,
SystemCallTimeInformation = 10,
SystemNotImplemented2 = 10,
SystemModuleInformation = 11,
SystemLocksInformation = 12,
SystemLockInformation = 12,
SystemStackTraceInformation = 13,
SystemNotImplemented3 = 13,
SystemPagedPoolInformation = 14,
SystemNotImplemented4 = 14,
SystemNonPagedPoolInformation = 15,
SystemNotImplemented5 = 15,
SystemHandleInformation = 16,
SystemObjectInformation = 17,
SystemPageFileInformation = 18,
SystemPagefileInformation = 18,
SystemVdmInstemulInformation = 19,
SystemInstructionEmulationCounts = 19,
SystemVdmBopInformation = 20,
SystemInvalidInfoClass1 = 20,
SystemFileCacheInformation = 21,
SystemCacheInformation = 21,
SystemPoolTagInformation = 22,
SystemInterruptInformation = 23,
SystemProcessorStatistics = 23,
SystemDpcBehaviourInformation = 24,
SystemDpcInformation = 24,
SystemFullMemoryInformation = 25,
SystemNotImplemented6 = 25,
SystemLoadImage = 26,
SystemUnloadImage = 27,
SystemTimeAdjustmentInformation = 28,
SystemTimeAdjustment = 28,
SystemSummaryMemoryInformation = 29,
SystemNotImplemented7 = 29,
SystemNextEventIdInformation = 30,
SystemNotImplemented8 = 30,
SystemEventIdsInformation = 31,
SystemNotImplemented9 = 31,
SystemCrashDumpInformation = 32,
SystemExceptionInformation = 33,
SystemCrashDumpStateInformation = 34,
SystemKernelDebuggerInformation = 35,
SystemContextSwitchInformation = 36,
SystemRegistryQuotaInformation = 37,
SystemLoadAndCallImage = 38,
SystemPrioritySeparation = 39,
SystemPlugPlayBusInformation = 40,
SystemNotImplemented10 = 40,
SystemDockInformation = 41,
SystemNotImplemented11 = 41,
/* SystemPowerInformation = 42, Conflicts with POWER_INFORMATION_LEVEL 1 */
SystemInvalidInfoClass2 = 42,
SystemProcessorSpeedInformation = 43,
SystemInvalidInfoClass3 = 43,
SystemCurrentTimeZoneInformation = 44,
SystemTimeZoneInformation = 44,
SystemLookasideInformation = 45,
SystemSetTimeSlipEvent = 46,
SystemCreateSession = 47,
SystemDeleteSession = 48,
SystemInvalidInfoClass4 = 49,
SystemRangeStartInformation = 50,
SystemVerifierInformation = 51,
SystemAddVerifier = 52,
SystemSessionProcessesInformation = 53,
SystemInformationClassMax
} SYSTEM_INFORMATION_CLASS;
typedef struct _SYSTEM_BASIC_INFORMATION {
ULONG Unknown;
ULONG MaximumIncrement;
ULONG PhysicalPageSize;
ULONG NumberOfPhysicalPages;
ULONG LowestPhysicalPage;
ULONG HighestPhysicalPage;
ULONG AllocationGranularity;
ULONG LowestUserAddress;
ULONG HighestUserAddress;
ULONG ActiveProcessors;
UCHAR NumberProcessors;
} SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;
typedef struct _SYSTEM_PROCESSOR_INFORMATION {
USHORT ProcessorArchitecture;
USHORT ProcessorLevel;
USHORT ProcessorRevision;
USHORT Unknown;
ULONG FeatureBits;
} SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION;
typedef struct _SYSTEM_PERFORMANCE_INFORMATION {
LARGE_INTEGER IdleTime;
LARGE_INTEGER ReadTransferCount;
LARGE_INTEGER WriteTransferCount;
LARGE_INTEGER OtherTransferCount;
ULONG ReadOperationCount;
ULONG WriteOperationCount;
ULONG OtherOperationCount;
ULONG AvailablePages;
ULONG TotalCommittedPages;
ULONG TotalCommitLimit;
ULONG PeakCommitment;
ULONG PageFaults;
ULONG WriteCopyFaults;
ULONG TransitionFaults;
ULONG CacheTransitionFaults;
ULONG DemandZeroFaults;
ULONG PagesRead;
ULONG PageReadIos;
ULONG CacheReads;
ULONG CacheIos;
ULONG PagefilePagesWritten;
ULONG PagefilePageWriteIos;
ULONG MappedFilePagesWritten;
ULONG MappedFilePageWriteIos;
ULONG PagedPoolUsage;
ULONG NonPagedPoolUsage;
ULONG PagedPoolAllocs;
ULONG PagedPoolFrees;
ULONG NonPagedPoolAllocs;
ULONG NonPagedPoolFrees;
ULONG TotalFreeSystemPtes;
ULONG SystemCodePage;
ULONG TotalSystemDriverPages;
ULONG TotalSystemCodePages;
ULONG SmallNonPagedLookasideListAllocateHits;
ULONG SmallPagedLookasideListAllocateHits;
ULONG Reserved3;
ULONG MmSystemCachePage;
ULONG PagedPoolPage;
ULONG SystemDriverPage;
ULONG FastReadNoWait;
ULONG FastReadWait;
ULONG FastReadResourceMiss;
ULONG FastReadNotPossible;
ULONG FastMdlReadNoWait;
ULONG FastMdlReadWait;
ULONG FastMdlReadResourceMiss;
ULONG FastMdlReadNotPossible;
ULONG MapDataNoWait;
ULONG MapDataWait;
ULONG MapDataNoWaitMiss;
ULONG MapDataWaitMiss;
ULONG PinMappedDataCount;
ULONG PinReadNoWait;
ULONG PinReadWait;
ULONG PinReadNoWaitMiss;
ULONG PinReadWaitMiss;
ULONG CopyReadNoWait;
ULONG CopyReadWait;
ULONG CopyReadNoWaitMiss;
ULONG CopyReadWaitMiss;
ULONG MdlReadNoWait;
ULONG MdlReadWait;
ULONG MdlReadNoWaitMiss;
ULONG MdlReadWaitMiss;
ULONG ReadAheadIos;
ULONG LazyWriteIos;
ULONG LazyWritePages;
ULONG DataFlushes;
ULONG DataPages;
ULONG ContextSwitches;
ULONG FirstLevelTbFills;
ULONG SecondLevelTbFills;
ULONG SystemCalls;
} SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION;
typedef struct _SYSTEM_TIME_OF_DAY_INFORMATION {
LARGE_INTEGER BootTime;
LARGE_INTEGER CurrentTime;
LARGE_INTEGER TimeZoneBias;
ULONG CurrentTimeZoneId;
} SYSTEM_TIME_OF_DAY_INFORMATION, *PSYSTEM_TIME_OF_DAY_INFORMATION;
typedef struct _VM_COUNTERS {
ULONG PeakVirtualSize;
ULONG VirtualSize;
ULONG PageFaultCount;
ULONG PeakWorkingSetSize;
ULONG WorkingSetSize;
ULONG QuotaPeakPagedPoolUsage;
ULONG QuotaPagedPoolUsage;
ULONG QuotaPeakNonPagedPoolUsage;
ULONG QuotaNonPagedPoolUsage;
ULONG PagefileUsage;
ULONG PeakPagefileUsage;
} VM_COUNTERS;
typedef enum _THREAD_STATE {
StateInitialized,
StateReady,
StateRunning,
StateStandby,
StateTerminated,
StateWait,
StateTransition,
StateUnknown
} THREAD_STATE;
typedef struct _SYSTEM_THREADS {
LARGE_INTEGER KernelTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER CreateTime;
ULONG WaitTime;
PVOID StartAddress;
CLIENT_ID ClientId;
KPRIORITY Priority;
KPRIORITY BasePriority;
ULONG ContextSwitchCount;
THREAD_STATE State;
KWAIT_REASON WaitReason;
} SYSTEM_THREADS, *PSYSTEM_THREADS;
typedef struct _SYSTEM_PROCESSES {
ULONG NextEntryDelta;
ULONG ThreadCount;
ULONG Reserved1[6];
LARGE_INTEGER CreateTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER KernelTime;
UNICODE_STRING ProcessName;
KPRIORITY BasePriority;
ULONG ProcessId;
ULONG InheritedFromProcessId;
ULONG HandleCount;
ULONG Reserved2[2];
VM_COUNTERS VmCounters;
IO_COUNTERS IoCounters;
SYSTEM_THREADS Threads[1];
} SYSTEM_PROCESSES, *PSYSTEM_PROCESSES;
typedef struct _SYSTEM_CALLS_INFORMATION {
ULONG Size;
ULONG NumberOfDescriptorTables;
ULONG NumberOfRoutinesInTable[1];
ULONG CallCounts[ANYSIZE_ARRAY];
} SYSTEM_CALLS_INFORMATION, *PSYSTEM_CALLS_INFORMATION;
typedef struct _SYSTEM_CONFIGURATION_INFORMATION {
ULONG DiskCount;
ULONG FloppyCount;
ULONG CdRomCount;
ULONG TapeCount;
ULONG SerialCount;
ULONG ParallelCount;
} SYSTEM_CONFIGURATION_INFORMATION, *PSYSTEM_CONFIGURATION_INFORMATION;
typedef struct _SYSTEM_PROCESSOR_TIMES {
LARGE_INTEGER IdleTime;
LARGE_INTEGER KernelTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER DpcTime;
LARGE_INTEGER InterruptTime;
ULONG InterruptCount;
} SYSTEM_PROCESSOR_TIMES, *PSYSTEM_PROCESSOR_TIMES;
/* SYSTEM_GLOBAL_FLAG.GlobalFlag constants */
#define FLG_STOP_ON_EXCEPTION 0x00000001
#define FLG_SHOW_LDR_SNAPS 0x00000002
#define FLG_DEBUG_INITIAL_COMMAND 0x00000004
#define FLG_STOP_ON_HUNG_GUI 0x00000008
#define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
#define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
#define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
#define FLG_HEAP_VALIDATE_ALL 0x00000080
#define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
#define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
#define FLG_POOL_ENABLE_TAGGING 0x00000400
#define FLG_HEAP_ENABLE_TAGGING 0x00000800
#define FLG_USER_STACK_TRACE_DB 0x00001000
#define FLG_KERNEL_STACK_TRACE_DB 0x00002000
#define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
#define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
#define FLG_IGNORE_DEBUG_PRIV 0x00010000
#define FLG_ENABLE_CSRDEBUG 0x00020000
#define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
#define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
#define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
#define FLG_HEAP_DISABLE_COALESCING 0x00200000
#define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000
#define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
#define FLG_ENABLE_DBGPRINT_BUFFERING 0x08000000
typedef struct _SYSTEM_GLOBAL_FLAG {
ULONG GlobalFlag;
} SYSTEM_GLOBAL_FLAG, *PSYSTEM_GLOBAL_FLAG;
typedef struct _SYSTEM_MODULE_INFORMATION_ENTRY {
ULONG Unknown1;
ULONG Unknown2;
PVOID Base;
ULONG Size;
ULONG Flags;
USHORT Index;
/* Length of module name not including the path, this
field contains valid value only for NTOSKRNL module */
USHORT NameLength;
USHORT LoadCount;
USHORT PathLength;
CHAR ImageName[256];
} SYSTEM_MODULE_INFORMATION_ENTRY, *PSYSTEM_MODULE_INFORMATION_ENTRY;
typedef struct _SYSTEM_MODULE_INFORMATION {
ULONG Count;
SYSTEM_MODULE_INFORMATION_ENTRY Module[1];
} SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;
typedef struct _SYSTEM_LOCK_INFORMATION {
PVOID Address;
USHORT Type;
USHORT Reserved1;
ULONG ExclusiveOwnerThreadId;
ULONG ActiveCount;
ULONG ContentionCount;
ULONG Reserved2[2];
ULONG NumberOfSharedWaiters;
ULONG NumberOfExclusiveWaiters;
} SYSTEM_LOCK_INFORMATION, *PSYSTEM_LOCK_INFORMATION;
/*SYSTEM_HANDLE_INFORMATION.Flags cosntants */
#define PROTECT_FROM_CLOSE 0x01
#define INHERIT 0x02
typedef struct _SYSTEM_HANDLE_INFORMATION {
ULONG ProcessId;
UCHAR ObjectTypeNumber;
UCHAR Flags;
USHORT Handle;
PVOID Object;
ACCESS_MASK GrantedAccess;
} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
typedef struct _SYSTEM_OBJECT_TYPE_INFORMATION {
ULONG NextEntryOffset;
ULONG ObjectCount;
ULONG HandleCount;
ULONG TypeNumber;
ULONG InvalidAttributes;
GENERIC_MAPPING GenericMapping;
ACCESS_MASK ValidAccessMask;
POOL_TYPE PoolType;
UCHAR Unknown;
UNICODE_STRING Name;
} SYSTEM_OBJECT_TYPE_INFORMATION, *PSYSTEM_OBJECT_TYPE_INFORMATION;
/* SYSTEM_OBJECT_INFORMATION.Flags constants */
#define FLG_SYSOBJINFO_SINGLE_HANDLE_ENTRY 0x40
#define FLG_SYSOBJINFO_DEFAULT_SECURITY_QUOTA 0x20
#define FLG_SYSOBJINFO_PERMANENT 0x10
#define FLG_SYSOBJINFO_EXCLUSIVE 0x08
#define FLG_SYSOBJINFO_CREATOR_INFO 0x04
#define FLG_SYSOBJINFO_KERNEL_MODE 0x02
typedef struct _SYSTEM_OBJECT_INFORMATION {
ULONG NextEntryOffset;
PVOID Object;
ULONG CreatorProcessId;
USHORT Unknown;
USHORT Flags;
ULONG PointerCount;
ULONG HandleCount;
ULONG PagedPoolUsage;
ULONG NonPagedPoolUsage;
ULONG ExclusiveProcessId;
PSECURITY_DESCRIPTOR SecurityDescriptor;
UNICODE_STRING Name;
} SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION;
typedef struct _SYSTEM_PAGEFILE_INFORMATION {
ULONG NextEntryOffset;
ULONG CurrentSize;
ULONG TotalUsed;
ULONG PeakUsed;
UNICODE_STRING FileName;
} SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION;
typedef struct _SYSTEM_INSTRUCTION_EMULATION_INFORMATION {
ULONG SegmentNotPresent;
ULONG TwoByteOpcode;
ULONG ESprefix;
ULONG CSprefix;
ULONG SSprefix;
ULONG DSprefix;
ULONG FSPrefix;
ULONG GSprefix;
ULONG OPER32prefix;
ULONG ADDR32prefix;
ULONG INSB;
ULONG INSW;
ULONG OUTSB;
ULONG OUTSW;
ULONG PUSHFD;
ULONG POPFD;
ULONG INTnn;
ULONG INTO;
ULONG IRETD;
ULONG INBimm;
ULONG INWimm;
ULONG OUTBimm;
ULONG OUTWimm;
ULONG INB;
ULONG INW;
ULONG OUTB;
ULONG OUTW;
ULONG LOCKprefix;
ULONG REPNEprefix;
ULONG REPprefix;
ULONG HLT;
ULONG CLI;
ULONG STI;
ULONG GenericInvalidOpcode;
} SYSTEM_INSTRUCTION_EMULATION_INFORMATION, *PSYSTEM_INSTRUCTION_EMULATION_INFORMATION;
typedef struct _SYSTEM_POOL_TAG_INFORMATION {
CHAR Tag[4];
ULONG PagedPoolAllocs;
ULONG PagedPoolFrees;
ULONG PagedPoolUsage;
ULONG NonPagedPoolAllocs;
ULONG NonPagedPoolFrees;
ULONG NonPagedPoolUsage;
} SYSTEM_POOL_TAG_INFORMATION, *PSYSTEM_POOL_TAG_INFORMATION;
typedef struct _SYSTEM_PROCESSOR_STATISTICS {
ULONG ContextSwitches;
ULONG DpcCount;
ULONG DpcRequestRate;
ULONG TimeIncrement;
ULONG DpcBypassCount;
ULONG ApcBypassCount;
} SYSTEM_PROCESSOR_STATISTICS, *PSYSTEM_PROCESSOR_STATISTICS;
typedef struct _SYSTEM_DPC_INFORMATION {
ULONG Reserved;
ULONG MaximumDpcQueueDepth;
ULONG MinimumDpcRate;
ULONG AdjustDpcThreshold;
ULONG IdealDpcRate;
} SYSTEM_DPC_INFORMATION, *PSYSTEM_DPC_INFORMATION;
typedef struct _SYSTEM_LOAD_IMAGE {
UNICODE_STRING ModuleName;
PVOID ModuleBase;
PVOID SectionPointer;
PVOID EntryPoint;
PVOID ExportDirectory;
} SYSTEM_LOAD_IMAGE, *PSYSTEM_LOAD_IMAGE;
typedef struct _SYSTEM_UNLOAD_IMAGE {
PVOID ModuleBase;
} SYSTEM_UNLOAD_IMAGE, *PSYSTEM_UNLOAD_IMAGE;
typedef struct _SYSTEM_QUERY_TIME_ADJUSTMENT {
ULONG TimeAdjustment;
ULONG MaximumIncrement;
BOOLEAN TimeSynchronization;
} SYSTEM_QUERY_TIME_ADJUSTMENT, *PSYSTEM_QUERY_TIME_ADJUSTMENT;
typedef struct _SYSTEM_SET_TIME_ADJUSTMENT {
ULONG TimeAdjustment;
BOOLEAN TimeSynchronization;
} SYSTEM_SET_TIME_ADJUSTMENT, *PSYSTEM_SET_TIME_ADJUSTMENT;
typedef struct _SYSTEM_CRASH_DUMP_INFORMATION {
HANDLE CrashDumpSectionHandle;
HANDLE Unknown;
} SYSTEM_CRASH_DUMP_INFORMATION, *PSYSTEM_CRASH_DUMP_INFORMATION;
typedef struct _SYSTEM_EXCEPTION_INFORMATION {
ULONG AlignmentFixupCount;
ULONG ExceptionDispatchCount;
ULONG FloatingEmulationCount;
ULONG Reserved;
} SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION;
typedef struct _SYSTEM_CRASH_DUMP_STATE_INFORMATION {
ULONG CrashDumpSectionExists;
ULONG Unknown;
} SYSTEM_CRASH_DUMP_STATE_INFORMATION, *PSYSTEM_CRASH_DUMP_STATE_INFORMATION;
typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION {
BOOLEAN DebuggerEnabled;
BOOLEAN DebuggerNotPresent;
} SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION;
typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION {
ULONG ContextSwitches;
ULONG ContextSwitchCounters[11];
} SYSTEM_CONTEXT_SWITCH_INFORMATION, *PSYSTEM_CONTEXT_SWITCH_INFORMATION;
typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION {
ULONG RegistryQuota;
ULONG RegistryQuotaInUse;
ULONG PagedPoolSize;
} SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION;
typedef struct _SYSTEM_LOAD_AND_CALL_IMAGE {
UNICODE_STRING ModuleName;
} SYSTEM_LOAD_AND_CALL_IMAGE, *PSYSTEM_LOAD_AND_CALL_IMAGE;
typedef struct _SYSTEM_PRIORITY_SEPARATION {
ULONG PrioritySeparation;
} SYSTEM_PRIORITY_SEPARATION, *PSYSTEM_PRIORITY_SEPARATION;
typedef struct _SYSTEM_TIME_ZONE_INFORMATION {
LONG Bias;
WCHAR StandardName[32];
LARGE_INTEGER StandardDate;
LONG StandardBias;
WCHAR DaylightName[32];
LARGE_INTEGER DaylightDate;
LONG DaylightBias;
} SYSTEM_TIME_ZONE_INFORMATION, *PSYSTEM_TIME_ZONE_INFORMATION;
typedef struct _SYSTEM_LOOKASIDE_INFORMATION {
USHORT Depth;
USHORT MaximumDepth;
ULONG TotalAllocates;
ULONG AllocateMisses;
ULONG TotalFrees;
ULONG FreeMisses;
POOL_TYPE Type;
ULONG Tag;
ULONG Size;
} SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION;
typedef struct _SYSTEM_SET_TIME_SLIP_EVENT {
HANDLE TimeSlipEvent;
} SYSTEM_SET_TIME_SLIP_EVENT, *PSYSTEM_SET_TIME_SLIP_EVENT;
typedef struct _SYSTEM_CREATE_SESSION {
ULONG SessionId;
} SYSTEM_CREATE_SESSION, *PSYSTEM_CREATE_SESSION;
typedef struct _SYSTEM_DELETE_SESSION {
ULONG SessionId;
} SYSTEM_DELETE_SESSION, *PSYSTEM_DELETE_SESSION;
typedef struct _SYSTEM_RANGE_START_INFORMATION {
PVOID SystemRangeStart;
} SYSTEM_RANGE_START_INFORMATION, *PSYSTEM_RANGE_START_INFORMATION;
typedef struct _SYSTEM_SESSION_PROCESSES_INFORMATION {
ULONG SessionId;
ULONG BufferSize;
PVOID Buffer;
} SYSTEM_SESSION_PROCESSES_INFORMATION, *PSYSTEM_SESSION_PROCESSES_INFORMATION;
typedef struct _SYSTEM_POOL_BLOCK {
BOOLEAN Allocated;
USHORT Unknown;
ULONG Size;
CHAR Tag[4];
} SYSTEM_POOL_BLOCK, *PSYSTEM_POOL_BLOCK;
typedef struct _SYSTEM_POOL_BLOCKS_INFORMATION {
ULONG PoolSize;
PVOID PoolBase;
USHORT Unknown;
ULONG NumberOfBlocks;
SYSTEM_POOL_BLOCK PoolBlocks[1];
} SYSTEM_POOL_BLOCKS_INFORMATION, *PSYSTEM_POOL_BLOCKS_INFORMATION;
typedef struct _SYSTEM_MEMORY_USAGE {
PVOID Name;
USHORT Valid;
USHORT Standby;
USHORT Modified;
USHORT PageTables;
} SYSTEM_MEMORY_USAGE, *PSYSTEM_MEMORY_USAGE;
typedef struct _SYSTEM_MEMORY_USAGE_INFORMATION {
ULONG Reserved;
PVOID EndOfData;
SYSTEM_MEMORY_USAGE MemoryUsage[1];
} SYSTEM_MEMORY_USAGE_INFORMATION, *PSYSTEM_MEMORY_USAGE_INFORMATION;
NTOSAPI
NTSTATUS
NTAPI
NtQuerySystemInformation(
/*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass,
/*IN OUT*/ PVOID SystemInformation,
/*IN*/ ULONG SystemInformationLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwQuerySystemInformation(
/*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass,
/*IN OUT*/ PVOID SystemInformation,
/*IN*/ ULONG SystemInformationLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTAPI
NTSTATUS
NtQueryFullAttributesFile(
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
/*OUT*/ PFILE_NETWORK_OPEN_INFORMATION FileInformation);
NTOSAPI
NTAPI
NTSTATUS
ZwQueryFullAttributesFile(
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
/*OUT*/ PFILE_NETWORK_OPEN_INFORMATION FileInformation);
NTOSAPI
NTSTATUS
NTAPI
NtSetSystemInformation(
/*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass,
/*IN OUT*/ PVOID SystemInformation,
/*IN*/ ULONG SystemInformationLength);
NTOSAPI
NTSTATUS
NTAPI
ZwSetSystemInformation(
/*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass,
/*IN OUT*/ PVOID SystemInformation,
/*IN*/ ULONG SystemInformationLength);
NTOSAPI
NTSTATUS
NTAPI
NtQuerySystemEnvironmentValue(
/*IN*/ PUNICODE_STRING Name,
/*OUT*/ PVOID Value,
/*IN*/ ULONG ValueLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwQuerySystemEnvironmentValue(
/*IN*/ PUNICODE_STRING Name,
/*OUT*/ PVOID Value,
/*IN*/ ULONG ValueLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
NtSetSystemEnvironmentValue(
/*IN*/ PUNICODE_STRING Name,
/*IN*/ PUNICODE_STRING Value);
NTOSAPI
NTSTATUS
NTAPI
ZwSetSystemEnvironmentValue(
/*IN*/ PUNICODE_STRING Name,
/*IN*/ PUNICODE_STRING Value);
typedef enum _SHUTDOWN_ACTION {
ShutdownNoReboot,
ShutdownReboot,
ShutdownPowerOff
} SHUTDOWN_ACTION;
NTOSAPI
NTSTATUS
NTAPI
NtShutdownSystem(
/*IN*/ SHUTDOWN_ACTION Action);
NTOSAPI
NTSTATUS
NTAPI
ZwShutdownSystem(
/*IN*/ SHUTDOWN_ACTION Action);
typedef enum _DEBUG_CONTROL_CODE {
DebugGetTraceInformation = 1,
DebugSetInternalBreakpoint,
DebugSetSpecialCall,
DebugClearSpecialCalls,
DebugQuerySpecialCalls,
DebugDbgBreakPoint,
DebugMaximum
} DEBUG_CONTROL_CODE;
NTOSAPI
NTSTATUS
NTAPI
NtSystemDebugControl(
/*IN*/ DEBUG_CONTROL_CODE ControlCode,
/*IN*/ PVOID InputBuffer /*OPTIONAL*/,
/*IN*/ ULONG InputBufferLength,
/*OUT*/ PVOID OutputBuffer /*OPTIONAL*/,
/*IN*/ ULONG OutputBufferLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwSystemDebugControl(
/*IN*/ DEBUG_CONTROL_CODE ControlCode,
/*IN*/ PVOID InputBuffer /*OPTIONAL*/,
/*IN*/ ULONG InputBufferLength,
/*OUT*/ PVOID OutputBuffer /*OPTIONAL*/,
/*IN*/ ULONG OutputBufferLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
/* Objects, Object directories, and symbolic links */
typedef enum _OBJECT_INFORMATION_CLASS {
ObjectBasicInformation,
ObjectNameInformation,
ObjectTypeInformation,
ObjectAllTypesInformation,
ObjectHandleInformation
} OBJECT_INFORMATION_CLASS;
NTOSAPI
NTSTATUS
NTAPI
NtQueryObject(
/*IN*/ HANDLE ObjectHandle,
/*IN*/ OBJECT_INFORMATION_CLASS ObjectInformationClass,
/*OUT*/ PVOID ObjectInformation,
/*IN*/ ULONG ObjectInformationLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwQueryObject(
/*IN*/ HANDLE ObjectHandle,
/*IN*/ OBJECT_INFORMATION_CLASS ObjectInformationClass,
/*OUT*/ PVOID ObjectInformation,
/*IN*/ ULONG ObjectInformationLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
NtSetInformationObject(
/*IN*/ HANDLE ObjectHandle,
/*IN*/ OBJECT_INFORMATION_CLASS ObjectInformationClass,
/*IN*/ PVOID ObjectInformation,
/*IN*/ ULONG ObjectInformationLength);
NTOSAPI
NTSTATUS
NTAPI
ZwSetInformationObject(
/*IN*/ HANDLE ObjectHandle,
/*IN*/ OBJECT_INFORMATION_CLASS ObjectInformationClass,
/*IN*/ PVOID ObjectInformation,
/*IN*/ ULONG ObjectInformationLength);
/* OBJECT_BASIC_INFORMATION.Attributes constants */
/* also in winbase.h */
#define HANDLE_FLAG_INHERIT 0x01
#define HANDLE_FLAG_PROTECT_FROM_CLOSE 0x02
/* end winbase.h */
#define PERMANENT 0x10
#define EXCLUSIVE 0x20
typedef struct _OBJECT_BASIC_INFORMATION {
ULONG Attributes;
ACCESS_MASK GrantedAccess;
ULONG HandleCount;
ULONG PointerCount;
ULONG PagedPoolUsage;
ULONG NonPagedPoolUsage;
ULONG Reserved[3];
ULONG NameInformationLength;
ULONG TypeInformationLength;
ULONG SecurityDescriptorLength;
LARGE_INTEGER CreateTime;
} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
#if 0
/* FIXME: Enable later */
typedef struct _OBJECT_TYPE_INFORMATION {
UNICODE_STRING Name;
ULONG ObjectCount;
ULONG HandleCount;
ULONG Reserved1[4];
ULONG PeakObjectCount;
ULONG PeakHandleCount;
ULONG Reserved2[4];
ULONG InvalidAttributes;
GENERIC_MAPPING GenericMapping;
ULONG ValidAccess;
UCHAR Unknown;
BOOLEAN MaintainHandleDatabase;
POOL_TYPE PoolType;
ULONG PagedPoolUsage;
ULONG NonPagedPoolUsage;
} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
typedef struct _OBJECT_ALL_TYPES_INFORMATION {
ULONG NumberOfTypes;
OBJECT_TYPE_INFORMATION TypeInformation;
} OBJECT_ALL_TYPES_INFORMATION, *POBJECT_ALL_TYPES_INFORMATION;
#endif
typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFORMATION {
BOOLEAN Inherit;
BOOLEAN ProtectFromClose;
} OBJECT_HANDLE_ATTRIBUTE_INFORMATION, *POBJECT_HANDLE_ATTRIBUTE_INFORMATION;
NTOSAPI
NTSTATUS
NTAPI
NtDuplicateObject(
/*IN*/ HANDLE SourceProcessHandle,
/*IN*/ HANDLE SourceHandle,
/*IN*/ HANDLE TargetProcessHandle,
/*OUT*/ PHANDLE TargetHandle /*OPTIONAL*/,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ ULONG Attributes,
/*IN*/ ULONG Options);
NTOSAPI
NTSTATUS
NTAPI
ZwDuplicateObject(
/*IN*/ HANDLE SourceProcessHandle,
/*IN*/ HANDLE SourceHandle,
/*IN*/ HANDLE TargetProcessHandle,
/*OUT*/ PHANDLE TargetHandle /*OPTIONAL*/,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ ULONG Attributes,
/*IN*/ ULONG Options);
NTOSAPI
NTSTATUS
NTAPI
NtQuerySecurityObject(
/*IN*/ HANDLE Handle,
/*IN*/ SECURITY_INFORMATION SecurityInformation,
/*OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
/*IN*/ ULONG SecurityDescriptorLength,
/*OUT*/ PULONG ReturnLength);
NTOSAPI
NTSTATUS
NTAPI
ZwQuerySecurityObject(
/*IN*/ HANDLE Handle,
/*IN*/ SECURITY_INFORMATION SecurityInformation,
/*OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
/*IN*/ ULONG SecurityDescriptorLength,
/*OUT*/ PULONG ReturnLength);
NTOSAPI
NTSTATUS
NTAPI
NtSetSecurityObject(
/*IN*/ HANDLE Handle,
/*IN*/ SECURITY_INFORMATION SecurityInformation,
/*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor);
NTOSAPI
NTSTATUS
NTAPI
ZwSetSecurityObject(
/*IN*/ HANDLE Handle,
/*IN*/ SECURITY_INFORMATION SecurityInformation,
/*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor);
NTOSAPI
NTSTATUS
NTAPI
NtOpenDirectoryObject(
/*OUT*/ PHANDLE DirectoryHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes);
NTOSAPI
NTSTATUS
NTAPI
ZwOpenDirectoryObject(
/*OUT*/ PHANDLE DirectoryHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes);
NTOSAPI
NTSTATUS
NTAPI
NtQueryDirectoryObject(
/*IN*/ HANDLE DirectoryHandle,
/*OUT*/ PVOID Buffer,
/*IN*/ ULONG BufferLength,
/*IN*/ BOOLEAN ReturnSingleEntry,
/*IN*/ BOOLEAN RestartScan,
/*IN OUT*/ PULONG Context,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwQueryDirectoryObject(
/*IN*/ HANDLE DirectoryHandle,
/*OUT*/ PVOID Buffer,
/*IN*/ ULONG BufferLength,
/*IN*/ BOOLEAN ReturnSingleEntry,
/*IN*/ BOOLEAN RestartScan,
/*IN OUT*/ PULONG Context,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
typedef struct _DIRECTORY_BASIC_INFORMATION {
UNICODE_STRING ObjectName;
UNICODE_STRING ObjectTypeName;
} DIRECTORY_BASIC_INFORMATION, *PDIRECTORY_BASIC_INFORMATION;
NTOSAPI
NTSTATUS
NTAPI
NtCreateSymbolicLinkObject(
/*OUT*/ PHANDLE SymbolicLinkHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
/*IN*/ PUNICODE_STRING TargetName);
NTOSAPI
NTSTATUS
NTAPI
ZwCreateSymbolicLinkObject(
/*OUT*/ PHANDLE SymbolicLinkHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
/*IN*/ PUNICODE_STRING TargetName);
/* Virtual memory */
typedef enum _MEMORY_INFORMATION_CLASS {
MemoryBasicInformation,
MemoryWorkingSetList,
MemorySectionName,
MemoryBasicVlmInformation
} MEMORY_INFORMATION_CLASS;
NTOSAPI
NTSTATUS
NTAPI
NtAllocateVirtualMemory(
/*IN*/ HANDLE ProcessHandle,
/*IN OUT*/ PVOID *BaseAddress,
/*IN*/ ULONG ZeroBits,
/*IN OUT*/ PULONG AllocationSize,
/*IN*/ ULONG AllocationType,
/*IN*/ ULONG Protect);
NTOSAPI
NTSTATUS
NTAPI
ZwAllocateVirtualMemory(
/*IN*/ HANDLE ProcessHandle,
/*IN OUT*/ PVOID *BaseAddress,
/*IN*/ ULONG ZeroBits,
/*IN OUT*/ PULONG AllocationSize,
/*IN*/ ULONG AllocationType,
/*IN*/ ULONG Protect);
NTOSAPI
NTSTATUS
NTAPI
NtFreeVirtualMemory(
/*IN*/ HANDLE ProcessHandle,
/*IN OUT*/ PVOID *BaseAddress,
/*IN OUT*/ PULONG FreeSize,
/*IN*/ ULONG FreeType);
NTOSAPI
NTSTATUS
NTAPI
ZwFreeVirtualMemory(
/*IN*/ HANDLE ProcessHandle,
/*IN OUT*/ PVOID *BaseAddress,
/*IN OUT*/ PULONG FreeSize,
/*IN*/ ULONG FreeType);
NTOSAPI
NTSTATUS
NTAPI
NtQueryVirtualMemory(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ PVOID BaseAddress,
/*IN*/ MEMORY_INFORMATION_CLASS MemoryInformationClass,
/*OUT*/ PVOID MemoryInformation,
/*IN*/ ULONG MemoryInformationLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwQueryVirtualMemory(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ PVOID BaseAddress,
/*IN*/ MEMORY_INFORMATION_CLASS MemoryInformationClass,
/*OUT*/ PVOID MemoryInformation,
/*IN*/ ULONG MemoryInformationLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
/* MEMORY_WORKING_SET_LIST.WorkingSetList constants */
#define WSLE_PAGE_READONLY 0x001
#define WSLE_PAGE_EXECUTE 0x002
#define WSLE_PAGE_READWRITE 0x004
#define WSLE_PAGE_EXECUTE_READ 0x003
#define WSLE_PAGE_WRITECOPY 0x005
#define WSLE_PAGE_EXECUTE_READWRITE 0x006
#define WSLE_PAGE_EXECUTE_WRITECOPY 0x007
#define WSLE_PAGE_SHARE_COUNT_MASK 0x0E0
#define WSLE_PAGE_SHAREABLE 0x100
typedef struct _MEMORY_WORKING_SET_LIST {
ULONG NumberOfPages;
ULONG WorkingSetList[1];
} MEMORY_WORKING_SET_LIST, *PMEMORY_WORKING_SET_LIST;
typedef struct _MEMORY_SECTION_NAME {
UNICODE_STRING SectionFileName;
} MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;
/* Zw[Lock|Unlock]VirtualMemory.LockType constants */
#define LOCK_VM_IN_WSL 0x01
#define LOCK_VM_IN_RAM 0x02
NTOSAPI
NTSTATUS
NTAPI
NtLockVirtualMemory(
/*IN*/ HANDLE ProcessHandle,
/*IN OUT*/ PVOID *BaseAddress,
/*IN OUT*/ PULONG LockSize,
/*IN*/ ULONG LockType);
NTOSAPI
NTSTATUS
NTAPI
ZwLockVirtualMemory(
/*IN*/ HANDLE ProcessHandle,
/*IN OUT*/ PVOID *BaseAddress,
/*IN OUT*/ PULONG LockSize,
/*IN*/ ULONG LockType);
NTOSAPI
NTSTATUS
NTAPI
NtUnlockVirtualMemory(
/*IN*/ HANDLE ProcessHandle,
/*IN OUT*/ PVOID *BaseAddress,
/*IN OUT*/ PULONG LockSize,
/*IN*/ ULONG LockType);
NTOSAPI
NTSTATUS
NTAPI
ZwUnlockVirtualMemory(
/*IN*/ HANDLE ProcessHandle,
/*IN OUT*/ PVOID *BaseAddress,
/*IN OUT*/ PULONG LockSize,
/*IN*/ ULONG LockType);
NTOSAPI
NTSTATUS
NTAPI
NtReadVirtualMemory(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ PVOID BaseAddress,
/*OUT*/ PVOID Buffer,
/*IN*/ ULONG BufferLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwReadVirtualMemory(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ PVOID BaseAddress,
/*OUT*/ PVOID Buffer,
/*IN*/ ULONG BufferLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
NtWriteVirtualMemory(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ PVOID BaseAddress,
/*IN*/ PVOID Buffer,
/*IN*/ ULONG BufferLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwWriteVirtualMemory(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ PVOID BaseAddress,
/*IN*/ PVOID Buffer,
/*IN*/ ULONG BufferLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
NtProtectVirtualMemory(
/*IN*/ HANDLE ProcessHandle,
/*IN OUT*/ PVOID *BaseAddress,
/*IN OUT*/ PULONG ProtectSize,
/*IN*/ ULONG NewProtect,
/*OUT*/ PULONG OldProtect);
NTOSAPI
NTSTATUS
NTAPI
ZwProtectVirtualMemory(
/*IN*/ HANDLE ProcessHandle,
/*IN OUT*/ PVOID *BaseAddress,
/*IN OUT*/ PULONG ProtectSize,
/*IN*/ ULONG NewProtect,
/*OUT*/ PULONG OldProtect);
NTOSAPI
NTSTATUS
NTAPI
NtFlushVirtualMemory(
/*IN*/ HANDLE ProcessHandle,
/*IN OUT*/ PVOID *BaseAddress,
/*IN OUT*/ PULONG FlushSize,
/*OUT*/ PIO_STATUS_BLOCK IoStatusBlock);
NTOSAPI
NTSTATUS
NTAPI
ZwFlushVirtualMemory(
/*IN*/ HANDLE ProcessHandle,
/*IN OUT*/ PVOID *BaseAddress,
/*IN OUT*/ PULONG FlushSize,
/*OUT*/ PIO_STATUS_BLOCK IoStatusBlock);
NTOSAPI
NTSTATUS
NTAPI
NtAllocateUserPhysicalPages(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ PULONG NumberOfPages,
/*OUT*/ PULONG PageFrameNumbers);
NTOSAPI
NTSTATUS
NTAPI
ZwAllocateUserPhysicalPages(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ PULONG NumberOfPages,
/*OUT*/ PULONG PageFrameNumbers);
NTOSAPI
NTSTATUS
NTAPI
NtFreeUserPhysicalPages(
/*IN*/ HANDLE ProcessHandle,
/*IN OUT*/ PULONG NumberOfPages,
/*IN*/ PULONG PageFrameNumbers);
NTOSAPI
NTSTATUS
NTAPI
ZwFreeUserPhysicalPages(
/*IN*/ HANDLE ProcessHandle,
/*IN OUT*/ PULONG NumberOfPages,
/*IN*/ PULONG PageFrameNumbers);
NTOSAPI
NTSTATUS
NTAPI
NtMapUserPhysicalPages(
/*IN*/ PVOID BaseAddress,
/*IN*/ PULONG NumberOfPages,
/*IN*/ PULONG PageFrameNumbers);
NTOSAPI
NTSTATUS
NTAPI
ZwMapUserPhysicalPages(
/*IN*/ PVOID BaseAddress,
/*IN*/ PULONG NumberOfPages,
/*IN*/ PULONG PageFrameNumbers);
NTOSAPI
NTSTATUS
NTAPI
NtMapUserPhysicalPagesScatter(
/*IN*/ PVOID *BaseAddresses,
/*IN*/ PULONG NumberOfPages,
/*IN*/ PULONG PageFrameNumbers);
NTOSAPI
NTSTATUS
NTAPI
ZwMapUserPhysicalPagesScatter(
/*IN*/ PVOID *BaseAddresses,
/*IN*/ PULONG NumberOfPages,
/*IN*/ PULONG PageFrameNumbers);
NTOSAPI
NTSTATUS
NTAPI
NtGetWriteWatch(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ ULONG Flags,
/*IN*/ PVOID BaseAddress,
/*IN*/ ULONG RegionSize,
/*OUT*/ PULONG Buffer,
/*IN OUT*/ PULONG BufferEntries,
/*OUT*/ PULONG Granularity);
NTOSAPI
NTSTATUS
NTAPI
ZwGetWriteWatch(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ ULONG Flags,
/*IN*/ PVOID BaseAddress,
/*IN*/ ULONG RegionSize,
/*OUT*/ PULONG Buffer,
/*IN OUT*/ PULONG BufferEntries,
/*OUT*/ PULONG Granularity);
NTOSAPI
NTSTATUS
NTAPI
NtResetWriteWatch(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ PVOID BaseAddress,
/*IN*/ ULONG RegionSize);
NTOSAPI
NTSTATUS
NTAPI
ZwResetWriteWatch(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ PVOID BaseAddress,
/*IN*/ ULONG RegionSize);
/* Sections */
typedef enum _SECTION_INFORMATION_CLASS {
SectionBasicInformation,
SectionImageInformation
} SECTION_INFORMATION_CLASS;
NTOSAPI
NTSTATUS
NTAPI
NtCreateSection(
/*OUT*/ PHANDLE SectionHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
/*IN*/ PLARGE_INTEGER SectionSize /*OPTIONAL*/,
/*IN*/ ULONG Protect,
/*IN*/ ULONG Attributes,
/*IN*/ HANDLE FileHandle);
NTOSAPI
NTSTATUS
NTAPI
ZwCreateSection(
/*OUT*/ PHANDLE SectionHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
/*IN*/ PLARGE_INTEGER SectionSize /*OPTIONAL*/,
/*IN*/ ULONG Protect,
/*IN*/ ULONG Attributes,
/*IN*/ HANDLE FileHandle);
NTOSAPI
NTSTATUS
NTAPI
NtQuerySection(
/*IN*/ HANDLE SectionHandle,
/*IN*/ SECTION_INFORMATION_CLASS SectionInformationClass,
/*OUT*/ PVOID SectionInformation,
/*IN*/ ULONG SectionInformationLength,
/*OUT*/ PULONG ResultLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwQuerySection(
/*IN*/ HANDLE SectionHandle,
/*IN*/ SECTION_INFORMATION_CLASS SectionInformationClass,
/*OUT*/ PVOID SectionInformation,
/*IN*/ ULONG SectionInformationLength,
/*OUT*/ PULONG ResultLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
NtExtendSection(
/*IN*/ HANDLE SectionHandle,
/*IN*/ PLARGE_INTEGER SectionSize);
NTOSAPI
NTSTATUS
NTAPI
ZwExtendSection(
/*IN*/ HANDLE SectionHandle,
/*IN*/ PLARGE_INTEGER SectionSize);
NTOSAPI
NTSTATUS
NTAPI
NtAreMappedFilesTheSame(
/*IN*/ PVOID Address1,
/*IN*/ PVOID Address2);
NTOSAPI
NTSTATUS
NTAPI
ZwAreMappedFilesTheSame(
/*IN*/ PVOID Address1,
/*IN*/ PVOID Address2);
/* Threads */
typedef struct _USER_STACK {
PVOID FixedStackBase;
PVOID FixedStackLimit;
PVOID ExpandableStackBase;
PVOID ExpandableStackLimit;
PVOID ExpandableStackBottom;
} USER_STACK, *PUSER_STACK;
NTOSAPI
NTSTATUS
NTAPI
NtCreateThread(
/*OUT*/ PHANDLE ThreadHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
/*IN*/ HANDLE ProcessHandle,
/*OUT*/ PCLIENT_ID ClientId,
/*IN*/ PCONTEXT ThreadContext,
/*IN*/ PUSER_STACK UserStack,
/*IN*/ BOOLEAN CreateSuspended);
NTOSAPI
NTSTATUS
NTAPI
ZwCreateThread(
/*OUT*/ PHANDLE ThreadHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
/*IN*/ HANDLE ProcessHandle,
/*OUT*/ PCLIENT_ID ClientId,
/*IN*/ PCONTEXT ThreadContext,
/*IN*/ PUSER_STACK UserStack,
/*IN*/ BOOLEAN CreateSuspended);
NTOSAPI
NTSTATUS
NTAPI
NtOpenThread(
/*OUT*/ PHANDLE ThreadHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
/*IN*/ PCLIENT_ID ClientId);
NTOSAPI
NTSTATUS
NTAPI
ZwOpenThread(
/*OUT*/ PHANDLE ThreadHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
/*IN*/ PCLIENT_ID ClientId);
NTOSAPI
NTSTATUS
NTAPI
NtTerminateThread(
/*IN*/ HANDLE ThreadHandle /*OPTIONAL*/,
/*IN*/ NTSTATUS ExitStatus);
NTOSAPI
NTSTATUS
NTAPI
ZwTerminateThread(
/*IN*/ HANDLE ThreadHandle /*OPTIONAL*/,
/*IN*/ NTSTATUS ExitStatus);
NTOSAPI
NTSTATUS
NTAPI
NtQueryInformationThread(
/*IN*/ HANDLE ThreadHandle,
/*IN*/ THREADINFOCLASS ThreadInformationClass,
/*OUT*/ PVOID ThreadInformation,
/*IN*/ ULONG ThreadInformationLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwQueryInformationThread(
/*IN*/ HANDLE ThreadHandle,
/*IN*/ THREADINFOCLASS ThreadInformationClass,
/*OUT*/ PVOID ThreadInformation,
/*IN*/ ULONG ThreadInformationLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
NtSetInformationThread(
/*IN*/ HANDLE ThreadHandle,
/*IN*/ THREADINFOCLASS ThreadInformationClass,
/*IN*/ PVOID ThreadInformation,
/*IN*/ ULONG ThreadInformationLength);
NTOSAPI
NTSTATUS
NTAPI
ZwSetInformationThread(
/*IN*/ HANDLE ThreadHandle,
/*IN*/ THREADINFOCLASS ThreadInformationClass,
/*IN*/ PVOID ThreadInformation,
/*IN*/ ULONG ThreadInformationLength);
typedef struct _THREAD_BASIC_INFORMATION {
NTSTATUS ExitStatus;
PNT_TIB TebBaseAddress;
CLIENT_ID ClientId;
KAFFINITY AffinityMask;
KPRIORITY Priority;
KPRIORITY BasePriority;
} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
typedef struct _KERNEL_USER_TIMES {
LARGE_INTEGER CreateTime;
LARGE_INTEGER ExitTime;
LARGE_INTEGER KernelTime;
LARGE_INTEGER UserTime;
} KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
NTOSAPI
NTSTATUS
NTAPI
NtSuspendThread(
/*IN*/ HANDLE ThreadHandle,
/*OUT*/ PULONG PreviousSuspendCount /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwSuspendThread(
/*IN*/ HANDLE ThreadHandle,
/*OUT*/ PULONG PreviousSuspendCount /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
NtResumeThread(
/*IN*/ HANDLE ThreadHandle,
/*OUT*/ PULONG PreviousSuspendCount /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwResumeThread(
/*IN*/ HANDLE ThreadHandle,
/*OUT*/ PULONG PreviousSuspendCount /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
NtGetContextThread(
/*IN*/ HANDLE ThreadHandle,
/*OUT*/ PCONTEXT Context);
NTOSAPI
NTSTATUS
NTAPI
ZwGetContextThread(
/*IN*/ HANDLE ThreadHandle,
/*OUT*/ PCONTEXT Context);
NTOSAPI
NTSTATUS
NTAPI
NtSetContextThread(
/*IN*/ HANDLE ThreadHandle,
/*IN*/ PCONTEXT Context);
NTOSAPI
NTSTATUS
NTAPI
ZwSetContextThread(
/*IN*/ HANDLE ThreadHandle,
/*IN*/ PCONTEXT Context);
NTOSAPI
NTSTATUS
NTAPI
NtQueueApcThread(
/*IN*/ HANDLE ThreadHandle,
/*IN*/ PKNORMAL_ROUTINE ApcRoutine,
/*IN*/ PVOID ApcContext /*OPTIONAL*/,
/*IN*/ PVOID Argument1 /*OPTIONAL*/,
/*IN*/ PVOID Argument2 /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwQueueApcThread(
/*IN*/ HANDLE ThreadHandle,
/*IN*/ PKNORMAL_ROUTINE ApcRoutine,
/*IN*/ PVOID ApcContext /*OPTIONAL*/,
/*IN*/ PVOID Argument1 /*OPTIONAL*/,
/*IN*/ PVOID Argument2 /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
NtTestAlert(
VOID);
NTOSAPI
NTSTATUS
NTAPI
ZwTestAlert(
VOID);
NTOSAPI
NTSTATUS
NTAPI
NtAlertThread(
/*IN*/ HANDLE ThreadHandle);
NTOSAPI
NTSTATUS
NTAPI
ZwAlertThread(
/*IN*/ HANDLE ThreadHandle);
NTOSAPI
NTSTATUS
NTAPI
NtAlertResumeThread(
/*IN*/ HANDLE ThreadHandle,
/*OUT*/ PULONG PreviousSuspendCount /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwAlertResumeThread(
/*IN*/ HANDLE ThreadHandle,
/*OUT*/ PULONG PreviousSuspendCount /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
NtRegisterThreadTerminatePort(
/*IN*/ HANDLE PortHandle);
NTOSAPI
NTSTATUS
NTAPI
ZwRegisterThreadTerminatePort(
/*IN*/ HANDLE PortHandle);
NTOSAPI
NTSTATUS
NTAPI
NtImpersonateThread(
/*IN*/ HANDLE ThreadHandle,
/*IN*/ HANDLE TargetThreadHandle,
/*IN*/ PSECURITY_QUALITY_OF_SERVICE SecurityQos);
NTOSAPI
NTSTATUS
NTAPI
ZwImpersonateThread(
/*IN*/ HANDLE ThreadHandle,
/*IN*/ HANDLE TargetThreadHandle,
/*IN*/ PSECURITY_QUALITY_OF_SERVICE SecurityQos);
NTOSAPI
NTSTATUS
NTAPI
NtImpersonateAnonymousToken(
/*IN*/ HANDLE ThreadHandle);
NTOSAPI
NTSTATUS
NTAPI
ZwImpersonateAnonymousToken(
/*IN*/ HANDLE ThreadHandle);
/* Processes */
NTOSAPI
NTSTATUS
NTAPI
NtCreateProcess(
/*OUT*/ PHANDLE ProcessHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
/*IN*/ HANDLE InheritFromProcessHandle,
/*IN*/ BOOLEAN InheritHandles,
/*IN*/ HANDLE SectionHandle /*OPTIONAL*/,
/*IN*/ HANDLE DebugPort /*OPTIONAL*/,
/*IN*/ HANDLE ExceptionPort /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwCreateProcess(
/*OUT*/ PHANDLE ProcessHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
/*IN*/ HANDLE InheritFromProcessHandle,
/*IN*/ BOOLEAN InheritHandles,
/*IN*/ HANDLE SectionHandle /*OPTIONAL*/,
/*IN*/ HANDLE DebugPort /*OPTIONAL*/,
/*IN*/ HANDLE ExceptionPort /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
NtTerminateProcess(
/*IN*/ HANDLE ProcessHandle /*OPTIONAL*/,
/*IN*/ NTSTATUS ExitStatus);
NTOSAPI
NTSTATUS
NTAPI
ZwTerminateProcess(
/*IN*/ HANDLE ProcessHandle /*OPTIONAL*/,
/*IN*/ NTSTATUS ExitStatus);
NTOSAPI
NTSTATUS
NTAPI
NtQueryInformationProcess(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ PROCESSINFOCLASS ProcessInformationClass,
/*OUT*/ PVOID ProcessInformation,
/*IN*/ ULONG ProcessInformationLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwQueryInformationProcess(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ PROCESSINFOCLASS ProcessInformationClass,
/*OUT*/ PVOID ProcessInformation,
/*IN*/ ULONG ProcessInformationLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
NtSetInformationProcess(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ PROCESSINFOCLASS ProcessInformationClass,
/*IN*/ PVOID ProcessInformation,
/*IN*/ ULONG ProcessInformationLength);
NTOSAPI
NTSTATUS
NTAPI
ZwSetInformationProcess(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ PROCESSINFOCLASS ProcessInformationClass,
/*IN*/ PVOID ProcessInformation,
/*IN*/ ULONG ProcessInformationLength);
typedef struct _PROCESS_BASIC_INFORMATION {
NTSTATUS ExitStatus;
PPEB PebBaseAddress;
KAFFINITY AffinityMask;
KPRIORITY BasePriority;
ULONG UniqueProcessId;
ULONG InheritedFromUniqueProcessId;
} PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
typedef struct _PROCESS_ACCESS_TOKEN {
HANDLE Token;
HANDLE Thread;
} PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
/* DefaultHardErrorMode constants */
/* also in winbase.h */
#define SEM_FAILCRITICALERRORS 0x0001
#define SEM_NOGPFAULTERRORBOX 0x0002
#define SEM_NOALIGNMENTFAULTEXCEPT 0x0004
#define SEM_NOOPENFILEERRORBOX 0x8000
/* end winbase.h */
typedef struct _POOLED_USAGE_AND_LIMITS {
ULONG PeakPagedPoolUsage;
ULONG PagedPoolUsage;
ULONG PagedPoolLimit;
ULONG PeakNonPagedPoolUsage;
ULONG NonPagedPoolUsage;
ULONG NonPagedPoolLimit;
ULONG PeakPagefileUsage;
ULONG PagefileUsage;
ULONG PagefileLimit;
} POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;
typedef struct _PROCESS_WS_WATCH_INFORMATION {
PVOID FaultingPc;
PVOID FaultingVa;
} PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION;
/* PROCESS_PRIORITY_CLASS.PriorityClass constants */
#define PC_IDLE 1
#define PC_NORMAL 2
#define PC_HIGH 3
#define PC_REALTIME 4
#define PC_BELOW_NORMAL 5
#define PC_ABOVE_NORMAL 6
typedef struct _PROCESS_PRIORITY_CLASS {
BOOLEAN Foreground;
UCHAR PriorityClass;
} PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
/* PROCESS_DEVICEMAP_INFORMATION.DriveType constants */
#define DRIVE_UNKNOWN 0
#define DRIVE_NO_ROOT_DIR 1
#define DRIVE_REMOVABLE 2
#define DRIVE_FIXED 3
#define DRIVE_REMOTE 4
#define DRIVE_CDROM 5
#define DRIVE_RAMDISK 6
typedef struct _PROCESS_DEVICEMAP_INFORMATION {
_ANONYMOUS_UNION union {
struct {
HANDLE DirectoryHandle;
} Set;
struct {
ULONG DriveMap;
UCHAR DriveType[32];
} Query;
} DUMMYUNIONNAME;
} PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION;
typedef struct _PROCESS_SESSION_INFORMATION {
ULONG SessionId;
} PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
typedef struct _RTL_USER_PROCESS_PARAMETERS {
ULONG AllocationSize;
ULONG Size;
ULONG Flags;
ULONG DebugFlags;
HANDLE hConsole;
ULONG ProcessGroup;
HANDLE hStdInput;
HANDLE hStdOutput;
HANDLE hStdError;
UNICODE_STRING CurrentDirectoryName;
HANDLE CurrentDirectoryHandle;
UNICODE_STRING DllPath;
UNICODE_STRING ImagePathName;
UNICODE_STRING CommandLine;
PWSTR Environment;
ULONG dwX;
ULONG dwY;
ULONG dwXSize;
ULONG dwYSize;
ULONG dwXCountChars;
ULONG dwYCountChars;
ULONG dwFillAttribute;
ULONG dwFlags;
ULONG wShowWindow;
UNICODE_STRING WindowTitle;
UNICODE_STRING DesktopInfo;
UNICODE_STRING ShellInfo;
UNICODE_STRING RuntimeInfo;
} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;
NTSTATUS
NTAPI
RtlCreateProcessParameters(
/*OUT*/ PRTL_USER_PROCESS_PARAMETERS *ProcessParameters,
/*IN*/ PUNICODE_STRING ImageFile,
/*IN*/ PUNICODE_STRING DllPath /*OPTIONAL*/,
/*IN*/ PUNICODE_STRING CurrentDirectory /*OPTIONAL*/,
/*IN*/ PUNICODE_STRING CommandLine /*OPTIONAL*/,
/*IN*/ PWSTR Environment /*OPTIONAL*/,
/*IN*/ PUNICODE_STRING WindowTitle /*OPTIONAL*/,
/*IN*/ PUNICODE_STRING DesktopInfo /*OPTIONAL*/,
/*IN*/ PUNICODE_STRING ShellInfo /*OPTIONAL*/,
/*IN*/ PUNICODE_STRING RuntimeInfo /*OPTIONAL*/);
NTSTATUS
NTAPI
RtlDestroyProcessParameters(
/*IN*/ PRTL_USER_PROCESS_PARAMETERS ProcessParameters);
typedef struct _DEBUG_BUFFER {
HANDLE SectionHandle;
PVOID SectionBase;
PVOID RemoteSectionBase;
ULONG SectionBaseDelta;
HANDLE EventPairHandle;
ULONG Unknown[2];
HANDLE RemoteThreadHandle;
ULONG InfoClassMask;
ULONG SizeOfInfo;
ULONG AllocatedSize;
ULONG SectionSize;
PVOID ModuleInformation;
PVOID BackTraceInformation;
PVOID HeapInformation;
PVOID LockInformation;
PVOID Reserved[8];
} DEBUG_BUFFER, *PDEBUG_BUFFER;
PDEBUG_BUFFER
NTAPI
RtlCreateQueryDebugBuffer(
/*IN*/ ULONG Size,
/*IN*/ BOOLEAN EventPair);
/* RtlQueryProcessDebugInformation.DebugInfoClassMask constants */
#define PDI_MODULES 0x01
#define PDI_BACKTRACE 0x02
#define PDI_HEAPS 0x04
#define PDI_HEAP_TAGS 0x08
#define PDI_HEAP_BLOCKS 0x10
#define PDI_LOCKS 0x20
NTSTATUS
NTAPI
RtlQueryProcessDebugInformation(
/*IN*/ ULONG ProcessId,
/*IN*/ ULONG DebugInfoClassMask,
/*IN OUT*/ PDEBUG_BUFFER DebugBuffer);
NTSTATUS
NTAPI
RtlDestroyQueryDebugBuffer(
/*IN*/ PDEBUG_BUFFER DebugBuffer);
/* DEBUG_MODULE_INFORMATION.Flags constants */
#define LDRP_STATIC_LINK 0x00000002
#define LDRP_IMAGE_DLL 0x00000004
#define LDRP_LOAD_IN_PROGRESS 0x00001000
#define LDRP_UNLOAD_IN_PROGRESS 0x00002000
#define LDRP_ENTRY_PROCESSED 0x00004000
#define LDRP_ENTRY_INSERTED 0x00008000
#define LDRP_CURRENT_LOAD 0x00010000
#define LDRP_FAILED_BUILTIN_LOAD 0x00020000
#define LDRP_DONT_CALL_FOR_THREADS 0x00040000
#define LDRP_PROCESS_ATTACH_CALLED 0x00080000
#define LDRP_DEBUG_SYMBOLS_LOADED 0x00100000
#define LDRP_IMAGE_NOT_AT_BASE 0x00200000
#define LDRP_WX86_IGNORE_MACHINETYPE 0x00400000
typedef struct _DEBUG_MODULE_INFORMATION {
ULONG Reserved[2];
ULONG Base;
ULONG Size;
ULONG Flags;
USHORT Index;
USHORT Unknown;
USHORT LoadCount;
USHORT ModuleNameOffset;
CHAR ImageName[256];
} DEBUG_MODULE_INFORMATION, *PDEBUG_MODULE_INFORMATION;
typedef struct _DEBUG_HEAP_INFORMATION {
ULONG Base;
ULONG Flags;
USHORT Granularity;
USHORT Unknown;
ULONG Allocated;
ULONG Committed;
ULONG TagCount;
ULONG BlockCount;
ULONG Reserved[7];
PVOID Tags;
PVOID Blocks;
} DEBUG_HEAP_INFORMATION, *PDEBUG_HEAP_INFORMATION;
typedef struct _DEBUG_LOCK_INFORMATION {
PVOID Address;
USHORT Type;
USHORT CreatorBackTraceIndex;
ULONG OwnerThreadId;
ULONG ActiveCount;
ULONG ContentionCount;
ULONG EntryCount;
ULONG RecursionCount;
ULONG NumberOfSharedWaiters;
ULONG NumberOfExclusiveWaiters;
} DEBUG_LOCK_INFORMATION, *PDEBUG_LOCK_INFORMATION;
/* Jobs */
NTOSAPI
NTSTATUS
NTAPI
NtCreateJobObject(
/*OUT*/ PHANDLE JobHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes);
NTOSAPI
NTSTATUS
NTAPI
ZwCreateJobObject(
/*OUT*/ PHANDLE JobHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes);
NTOSAPI
NTSTATUS
NTAPI
NtOpenJobObject(
/*OUT*/ PHANDLE JobHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes);
NTOSAPI
NTSTATUS
NTAPI
ZwOpenJobObject(
/*OUT*/ PHANDLE JobHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes);
NTOSAPI
NTSTATUS
NTAPI
NtTerminateJobObject(
/*IN*/ HANDLE JobHandle,
/*IN*/ NTSTATUS ExitStatus);
NTOSAPI
NTSTATUS
NTAPI
ZwTerminateJobObject(
/*IN*/ HANDLE JobHandle,
/*IN*/ NTSTATUS ExitStatus);
NTOSAPI
NTSTATUS
NTAPI
NtAssignProcessToJobObject(
/*IN*/ HANDLE JobHandle,
/*IN*/ HANDLE ProcessHandle);
NTOSAPI
NTSTATUS
NTAPI
ZwAssignProcessToJobObject(
/*IN*/ HANDLE JobHandle,
/*IN*/ HANDLE ProcessHandle);
NTOSAPI
NTSTATUS
NTAPI
NtQueryInformationJobObject(
/*IN*/ HANDLE JobHandle,
/*IN*/ JOBOBJECTINFOCLASS JobInformationClass,
/*OUT*/ PVOID JobInformation,
/*IN*/ ULONG JobInformationLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwQueryInformationJobObject(
/*IN*/ HANDLE JobHandle,
/*IN*/ JOBOBJECTINFOCLASS JobInformationClass,
/*OUT*/ PVOID JobInformation,
/*IN*/ ULONG JobInformationLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
NtSetInformationJobObject(
/*IN*/ HANDLE JobHandle,
/*IN*/ JOBOBJECTINFOCLASS JobInformationClass,
/*IN*/ PVOID JobInformation,
/*IN*/ ULONG JobInformationLength);
NTOSAPI
NTSTATUS
NTAPI
ZwSetInformationJobObject(
/*IN*/ HANDLE JobHandle,
/*IN*/ JOBOBJECTINFOCLASS JobInformationClass,
/*IN*/ PVOID JobInformation,
/*IN*/ ULONG JobInformationLength);
/* Tokens */
NTOSAPI
NTSTATUS
NTAPI
NtCreateToken(
/*OUT*/ PHANDLE TokenHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
/*IN*/ TOKEN_TYPE Type,
/*IN*/ PLUID AuthenticationId,
/*IN*/ PLARGE_INTEGER ExpirationTime,
/*IN*/ PTOKEN_USER User,
/*IN*/ PTOKEN_GROUPS Groups,
/*IN*/ PTOKEN_PRIVILEGES Privileges,
/*IN*/ PTOKEN_OWNER Owner,
/*IN*/ PTOKEN_PRIMARY_GROUP PrimaryGroup,
/*IN*/ PTOKEN_DEFAULT_DACL DefaultDacl,
/*IN*/ PTOKEN_SOURCE Source
);
NTOSAPI
NTSTATUS
NTAPI
ZwCreateToken(
/*OUT*/ PHANDLE TokenHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
/*IN*/ TOKEN_TYPE Type,
/*IN*/ PLUID AuthenticationId,
/*IN*/ PLARGE_INTEGER ExpirationTime,
/*IN*/ PTOKEN_USER User,
/*IN*/ PTOKEN_GROUPS Groups,
/*IN*/ PTOKEN_PRIVILEGES Privileges,
/*IN*/ PTOKEN_OWNER Owner,
/*IN*/ PTOKEN_PRIMARY_GROUP PrimaryGroup,
/*IN*/ PTOKEN_DEFAULT_DACL DefaultDacl,
/*IN*/ PTOKEN_SOURCE Source
);
NTOSAPI
NTSTATUS
NTAPI
NtOpenProcessToken(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*OUT*/ PHANDLE TokenHandle);
NTOSAPI
NTSTATUS
NTAPI
ZwOpenProcessToken(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*OUT*/ PHANDLE TokenHandle);
NTOSAPI
NTSTATUS
NTAPI
NtOpenThreadToken(
/*IN*/ HANDLE ThreadHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ BOOLEAN OpenAsSelf,
/*OUT*/ PHANDLE TokenHandle);
NTOSAPI
NTSTATUS
NTAPI
ZwOpenThreadToken(
/*IN*/ HANDLE ThreadHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ BOOLEAN OpenAsSelf,
/*OUT*/ PHANDLE TokenHandle);
NTOSAPI
NTSTATUS
NTAPI
NtDuplicateToken(
/*IN*/ HANDLE ExistingTokenHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
/*IN*/ BOOLEAN EffectiveOnly,
/*IN*/ TOKEN_TYPE TokenType,
/*OUT*/ PHANDLE NewTokenHandle);
NTOSAPI
NTSTATUS
NTAPI
ZwDuplicateToken(
/*IN*/ HANDLE ExistingTokenHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
/*IN*/ BOOLEAN EffectiveOnly,
/*IN*/ TOKEN_TYPE TokenType,
/*OUT*/ PHANDLE NewTokenHandle);
NTOSAPI
NTSTATUS
NTAPI
NtFilterToken(
/*IN*/ HANDLE ExistingTokenHandle,
/*IN*/ ULONG Flags,
/*IN*/ PTOKEN_GROUPS SidsToDisable,
/*IN*/ PTOKEN_PRIVILEGES PrivilegesToDelete,
/*IN*/ PTOKEN_GROUPS SidsToRestricted,
/*OUT*/ PHANDLE NewTokenHandle);
NTOSAPI
NTSTATUS
NTAPI
ZwFilterToken(
/*IN*/ HANDLE ExistingTokenHandle,
/*IN*/ ULONG Flags,
/*IN*/ PTOKEN_GROUPS SidsToDisable,
/*IN*/ PTOKEN_PRIVILEGES PrivilegesToDelete,
/*IN*/ PTOKEN_GROUPS SidsToRestricted,
/*OUT*/ PHANDLE NewTokenHandle);
NTOSAPI
NTSTATUS
NTAPI
NtAdjustPrivilegesToken(
/*IN*/ HANDLE TokenHandle,
/*IN*/ BOOLEAN DisableAllPrivileges,
/*IN*/ PTOKEN_PRIVILEGES NewState,
/*IN*/ ULONG BufferLength,
/*OUT*/ PTOKEN_PRIVILEGES PreviousState /*OPTIONAL*/,
/*OUT*/ PULONG ReturnLength);
NTOSAPI
NTSTATUS
NTAPI
ZwAdjustPrivilegesToken(
/*IN*/ HANDLE TokenHandle,
/*IN*/ BOOLEAN DisableAllPrivileges,
/*IN*/ PTOKEN_PRIVILEGES NewState,
/*IN*/ ULONG BufferLength,
/*OUT*/ PTOKEN_PRIVILEGES PreviousState /*OPTIONAL*/,
/*OUT*/ PULONG ReturnLength);
NTOSAPI
NTSTATUS
NTAPI
NtAdjustGroupsToken(
/*IN*/ HANDLE TokenHandle,
/*IN*/ BOOLEAN ResetToDefault,
/*IN*/ PTOKEN_GROUPS NewState,
/*IN*/ ULONG BufferLength,
/*OUT*/ PTOKEN_GROUPS PreviousState /*OPTIONAL*/,
/*OUT*/ PULONG ReturnLength);
NTOSAPI
NTSTATUS
NTAPI
ZwAdjustGroupsToken(
/*IN*/ HANDLE TokenHandle,
/*IN*/ BOOLEAN ResetToDefault,
/*IN*/ PTOKEN_GROUPS NewState,
/*IN*/ ULONG BufferLength,
/*OUT*/ PTOKEN_GROUPS PreviousState /*OPTIONAL*/,
/*OUT*/ PULONG ReturnLength);
NTOSAPI
NTSTATUS
NTAPI
NtQueryInformationToken(
/*IN*/ HANDLE TokenHandle,
/*IN*/ TOKEN_INFORMATION_CLASS TokenInformationClass,
/*OUT*/ PVOID TokenInformation,
/*IN*/ ULONG TokenInformationLength,
/*OUT*/ PULONG ReturnLength);
NTOSAPI
NTSTATUS
NTAPI
ZwQueryInformationToken(
/*IN*/ HANDLE TokenHandle,
/*IN*/ TOKEN_INFORMATION_CLASS TokenInformationClass,
/*OUT*/ PVOID TokenInformation,
/*IN*/ ULONG TokenInformationLength,
/*OUT*/ PULONG ReturnLength);
NTOSAPI
NTSTATUS
NTAPI
NtSetInformationToken(
/*IN*/ HANDLE TokenHandle,
/*IN*/ TOKEN_INFORMATION_CLASS TokenInformationClass,
/*IN*/ PVOID TokenInformation,
/*IN*/ ULONG TokenInformationLength);
NTOSAPI
NTSTATUS
NTAPI
ZwSetInformationToken(
/*IN*/ HANDLE TokenHandle,
/*IN*/ TOKEN_INFORMATION_CLASS TokenInformationClass,
/*IN*/ PVOID TokenInformation,
/*IN*/ ULONG TokenInformationLength);
/* Time */
NTOSAPI
NTSTATUS
NTAPI
NtQuerySystemTime(
/*OUT*/ PLARGE_INTEGER CurrentTime);
NTOSAPI
NTSTATUS
NTAPI
ZwQuerySystemTime(
/*OUT*/ PLARGE_INTEGER CurrentTime);
NTOSAPI
NTSTATUS
NTAPI
NtSetSystemTime(
/*IN*/ PLARGE_INTEGER NewTime,
/*OUT*/ PLARGE_INTEGER OldTime /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwSetSystemTime(
/*IN*/ PLARGE_INTEGER NewTime,
/*OUT*/ PLARGE_INTEGER OldTime /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
NtQueryPerformanceCounter(
/*OUT*/ PLARGE_INTEGER PerformanceCount,
/*OUT*/ PLARGE_INTEGER PerformanceFrequency /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwQueryPerformanceCounter(
/*OUT*/ PLARGE_INTEGER PerformanceCount,
/*OUT*/ PLARGE_INTEGER PerformanceFrequency /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
NtQueryTimerResolution(
/*OUT*/ PULONG CoarsestResolution,
/*OUT*/ PULONG FinestResolution,
/*OUT*/ PULONG ActualResolution);
NTOSAPI
NTSTATUS
NTAPI
ZwQueryTimerResolution(
/*OUT*/ PULONG CoarsestResolution,
/*OUT*/ PULONG FinestResolution,
/*OUT*/ PULONG ActualResolution);
NTOSAPI
NTSTATUS
NTAPI
NtDelayExecution(
/*IN*/ BOOLEAN Alertable,
/*IN*/ PLARGE_INTEGER Interval);
NTOSAPI
NTSTATUS
NTAPI
ZwDelayExecution(
/*IN*/ BOOLEAN Alertable,
/*IN*/ PLARGE_INTEGER Interval);
NTOSAPI
NTSTATUS
NTAPI
NtYieldExecution(
VOID);
NTOSAPI
NTSTATUS
NTAPI
ZwYieldExecution(
VOID);
NTOSAPI
ULONG
NTAPI
NtGetTickCount(
VOID);
NTOSAPI
ULONG
NTAPI
ZwGetTickCount(
VOID);
/* Execution profiling */
NTOSAPI
NTSTATUS
NTAPI
NtCreateProfile(
/*OUT*/ PHANDLE ProfileHandle,
/*IN*/ HANDLE ProcessHandle,
/*IN*/ PVOID Base,
/*IN*/ ULONG Size,
/*IN*/ ULONG BucketShift,
/*IN*/ PULONG Buffer,
/*IN*/ ULONG BufferLength,
/*IN*/ KPROFILE_SOURCE Source,
/*IN*/ ULONG ProcessorMask);
NTOSAPI
NTSTATUS
NTAPI
ZwCreateProfile(
/*OUT*/ PHANDLE ProfileHandle,
/*IN*/ HANDLE ProcessHandle,
/*IN*/ PVOID Base,
/*IN*/ ULONG Size,
/*IN*/ ULONG BucketShift,
/*IN*/ PULONG Buffer,
/*IN*/ ULONG BufferLength,
/*IN*/ KPROFILE_SOURCE Source,
/*IN*/ ULONG ProcessorMask);
NTOSAPI
NTSTATUS
NTAPI
NtSetIntervalProfile(
/*IN*/ ULONG Interval,
/*IN*/ KPROFILE_SOURCE Source);
NTOSAPI
NTSTATUS
NTAPI
ZwSetIntervalProfile(
/*IN*/ ULONG Interval,
/*IN*/ KPROFILE_SOURCE Source);
NTOSAPI
NTSTATUS
NTAPI
NtQueryIntervalProfile(
/*IN*/ KPROFILE_SOURCE Source,
/*OUT*/ PULONG Interval);
NTOSAPI
NTSTATUS
NTAPI
ZwQueryIntervalProfile(
/*IN*/ KPROFILE_SOURCE Source,
/*OUT*/ PULONG Interval);
NTOSAPI
NTSTATUS
NTAPI
NtStartProfile(
/*IN*/ HANDLE ProfileHandle);
NTOSAPI
NTSTATUS
NTAPI
ZwStartProfile(
/*IN*/ HANDLE ProfileHandle);
NTOSAPI
NTSTATUS
NTAPI
NtStopProfile(
/*IN*/ HANDLE ProfileHandle);
NTOSAPI
NTSTATUS
NTAPI
ZwStopProfile(
/*IN*/ HANDLE ProfileHandle);
/* Local Procedure Call (LPC) */
typedef struct _LPC_MESSAGE {
USHORT DataSize;
USHORT MessageSize;
USHORT MessageType;
USHORT VirtualRangesOffset;
CLIENT_ID ClientId;
ULONG MessageId;
ULONG SectionSize;
UCHAR Data[ANYSIZE_ARRAY];
} LPC_MESSAGE, *PLPC_MESSAGE;
#define LPC_MESSAGE_BASE_SIZE 24
typedef enum _LPC_TYPE {
LPC_NEW_MESSAGE,
LPC_REQUEST,
LPC_REPLY,
LPC_DATAGRAM,
LPC_LOST_REPLY,
LPC_PORT_CLOSED,
LPC_CLIENT_DIED,
LPC_EXCEPTION,
LPC_DEBUG_EVENT,
LPC_ERROR_EVENT,
LPC_CONNECTION_REQUEST,
LPC_CONNECTION_REFUSED,
LPC_MAXIMUM
} LPC_TYPE;
typedef struct _LPC_SECTION_WRITE {
ULONG Length;
HANDLE SectionHandle;
ULONG SectionOffset;
ULONG ViewSize;
PVOID ViewBase;
PVOID TargetViewBase;
} LPC_SECTION_WRITE, *PLPC_SECTION_WRITE;
typedef struct _LPC_SECTION_READ {
ULONG Length;
ULONG ViewSize;
PVOID ViewBase;
} LPC_SECTION_READ, *PLPC_SECTION_READ;
NTOSAPI
NTSTATUS
NTAPI
NtCreatePort(
/*OUT*/ PHANDLE PortHandle,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
/*IN*/ ULONG MaxDataSize,
/*IN*/ ULONG MaxMessageSize,
/*IN*/ ULONG Reserved);
NTOSAPI
NTSTATUS
NTAPI
ZwCreatePort(
/*OUT*/ PHANDLE PortHandle,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
/*IN*/ ULONG MaxDataSize,
/*IN*/ ULONG MaxMessageSize,
/*IN*/ ULONG Reserved);
NTOSAPI
NTSTATUS
NTAPI
NtCreateWaitablePort(
/*OUT*/ PHANDLE PortHandle,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
/*IN*/ ULONG MaxDataSize,
/*IN*/ ULONG MaxMessageSize,
/*IN*/ ULONG Reserved);
NTOSAPI
NTSTATUS
NTAPI
ZwCreateWaitablePort(
/*OUT*/ PHANDLE PortHandle,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
/*IN*/ ULONG MaxDataSize,
/*IN*/ ULONG MaxMessageSize,
/*IN*/ ULONG Reserved);
NTOSAPI
NTSTATUS
NTAPI
NtConnectPort(
/*OUT*/ PHANDLE PortHandle,
/*IN*/ PUNICODE_STRING PortName,
/*IN*/ PSECURITY_QUALITY_OF_SERVICE SecurityQos,
/*IN OUT*/ PLPC_SECTION_WRITE WriteSection /*OPTIONAL*/,
/*IN OUT*/ PLPC_SECTION_READ ReadSection /*OPTIONAL*/,
/*OUT*/ PULONG MaxMessageSize /*OPTIONAL*/,
/*IN OUT*/ PVOID ConnectData /*OPTIONAL*/,
/*IN OUT*/ PULONG ConnectDataLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwConnectPort(
/*OUT*/ PHANDLE PortHandle,
/*IN*/ PUNICODE_STRING PortName,
/*IN*/ PSECURITY_QUALITY_OF_SERVICE SecurityQos,
/*IN OUT*/ PLPC_SECTION_WRITE WriteSection /*OPTIONAL*/,
/*IN OUT*/ PLPC_SECTION_READ ReadSection /*OPTIONAL*/,
/*OUT*/ PULONG MaxMessageSize /*OPTIONAL*/,
/*IN OUT*/ PVOID ConnectData /*OPTIONAL*/,
/*IN OUT*/ PULONG ConnectDataLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
NtListenPort(
/*IN*/ HANDLE PortHandle,
/*OUT*/ PLPC_MESSAGE Message);
NTOSAPI
NTSTATUS
NTAPI
ZwListenPort(
/*IN*/ HANDLE PortHandle,
/*OUT*/ PLPC_MESSAGE Message);
NTOSAPI
NTSTATUS
NTAPI
NtAcceptConnectPort(
/*OUT*/ PHANDLE PortHandle,
/*IN*/ ULONG PortIdentifier,
/*IN*/ PLPC_MESSAGE Message,
/*IN*/ BOOLEAN Accept,
/*IN OUT*/ PLPC_SECTION_WRITE WriteSection /*OPTIONAL*/,
/*IN OUT*/ PLPC_SECTION_READ ReadSection /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwAcceptConnectPort(
/*OUT*/ PHANDLE PortHandle,
/*IN*/ ULONG PortIdentifier,
/*IN*/ PLPC_MESSAGE Message,
/*IN*/ BOOLEAN Accept,
/*IN OUT*/ PLPC_SECTION_WRITE WriteSection /*OPTIONAL*/,
/*IN OUT*/ PLPC_SECTION_READ ReadSection /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
NtCompleteConnectPort(
/*IN*/ HANDLE PortHandle);
NTOSAPI
NTSTATUS
NTAPI
ZwCompleteConnectPort(
/*IN*/ HANDLE PortHandle);
NTOSAPI
NTSTATUS
NTAPI
NtRequestPort(
/*IN*/ HANDLE PortHandle,
/*IN*/ PLPC_MESSAGE RequestMessage);
NTOSAPI
NTSTATUS
NTAPI
ZwRequestPort(
/*IN*/ HANDLE PortHandle,
/*IN*/ PLPC_MESSAGE RequestMessage);
NTOSAPI
NTSTATUS
NTAPI
NtRequestWaitReplyPort(
/*IN*/ HANDLE PortHandle,
/*IN*/ PLPC_MESSAGE RequestMessage,
/*OUT*/ PLPC_MESSAGE ReplyMessage);
NTOSAPI
NTSTATUS
NTAPI
ZwRequestWaitReplyPort(
/*IN*/ HANDLE PortHandle,
/*IN*/ PLPC_MESSAGE RequestMessage,
/*OUT*/ PLPC_MESSAGE ReplyMessage);
NTOSAPI
NTSTATUS
NTAPI
NtReplyPort(
/*IN*/ HANDLE PortHandle,
/*IN*/ PLPC_MESSAGE ReplyMessage);
NTOSAPI
NTSTATUS
NTAPI
ZwReplyPort(
/*IN*/ HANDLE PortHandle,
/*IN*/ PLPC_MESSAGE ReplyMessage);
NTOSAPI
NTSTATUS
NTAPI
NtReplyWaitReplyPort(
/*IN*/ HANDLE PortHandle,
/*IN OUT*/ PLPC_MESSAGE ReplyMessage);
NTOSAPI
NTSTATUS
NTAPI
ZwReplyWaitReplyPort(
/*IN*/ HANDLE PortHandle,
/*IN OUT*/ PLPC_MESSAGE ReplyMessage);
NTOSAPI
NTSTATUS
NTAPI
NtReplyWaitReceivePort(
/*IN*/ HANDLE PortHandle,
/*OUT*/ PULONG PortIdentifier /*OPTIONAL*/,
/*IN*/ PLPC_MESSAGE ReplyMessage /*OPTIONAL*/,
/*OUT*/ PLPC_MESSAGE Message);
NTOSAPI
NTSTATUS
NTAPI
ZwReplyWaitReceivePort(
/*IN*/ HANDLE PortHandle,
/*OUT*/ PULONG PortIdentifier /*OPTIONAL*/,
/*IN*/ PLPC_MESSAGE ReplyMessage /*OPTIONAL*/,
/*OUT*/ PLPC_MESSAGE Message);
NTOSAPI
NTSTATUS
NTAPI
NtReplyWaitReceivePortEx(
/*IN*/ HANDLE PortHandle,
/*OUT*/ PULONG PortIdentifier /*OPTIONAL*/,
/*IN*/ PLPC_MESSAGE ReplyMessage /*OPTIONAL*/,
/*OUT*/ PLPC_MESSAGE Message,
/*IN*/ PLARGE_INTEGER Timeout);
NTOSAPI
NTSTATUS
NTAPI
ZwReplyWaitReceivePortEx(
/*IN*/ HANDLE PortHandle,
/*OUT*/ PULONG PortIdentifier /*OPTIONAL*/,
/*IN*/ PLPC_MESSAGE ReplyMessage /*OPTIONAL*/,
/*OUT*/ PLPC_MESSAGE Message,
/*IN*/ PLARGE_INTEGER Timeout);
NTOSAPI
NTSTATUS
NTAPI
NtReadRequestData(
/*IN*/ HANDLE PortHandle,
/*IN*/ PLPC_MESSAGE Message,
/*IN*/ ULONG Index,
/*OUT*/ PVOID Buffer,
/*IN*/ ULONG BufferLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwReadRequestData(
/*IN*/ HANDLE PortHandle,
/*IN*/ PLPC_MESSAGE Message,
/*IN*/ ULONG Index,
/*OUT*/ PVOID Buffer,
/*IN*/ ULONG BufferLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
NtWriteRequestData(
/*IN*/ HANDLE PortHandle,
/*IN*/ PLPC_MESSAGE Message,
/*IN*/ ULONG Index,
/*IN*/ PVOID Buffer,
/*IN*/ ULONG BufferLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwWriteRequestData(
/*IN*/ HANDLE PortHandle,
/*IN*/ PLPC_MESSAGE Message,
/*IN*/ ULONG Index,
/*IN*/ PVOID Buffer,
/*IN*/ ULONG BufferLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
typedef enum _PORT_INFORMATION_CLASS {
PortBasicInformation
} PORT_INFORMATION_CLASS;
NTOSAPI
NTSTATUS
NTAPI
NtQueryInformationPort(
/*IN*/ HANDLE PortHandle,
/*IN*/ PORT_INFORMATION_CLASS PortInformationClass,
/*OUT*/ PVOID PortInformation,
/*IN*/ ULONG PortInformationLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwQueryInformationPort(
/*IN*/ HANDLE PortHandle,
/*IN*/ PORT_INFORMATION_CLASS PortInformationClass,
/*OUT*/ PVOID PortInformation,
/*IN*/ ULONG PortInformationLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
NtImpersonateClientOfPort(
/*IN*/ HANDLE PortHandle,
/*IN*/ PLPC_MESSAGE Message);
NTOSAPI
NTSTATUS
NTAPI
ZwImpersonateClientOfPort(
/*IN*/ HANDLE PortHandle,
/*IN*/ PLPC_MESSAGE Message);
/* Files */
NTOSAPI
NTSTATUS
NTAPI
NtDeleteFile(
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes);
NTOSAPI
NTSTATUS
NTAPI
ZwDeleteFile(
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes);
NTOSAPI
NTSTATUS
NTAPI
NtFlushBuffersFile(
/*IN*/ HANDLE FileHandle,
/*OUT*/ PIO_STATUS_BLOCK IoStatusBlock);
NTOSAPI
NTSTATUS
NTAPI
ZwFlushBuffersFile(
/*IN*/ HANDLE FileHandle,
/*OUT*/ PIO_STATUS_BLOCK IoStatusBlock);
NTOSAPI
NTSTATUS
NTAPI
NtCancelIoFile(
/*IN*/ HANDLE FileHandle,
/*OUT*/ PIO_STATUS_BLOCK IoStatusBlock);
NTOSAPI
NTSTATUS
NTAPI
ZwCancelIoFile(
/*IN*/ HANDLE FileHandle,
/*OUT*/ PIO_STATUS_BLOCK IoStatusBlock);
NTOSAPI
NTSTATUS
NTAPI
NtReadFileScatter(
/*IN*/ HANDLE FileHandle,
/*IN*/ HANDLE Event /*OPTIONAL*/,
/*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/,
/*IN*/ PVOID ApcContext /*OPTIONAL*/,
/*OUT*/ PIO_STATUS_BLOCK IoStatusBlock,
/*IN*/ PFILE_SEGMENT_ELEMENT Buffer,
/*IN*/ ULONG Length,
/*IN*/ PLARGE_INTEGER ByteOffset /*OPTIONAL*/,
/*IN*/ PULONG Key /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwReadFileScatter(
/*IN*/ HANDLE FileHandle,
/*IN*/ HANDLE Event /*OPTIONAL*/,
/*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/,
/*IN*/ PVOID ApcContext /*OPTIONAL*/,
/*OUT*/ PIO_STATUS_BLOCK IoStatusBlock,
/*IN*/ PFILE_SEGMENT_ELEMENT Buffer,
/*IN*/ ULONG Length,
/*IN*/ PLARGE_INTEGER ByteOffset /*OPTIONAL*/,
/*IN*/ PULONG Key /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
NtWriteFileGather(
/*IN*/ HANDLE FileHandle,
/*IN*/ HANDLE Event /*OPTIONAL*/,
/*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/,
/*IN*/ PVOID ApcContext /*OPTIONAL*/,
/*OUT*/ PIO_STATUS_BLOCK IoStatusBlock,
/*IN*/ PFILE_SEGMENT_ELEMENT Buffer,
/*IN*/ ULONG Length,
/*IN*/ PLARGE_INTEGER ByteOffset /*OPTIONAL*/,
/*IN*/ PULONG Key /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwWriteFileGather(
/*IN*/ HANDLE FileHandle,
/*IN*/ HANDLE Event /*OPTIONAL*/,
/*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/,
/*IN*/ PVOID ApcContext /*OPTIONAL*/,
/*OUT*/ PIO_STATUS_BLOCK IoStatusBlock,
/*IN*/ PFILE_SEGMENT_ELEMENT Buffer,
/*IN*/ ULONG Length,
/*IN*/ PLARGE_INTEGER ByteOffset /*OPTIONAL*/,
/*IN*/ PULONG Key /*OPTIONAL*/);
/* Registry keys */
NTOSAPI
NTSTATUS
NTAPI
NtSaveKey(
/*IN*/ HANDLE KeyHandle,
/*IN*/ HANDLE FileHandle);
NTOSAPI
NTSTATUS
NTAPI
ZwSaveKey(
/*IN*/ HANDLE KeyHandle,
/*IN*/ HANDLE FileHandle);
NTOSAPI
NTSTATUS
NTAPI
NtSaveMergedKeys(
/*IN*/ HANDLE KeyHandle1,
/*IN*/ HANDLE KeyHandle2,
/*IN*/ HANDLE FileHandle);
NTOSAPI
NTSTATUS
NTAPI
ZwSaveMergedKeys(
/*IN*/ HANDLE KeyHandle1,
/*IN*/ HANDLE KeyHandle2,
/*IN*/ HANDLE FileHandle);
NTOSAPI
NTSTATUS
NTAPI
NtRestoreKey(
/*IN*/ HANDLE KeyHandle,
/*IN*/ HANDLE FileHandle,
/*IN*/ ULONG Flags);
NTOSAPI
NTSTATUS
NTAPI
ZwRestoreKey(
/*IN*/ HANDLE KeyHandle,
/*IN*/ HANDLE FileHandle,
/*IN*/ ULONG Flags);
NTOSAPI
NTSTATUS
NTAPI
NtLoadKey(
/*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes,
/*IN*/ POBJECT_ATTRIBUTES FileObjectAttributes);
NTOSAPI
NTSTATUS
NTAPI
ZwLoadKey(
/*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes,
/*IN*/ POBJECT_ATTRIBUTES FileObjectAttributes);
NTOSAPI
NTSTATUS
NTAPI
NtLoadKey2(
/*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes,
/*IN*/ POBJECT_ATTRIBUTES FileObjectAttributes,
/*IN*/ ULONG Flags);
NTOSAPI
NTSTATUS
NTAPI
ZwLoadKey2(
/*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes,
/*IN*/ POBJECT_ATTRIBUTES FileObjectAttributes,
/*IN*/ ULONG Flags);
NTOSAPI
NTSTATUS
NTAPI
NtUnloadKey(
/*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes);
NTOSAPI
NTSTATUS
NTAPI
ZwUnloadKey(
/*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes);
NTOSAPI
NTSTATUS
NTAPI
NtQueryOpenSubKeys(
/*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes,
/*OUT*/ PULONG NumberOfKeys);
NTOSAPI
NTSTATUS
NTAPI
ZwQueryOpenSubKeys(
/*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes,
/*OUT*/ PULONG NumberOfKeys);
NTOSAPI
NTSTATUS
NTAPI
NtReplaceKey(
/*IN*/ POBJECT_ATTRIBUTES NewFileObjectAttributes,
/*IN*/ HANDLE KeyHandle,
/*IN*/ POBJECT_ATTRIBUTES OldFileObjectAttributes);
NTOSAPI
NTSTATUS
NTAPI
ZwReplaceKey(
/*IN*/ POBJECT_ATTRIBUTES NewFileObjectAttributes,
/*IN*/ HANDLE KeyHandle,
/*IN*/ POBJECT_ATTRIBUTES OldFileObjectAttributes);
typedef enum _KEY_SET_INFORMATION_CLASS {
KeyLastWriteTimeInformation
} KEY_SET_INFORMATION_CLASS;
NTOSAPI
NTSTATUS
NTAPI
NtSetInformationKey(
/*IN*/ HANDLE KeyHandle,
/*IN*/ KEY_SET_INFORMATION_CLASS KeyInformationClass,
/*IN*/ PVOID KeyInformation,
/*IN*/ ULONG KeyInformationLength);
NTOSAPI
NTSTATUS
NTAPI
ZwSetInformationKey(
/*IN*/ HANDLE KeyHandle,
/*IN*/ KEY_SET_INFORMATION_CLASS KeyInformationClass,
/*IN*/ PVOID KeyInformation,
/*IN*/ ULONG KeyInformationLength);
typedef struct _KEY_LAST_WRITE_TIME_INFORMATION {
LARGE_INTEGER LastWriteTime;
} KEY_LAST_WRITE_TIME_INFORMATION, *PKEY_LAST_WRITE_TIME_INFORMATION;
typedef struct _KEY_NAME_INFORMATION {
ULONG NameLength;
WCHAR Name[1];
} KEY_NAME_INFORMATION, *PKEY_NAME_INFORMATION;
NTOSAPI
NTSTATUS
NTAPI
NtNotifyChangeKey(
/*IN*/ HANDLE KeyHandle,
/*IN*/ HANDLE EventHandle /*OPTIONAL*/,
/*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/,
/*IN*/ PVOID ApcContext /*OPTIONAL*/,
/*OUT*/ PIO_STATUS_BLOCK IoStatusBlock,
/*IN*/ ULONG NotifyFilter,
/*IN*/ BOOLEAN WatchSubtree,
/*IN*/ PVOID Buffer,
/*IN*/ ULONG BufferLength,
/*IN*/ BOOLEAN Asynchronous);
NTOSAPI
NTSTATUS
NTAPI
ZwNotifyChangeKey(
/*IN*/ HANDLE KeyHandle,
/*IN*/ HANDLE EventHandle /*OPTIONAL*/,
/*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/,
/*IN*/ PVOID ApcContext /*OPTIONAL*/,
/*OUT*/ PIO_STATUS_BLOCK IoStatusBlock,
/*IN*/ ULONG NotifyFilter,
/*IN*/ BOOLEAN WatchSubtree,
/*IN*/ PVOID Buffer,
/*IN*/ ULONG BufferLength,
/*IN*/ BOOLEAN Asynchronous);
/* ZwNotifyChangeMultipleKeys.Flags constants */
#define REG_MONITOR_SINGLE_KEY 0x00
#define REG_MONITOR_SECOND_KEY 0x01
NTOSAPI
NTSTATUS
NTAPI
NtNotifyChangeMultipleKeys(
/*IN*/ HANDLE KeyHandle,
/*IN*/ ULONG Flags,
/*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes,
/*IN*/ HANDLE EventHandle /*OPTIONAL*/,
/*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/,
/*IN*/ PVOID ApcContext /*OPTIONAL*/,
/*OUT*/ PIO_STATUS_BLOCK IoStatusBlock,
/*IN*/ ULONG NotifyFilter,
/*IN*/ BOOLEAN WatchSubtree,
/*IN*/ PVOID Buffer,
/*IN*/ ULONG BufferLength,
/*IN*/ BOOLEAN Asynchronous);
NTOSAPI
NTSTATUS
NTAPI
ZwNotifyChangeMultipleKeys(
/*IN*/ HANDLE KeyHandle,
/*IN*/ ULONG Flags,
/*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes,
/*IN*/ HANDLE EventHandle /*OPTIONAL*/,
/*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/,
/*IN*/ PVOID ApcContext /*OPTIONAL*/,
/*OUT*/ PIO_STATUS_BLOCK IoStatusBlock,
/*IN*/ ULONG NotifyFilter,
/*IN*/ BOOLEAN WatchSubtree,
/*IN*/ PVOID Buffer,
/*IN*/ ULONG BufferLength,
/*IN*/ BOOLEAN Asynchronous);
NTOSAPI
NTSTATUS
NTAPI
NtQueryMultipleValueKey(
/*IN*/ HANDLE KeyHandle,
/*IN OUT*/ PKEY_VALUE_ENTRY ValueList,
/*IN*/ ULONG NumberOfValues,
/*OUT*/ PVOID Buffer,
/*IN OUT*/ PULONG Length,
/*OUT*/ PULONG ReturnLength);
NTOSAPI
NTSTATUS
NTAPI
ZwQueryMultipleValueKey(
/*IN*/ HANDLE KeyHandle,
/*IN OUT*/ PKEY_VALUE_ENTRY ValueList,
/*IN*/ ULONG NumberOfValues,
/*OUT*/ PVOID Buffer,
/*IN OUT*/ PULONG Length,
/*OUT*/ PULONG ReturnLength);
NTOSAPI
NTSTATUS
NTAPI
NtInitializeRegistry(
/*IN*/ BOOLEAN Setup);
NTOSAPI
NTSTATUS
NTAPI
ZwInitializeRegistry(
/*IN*/ BOOLEAN Setup);
/* Security and auditing */
NTOSAPI
NTSTATUS
NTAPI
NtPrivilegeCheck(
/*IN*/ HANDLE TokenHandle,
/*IN*/ PPRIVILEGE_SET RequiredPrivileges,
/*OUT*/ PBOOLEAN Result);
NTOSAPI
NTSTATUS
NTAPI
ZwPrivilegeCheck(
/*IN*/ HANDLE TokenHandle,
/*IN*/ PPRIVILEGE_SET RequiredPrivileges,
/*OUT*/ PBOOLEAN Result);
NTOSAPI
NTSTATUS
NTAPI
NtPrivilegeObjectAuditAlarm(
/*IN*/ PUNICODE_STRING SubsystemName,
/*IN*/ PVOID HandleId,
/*IN*/ HANDLE TokenHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ PPRIVILEGE_SET Privileges,
/*IN*/ BOOLEAN AccessGranted);
NTOSAPI
NTSTATUS
NTAPI
ZwPrivilegeObjectAuditAlarm(
/*IN*/ PUNICODE_STRING SubsystemName,
/*IN*/ PVOID HandleId,
/*IN*/ HANDLE TokenHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ PPRIVILEGE_SET Privileges,
/*IN*/ BOOLEAN AccessGranted);
NTOSAPI
NTSTATUS
NTAPI
NtAccessCheck(
/*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
/*IN*/ HANDLE TokenHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ PGENERIC_MAPPING GenericMapping,
/*IN*/ PPRIVILEGE_SET PrivilegeSet,
/*IN*/ PULONG PrivilegeSetLength,
/*OUT*/ PACCESS_MASK GrantedAccess,
/*OUT*/ PBOOLEAN AccessStatus);
NTOSAPI
NTSTATUS
NTAPI
ZwAccessCheck(
/*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
/*IN*/ HANDLE TokenHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ PGENERIC_MAPPING GenericMapping,
/*IN*/ PPRIVILEGE_SET PrivilegeSet,
/*IN*/ PULONG PrivilegeSetLength,
/*OUT*/ PACCESS_MASK GrantedAccess,
/*OUT*/ PBOOLEAN AccessStatus);
NTOSAPI
NTSTATUS
NTAPI
NtAccessCheckAndAuditAlarm(
/*IN*/ PUNICODE_STRING SubsystemName,
/*IN*/ PVOID HandleId,
/*IN*/ PUNICODE_STRING ObjectTypeName,
/*IN*/ PUNICODE_STRING ObjectName,
/*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ PGENERIC_MAPPING GenericMapping,
/*IN*/ BOOLEAN ObjectCreation,
/*OUT*/ PACCESS_MASK GrantedAccess,
/*OUT*/ PBOOLEAN AccessStatus,
/*OUT*/ PBOOLEAN GenerateOnClose);
NTOSAPI
NTSTATUS
NTAPI
ZwAccessCheckAndAuditAlarm(
/*IN*/ PUNICODE_STRING SubsystemName,
/*IN*/ PVOID HandleId,
/*IN*/ PUNICODE_STRING ObjectTypeName,
/*IN*/ PUNICODE_STRING ObjectName,
/*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ PGENERIC_MAPPING GenericMapping,
/*IN*/ BOOLEAN ObjectCreation,
/*OUT*/ PACCESS_MASK GrantedAccess,
/*OUT*/ PBOOLEAN AccessStatus,
/*OUT*/ PBOOLEAN GenerateOnClose);
NTOSAPI
NTSTATUS
NTAPI
NtAccessCheckByType(
/*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
/*IN*/ PSID PrincipalSelfSid,
/*IN*/ HANDLE TokenHandle,
/*IN*/ ULONG DesiredAccess,
/*IN*/ POBJECT_TYPE_LIST ObjectTypeList,
/*IN*/ ULONG ObjectTypeListLength,
/*IN*/ PGENERIC_MAPPING GenericMapping,
/*IN*/ PPRIVILEGE_SET PrivilegeSet,
/*IN*/ PULONG PrivilegeSetLength,
/*OUT*/ PACCESS_MASK GrantedAccess,
/*OUT*/ PULONG AccessStatus);
NTOSAPI
NTSTATUS
NTAPI
ZwAccessCheckByType(
/*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
/*IN*/ PSID PrincipalSelfSid,
/*IN*/ HANDLE TokenHandle,
/*IN*/ ULONG DesiredAccess,
/*IN*/ POBJECT_TYPE_LIST ObjectTypeList,
/*IN*/ ULONG ObjectTypeListLength,
/*IN*/ PGENERIC_MAPPING GenericMapping,
/*IN*/ PPRIVILEGE_SET PrivilegeSet,
/*IN*/ PULONG PrivilegeSetLength,
/*OUT*/ PACCESS_MASK GrantedAccess,
/*OUT*/ PULONG AccessStatus);
typedef enum _AUDIT_EVENT_TYPE {
AuditEventObjectAccess,
AuditEventDirectoryServiceAccess
} AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
NTOSAPI
NTSTATUS
NTAPI
NtAccessCheckByTypeAndAuditAlarm(
/*IN*/ PUNICODE_STRING SubsystemName,
/*IN*/ PVOID HandleId,
/*IN*/ PUNICODE_STRING ObjectTypeName,
/*IN*/ PUNICODE_STRING ObjectName,
/*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
/*IN*/ PSID PrincipalSelfSid,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ AUDIT_EVENT_TYPE AuditType,
/*IN*/ ULONG Flags,
/*IN*/ POBJECT_TYPE_LIST ObjectTypeList,
/*IN*/ ULONG ObjectTypeListLength,
/*IN*/ PGENERIC_MAPPING GenericMapping,
/*IN*/ BOOLEAN ObjectCreation,
/*OUT*/ PACCESS_MASK GrantedAccess,
/*OUT*/ PULONG AccessStatus,
/*OUT*/ PBOOLEAN GenerateOnClose);
NTOSAPI
NTSTATUS
NTAPI
ZwAccessCheckByTypeAndAuditAlarm(
/*IN*/ PUNICODE_STRING SubsystemName,
/*IN*/ PVOID HandleId,
/*IN*/ PUNICODE_STRING ObjectTypeName,
/*IN*/ PUNICODE_STRING ObjectName,
/*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
/*IN*/ PSID PrincipalSelfSid,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ AUDIT_EVENT_TYPE AuditType,
/*IN*/ ULONG Flags,
/*IN*/ POBJECT_TYPE_LIST ObjectTypeList,
/*IN*/ ULONG ObjectTypeListLength,
/*IN*/ PGENERIC_MAPPING GenericMapping,
/*IN*/ BOOLEAN ObjectCreation,
/*OUT*/ PACCESS_MASK GrantedAccess,
/*OUT*/ PULONG AccessStatus,
/*OUT*/ PBOOLEAN GenerateOnClose);
NTOSAPI
NTSTATUS
NTAPI
NtAccessCheckByTypeResultList(
/*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
/*IN*/ PSID PrincipalSelfSid,
/*IN*/ HANDLE TokenHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_TYPE_LIST ObjectTypeList,
/*IN*/ ULONG ObjectTypeListLength,
/*IN*/ PGENERIC_MAPPING GenericMapping,
/*IN*/ PPRIVILEGE_SET PrivilegeSet,
/*IN*/ PULONG PrivilegeSetLength,
/*OUT*/ PACCESS_MASK GrantedAccessList,
/*OUT*/ PULONG AccessStatusList);
NTOSAPI
NTSTATUS
NTAPI
ZwAccessCheckByTypeResultList(
/*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
/*IN*/ PSID PrincipalSelfSid,
/*IN*/ HANDLE TokenHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_TYPE_LIST ObjectTypeList,
/*IN*/ ULONG ObjectTypeListLength,
/*IN*/ PGENERIC_MAPPING GenericMapping,
/*IN*/ PPRIVILEGE_SET PrivilegeSet,
/*IN*/ PULONG PrivilegeSetLength,
/*OUT*/ PACCESS_MASK GrantedAccessList,
/*OUT*/ PULONG AccessStatusList);
NTOSAPI
NTSTATUS
NTAPI
NtAccessCheckByTypeResultListAndAuditAlarm(
/*IN*/ PUNICODE_STRING SubsystemName,
/*IN*/ PVOID HandleId,
/*IN*/ PUNICODE_STRING ObjectTypeName,
/*IN*/ PUNICODE_STRING ObjectName,
/*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
/*IN*/ PSID PrincipalSelfSid,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ AUDIT_EVENT_TYPE AuditType,
/*IN*/ ULONG Flags,
/*IN*/ POBJECT_TYPE_LIST ObjectTypeList,
/*IN*/ ULONG ObjectTypeListLength,
/*IN*/ PGENERIC_MAPPING GenericMapping,
/*IN*/ BOOLEAN ObjectCreation,
/*OUT*/ PACCESS_MASK GrantedAccessList,
/*OUT*/ PULONG AccessStatusList,
/*OUT*/ PULONG GenerateOnClose);
NTOSAPI
NTSTATUS
NTAPI
ZwAccessCheckByTypeResultListAndAuditAlarm(
/*IN*/ PUNICODE_STRING SubsystemName,
/*IN*/ PVOID HandleId,
/*IN*/ PUNICODE_STRING ObjectTypeName,
/*IN*/ PUNICODE_STRING ObjectName,
/*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
/*IN*/ PSID PrincipalSelfSid,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ AUDIT_EVENT_TYPE AuditType,
/*IN*/ ULONG Flags,
/*IN*/ POBJECT_TYPE_LIST ObjectTypeList,
/*IN*/ ULONG ObjectTypeListLength,
/*IN*/ PGENERIC_MAPPING GenericMapping,
/*IN*/ BOOLEAN ObjectCreation,
/*OUT*/ PACCESS_MASK GrantedAccessList,
/*OUT*/ PULONG AccessStatusList,
/*OUT*/ PULONG GenerateOnClose);
NTOSAPI
NTSTATUS
NTAPI
NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
/*IN*/ PUNICODE_STRING SubsystemName,
/*IN*/ PVOID HandleId,
/*IN*/ HANDLE TokenHandle,
/*IN*/ PUNICODE_STRING ObjectTypeName,
/*IN*/ PUNICODE_STRING ObjectName,
/*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
/*IN*/ PSID PrincipalSelfSid,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ AUDIT_EVENT_TYPE AuditType,
/*IN*/ ULONG Flags,
/*IN*/ POBJECT_TYPE_LIST ObjectTypeList,
/*IN*/ ULONG ObjectTypeListLength,
/*IN*/ PGENERIC_MAPPING GenericMapping,
/*IN*/ BOOLEAN ObjectCreation,
/*OUT*/ PACCESS_MASK GrantedAccessList,
/*OUT*/ PULONG AccessStatusList,
/*OUT*/ PULONG GenerateOnClose);
NTOSAPI
NTSTATUS
NTAPI
ZwAccessCheckByTypeResultListAndAuditAlarmByHandle(
/*IN*/ PUNICODE_STRING SubsystemName,
/*IN*/ PVOID HandleId,
/*IN*/ HANDLE TokenHandle,
/*IN*/ PUNICODE_STRING ObjectTypeName,
/*IN*/ PUNICODE_STRING ObjectName,
/*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
/*IN*/ PSID PrincipalSelfSid,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ AUDIT_EVENT_TYPE AuditType,
/*IN*/ ULONG Flags,
/*IN*/ POBJECT_TYPE_LIST ObjectTypeList,
/*IN*/ ULONG ObjectTypeListLength,
/*IN*/ PGENERIC_MAPPING GenericMapping,
/*IN*/ BOOLEAN ObjectCreation,
/*OUT*/ PACCESS_MASK GrantedAccessList,
/*OUT*/ PULONG AccessStatusList,
/*OUT*/ PULONG GenerateOnClose);
NTOSAPI
NTSTATUS
NTAPI
NtOpenObjectAuditAlarm(
/*IN*/ PUNICODE_STRING SubsystemName,
/*IN*/ PVOID *HandleId,
/*IN*/ PUNICODE_STRING ObjectTypeName,
/*IN*/ PUNICODE_STRING ObjectName,
/*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
/*IN*/ HANDLE TokenHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ ACCESS_MASK GrantedAccess,
/*IN*/ PPRIVILEGE_SET Privileges /*OPTIONAL*/,
/*IN*/ BOOLEAN ObjectCreation,
/*IN*/ BOOLEAN AccessGranted,
/*OUT*/ PBOOLEAN GenerateOnClose);
NTOSAPI
NTSTATUS
NTAPI
ZwOpenObjectAuditAlarm(
/*IN*/ PUNICODE_STRING SubsystemName,
/*IN*/ PVOID *HandleId,
/*IN*/ PUNICODE_STRING ObjectTypeName,
/*IN*/ PUNICODE_STRING ObjectName,
/*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
/*IN*/ HANDLE TokenHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ ACCESS_MASK GrantedAccess,
/*IN*/ PPRIVILEGE_SET Privileges /*OPTIONAL*/,
/*IN*/ BOOLEAN ObjectCreation,
/*IN*/ BOOLEAN AccessGranted,
/*OUT*/ PBOOLEAN GenerateOnClose);
NTOSAPI
NTSTATUS
NTAPI
NtCloseObjectAuditAlarm(
/*IN*/ PUNICODE_STRING SubsystemName,
/*IN*/ PVOID HandleId,
/*IN*/ BOOLEAN GenerateOnClose);
NTOSAPI
NTSTATUS
NTAPI
ZwCloseObjectAuditAlarm(
/*IN*/ PUNICODE_STRING SubsystemName,
/*IN*/ PVOID HandleId,
/*IN*/ BOOLEAN GenerateOnClose);
NTOSAPI
NTSTATUS
NTAPI
NtDeleteObjectAuditAlarm(
/*IN*/ PUNICODE_STRING SubsystemName,
/*IN*/ PVOID HandleId,
/*IN*/ BOOLEAN GenerateOnClose);
NTOSAPI
NTSTATUS
NTAPI
ZwDeleteObjectAuditAlarm(
/*IN*/ PUNICODE_STRING SubsystemName,
/*IN*/ PVOID HandleId,
/*IN*/ BOOLEAN GenerateOnClose);
/* Plug and play and power management */
NTOSAPI
NTSTATUS
NTAPI
ZwRequestWakeupLatency(
/*IN*/ LATENCY_TIME Latency);
NTOSAPI
NTSTATUS
NTAPI
ZwRequestDeviceWakeup(
/*IN*/ HANDLE DeviceHandle);
NTOSAPI
NTSTATUS
NTAPI
ZwCancelDeviceWakeupRequest(
/*IN*/ HANDLE DeviceHandle);
NTOSAPI
BOOLEAN
NTAPI
ZwIsSystemResumeAutomatic(
VOID);
NTOSAPI
NTSTATUS
NTAPI
ZwSetThreadExecutionState(
/*IN*/ EXECUTION_STATE ExecutionState,
/*OUT*/ PEXECUTION_STATE PreviousExecutionState);
NTOSAPI
NTSTATUS
NTAPI
ZwGetDevicePowerState(
/*IN*/ HANDLE DeviceHandle,
/*OUT*/ PDEVICE_POWER_STATE DevicePowerState);
NTOSAPI
NTSTATUS
NTAPI
ZwSetSystemPowerState(
/*IN*/ POWER_ACTION SystemAction,
/*IN*/ SYSTEM_POWER_STATE MinSystemState,
/*IN*/ ULONG Flags);
NTOSAPI
NTSTATUS
NTAPI
ZwInitiatePowerAction(
/*IN*/ POWER_ACTION SystemAction,
/*IN*/ SYSTEM_POWER_STATE MinSystemState,
/*IN*/ ULONG Flags,
/*IN*/ BOOLEAN Asynchronous);
NTOSAPI
NTSTATUS
NTAPI
ZwPowerInformation(
/*IN*/ POWER_INFORMATION_LEVEL PowerInformationLevel,
/*IN*/ PVOID InputBuffer /*OPTIONAL*/,
/*IN*/ ULONG InputBufferLength,
/*OUT*/ PVOID OutputBuffer /*OPTIONAL*/,
/*IN*/ ULONG OutputBufferLength);
NTOSAPI
NTSTATUS
NTAPI
NtPlugPlayControl(
/*IN*/ ULONG ControlCode,
/*IN OUT*/ PVOID Buffer,
/*IN*/ ULONG BufferLength);
NTOSAPI
NTSTATUS
NTAPI
ZwPlugPlayControl(
/*IN*/ ULONG ControlCode,
/*IN OUT*/ PVOID Buffer,
/*IN*/ ULONG BufferLength);
NTOSAPI
NTSTATUS
NTAPI
NtGetPlugPlayEvent(
/*IN*/ ULONG Reserved1,
/*IN*/ ULONG Reserved2,
/*OUT*/ PVOID Buffer,
/*IN*/ ULONG BufferLength);
NTOSAPI
NTSTATUS
NTAPI
ZwGetPlugPlayEvent(
/*IN*/ ULONG Reserved1,
/*IN*/ ULONG Reserved2,
/*OUT*/ PVOID Buffer,
/*IN*/ ULONG BufferLength);
/* Miscellany */
NTOSAPI
NTSTATUS
NTAPI
NtRaiseException(
/*IN*/ PEXCEPTION_RECORD ExceptionRecord,
/*IN*/ PCONTEXT Context,
/*IN*/ BOOLEAN SearchFrames);
NTOSAPI
NTSTATUS
NTAPI
ZwRaiseException(
/*IN*/ PEXCEPTION_RECORD ExceptionRecord,
/*IN*/ PCONTEXT Context,
/*IN*/ BOOLEAN SearchFrames);
NTOSAPI
NTSTATUS
NTAPI
NtContinue(
/*IN*/ PCONTEXT Context,
/*IN*/ BOOLEAN TestAlert);
NTOSAPI
NTSTATUS
NTAPI
ZwContinue(
/*IN*/ PCONTEXT Context,
/*IN*/ BOOLEAN TestAlert);
NTOSAPI
NTSTATUS
NTAPI
ZwW32Call(
/*IN*/ ULONG RoutineIndex,
/*IN*/ PVOID Argument,
/*IN*/ ULONG ArgumentLength,
/*OUT*/ PVOID *Result /*OPTIONAL*/,
/*OUT*/ PULONG ResultLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
NtSetLowWaitHighThread(
VOID);
NTOSAPI
NTSTATUS
NTAPI
ZwSetLowWaitHighThread(
VOID);
NTOSAPI
NTSTATUS
NTAPI
NtSetHighWaitLowThread(
VOID);
NTOSAPI
NTSTATUS
NTAPI
ZwSetHighWaitLowThread(
VOID);
NTOSAPI
NTSTATUS
NTAPI
NtLoadDriver(
/*IN*/ PUNICODE_STRING DriverServiceName);
NTOSAPI
NTSTATUS
NTAPI
ZwLoadDriver(
/*IN*/ PUNICODE_STRING DriverServiceName);
NTOSAPI
NTSTATUS
NTAPI
NtUnloadDriver(
/*IN*/ PUNICODE_STRING DriverServiceName);
NTOSAPI
NTSTATUS
NTAPI
ZwUnloadDriver(
/*IN*/ PUNICODE_STRING DriverServiceName);
NTOSAPI
NTSTATUS
NTAPI
NtFlushInstructionCache(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ PVOID BaseAddress /*OPTIONAL*/,
/*IN*/ ULONG FlushSize);
NTOSAPI
NTSTATUS
NTAPI
ZwFlushInstructionCache(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ PVOID BaseAddress /*OPTIONAL*/,
/*IN*/ ULONG FlushSize);
NTOSAPI
NTSTATUS
NTAPI
NtFlushWriteBuffer(
VOID);
NTOSAPI
NTSTATUS
NTAPI
ZwFlushWriteBuffer(
VOID);
NTOSAPI
NTSTATUS
NTAPI
NtQueryDefaultLocale(
/*IN*/ BOOLEAN ThreadOrSystem,
/*OUT*/ PLCID Locale);
NTOSAPI
NTSTATUS
NTAPI
ZwQueryDefaultLocale(
/*IN*/ BOOLEAN ThreadOrSystem,
/*OUT*/ PLCID Locale);
NTOSAPI
NTSTATUS
NTAPI
NtSetDefaultLocale(
/*IN*/ BOOLEAN ThreadOrSystem,
/*IN*/ LCID Locale);
NTOSAPI
NTSTATUS
NTAPI
ZwSetDefaultLocale(
/*IN*/ BOOLEAN ThreadOrSystem,
/*IN*/ LCID Locale);
NTOSAPI
NTSTATUS
NTAPI
NtQueryDefaultUILanguage(
/*OUT*/ PLANGID LanguageId);
NTOSAPI
NTSTATUS
NTAPI
ZwQueryDefaultUILanguage(
/*OUT*/ PLANGID LanguageId);
NTOSAPI
NTSTATUS
NTAPI
NtSetDefaultUILanguage(
/*IN*/ LANGID LanguageId);
NTOSAPI
NTSTATUS
NTAPI
ZwSetDefaultUILanguage(
/*IN*/ LANGID LanguageId);
NTOSAPI
NTSTATUS
NTAPI
NtQueryInstallUILanguage(
/*OUT*/ PLANGID LanguageId);
NTOSAPI
NTSTATUS
NTAPI
ZwQueryInstallUILanguage(
/*OUT*/ PLANGID LanguageId);
NTOSAPI
NTSTATUS
NTAPI
NtAllocateLocallyUniqueId(
/*OUT*/ PLUID Luid);
NTOSAPI
NTSTATUS
NTAPI
NtAllocateUuids(
/*OUT*/ PLARGE_INTEGER UuidLastTimeAllocated,
/*OUT*/ PULONG UuidDeltaTime,
/*OUT*/ PULONG UuidSequenceNumber,
/*OUT*/ PUCHAR UuidSeed);
NTOSAPI
NTSTATUS
NTAPI
ZwAllocateUuids(
/*OUT*/ PLARGE_INTEGER UuidLastTimeAllocated,
/*OUT*/ PULONG UuidDeltaTime,
/*OUT*/ PULONG UuidSequenceNumber,
/*OUT*/ PUCHAR UuidSeed);
NTOSAPI
NTSTATUS
NTAPI
NtSetUuidSeed(
/*IN*/ PUCHAR UuidSeed);
NTOSAPI
NTSTATUS
NTAPI
ZwSetUuidSeed(
/*IN*/ PUCHAR UuidSeed);
typedef enum _HARDERROR_RESPONSE_OPTION {
OptionAbortRetryIgnore,
OptionOk,
OptionOkCancel,
OptionRetryCancel,
OptionYesNo,
OptionYesNoCancel,
OptionShutdownSystem
} HARDERROR_RESPONSE_OPTION, *PHARDERROR_RESPONSE_OPTION;
typedef enum _HARDERROR_RESPONSE {
ResponseReturnToCaller,
ResponseNotHandled,
ResponseAbort,
ResponseCancel,
ResponseIgnore,
ResponseNo,
ResponseOk,
ResponseRetry,
ResponseYes
} HARDERROR_RESPONSE, *PHARDERROR_RESPONSE;
NTOSAPI
NTSTATUS
NTAPI
NtRaiseHardError(
/*IN*/ NTSTATUS Status,
/*IN*/ ULONG NumberOfArguments,
/*IN*/ ULONG StringArgumentsMask,
/*IN*/ PULONG Arguments,
/*IN*/ HARDERROR_RESPONSE_OPTION ResponseOption,
/*OUT*/ PHARDERROR_RESPONSE Response);
NTOSAPI
NTSTATUS
NTAPI
ZwRaiseHardError(
/*IN*/ NTSTATUS Status,
/*IN*/ ULONG NumberOfArguments,
/*IN*/ ULONG StringArgumentsMask,
/*IN*/ PULONG Arguments,
/*IN*/ HARDERROR_RESPONSE_OPTION ResponseOption,
/*OUT*/ PHARDERROR_RESPONSE Response);
NTOSAPI
NTSTATUS
NTAPI
NtSetDefaultHardErrorPort(
/*IN*/ HANDLE PortHandle);
NTOSAPI
NTSTATUS
NTAPI
ZwSetDefaultHardErrorPort(
/*IN*/ HANDLE PortHandle);
NTOSAPI
NTSTATUS
NTAPI
NtDisplayString(
/*IN*/ PUNICODE_STRING String);
NTOSAPI
NTSTATUS
NTAPI
ZwDisplayString(
/*IN*/ PUNICODE_STRING String);
NTOSAPI
NTSTATUS
NTAPI
NtCreatePagingFile(
/*IN*/ PUNICODE_STRING FileName,
/*IN*/ PULARGE_INTEGER InitialSize,
/*IN*/ PULARGE_INTEGER MaximumSize,
/*IN*/ ULONG Reserved);
NTOSAPI
NTSTATUS
NTAPI
ZwCreatePagingFile(
/*IN*/ PUNICODE_STRING FileName,
/*IN*/ PULARGE_INTEGER InitialSize,
/*IN*/ PULARGE_INTEGER MaximumSize,
/*IN*/ ULONG Reserved);
typedef USHORT RTL_ATOM, *PRTL_ATOM;
NTOSAPI
NTSTATUS
NTAPI
NtAddAtom(
/*IN*/ PWSTR AtomName,
/*IN*/ ULONG AtomNameLength,
/*OUT*/ PRTL_ATOM Atom);
NTOSAPI
NTSTATUS
NTAPI
ZwAddAtom(
/*IN*/ PWSTR AtomName,
/*IN*/ ULONG AtomNameLength,
/*OUT*/ PRTL_ATOM Atom);
NTOSAPI
NTSTATUS
NTAPI
NtFindAtom(
/*IN*/ PWSTR AtomName,
/*IN*/ ULONG AtomNameLength,
/*OUT*/ PRTL_ATOM Atom);
NTOSAPI
NTSTATUS
NTAPI
ZwFindAtom(
/*IN*/ PWSTR AtomName,
/*IN*/ ULONG AtomNameLength,
/*OUT*/ PRTL_ATOM Atom);
NTOSAPI
NTSTATUS
NTAPI
NtDeleteAtom(
/*IN*/ RTL_ATOM Atom);
NTOSAPI
NTSTATUS
NTAPI
ZwDeleteAtom(
/*IN*/ RTL_ATOM Atom);
typedef enum _ATOM_INFORMATION_CLASS {
AtomBasicInformation,
AtomListInformation
} ATOM_INFORMATION_CLASS;
NTOSAPI
NTSTATUS
NTAPI
NtQueryInformationAtom(
/*IN*/ RTL_ATOM Atom,
/*IN*/ ATOM_INFORMATION_CLASS AtomInformationClass,
/*OUT*/ PVOID AtomInformation,
/*IN*/ ULONG AtomInformationLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwQueryInformationAtom(
/*IN*/ RTL_ATOM Atom,
/*IN*/ ATOM_INFORMATION_CLASS AtomInformationClass,
/*OUT*/ PVOID AtomInformation,
/*IN*/ ULONG AtomInformationLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
typedef struct _ATOM_BASIC_INFORMATION {
USHORT ReferenceCount;
USHORT Pinned;
USHORT NameLength;
WCHAR Name[1];
} ATOM_BASIC_INFORMATION, *PATOM_BASIC_INFORMATION;
typedef struct _ATOM_LIST_INFORMATION {
ULONG NumberOfAtoms;
ATOM Atoms[1];
} ATOM_LIST_INFORMATION, *PATOM_LIST_INFORMATION;
NTOSAPI
NTSTATUS
NTAPI
NtSetLdtEntries(
/*IN*/ ULONG Selector1,
/*IN*/ LDT_ENTRY LdtEntry1,
/*IN*/ ULONG Selector2,
/*IN*/ LDT_ENTRY LdtEntry2);
NTOSAPI
NTSTATUS
NTAPI
ZwSetLdtEntries(
/*IN*/ ULONG Selector1,
/*IN*/ LDT_ENTRY LdtEntry1,
/*IN*/ ULONG Selector2,
/*IN*/ LDT_ENTRY LdtEntry2);
NTOSAPI
NTSTATUS
NTAPI
NtVdmControl(
/*IN*/ ULONG ControlCode,
/*IN*/ PVOID ControlData);
NTOSAPI
NTSTATUS
NTAPI
ZwVdmControl(
/*IN*/ ULONG ControlCode,
/*IN*/ PVOID ControlData);
#pragma pack(pop)
#ifdef __cplusplus
}
#endif
#endif /* __NTAPI_H */
Naveen Neel