Naveen Neel
/
shedskin
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Embed:
(wiki syntax)
Show/hide line numbers
ntapi.h
00001 /* 00002 * ntapi.h 00003 * 00004 * Windows NT Native API 00005 * 00006 * Most structures in this file is obtained from Windows NT/2000 Native API 00007 * Reference by Gary Nebbett, ISBN 1578701996. 00008 * 00009 * This file is part of the w32api package. 00010 * 00011 * Contributors: 00012 * Created by Casper S. Hornstrup <chorns@users.sourceforge.net> 00013 * 00014 * THIS SOFTWARE IS NOT COPYRIGHTED 00015 * 00016 * This source code is offered for use in the public domain. You may 00017 * use, modify or distribute it freely. 00018 * 00019 * This code is distributed in the hope that it will be useful but 00020 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY 00021 * DISCLAIMED. This includes but is not limited to warranties of 00022 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 00023 * 00024 */ 00025 00026 #ifndef __NTAPI_H 00027 #define __NTAPI_H 00028 00029 #if __GNUC__ >= 3 00030 #pragma GCC system_header 00031 #endif 00032 00033 #ifdef __cplusplus 00034 extern "C" { 00035 #endif 00036 00037 #include <stdarg.h> 00038 #include <winbase.h> 00039 #include "ntddk.h" 00040 #include "ntpoapi.h" 00041 00042 #pragma pack(push,4) 00043 00044 typedef struct _PEB *PPEB; 00045 00046 /* FIXME: Unknown definitions */ 00047 typedef PVOID POBJECT_TYPE_LIST; 00048 typedef PVOID PEXECUTION_STATE; 00049 typedef PVOID PLANGID; 00050 00051 #ifndef NtCurrentProcess 00052 #define NtCurrentProcess() ((HANDLE)0xFFFFFFFF) 00053 #endif /* NtCurrentProcess */ 00054 #ifndef NtCurrentThread 00055 #define NtCurrentThread() ((HANDLE)0xFFFFFFFE) 00056 #endif /* NtCurrentThread */ 00057 00058 /* System information and control */ 00059 00060 typedef enum _SYSTEM_INFORMATION_CLASS { 00061 SystemInformationClassMin = 0, 00062 SystemBasicInformation = 0, 00063 SystemProcessorInformation = 1, 00064 SystemPerformanceInformation = 2, 00065 SystemTimeOfDayInformation = 3, 00066 SystemPathInformation = 4, 00067 SystemNotImplemented1 = 4, 00068 SystemProcessInformation = 5, 00069 SystemProcessesAndThreadsInformation = 5, 00070 SystemCallCountInfoInformation = 6, 00071 SystemCallCounts = 6, 00072 SystemDeviceInformation = 7, 00073 SystemConfigurationInformation = 7, 00074 SystemProcessorPerformanceInformation = 8, 00075 SystemProcessorTimes = 8, 00076 SystemFlagsInformation = 9, 00077 SystemGlobalFlag = 9, 00078 SystemCallTimeInformation = 10, 00079 SystemNotImplemented2 = 10, 00080 SystemModuleInformation = 11, 00081 SystemLocksInformation = 12, 00082 SystemLockInformation = 12, 00083 SystemStackTraceInformation = 13, 00084 SystemNotImplemented3 = 13, 00085 SystemPagedPoolInformation = 14, 00086 SystemNotImplemented4 = 14, 00087 SystemNonPagedPoolInformation = 15, 00088 SystemNotImplemented5 = 15, 00089 SystemHandleInformation = 16, 00090 SystemObjectInformation = 17, 00091 SystemPageFileInformation = 18, 00092 SystemPagefileInformation = 18, 00093 SystemVdmInstemulInformation = 19, 00094 SystemInstructionEmulationCounts = 19, 00095 SystemVdmBopInformation = 20, 00096 SystemInvalidInfoClass1 = 20, 00097 SystemFileCacheInformation = 21, 00098 SystemCacheInformation = 21, 00099 SystemPoolTagInformation = 22, 00100 SystemInterruptInformation = 23, 00101 SystemProcessorStatistics = 23, 00102 SystemDpcBehaviourInformation = 24, 00103 SystemDpcInformation = 24, 00104 SystemFullMemoryInformation = 25, 00105 SystemNotImplemented6 = 25, 00106 SystemLoadImage = 26, 00107 SystemUnloadImage = 27, 00108 SystemTimeAdjustmentInformation = 28, 00109 SystemTimeAdjustment = 28, 00110 SystemSummaryMemoryInformation = 29, 00111 SystemNotImplemented7 = 29, 00112 SystemNextEventIdInformation = 30, 00113 SystemNotImplemented8 = 30, 00114 SystemEventIdsInformation = 31, 00115 SystemNotImplemented9 = 31, 00116 SystemCrashDumpInformation = 32, 00117 SystemExceptionInformation = 33, 00118 SystemCrashDumpStateInformation = 34, 00119 SystemKernelDebuggerInformation = 35, 00120 SystemContextSwitchInformation = 36, 00121 SystemRegistryQuotaInformation = 37, 00122 SystemLoadAndCallImage = 38, 00123 SystemPrioritySeparation = 39, 00124 SystemPlugPlayBusInformation = 40, 00125 SystemNotImplemented10 = 40, 00126 SystemDockInformation = 41, 00127 SystemNotImplemented11 = 41, 00128 /* SystemPowerInformation = 42, Conflicts with POWER_INFORMATION_LEVEL 1 */ 00129 SystemInvalidInfoClass2 = 42, 00130 SystemProcessorSpeedInformation = 43, 00131 SystemInvalidInfoClass3 = 43, 00132 SystemCurrentTimeZoneInformation = 44, 00133 SystemTimeZoneInformation = 44, 00134 SystemLookasideInformation = 45, 00135 SystemSetTimeSlipEvent = 46, 00136 SystemCreateSession = 47, 00137 SystemDeleteSession = 48, 00138 SystemInvalidInfoClass4 = 49, 00139 SystemRangeStartInformation = 50, 00140 SystemVerifierInformation = 51, 00141 SystemAddVerifier = 52, 00142 SystemSessionProcessesInformation = 53, 00143 SystemInformationClassMax 00144 } SYSTEM_INFORMATION_CLASS; 00145 00146 typedef struct _SYSTEM_BASIC_INFORMATION { 00147 ULONG Unknown; 00148 ULONG MaximumIncrement; 00149 ULONG PhysicalPageSize; 00150 ULONG NumberOfPhysicalPages; 00151 ULONG LowestPhysicalPage; 00152 ULONG HighestPhysicalPage; 00153 ULONG AllocationGranularity; 00154 ULONG LowestUserAddress; 00155 ULONG HighestUserAddress; 00156 ULONG ActiveProcessors; 00157 UCHAR NumberProcessors; 00158 } SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION; 00159 00160 typedef struct _SYSTEM_PROCESSOR_INFORMATION { 00161 USHORT ProcessorArchitecture; 00162 USHORT ProcessorLevel; 00163 USHORT ProcessorRevision; 00164 USHORT Unknown; 00165 ULONG FeatureBits; 00166 } SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION; 00167 00168 typedef struct _SYSTEM_PERFORMANCE_INFORMATION { 00169 LARGE_INTEGER IdleTime; 00170 LARGE_INTEGER ReadTransferCount; 00171 LARGE_INTEGER WriteTransferCount; 00172 LARGE_INTEGER OtherTransferCount; 00173 ULONG ReadOperationCount; 00174 ULONG WriteOperationCount; 00175 ULONG OtherOperationCount; 00176 ULONG AvailablePages; 00177 ULONG TotalCommittedPages; 00178 ULONG TotalCommitLimit; 00179 ULONG PeakCommitment; 00180 ULONG PageFaults; 00181 ULONG WriteCopyFaults; 00182 ULONG TransitionFaults; 00183 ULONG CacheTransitionFaults; 00184 ULONG DemandZeroFaults; 00185 ULONG PagesRead; 00186 ULONG PageReadIos; 00187 ULONG CacheReads; 00188 ULONG CacheIos; 00189 ULONG PagefilePagesWritten; 00190 ULONG PagefilePageWriteIos; 00191 ULONG MappedFilePagesWritten; 00192 ULONG MappedFilePageWriteIos; 00193 ULONG PagedPoolUsage; 00194 ULONG NonPagedPoolUsage; 00195 ULONG PagedPoolAllocs; 00196 ULONG PagedPoolFrees; 00197 ULONG NonPagedPoolAllocs; 00198 ULONG NonPagedPoolFrees; 00199 ULONG TotalFreeSystemPtes; 00200 ULONG SystemCodePage; 00201 ULONG TotalSystemDriverPages; 00202 ULONG TotalSystemCodePages; 00203 ULONG SmallNonPagedLookasideListAllocateHits; 00204 ULONG SmallPagedLookasideListAllocateHits; 00205 ULONG Reserved3; 00206 ULONG MmSystemCachePage; 00207 ULONG PagedPoolPage; 00208 ULONG SystemDriverPage; 00209 ULONG FastReadNoWait; 00210 ULONG FastReadWait; 00211 ULONG FastReadResourceMiss; 00212 ULONG FastReadNotPossible; 00213 ULONG FastMdlReadNoWait; 00214 ULONG FastMdlReadWait; 00215 ULONG FastMdlReadResourceMiss; 00216 ULONG FastMdlReadNotPossible; 00217 ULONG MapDataNoWait; 00218 ULONG MapDataWait; 00219 ULONG MapDataNoWaitMiss; 00220 ULONG MapDataWaitMiss; 00221 ULONG PinMappedDataCount; 00222 ULONG PinReadNoWait; 00223 ULONG PinReadWait; 00224 ULONG PinReadNoWaitMiss; 00225 ULONG PinReadWaitMiss; 00226 ULONG CopyReadNoWait; 00227 ULONG CopyReadWait; 00228 ULONG CopyReadNoWaitMiss; 00229 ULONG CopyReadWaitMiss; 00230 ULONG MdlReadNoWait; 00231 ULONG MdlReadWait; 00232 ULONG MdlReadNoWaitMiss; 00233 ULONG MdlReadWaitMiss; 00234 ULONG ReadAheadIos; 00235 ULONG LazyWriteIos; 00236 ULONG LazyWritePages; 00237 ULONG DataFlushes; 00238 ULONG DataPages; 00239 ULONG ContextSwitches; 00240 ULONG FirstLevelTbFills; 00241 ULONG SecondLevelTbFills; 00242 ULONG SystemCalls; 00243 } SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION; 00244 00245 typedef struct _SYSTEM_TIME_OF_DAY_INFORMATION { 00246 LARGE_INTEGER BootTime; 00247 LARGE_INTEGER CurrentTime; 00248 LARGE_INTEGER TimeZoneBias; 00249 ULONG CurrentTimeZoneId; 00250 } SYSTEM_TIME_OF_DAY_INFORMATION, *PSYSTEM_TIME_OF_DAY_INFORMATION; 00251 00252 typedef struct _VM_COUNTERS { 00253 ULONG PeakVirtualSize; 00254 ULONG VirtualSize; 00255 ULONG PageFaultCount; 00256 ULONG PeakWorkingSetSize; 00257 ULONG WorkingSetSize; 00258 ULONG QuotaPeakPagedPoolUsage; 00259 ULONG QuotaPagedPoolUsage; 00260 ULONG QuotaPeakNonPagedPoolUsage; 00261 ULONG QuotaNonPagedPoolUsage; 00262 ULONG PagefileUsage; 00263 ULONG PeakPagefileUsage; 00264 } VM_COUNTERS; 00265 00266 typedef enum _THREAD_STATE { 00267 StateInitialized, 00268 StateReady, 00269 StateRunning, 00270 StateStandby, 00271 StateTerminated, 00272 StateWait, 00273 StateTransition, 00274 StateUnknown 00275 } THREAD_STATE; 00276 00277 typedef struct _SYSTEM_THREADS { 00278 LARGE_INTEGER KernelTime; 00279 LARGE_INTEGER UserTime; 00280 LARGE_INTEGER CreateTime; 00281 ULONG WaitTime; 00282 PVOID StartAddress; 00283 CLIENT_ID ClientId; 00284 KPRIORITY Priority; 00285 KPRIORITY BasePriority; 00286 ULONG ContextSwitchCount; 00287 THREAD_STATE State; 00288 KWAIT_REASON WaitReason; 00289 } SYSTEM_THREADS, *PSYSTEM_THREADS; 00290 00291 typedef struct _SYSTEM_PROCESSES { 00292 ULONG NextEntryDelta; 00293 ULONG ThreadCount; 00294 ULONG Reserved1[6]; 00295 LARGE_INTEGER CreateTime; 00296 LARGE_INTEGER UserTime; 00297 LARGE_INTEGER KernelTime; 00298 UNICODE_STRING ProcessName; 00299 KPRIORITY BasePriority; 00300 ULONG ProcessId; 00301 ULONG InheritedFromProcessId; 00302 ULONG HandleCount; 00303 ULONG Reserved2[2]; 00304 VM_COUNTERS VmCounters; 00305 IO_COUNTERS IoCounters; 00306 SYSTEM_THREADS Threads[1]; 00307 } SYSTEM_PROCESSES, *PSYSTEM_PROCESSES; 00308 00309 typedef struct _SYSTEM_CALLS_INFORMATION { 00310 ULONG Size; 00311 ULONG NumberOfDescriptorTables; 00312 ULONG NumberOfRoutinesInTable[1]; 00313 ULONG CallCounts[ANYSIZE_ARRAY]; 00314 } SYSTEM_CALLS_INFORMATION, *PSYSTEM_CALLS_INFORMATION; 00315 00316 typedef struct _SYSTEM_CONFIGURATION_INFORMATION { 00317 ULONG DiskCount; 00318 ULONG FloppyCount; 00319 ULONG CdRomCount; 00320 ULONG TapeCount; 00321 ULONG SerialCount; 00322 ULONG ParallelCount; 00323 } SYSTEM_CONFIGURATION_INFORMATION, *PSYSTEM_CONFIGURATION_INFORMATION; 00324 00325 typedef struct _SYSTEM_PROCESSOR_TIMES { 00326 LARGE_INTEGER IdleTime; 00327 LARGE_INTEGER KernelTime; 00328 LARGE_INTEGER UserTime; 00329 LARGE_INTEGER DpcTime; 00330 LARGE_INTEGER InterruptTime; 00331 ULONG InterruptCount; 00332 } SYSTEM_PROCESSOR_TIMES, *PSYSTEM_PROCESSOR_TIMES; 00333 00334 /* SYSTEM_GLOBAL_FLAG.GlobalFlag constants */ 00335 #define FLG_STOP_ON_EXCEPTION 0x00000001 00336 #define FLG_SHOW_LDR_SNAPS 0x00000002 00337 #define FLG_DEBUG_INITIAL_COMMAND 0x00000004 00338 #define FLG_STOP_ON_HUNG_GUI 0x00000008 00339 #define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010 00340 #define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020 00341 #define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040 00342 #define FLG_HEAP_VALIDATE_ALL 0x00000080 00343 #define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100 00344 #define FLG_POOL_ENABLE_FREE_CHECK 0x00000200 00345 #define FLG_POOL_ENABLE_TAGGING 0x00000400 00346 #define FLG_HEAP_ENABLE_TAGGING 0x00000800 00347 #define FLG_USER_STACK_TRACE_DB 0x00001000 00348 #define FLG_KERNEL_STACK_TRACE_DB 0x00002000 00349 #define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000 00350 #define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000 00351 #define FLG_IGNORE_DEBUG_PRIV 0x00010000 00352 #define FLG_ENABLE_CSRDEBUG 0x00020000 00353 #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000 00354 #define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000 00355 #define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000 00356 #define FLG_HEAP_DISABLE_COALESCING 0x00200000 00357 #define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000 00358 #define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000 00359 #define FLG_ENABLE_DBGPRINT_BUFFERING 0x08000000 00360 00361 typedef struct _SYSTEM_GLOBAL_FLAG { 00362 ULONG GlobalFlag; 00363 } SYSTEM_GLOBAL_FLAG, *PSYSTEM_GLOBAL_FLAG; 00364 00365 typedef struct _SYSTEM_MODULE_INFORMATION_ENTRY { 00366 ULONG Unknown1; 00367 ULONG Unknown2; 00368 PVOID Base; 00369 ULONG Size; 00370 ULONG Flags; 00371 USHORT Index; 00372 /* Length of module name not including the path, this 00373 field contains valid value only for NTOSKRNL module */ 00374 USHORT NameLength; 00375 USHORT LoadCount; 00376 USHORT PathLength; 00377 CHAR ImageName[256]; 00378 } SYSTEM_MODULE_INFORMATION_ENTRY, *PSYSTEM_MODULE_INFORMATION_ENTRY; 00379 00380 typedef struct _SYSTEM_MODULE_INFORMATION { 00381 ULONG Count; 00382 SYSTEM_MODULE_INFORMATION_ENTRY Module[1]; 00383 } SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION; 00384 00385 typedef struct _SYSTEM_LOCK_INFORMATION { 00386 PVOID Address; 00387 USHORT Type; 00388 USHORT Reserved1; 00389 ULONG ExclusiveOwnerThreadId; 00390 ULONG ActiveCount; 00391 ULONG ContentionCount; 00392 ULONG Reserved2[2]; 00393 ULONG NumberOfSharedWaiters; 00394 ULONG NumberOfExclusiveWaiters; 00395 } SYSTEM_LOCK_INFORMATION, *PSYSTEM_LOCK_INFORMATION; 00396 00397 /*SYSTEM_HANDLE_INFORMATION.Flags cosntants */ 00398 #define PROTECT_FROM_CLOSE 0x01 00399 #define INHERIT 0x02 00400 00401 typedef struct _SYSTEM_HANDLE_INFORMATION { 00402 ULONG ProcessId; 00403 UCHAR ObjectTypeNumber; 00404 UCHAR Flags; 00405 USHORT Handle; 00406 PVOID Object; 00407 ACCESS_MASK GrantedAccess; 00408 } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION; 00409 00410 typedef struct _SYSTEM_OBJECT_TYPE_INFORMATION { 00411 ULONG NextEntryOffset; 00412 ULONG ObjectCount; 00413 ULONG HandleCount; 00414 ULONG TypeNumber; 00415 ULONG InvalidAttributes; 00416 GENERIC_MAPPING GenericMapping; 00417 ACCESS_MASK ValidAccessMask; 00418 POOL_TYPE PoolType; 00419 UCHAR Unknown; 00420 UNICODE_STRING Name; 00421 } SYSTEM_OBJECT_TYPE_INFORMATION, *PSYSTEM_OBJECT_TYPE_INFORMATION; 00422 00423 /* SYSTEM_OBJECT_INFORMATION.Flags constants */ 00424 #define FLG_SYSOBJINFO_SINGLE_HANDLE_ENTRY 0x40 00425 #define FLG_SYSOBJINFO_DEFAULT_SECURITY_QUOTA 0x20 00426 #define FLG_SYSOBJINFO_PERMANENT 0x10 00427 #define FLG_SYSOBJINFO_EXCLUSIVE 0x08 00428 #define FLG_SYSOBJINFO_CREATOR_INFO 0x04 00429 #define FLG_SYSOBJINFO_KERNEL_MODE 0x02 00430 00431 typedef struct _SYSTEM_OBJECT_INFORMATION { 00432 ULONG NextEntryOffset; 00433 PVOID Object; 00434 ULONG CreatorProcessId; 00435 USHORT Unknown; 00436 USHORT Flags; 00437 ULONG PointerCount; 00438 ULONG HandleCount; 00439 ULONG PagedPoolUsage; 00440 ULONG NonPagedPoolUsage; 00441 ULONG ExclusiveProcessId; 00442 PSECURITY_DESCRIPTOR SecurityDescriptor; 00443 UNICODE_STRING Name; 00444 } SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION; 00445 00446 typedef struct _SYSTEM_PAGEFILE_INFORMATION { 00447 ULONG NextEntryOffset; 00448 ULONG CurrentSize; 00449 ULONG TotalUsed; 00450 ULONG PeakUsed; 00451 UNICODE_STRING FileName; 00452 } SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION; 00453 00454 typedef struct _SYSTEM_INSTRUCTION_EMULATION_INFORMATION { 00455 ULONG SegmentNotPresent; 00456 ULONG TwoByteOpcode; 00457 ULONG ESprefix; 00458 ULONG CSprefix; 00459 ULONG SSprefix; 00460 ULONG DSprefix; 00461 ULONG FSPrefix; 00462 ULONG GSprefix; 00463 ULONG OPER32prefix; 00464 ULONG ADDR32prefix; 00465 ULONG INSB; 00466 ULONG INSW; 00467 ULONG OUTSB; 00468 ULONG OUTSW; 00469 ULONG PUSHFD; 00470 ULONG POPFD; 00471 ULONG INTnn; 00472 ULONG INTO; 00473 ULONG IRETD; 00474 ULONG INBimm; 00475 ULONG INWimm; 00476 ULONG OUTBimm; 00477 ULONG OUTWimm; 00478 ULONG INB; 00479 ULONG INW; 00480 ULONG OUTB; 00481 ULONG OUTW; 00482 ULONG LOCKprefix; 00483 ULONG REPNEprefix; 00484 ULONG REPprefix; 00485 ULONG HLT; 00486 ULONG CLI; 00487 ULONG STI; 00488 ULONG GenericInvalidOpcode; 00489 } SYSTEM_INSTRUCTION_EMULATION_INFORMATION, *PSYSTEM_INSTRUCTION_EMULATION_INFORMATION; 00490 00491 typedef struct _SYSTEM_POOL_TAG_INFORMATION { 00492 CHAR Tag[4]; 00493 ULONG PagedPoolAllocs; 00494 ULONG PagedPoolFrees; 00495 ULONG PagedPoolUsage; 00496 ULONG NonPagedPoolAllocs; 00497 ULONG NonPagedPoolFrees; 00498 ULONG NonPagedPoolUsage; 00499 } SYSTEM_POOL_TAG_INFORMATION, *PSYSTEM_POOL_TAG_INFORMATION; 00500 00501 typedef struct _SYSTEM_PROCESSOR_STATISTICS { 00502 ULONG ContextSwitches; 00503 ULONG DpcCount; 00504 ULONG DpcRequestRate; 00505 ULONG TimeIncrement; 00506 ULONG DpcBypassCount; 00507 ULONG ApcBypassCount; 00508 } SYSTEM_PROCESSOR_STATISTICS, *PSYSTEM_PROCESSOR_STATISTICS; 00509 00510 typedef struct _SYSTEM_DPC_INFORMATION { 00511 ULONG Reserved; 00512 ULONG MaximumDpcQueueDepth; 00513 ULONG MinimumDpcRate; 00514 ULONG AdjustDpcThreshold; 00515 ULONG IdealDpcRate; 00516 } SYSTEM_DPC_INFORMATION, *PSYSTEM_DPC_INFORMATION; 00517 00518 typedef struct _SYSTEM_LOAD_IMAGE { 00519 UNICODE_STRING ModuleName; 00520 PVOID ModuleBase; 00521 PVOID SectionPointer; 00522 PVOID EntryPoint; 00523 PVOID ExportDirectory; 00524 } SYSTEM_LOAD_IMAGE, *PSYSTEM_LOAD_IMAGE; 00525 00526 typedef struct _SYSTEM_UNLOAD_IMAGE { 00527 PVOID ModuleBase; 00528 } SYSTEM_UNLOAD_IMAGE, *PSYSTEM_UNLOAD_IMAGE; 00529 00530 typedef struct _SYSTEM_QUERY_TIME_ADJUSTMENT { 00531 ULONG TimeAdjustment; 00532 ULONG MaximumIncrement; 00533 BOOLEAN TimeSynchronization; 00534 } SYSTEM_QUERY_TIME_ADJUSTMENT, *PSYSTEM_QUERY_TIME_ADJUSTMENT; 00535 00536 typedef struct _SYSTEM_SET_TIME_ADJUSTMENT { 00537 ULONG TimeAdjustment; 00538 BOOLEAN TimeSynchronization; 00539 } SYSTEM_SET_TIME_ADJUSTMENT, *PSYSTEM_SET_TIME_ADJUSTMENT; 00540 00541 typedef struct _SYSTEM_CRASH_DUMP_INFORMATION { 00542 HANDLE CrashDumpSectionHandle; 00543 HANDLE Unknown; 00544 } SYSTEM_CRASH_DUMP_INFORMATION, *PSYSTEM_CRASH_DUMP_INFORMATION; 00545 00546 typedef struct _SYSTEM_EXCEPTION_INFORMATION { 00547 ULONG AlignmentFixupCount; 00548 ULONG ExceptionDispatchCount; 00549 ULONG FloatingEmulationCount; 00550 ULONG Reserved; 00551 } SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION; 00552 00553 typedef struct _SYSTEM_CRASH_DUMP_STATE_INFORMATION { 00554 ULONG CrashDumpSectionExists; 00555 ULONG Unknown; 00556 } SYSTEM_CRASH_DUMP_STATE_INFORMATION, *PSYSTEM_CRASH_DUMP_STATE_INFORMATION; 00557 00558 typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION { 00559 BOOLEAN DebuggerEnabled; 00560 BOOLEAN DebuggerNotPresent; 00561 } SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION; 00562 00563 typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION { 00564 ULONG ContextSwitches; 00565 ULONG ContextSwitchCounters[11]; 00566 } SYSTEM_CONTEXT_SWITCH_INFORMATION, *PSYSTEM_CONTEXT_SWITCH_INFORMATION; 00567 00568 typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION { 00569 ULONG RegistryQuota; 00570 ULONG RegistryQuotaInUse; 00571 ULONG PagedPoolSize; 00572 } SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION; 00573 00574 typedef struct _SYSTEM_LOAD_AND_CALL_IMAGE { 00575 UNICODE_STRING ModuleName; 00576 } SYSTEM_LOAD_AND_CALL_IMAGE, *PSYSTEM_LOAD_AND_CALL_IMAGE; 00577 00578 typedef struct _SYSTEM_PRIORITY_SEPARATION { 00579 ULONG PrioritySeparation; 00580 } SYSTEM_PRIORITY_SEPARATION, *PSYSTEM_PRIORITY_SEPARATION; 00581 00582 typedef struct _SYSTEM_TIME_ZONE_INFORMATION { 00583 LONG Bias; 00584 WCHAR StandardName[32]; 00585 LARGE_INTEGER StandardDate; 00586 LONG StandardBias; 00587 WCHAR DaylightName[32]; 00588 LARGE_INTEGER DaylightDate; 00589 LONG DaylightBias; 00590 } SYSTEM_TIME_ZONE_INFORMATION, *PSYSTEM_TIME_ZONE_INFORMATION; 00591 00592 typedef struct _SYSTEM_LOOKASIDE_INFORMATION { 00593 USHORT Depth; 00594 USHORT MaximumDepth; 00595 ULONG TotalAllocates; 00596 ULONG AllocateMisses; 00597 ULONG TotalFrees; 00598 ULONG FreeMisses; 00599 POOL_TYPE Type; 00600 ULONG Tag; 00601 ULONG Size; 00602 } SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION; 00603 00604 typedef struct _SYSTEM_SET_TIME_SLIP_EVENT { 00605 HANDLE TimeSlipEvent; 00606 } SYSTEM_SET_TIME_SLIP_EVENT, *PSYSTEM_SET_TIME_SLIP_EVENT; 00607 00608 typedef struct _SYSTEM_CREATE_SESSION { 00609 ULONG SessionId; 00610 } SYSTEM_CREATE_SESSION, *PSYSTEM_CREATE_SESSION; 00611 00612 typedef struct _SYSTEM_DELETE_SESSION { 00613 ULONG SessionId; 00614 } SYSTEM_DELETE_SESSION, *PSYSTEM_DELETE_SESSION; 00615 00616 typedef struct _SYSTEM_RANGE_START_INFORMATION { 00617 PVOID SystemRangeStart; 00618 } SYSTEM_RANGE_START_INFORMATION, *PSYSTEM_RANGE_START_INFORMATION; 00619 00620 typedef struct _SYSTEM_SESSION_PROCESSES_INFORMATION { 00621 ULONG SessionId; 00622 ULONG BufferSize; 00623 PVOID Buffer; 00624 } SYSTEM_SESSION_PROCESSES_INFORMATION, *PSYSTEM_SESSION_PROCESSES_INFORMATION; 00625 00626 typedef struct _SYSTEM_POOL_BLOCK { 00627 BOOLEAN Allocated; 00628 USHORT Unknown; 00629 ULONG Size; 00630 CHAR Tag[4]; 00631 } SYSTEM_POOL_BLOCK, *PSYSTEM_POOL_BLOCK; 00632 00633 typedef struct _SYSTEM_POOL_BLOCKS_INFORMATION { 00634 ULONG PoolSize; 00635 PVOID PoolBase; 00636 USHORT Unknown; 00637 ULONG NumberOfBlocks; 00638 SYSTEM_POOL_BLOCK PoolBlocks[1]; 00639 } SYSTEM_POOL_BLOCKS_INFORMATION, *PSYSTEM_POOL_BLOCKS_INFORMATION; 00640 00641 typedef struct _SYSTEM_MEMORY_USAGE { 00642 PVOID Name; 00643 USHORT Valid; 00644 USHORT Standby; 00645 USHORT Modified; 00646 USHORT PageTables; 00647 } SYSTEM_MEMORY_USAGE, *PSYSTEM_MEMORY_USAGE; 00648 00649 typedef struct _SYSTEM_MEMORY_USAGE_INFORMATION { 00650 ULONG Reserved; 00651 PVOID EndOfData; 00652 SYSTEM_MEMORY_USAGE MemoryUsage[1]; 00653 } SYSTEM_MEMORY_USAGE_INFORMATION, *PSYSTEM_MEMORY_USAGE_INFORMATION; 00654 00655 NTOSAPI 00656 NTSTATUS 00657 NTAPI 00658 NtQuerySystemInformation( 00659 /*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass, 00660 /*IN OUT*/ PVOID SystemInformation, 00661 /*IN*/ ULONG SystemInformationLength, 00662 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 00663 00664 NTOSAPI 00665 NTSTATUS 00666 NTAPI 00667 ZwQuerySystemInformation( 00668 /*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass, 00669 /*IN OUT*/ PVOID SystemInformation, 00670 /*IN*/ ULONG SystemInformationLength, 00671 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 00672 00673 NTOSAPI 00674 NTAPI 00675 NTSTATUS 00676 NtQueryFullAttributesFile( 00677 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 00678 /*OUT*/ PFILE_NETWORK_OPEN_INFORMATION FileInformation); 00679 00680 NTOSAPI 00681 NTAPI 00682 NTSTATUS 00683 ZwQueryFullAttributesFile( 00684 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 00685 /*OUT*/ PFILE_NETWORK_OPEN_INFORMATION FileInformation); 00686 00687 NTOSAPI 00688 NTSTATUS 00689 NTAPI 00690 NtSetSystemInformation( 00691 /*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass, 00692 /*IN OUT*/ PVOID SystemInformation, 00693 /*IN*/ ULONG SystemInformationLength); 00694 00695 NTOSAPI 00696 NTSTATUS 00697 NTAPI 00698 ZwSetSystemInformation( 00699 /*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass, 00700 /*IN OUT*/ PVOID SystemInformation, 00701 /*IN*/ ULONG SystemInformationLength); 00702 00703 NTOSAPI 00704 NTSTATUS 00705 NTAPI 00706 NtQuerySystemEnvironmentValue( 00707 /*IN*/ PUNICODE_STRING Name, 00708 /*OUT*/ PVOID Value, 00709 /*IN*/ ULONG ValueLength, 00710 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 00711 00712 NTOSAPI 00713 NTSTATUS 00714 NTAPI 00715 ZwQuerySystemEnvironmentValue( 00716 /*IN*/ PUNICODE_STRING Name, 00717 /*OUT*/ PVOID Value, 00718 /*IN*/ ULONG ValueLength, 00719 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 00720 00721 NTOSAPI 00722 NTSTATUS 00723 NTAPI 00724 NtSetSystemEnvironmentValue( 00725 /*IN*/ PUNICODE_STRING Name, 00726 /*IN*/ PUNICODE_STRING Value); 00727 00728 NTOSAPI 00729 NTSTATUS 00730 NTAPI 00731 ZwSetSystemEnvironmentValue( 00732 /*IN*/ PUNICODE_STRING Name, 00733 /*IN*/ PUNICODE_STRING Value); 00734 00735 typedef enum _SHUTDOWN_ACTION { 00736 ShutdownNoReboot, 00737 ShutdownReboot, 00738 ShutdownPowerOff 00739 } SHUTDOWN_ACTION; 00740 00741 NTOSAPI 00742 NTSTATUS 00743 NTAPI 00744 NtShutdownSystem( 00745 /*IN*/ SHUTDOWN_ACTION Action); 00746 00747 NTOSAPI 00748 NTSTATUS 00749 NTAPI 00750 ZwShutdownSystem( 00751 /*IN*/ SHUTDOWN_ACTION Action); 00752 00753 typedef enum _DEBUG_CONTROL_CODE { 00754 DebugGetTraceInformation = 1, 00755 DebugSetInternalBreakpoint, 00756 DebugSetSpecialCall, 00757 DebugClearSpecialCalls, 00758 DebugQuerySpecialCalls, 00759 DebugDbgBreakPoint, 00760 DebugMaximum 00761 } DEBUG_CONTROL_CODE; 00762 00763 00764 NTOSAPI 00765 NTSTATUS 00766 NTAPI 00767 NtSystemDebugControl( 00768 /*IN*/ DEBUG_CONTROL_CODE ControlCode, 00769 /*IN*/ PVOID InputBuffer /*OPTIONAL*/, 00770 /*IN*/ ULONG InputBufferLength, 00771 /*OUT*/ PVOID OutputBuffer /*OPTIONAL*/, 00772 /*IN*/ ULONG OutputBufferLength, 00773 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 00774 00775 NTOSAPI 00776 NTSTATUS 00777 NTAPI 00778 ZwSystemDebugControl( 00779 /*IN*/ DEBUG_CONTROL_CODE ControlCode, 00780 /*IN*/ PVOID InputBuffer /*OPTIONAL*/, 00781 /*IN*/ ULONG InputBufferLength, 00782 /*OUT*/ PVOID OutputBuffer /*OPTIONAL*/, 00783 /*IN*/ ULONG OutputBufferLength, 00784 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 00785 00786 00787 00788 /* Objects, Object directories, and symbolic links */ 00789 00790 typedef enum _OBJECT_INFORMATION_CLASS { 00791 ObjectBasicInformation, 00792 ObjectNameInformation, 00793 ObjectTypeInformation, 00794 ObjectAllTypesInformation, 00795 ObjectHandleInformation 00796 } OBJECT_INFORMATION_CLASS; 00797 00798 NTOSAPI 00799 NTSTATUS 00800 NTAPI 00801 NtQueryObject( 00802 /*IN*/ HANDLE ObjectHandle, 00803 /*IN*/ OBJECT_INFORMATION_CLASS ObjectInformationClass, 00804 /*OUT*/ PVOID ObjectInformation, 00805 /*IN*/ ULONG ObjectInformationLength, 00806 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 00807 00808 NTOSAPI 00809 NTSTATUS 00810 NTAPI 00811 ZwQueryObject( 00812 /*IN*/ HANDLE ObjectHandle, 00813 /*IN*/ OBJECT_INFORMATION_CLASS ObjectInformationClass, 00814 /*OUT*/ PVOID ObjectInformation, 00815 /*IN*/ ULONG ObjectInformationLength, 00816 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 00817 00818 NTOSAPI 00819 NTSTATUS 00820 NTAPI 00821 NtSetInformationObject( 00822 /*IN*/ HANDLE ObjectHandle, 00823 /*IN*/ OBJECT_INFORMATION_CLASS ObjectInformationClass, 00824 /*IN*/ PVOID ObjectInformation, 00825 /*IN*/ ULONG ObjectInformationLength); 00826 00827 NTOSAPI 00828 NTSTATUS 00829 NTAPI 00830 ZwSetInformationObject( 00831 /*IN*/ HANDLE ObjectHandle, 00832 /*IN*/ OBJECT_INFORMATION_CLASS ObjectInformationClass, 00833 /*IN*/ PVOID ObjectInformation, 00834 /*IN*/ ULONG ObjectInformationLength); 00835 00836 /* OBJECT_BASIC_INFORMATION.Attributes constants */ 00837 /* also in winbase.h */ 00838 #define HANDLE_FLAG_INHERIT 0x01 00839 #define HANDLE_FLAG_PROTECT_FROM_CLOSE 0x02 00840 /* end winbase.h */ 00841 #define PERMANENT 0x10 00842 #define EXCLUSIVE 0x20 00843 00844 typedef struct _OBJECT_BASIC_INFORMATION { 00845 ULONG Attributes; 00846 ACCESS_MASK GrantedAccess; 00847 ULONG HandleCount; 00848 ULONG PointerCount; 00849 ULONG PagedPoolUsage; 00850 ULONG NonPagedPoolUsage; 00851 ULONG Reserved[3]; 00852 ULONG NameInformationLength; 00853 ULONG TypeInformationLength; 00854 ULONG SecurityDescriptorLength; 00855 LARGE_INTEGER CreateTime; 00856 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION; 00857 #if 0 00858 /* FIXME: Enable later */ 00859 typedef struct _OBJECT_TYPE_INFORMATION { 00860 UNICODE_STRING Name; 00861 ULONG ObjectCount; 00862 ULONG HandleCount; 00863 ULONG Reserved1[4]; 00864 ULONG PeakObjectCount; 00865 ULONG PeakHandleCount; 00866 ULONG Reserved2[4]; 00867 ULONG InvalidAttributes; 00868 GENERIC_MAPPING GenericMapping; 00869 ULONG ValidAccess; 00870 UCHAR Unknown; 00871 BOOLEAN MaintainHandleDatabase; 00872 POOL_TYPE PoolType; 00873 ULONG PagedPoolUsage; 00874 ULONG NonPagedPoolUsage; 00875 } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION; 00876 00877 typedef struct _OBJECT_ALL_TYPES_INFORMATION { 00878 ULONG NumberOfTypes; 00879 OBJECT_TYPE_INFORMATION TypeInformation; 00880 } OBJECT_ALL_TYPES_INFORMATION, *POBJECT_ALL_TYPES_INFORMATION; 00881 #endif 00882 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFORMATION { 00883 BOOLEAN Inherit; 00884 BOOLEAN ProtectFromClose; 00885 } OBJECT_HANDLE_ATTRIBUTE_INFORMATION, *POBJECT_HANDLE_ATTRIBUTE_INFORMATION; 00886 00887 NTOSAPI 00888 NTSTATUS 00889 NTAPI 00890 NtDuplicateObject( 00891 /*IN*/ HANDLE SourceProcessHandle, 00892 /*IN*/ HANDLE SourceHandle, 00893 /*IN*/ HANDLE TargetProcessHandle, 00894 /*OUT*/ PHANDLE TargetHandle /*OPTIONAL*/, 00895 /*IN*/ ACCESS_MASK DesiredAccess, 00896 /*IN*/ ULONG Attributes, 00897 /*IN*/ ULONG Options); 00898 00899 NTOSAPI 00900 NTSTATUS 00901 NTAPI 00902 ZwDuplicateObject( 00903 /*IN*/ HANDLE SourceProcessHandle, 00904 /*IN*/ HANDLE SourceHandle, 00905 /*IN*/ HANDLE TargetProcessHandle, 00906 /*OUT*/ PHANDLE TargetHandle /*OPTIONAL*/, 00907 /*IN*/ ACCESS_MASK DesiredAccess, 00908 /*IN*/ ULONG Attributes, 00909 /*IN*/ ULONG Options); 00910 00911 NTOSAPI 00912 NTSTATUS 00913 NTAPI 00914 NtQuerySecurityObject( 00915 /*IN*/ HANDLE Handle, 00916 /*IN*/ SECURITY_INFORMATION SecurityInformation, 00917 /*OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 00918 /*IN*/ ULONG SecurityDescriptorLength, 00919 /*OUT*/ PULONG ReturnLength); 00920 00921 NTOSAPI 00922 NTSTATUS 00923 NTAPI 00924 ZwQuerySecurityObject( 00925 /*IN*/ HANDLE Handle, 00926 /*IN*/ SECURITY_INFORMATION SecurityInformation, 00927 /*OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 00928 /*IN*/ ULONG SecurityDescriptorLength, 00929 /*OUT*/ PULONG ReturnLength); 00930 00931 NTOSAPI 00932 NTSTATUS 00933 NTAPI 00934 NtSetSecurityObject( 00935 /*IN*/ HANDLE Handle, 00936 /*IN*/ SECURITY_INFORMATION SecurityInformation, 00937 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor); 00938 00939 NTOSAPI 00940 NTSTATUS 00941 NTAPI 00942 ZwSetSecurityObject( 00943 /*IN*/ HANDLE Handle, 00944 /*IN*/ SECURITY_INFORMATION SecurityInformation, 00945 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor); 00946 00947 NTOSAPI 00948 NTSTATUS 00949 NTAPI 00950 NtOpenDirectoryObject( 00951 /*OUT*/ PHANDLE DirectoryHandle, 00952 /*IN*/ ACCESS_MASK DesiredAccess, 00953 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes); 00954 00955 NTOSAPI 00956 NTSTATUS 00957 NTAPI 00958 ZwOpenDirectoryObject( 00959 /*OUT*/ PHANDLE DirectoryHandle, 00960 /*IN*/ ACCESS_MASK DesiredAccess, 00961 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes); 00962 00963 NTOSAPI 00964 NTSTATUS 00965 NTAPI 00966 NtQueryDirectoryObject( 00967 /*IN*/ HANDLE DirectoryHandle, 00968 /*OUT*/ PVOID Buffer, 00969 /*IN*/ ULONG BufferLength, 00970 /*IN*/ BOOLEAN ReturnSingleEntry, 00971 /*IN*/ BOOLEAN RestartScan, 00972 /*IN OUT*/ PULONG Context, 00973 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 00974 00975 NTOSAPI 00976 NTSTATUS 00977 NTAPI 00978 ZwQueryDirectoryObject( 00979 /*IN*/ HANDLE DirectoryHandle, 00980 /*OUT*/ PVOID Buffer, 00981 /*IN*/ ULONG BufferLength, 00982 /*IN*/ BOOLEAN ReturnSingleEntry, 00983 /*IN*/ BOOLEAN RestartScan, 00984 /*IN OUT*/ PULONG Context, 00985 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 00986 00987 typedef struct _DIRECTORY_BASIC_INFORMATION { 00988 UNICODE_STRING ObjectName; 00989 UNICODE_STRING ObjectTypeName; 00990 } DIRECTORY_BASIC_INFORMATION, *PDIRECTORY_BASIC_INFORMATION; 00991 00992 NTOSAPI 00993 NTSTATUS 00994 NTAPI 00995 NtCreateSymbolicLinkObject( 00996 /*OUT*/ PHANDLE SymbolicLinkHandle, 00997 /*IN*/ ACCESS_MASK DesiredAccess, 00998 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 00999 /*IN*/ PUNICODE_STRING TargetName); 01000 01001 NTOSAPI 01002 NTSTATUS 01003 NTAPI 01004 ZwCreateSymbolicLinkObject( 01005 /*OUT*/ PHANDLE SymbolicLinkHandle, 01006 /*IN*/ ACCESS_MASK DesiredAccess, 01007 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 01008 /*IN*/ PUNICODE_STRING TargetName); 01009 01010 01011 01012 01013 /* Virtual memory */ 01014 01015 typedef enum _MEMORY_INFORMATION_CLASS { 01016 MemoryBasicInformation, 01017 MemoryWorkingSetList, 01018 MemorySectionName, 01019 MemoryBasicVlmInformation 01020 } MEMORY_INFORMATION_CLASS; 01021 01022 NTOSAPI 01023 NTSTATUS 01024 NTAPI 01025 NtAllocateVirtualMemory( 01026 /*IN*/ HANDLE ProcessHandle, 01027 /*IN OUT*/ PVOID *BaseAddress, 01028 /*IN*/ ULONG ZeroBits, 01029 /*IN OUT*/ PULONG AllocationSize, 01030 /*IN*/ ULONG AllocationType, 01031 /*IN*/ ULONG Protect); 01032 01033 NTOSAPI 01034 NTSTATUS 01035 NTAPI 01036 ZwAllocateVirtualMemory( 01037 /*IN*/ HANDLE ProcessHandle, 01038 /*IN OUT*/ PVOID *BaseAddress, 01039 /*IN*/ ULONG ZeroBits, 01040 /*IN OUT*/ PULONG AllocationSize, 01041 /*IN*/ ULONG AllocationType, 01042 /*IN*/ ULONG Protect); 01043 01044 NTOSAPI 01045 NTSTATUS 01046 NTAPI 01047 NtFreeVirtualMemory( 01048 /*IN*/ HANDLE ProcessHandle, 01049 /*IN OUT*/ PVOID *BaseAddress, 01050 /*IN OUT*/ PULONG FreeSize, 01051 /*IN*/ ULONG FreeType); 01052 01053 NTOSAPI 01054 NTSTATUS 01055 NTAPI 01056 ZwFreeVirtualMemory( 01057 /*IN*/ HANDLE ProcessHandle, 01058 /*IN OUT*/ PVOID *BaseAddress, 01059 /*IN OUT*/ PULONG FreeSize, 01060 /*IN*/ ULONG FreeType); 01061 01062 NTOSAPI 01063 NTSTATUS 01064 NTAPI 01065 NtQueryVirtualMemory( 01066 /*IN*/ HANDLE ProcessHandle, 01067 /*IN*/ PVOID BaseAddress, 01068 /*IN*/ MEMORY_INFORMATION_CLASS MemoryInformationClass, 01069 /*OUT*/ PVOID MemoryInformation, 01070 /*IN*/ ULONG MemoryInformationLength, 01071 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 01072 01073 NTOSAPI 01074 NTSTATUS 01075 NTAPI 01076 ZwQueryVirtualMemory( 01077 /*IN*/ HANDLE ProcessHandle, 01078 /*IN*/ PVOID BaseAddress, 01079 /*IN*/ MEMORY_INFORMATION_CLASS MemoryInformationClass, 01080 /*OUT*/ PVOID MemoryInformation, 01081 /*IN*/ ULONG MemoryInformationLength, 01082 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 01083 01084 /* MEMORY_WORKING_SET_LIST.WorkingSetList constants */ 01085 #define WSLE_PAGE_READONLY 0x001 01086 #define WSLE_PAGE_EXECUTE 0x002 01087 #define WSLE_PAGE_READWRITE 0x004 01088 #define WSLE_PAGE_EXECUTE_READ 0x003 01089 #define WSLE_PAGE_WRITECOPY 0x005 01090 #define WSLE_PAGE_EXECUTE_READWRITE 0x006 01091 #define WSLE_PAGE_EXECUTE_WRITECOPY 0x007 01092 #define WSLE_PAGE_SHARE_COUNT_MASK 0x0E0 01093 #define WSLE_PAGE_SHAREABLE 0x100 01094 01095 typedef struct _MEMORY_WORKING_SET_LIST { 01096 ULONG NumberOfPages; 01097 ULONG WorkingSetList[1]; 01098 } MEMORY_WORKING_SET_LIST, *PMEMORY_WORKING_SET_LIST; 01099 01100 typedef struct _MEMORY_SECTION_NAME { 01101 UNICODE_STRING SectionFileName; 01102 } MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME; 01103 01104 /* Zw[Lock|Unlock]VirtualMemory.LockType constants */ 01105 #define LOCK_VM_IN_WSL 0x01 01106 #define LOCK_VM_IN_RAM 0x02 01107 01108 NTOSAPI 01109 NTSTATUS 01110 NTAPI 01111 NtLockVirtualMemory( 01112 /*IN*/ HANDLE ProcessHandle, 01113 /*IN OUT*/ PVOID *BaseAddress, 01114 /*IN OUT*/ PULONG LockSize, 01115 /*IN*/ ULONG LockType); 01116 01117 NTOSAPI 01118 NTSTATUS 01119 NTAPI 01120 ZwLockVirtualMemory( 01121 /*IN*/ HANDLE ProcessHandle, 01122 /*IN OUT*/ PVOID *BaseAddress, 01123 /*IN OUT*/ PULONG LockSize, 01124 /*IN*/ ULONG LockType); 01125 01126 NTOSAPI 01127 NTSTATUS 01128 NTAPI 01129 NtUnlockVirtualMemory( 01130 /*IN*/ HANDLE ProcessHandle, 01131 /*IN OUT*/ PVOID *BaseAddress, 01132 /*IN OUT*/ PULONG LockSize, 01133 /*IN*/ ULONG LockType); 01134 01135 NTOSAPI 01136 NTSTATUS 01137 NTAPI 01138 ZwUnlockVirtualMemory( 01139 /*IN*/ HANDLE ProcessHandle, 01140 /*IN OUT*/ PVOID *BaseAddress, 01141 /*IN OUT*/ PULONG LockSize, 01142 /*IN*/ ULONG LockType); 01143 01144 NTOSAPI 01145 NTSTATUS 01146 NTAPI 01147 NtReadVirtualMemory( 01148 /*IN*/ HANDLE ProcessHandle, 01149 /*IN*/ PVOID BaseAddress, 01150 /*OUT*/ PVOID Buffer, 01151 /*IN*/ ULONG BufferLength, 01152 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 01153 01154 NTOSAPI 01155 NTSTATUS 01156 NTAPI 01157 ZwReadVirtualMemory( 01158 /*IN*/ HANDLE ProcessHandle, 01159 /*IN*/ PVOID BaseAddress, 01160 /*OUT*/ PVOID Buffer, 01161 /*IN*/ ULONG BufferLength, 01162 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 01163 01164 NTOSAPI 01165 NTSTATUS 01166 NTAPI 01167 NtWriteVirtualMemory( 01168 /*IN*/ HANDLE ProcessHandle, 01169 /*IN*/ PVOID BaseAddress, 01170 /*IN*/ PVOID Buffer, 01171 /*IN*/ ULONG BufferLength, 01172 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 01173 01174 NTOSAPI 01175 NTSTATUS 01176 NTAPI 01177 ZwWriteVirtualMemory( 01178 /*IN*/ HANDLE ProcessHandle, 01179 /*IN*/ PVOID BaseAddress, 01180 /*IN*/ PVOID Buffer, 01181 /*IN*/ ULONG BufferLength, 01182 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 01183 01184 NTOSAPI 01185 NTSTATUS 01186 NTAPI 01187 NtProtectVirtualMemory( 01188 /*IN*/ HANDLE ProcessHandle, 01189 /*IN OUT*/ PVOID *BaseAddress, 01190 /*IN OUT*/ PULONG ProtectSize, 01191 /*IN*/ ULONG NewProtect, 01192 /*OUT*/ PULONG OldProtect); 01193 01194 NTOSAPI 01195 NTSTATUS 01196 NTAPI 01197 ZwProtectVirtualMemory( 01198 /*IN*/ HANDLE ProcessHandle, 01199 /*IN OUT*/ PVOID *BaseAddress, 01200 /*IN OUT*/ PULONG ProtectSize, 01201 /*IN*/ ULONG NewProtect, 01202 /*OUT*/ PULONG OldProtect); 01203 01204 NTOSAPI 01205 NTSTATUS 01206 NTAPI 01207 NtFlushVirtualMemory( 01208 /*IN*/ HANDLE ProcessHandle, 01209 /*IN OUT*/ PVOID *BaseAddress, 01210 /*IN OUT*/ PULONG FlushSize, 01211 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock); 01212 01213 NTOSAPI 01214 NTSTATUS 01215 NTAPI 01216 ZwFlushVirtualMemory( 01217 /*IN*/ HANDLE ProcessHandle, 01218 /*IN OUT*/ PVOID *BaseAddress, 01219 /*IN OUT*/ PULONG FlushSize, 01220 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock); 01221 01222 NTOSAPI 01223 NTSTATUS 01224 NTAPI 01225 NtAllocateUserPhysicalPages( 01226 /*IN*/ HANDLE ProcessHandle, 01227 /*IN*/ PULONG NumberOfPages, 01228 /*OUT*/ PULONG PageFrameNumbers); 01229 01230 NTOSAPI 01231 NTSTATUS 01232 NTAPI 01233 ZwAllocateUserPhysicalPages( 01234 /*IN*/ HANDLE ProcessHandle, 01235 /*IN*/ PULONG NumberOfPages, 01236 /*OUT*/ PULONG PageFrameNumbers); 01237 01238 NTOSAPI 01239 NTSTATUS 01240 NTAPI 01241 NtFreeUserPhysicalPages( 01242 /*IN*/ HANDLE ProcessHandle, 01243 /*IN OUT*/ PULONG NumberOfPages, 01244 /*IN*/ PULONG PageFrameNumbers); 01245 01246 NTOSAPI 01247 NTSTATUS 01248 NTAPI 01249 ZwFreeUserPhysicalPages( 01250 /*IN*/ HANDLE ProcessHandle, 01251 /*IN OUT*/ PULONG NumberOfPages, 01252 /*IN*/ PULONG PageFrameNumbers); 01253 01254 NTOSAPI 01255 NTSTATUS 01256 NTAPI 01257 NtMapUserPhysicalPages( 01258 /*IN*/ PVOID BaseAddress, 01259 /*IN*/ PULONG NumberOfPages, 01260 /*IN*/ PULONG PageFrameNumbers); 01261 01262 NTOSAPI 01263 NTSTATUS 01264 NTAPI 01265 ZwMapUserPhysicalPages( 01266 /*IN*/ PVOID BaseAddress, 01267 /*IN*/ PULONG NumberOfPages, 01268 /*IN*/ PULONG PageFrameNumbers); 01269 01270 NTOSAPI 01271 NTSTATUS 01272 NTAPI 01273 NtMapUserPhysicalPagesScatter( 01274 /*IN*/ PVOID *BaseAddresses, 01275 /*IN*/ PULONG NumberOfPages, 01276 /*IN*/ PULONG PageFrameNumbers); 01277 01278 NTOSAPI 01279 NTSTATUS 01280 NTAPI 01281 ZwMapUserPhysicalPagesScatter( 01282 /*IN*/ PVOID *BaseAddresses, 01283 /*IN*/ PULONG NumberOfPages, 01284 /*IN*/ PULONG PageFrameNumbers); 01285 01286 NTOSAPI 01287 NTSTATUS 01288 NTAPI 01289 NtGetWriteWatch( 01290 /*IN*/ HANDLE ProcessHandle, 01291 /*IN*/ ULONG Flags, 01292 /*IN*/ PVOID BaseAddress, 01293 /*IN*/ ULONG RegionSize, 01294 /*OUT*/ PULONG Buffer, 01295 /*IN OUT*/ PULONG BufferEntries, 01296 /*OUT*/ PULONG Granularity); 01297 01298 NTOSAPI 01299 NTSTATUS 01300 NTAPI 01301 ZwGetWriteWatch( 01302 /*IN*/ HANDLE ProcessHandle, 01303 /*IN*/ ULONG Flags, 01304 /*IN*/ PVOID BaseAddress, 01305 /*IN*/ ULONG RegionSize, 01306 /*OUT*/ PULONG Buffer, 01307 /*IN OUT*/ PULONG BufferEntries, 01308 /*OUT*/ PULONG Granularity); 01309 01310 NTOSAPI 01311 NTSTATUS 01312 NTAPI 01313 NtResetWriteWatch( 01314 /*IN*/ HANDLE ProcessHandle, 01315 /*IN*/ PVOID BaseAddress, 01316 /*IN*/ ULONG RegionSize); 01317 01318 NTOSAPI 01319 NTSTATUS 01320 NTAPI 01321 ZwResetWriteWatch( 01322 /*IN*/ HANDLE ProcessHandle, 01323 /*IN*/ PVOID BaseAddress, 01324 /*IN*/ ULONG RegionSize); 01325 01326 01327 01328 01329 /* Sections */ 01330 01331 typedef enum _SECTION_INFORMATION_CLASS { 01332 SectionBasicInformation, 01333 SectionImageInformation 01334 } SECTION_INFORMATION_CLASS; 01335 01336 NTOSAPI 01337 NTSTATUS 01338 NTAPI 01339 NtCreateSection( 01340 /*OUT*/ PHANDLE SectionHandle, 01341 /*IN*/ ACCESS_MASK DesiredAccess, 01342 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 01343 /*IN*/ PLARGE_INTEGER SectionSize /*OPTIONAL*/, 01344 /*IN*/ ULONG Protect, 01345 /*IN*/ ULONG Attributes, 01346 /*IN*/ HANDLE FileHandle); 01347 01348 NTOSAPI 01349 NTSTATUS 01350 NTAPI 01351 ZwCreateSection( 01352 /*OUT*/ PHANDLE SectionHandle, 01353 /*IN*/ ACCESS_MASK DesiredAccess, 01354 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 01355 /*IN*/ PLARGE_INTEGER SectionSize /*OPTIONAL*/, 01356 /*IN*/ ULONG Protect, 01357 /*IN*/ ULONG Attributes, 01358 /*IN*/ HANDLE FileHandle); 01359 01360 NTOSAPI 01361 NTSTATUS 01362 NTAPI 01363 NtQuerySection( 01364 /*IN*/ HANDLE SectionHandle, 01365 /*IN*/ SECTION_INFORMATION_CLASS SectionInformationClass, 01366 /*OUT*/ PVOID SectionInformation, 01367 /*IN*/ ULONG SectionInformationLength, 01368 /*OUT*/ PULONG ResultLength /*OPTIONAL*/); 01369 01370 NTOSAPI 01371 NTSTATUS 01372 NTAPI 01373 ZwQuerySection( 01374 /*IN*/ HANDLE SectionHandle, 01375 /*IN*/ SECTION_INFORMATION_CLASS SectionInformationClass, 01376 /*OUT*/ PVOID SectionInformation, 01377 /*IN*/ ULONG SectionInformationLength, 01378 /*OUT*/ PULONG ResultLength /*OPTIONAL*/); 01379 01380 NTOSAPI 01381 NTSTATUS 01382 NTAPI 01383 NtExtendSection( 01384 /*IN*/ HANDLE SectionHandle, 01385 /*IN*/ PLARGE_INTEGER SectionSize); 01386 01387 NTOSAPI 01388 NTSTATUS 01389 NTAPI 01390 ZwExtendSection( 01391 /*IN*/ HANDLE SectionHandle, 01392 /*IN*/ PLARGE_INTEGER SectionSize); 01393 01394 NTOSAPI 01395 NTSTATUS 01396 NTAPI 01397 NtAreMappedFilesTheSame( 01398 /*IN*/ PVOID Address1, 01399 /*IN*/ PVOID Address2); 01400 01401 NTOSAPI 01402 NTSTATUS 01403 NTAPI 01404 ZwAreMappedFilesTheSame( 01405 /*IN*/ PVOID Address1, 01406 /*IN*/ PVOID Address2); 01407 01408 01409 01410 01411 /* Threads */ 01412 01413 typedef struct _USER_STACK { 01414 PVOID FixedStackBase; 01415 PVOID FixedStackLimit; 01416 PVOID ExpandableStackBase; 01417 PVOID ExpandableStackLimit; 01418 PVOID ExpandableStackBottom; 01419 } USER_STACK, *PUSER_STACK; 01420 01421 NTOSAPI 01422 NTSTATUS 01423 NTAPI 01424 NtCreateThread( 01425 /*OUT*/ PHANDLE ThreadHandle, 01426 /*IN*/ ACCESS_MASK DesiredAccess, 01427 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 01428 /*IN*/ HANDLE ProcessHandle, 01429 /*OUT*/ PCLIENT_ID ClientId, 01430 /*IN*/ PCONTEXT ThreadContext, 01431 /*IN*/ PUSER_STACK UserStack, 01432 /*IN*/ BOOLEAN CreateSuspended); 01433 01434 NTOSAPI 01435 NTSTATUS 01436 NTAPI 01437 ZwCreateThread( 01438 /*OUT*/ PHANDLE ThreadHandle, 01439 /*IN*/ ACCESS_MASK DesiredAccess, 01440 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 01441 /*IN*/ HANDLE ProcessHandle, 01442 /*OUT*/ PCLIENT_ID ClientId, 01443 /*IN*/ PCONTEXT ThreadContext, 01444 /*IN*/ PUSER_STACK UserStack, 01445 /*IN*/ BOOLEAN CreateSuspended); 01446 01447 NTOSAPI 01448 NTSTATUS 01449 NTAPI 01450 NtOpenThread( 01451 /*OUT*/ PHANDLE ThreadHandle, 01452 /*IN*/ ACCESS_MASK DesiredAccess, 01453 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 01454 /*IN*/ PCLIENT_ID ClientId); 01455 01456 NTOSAPI 01457 NTSTATUS 01458 NTAPI 01459 ZwOpenThread( 01460 /*OUT*/ PHANDLE ThreadHandle, 01461 /*IN*/ ACCESS_MASK DesiredAccess, 01462 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 01463 /*IN*/ PCLIENT_ID ClientId); 01464 01465 NTOSAPI 01466 NTSTATUS 01467 NTAPI 01468 NtTerminateThread( 01469 /*IN*/ HANDLE ThreadHandle /*OPTIONAL*/, 01470 /*IN*/ NTSTATUS ExitStatus); 01471 01472 NTOSAPI 01473 NTSTATUS 01474 NTAPI 01475 ZwTerminateThread( 01476 /*IN*/ HANDLE ThreadHandle /*OPTIONAL*/, 01477 /*IN*/ NTSTATUS ExitStatus); 01478 01479 NTOSAPI 01480 NTSTATUS 01481 NTAPI 01482 NtQueryInformationThread( 01483 /*IN*/ HANDLE ThreadHandle, 01484 /*IN*/ THREADINFOCLASS ThreadInformationClass, 01485 /*OUT*/ PVOID ThreadInformation, 01486 /*IN*/ ULONG ThreadInformationLength, 01487 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 01488 01489 NTOSAPI 01490 NTSTATUS 01491 NTAPI 01492 ZwQueryInformationThread( 01493 /*IN*/ HANDLE ThreadHandle, 01494 /*IN*/ THREADINFOCLASS ThreadInformationClass, 01495 /*OUT*/ PVOID ThreadInformation, 01496 /*IN*/ ULONG ThreadInformationLength, 01497 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 01498 01499 NTOSAPI 01500 NTSTATUS 01501 NTAPI 01502 NtSetInformationThread( 01503 /*IN*/ HANDLE ThreadHandle, 01504 /*IN*/ THREADINFOCLASS ThreadInformationClass, 01505 /*IN*/ PVOID ThreadInformation, 01506 /*IN*/ ULONG ThreadInformationLength); 01507 01508 NTOSAPI 01509 NTSTATUS 01510 NTAPI 01511 ZwSetInformationThread( 01512 /*IN*/ HANDLE ThreadHandle, 01513 /*IN*/ THREADINFOCLASS ThreadInformationClass, 01514 /*IN*/ PVOID ThreadInformation, 01515 /*IN*/ ULONG ThreadInformationLength); 01516 01517 typedef struct _THREAD_BASIC_INFORMATION { 01518 NTSTATUS ExitStatus; 01519 PNT_TIB TebBaseAddress; 01520 CLIENT_ID ClientId; 01521 KAFFINITY AffinityMask; 01522 KPRIORITY Priority; 01523 KPRIORITY BasePriority; 01524 } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION; 01525 01526 typedef struct _KERNEL_USER_TIMES { 01527 LARGE_INTEGER CreateTime; 01528 LARGE_INTEGER ExitTime; 01529 LARGE_INTEGER KernelTime; 01530 LARGE_INTEGER UserTime; 01531 } KERNEL_USER_TIMES, *PKERNEL_USER_TIMES; 01532 01533 NTOSAPI 01534 NTSTATUS 01535 NTAPI 01536 NtSuspendThread( 01537 /*IN*/ HANDLE ThreadHandle, 01538 /*OUT*/ PULONG PreviousSuspendCount /*OPTIONAL*/); 01539 01540 NTOSAPI 01541 NTSTATUS 01542 NTAPI 01543 ZwSuspendThread( 01544 /*IN*/ HANDLE ThreadHandle, 01545 /*OUT*/ PULONG PreviousSuspendCount /*OPTIONAL*/); 01546 01547 NTOSAPI 01548 NTSTATUS 01549 NTAPI 01550 NtResumeThread( 01551 /*IN*/ HANDLE ThreadHandle, 01552 /*OUT*/ PULONG PreviousSuspendCount /*OPTIONAL*/); 01553 01554 NTOSAPI 01555 NTSTATUS 01556 NTAPI 01557 ZwResumeThread( 01558 /*IN*/ HANDLE ThreadHandle, 01559 /*OUT*/ PULONG PreviousSuspendCount /*OPTIONAL*/); 01560 01561 NTOSAPI 01562 NTSTATUS 01563 NTAPI 01564 NtGetContextThread( 01565 /*IN*/ HANDLE ThreadHandle, 01566 /*OUT*/ PCONTEXT Context); 01567 01568 NTOSAPI 01569 NTSTATUS 01570 NTAPI 01571 ZwGetContextThread( 01572 /*IN*/ HANDLE ThreadHandle, 01573 /*OUT*/ PCONTEXT Context); 01574 01575 NTOSAPI 01576 NTSTATUS 01577 NTAPI 01578 NtSetContextThread( 01579 /*IN*/ HANDLE ThreadHandle, 01580 /*IN*/ PCONTEXT Context); 01581 01582 NTOSAPI 01583 NTSTATUS 01584 NTAPI 01585 ZwSetContextThread( 01586 /*IN*/ HANDLE ThreadHandle, 01587 /*IN*/ PCONTEXT Context); 01588 01589 NTOSAPI 01590 NTSTATUS 01591 NTAPI 01592 NtQueueApcThread( 01593 /*IN*/ HANDLE ThreadHandle, 01594 /*IN*/ PKNORMAL_ROUTINE ApcRoutine, 01595 /*IN*/ PVOID ApcContext /*OPTIONAL*/, 01596 /*IN*/ PVOID Argument1 /*OPTIONAL*/, 01597 /*IN*/ PVOID Argument2 /*OPTIONAL*/); 01598 01599 NTOSAPI 01600 NTSTATUS 01601 NTAPI 01602 ZwQueueApcThread( 01603 /*IN*/ HANDLE ThreadHandle, 01604 /*IN*/ PKNORMAL_ROUTINE ApcRoutine, 01605 /*IN*/ PVOID ApcContext /*OPTIONAL*/, 01606 /*IN*/ PVOID Argument1 /*OPTIONAL*/, 01607 /*IN*/ PVOID Argument2 /*OPTIONAL*/); 01608 01609 NTOSAPI 01610 NTSTATUS 01611 NTAPI 01612 NtTestAlert( 01613 VOID); 01614 01615 NTOSAPI 01616 NTSTATUS 01617 NTAPI 01618 ZwTestAlert( 01619 VOID); 01620 01621 NTOSAPI 01622 NTSTATUS 01623 NTAPI 01624 NtAlertThread( 01625 /*IN*/ HANDLE ThreadHandle); 01626 01627 NTOSAPI 01628 NTSTATUS 01629 NTAPI 01630 ZwAlertThread( 01631 /*IN*/ HANDLE ThreadHandle); 01632 01633 NTOSAPI 01634 NTSTATUS 01635 NTAPI 01636 NtAlertResumeThread( 01637 /*IN*/ HANDLE ThreadHandle, 01638 /*OUT*/ PULONG PreviousSuspendCount /*OPTIONAL*/); 01639 01640 NTOSAPI 01641 NTSTATUS 01642 NTAPI 01643 ZwAlertResumeThread( 01644 /*IN*/ HANDLE ThreadHandle, 01645 /*OUT*/ PULONG PreviousSuspendCount /*OPTIONAL*/); 01646 01647 NTOSAPI 01648 NTSTATUS 01649 NTAPI 01650 NtRegisterThreadTerminatePort( 01651 /*IN*/ HANDLE PortHandle); 01652 01653 NTOSAPI 01654 NTSTATUS 01655 NTAPI 01656 ZwRegisterThreadTerminatePort( 01657 /*IN*/ HANDLE PortHandle); 01658 01659 NTOSAPI 01660 NTSTATUS 01661 NTAPI 01662 NtImpersonateThread( 01663 /*IN*/ HANDLE ThreadHandle, 01664 /*IN*/ HANDLE TargetThreadHandle, 01665 /*IN*/ PSECURITY_QUALITY_OF_SERVICE SecurityQos); 01666 01667 NTOSAPI 01668 NTSTATUS 01669 NTAPI 01670 ZwImpersonateThread( 01671 /*IN*/ HANDLE ThreadHandle, 01672 /*IN*/ HANDLE TargetThreadHandle, 01673 /*IN*/ PSECURITY_QUALITY_OF_SERVICE SecurityQos); 01674 01675 NTOSAPI 01676 NTSTATUS 01677 NTAPI 01678 NtImpersonateAnonymousToken( 01679 /*IN*/ HANDLE ThreadHandle); 01680 01681 NTOSAPI 01682 NTSTATUS 01683 NTAPI 01684 ZwImpersonateAnonymousToken( 01685 /*IN*/ HANDLE ThreadHandle); 01686 01687 01688 01689 01690 /* Processes */ 01691 01692 NTOSAPI 01693 NTSTATUS 01694 NTAPI 01695 NtCreateProcess( 01696 /*OUT*/ PHANDLE ProcessHandle, 01697 /*IN*/ ACCESS_MASK DesiredAccess, 01698 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 01699 /*IN*/ HANDLE InheritFromProcessHandle, 01700 /*IN*/ BOOLEAN InheritHandles, 01701 /*IN*/ HANDLE SectionHandle /*OPTIONAL*/, 01702 /*IN*/ HANDLE DebugPort /*OPTIONAL*/, 01703 /*IN*/ HANDLE ExceptionPort /*OPTIONAL*/); 01704 01705 NTOSAPI 01706 NTSTATUS 01707 NTAPI 01708 ZwCreateProcess( 01709 /*OUT*/ PHANDLE ProcessHandle, 01710 /*IN*/ ACCESS_MASK DesiredAccess, 01711 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 01712 /*IN*/ HANDLE InheritFromProcessHandle, 01713 /*IN*/ BOOLEAN InheritHandles, 01714 /*IN*/ HANDLE SectionHandle /*OPTIONAL*/, 01715 /*IN*/ HANDLE DebugPort /*OPTIONAL*/, 01716 /*IN*/ HANDLE ExceptionPort /*OPTIONAL*/); 01717 01718 NTOSAPI 01719 NTSTATUS 01720 NTAPI 01721 NtTerminateProcess( 01722 /*IN*/ HANDLE ProcessHandle /*OPTIONAL*/, 01723 /*IN*/ NTSTATUS ExitStatus); 01724 01725 NTOSAPI 01726 NTSTATUS 01727 NTAPI 01728 ZwTerminateProcess( 01729 /*IN*/ HANDLE ProcessHandle /*OPTIONAL*/, 01730 /*IN*/ NTSTATUS ExitStatus); 01731 01732 NTOSAPI 01733 NTSTATUS 01734 NTAPI 01735 NtQueryInformationProcess( 01736 /*IN*/ HANDLE ProcessHandle, 01737 /*IN*/ PROCESSINFOCLASS ProcessInformationClass, 01738 /*OUT*/ PVOID ProcessInformation, 01739 /*IN*/ ULONG ProcessInformationLength, 01740 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 01741 01742 NTOSAPI 01743 NTSTATUS 01744 NTAPI 01745 ZwQueryInformationProcess( 01746 /*IN*/ HANDLE ProcessHandle, 01747 /*IN*/ PROCESSINFOCLASS ProcessInformationClass, 01748 /*OUT*/ PVOID ProcessInformation, 01749 /*IN*/ ULONG ProcessInformationLength, 01750 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 01751 01752 NTOSAPI 01753 NTSTATUS 01754 NTAPI 01755 NtSetInformationProcess( 01756 /*IN*/ HANDLE ProcessHandle, 01757 /*IN*/ PROCESSINFOCLASS ProcessInformationClass, 01758 /*IN*/ PVOID ProcessInformation, 01759 /*IN*/ ULONG ProcessInformationLength); 01760 01761 NTOSAPI 01762 NTSTATUS 01763 NTAPI 01764 ZwSetInformationProcess( 01765 /*IN*/ HANDLE ProcessHandle, 01766 /*IN*/ PROCESSINFOCLASS ProcessInformationClass, 01767 /*IN*/ PVOID ProcessInformation, 01768 /*IN*/ ULONG ProcessInformationLength); 01769 01770 typedef struct _PROCESS_BASIC_INFORMATION { 01771 NTSTATUS ExitStatus; 01772 PPEB PebBaseAddress; 01773 KAFFINITY AffinityMask; 01774 KPRIORITY BasePriority; 01775 ULONG UniqueProcessId; 01776 ULONG InheritedFromUniqueProcessId; 01777 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION; 01778 01779 typedef struct _PROCESS_ACCESS_TOKEN { 01780 HANDLE Token; 01781 HANDLE Thread; 01782 } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN; 01783 01784 /* DefaultHardErrorMode constants */ 01785 /* also in winbase.h */ 01786 #define SEM_FAILCRITICALERRORS 0x0001 01787 #define SEM_NOGPFAULTERRORBOX 0x0002 01788 #define SEM_NOALIGNMENTFAULTEXCEPT 0x0004 01789 #define SEM_NOOPENFILEERRORBOX 0x8000 01790 /* end winbase.h */ 01791 typedef struct _POOLED_USAGE_AND_LIMITS { 01792 ULONG PeakPagedPoolUsage; 01793 ULONG PagedPoolUsage; 01794 ULONG PagedPoolLimit; 01795 ULONG PeakNonPagedPoolUsage; 01796 ULONG NonPagedPoolUsage; 01797 ULONG NonPagedPoolLimit; 01798 ULONG PeakPagefileUsage; 01799 ULONG PagefileUsage; 01800 ULONG PagefileLimit; 01801 } POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS; 01802 01803 typedef struct _PROCESS_WS_WATCH_INFORMATION { 01804 PVOID FaultingPc; 01805 PVOID FaultingVa; 01806 } PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION; 01807 01808 /* PROCESS_PRIORITY_CLASS.PriorityClass constants */ 01809 #define PC_IDLE 1 01810 #define PC_NORMAL 2 01811 #define PC_HIGH 3 01812 #define PC_REALTIME 4 01813 #define PC_BELOW_NORMAL 5 01814 #define PC_ABOVE_NORMAL 6 01815 01816 typedef struct _PROCESS_PRIORITY_CLASS { 01817 BOOLEAN Foreground; 01818 UCHAR PriorityClass; 01819 } PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS; 01820 01821 /* PROCESS_DEVICEMAP_INFORMATION.DriveType constants */ 01822 #define DRIVE_UNKNOWN 0 01823 #define DRIVE_NO_ROOT_DIR 1 01824 #define DRIVE_REMOVABLE 2 01825 #define DRIVE_FIXED 3 01826 #define DRIVE_REMOTE 4 01827 #define DRIVE_CDROM 5 01828 #define DRIVE_RAMDISK 6 01829 01830 typedef struct _PROCESS_DEVICEMAP_INFORMATION { 01831 _ANONYMOUS_UNION union { 01832 struct { 01833 HANDLE DirectoryHandle; 01834 } Set; 01835 struct { 01836 ULONG DriveMap; 01837 UCHAR DriveType[32]; 01838 } Query; 01839 } DUMMYUNIONNAME; 01840 } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION; 01841 01842 typedef struct _PROCESS_SESSION_INFORMATION { 01843 ULONG SessionId; 01844 } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION; 01845 01846 typedef struct _RTL_USER_PROCESS_PARAMETERS { 01847 ULONG AllocationSize; 01848 ULONG Size; 01849 ULONG Flags; 01850 ULONG DebugFlags; 01851 HANDLE hConsole; 01852 ULONG ProcessGroup; 01853 HANDLE hStdInput; 01854 HANDLE hStdOutput; 01855 HANDLE hStdError; 01856 UNICODE_STRING CurrentDirectoryName; 01857 HANDLE CurrentDirectoryHandle; 01858 UNICODE_STRING DllPath; 01859 UNICODE_STRING ImagePathName; 01860 UNICODE_STRING CommandLine; 01861 PWSTR Environment; 01862 ULONG dwX; 01863 ULONG dwY; 01864 ULONG dwXSize; 01865 ULONG dwYSize; 01866 ULONG dwXCountChars; 01867 ULONG dwYCountChars; 01868 ULONG dwFillAttribute; 01869 ULONG dwFlags; 01870 ULONG wShowWindow; 01871 UNICODE_STRING WindowTitle; 01872 UNICODE_STRING DesktopInfo; 01873 UNICODE_STRING ShellInfo; 01874 UNICODE_STRING RuntimeInfo; 01875 } RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS; 01876 01877 NTSTATUS 01878 NTAPI 01879 RtlCreateProcessParameters( 01880 /*OUT*/ PRTL_USER_PROCESS_PARAMETERS *ProcessParameters, 01881 /*IN*/ PUNICODE_STRING ImageFile, 01882 /*IN*/ PUNICODE_STRING DllPath /*OPTIONAL*/, 01883 /*IN*/ PUNICODE_STRING CurrentDirectory /*OPTIONAL*/, 01884 /*IN*/ PUNICODE_STRING CommandLine /*OPTIONAL*/, 01885 /*IN*/ PWSTR Environment /*OPTIONAL*/, 01886 /*IN*/ PUNICODE_STRING WindowTitle /*OPTIONAL*/, 01887 /*IN*/ PUNICODE_STRING DesktopInfo /*OPTIONAL*/, 01888 /*IN*/ PUNICODE_STRING ShellInfo /*OPTIONAL*/, 01889 /*IN*/ PUNICODE_STRING RuntimeInfo /*OPTIONAL*/); 01890 01891 NTSTATUS 01892 NTAPI 01893 RtlDestroyProcessParameters( 01894 /*IN*/ PRTL_USER_PROCESS_PARAMETERS ProcessParameters); 01895 01896 typedef struct _DEBUG_BUFFER { 01897 HANDLE SectionHandle; 01898 PVOID SectionBase; 01899 PVOID RemoteSectionBase; 01900 ULONG SectionBaseDelta; 01901 HANDLE EventPairHandle; 01902 ULONG Unknown[2]; 01903 HANDLE RemoteThreadHandle; 01904 ULONG InfoClassMask; 01905 ULONG SizeOfInfo; 01906 ULONG AllocatedSize; 01907 ULONG SectionSize; 01908 PVOID ModuleInformation; 01909 PVOID BackTraceInformation; 01910 PVOID HeapInformation; 01911 PVOID LockInformation; 01912 PVOID Reserved[8]; 01913 } DEBUG_BUFFER, *PDEBUG_BUFFER; 01914 01915 PDEBUG_BUFFER 01916 NTAPI 01917 RtlCreateQueryDebugBuffer( 01918 /*IN*/ ULONG Size, 01919 /*IN*/ BOOLEAN EventPair); 01920 01921 /* RtlQueryProcessDebugInformation.DebugInfoClassMask constants */ 01922 #define PDI_MODULES 0x01 01923 #define PDI_BACKTRACE 0x02 01924 #define PDI_HEAPS 0x04 01925 #define PDI_HEAP_TAGS 0x08 01926 #define PDI_HEAP_BLOCKS 0x10 01927 #define PDI_LOCKS 0x20 01928 01929 NTSTATUS 01930 NTAPI 01931 RtlQueryProcessDebugInformation( 01932 /*IN*/ ULONG ProcessId, 01933 /*IN*/ ULONG DebugInfoClassMask, 01934 /*IN OUT*/ PDEBUG_BUFFER DebugBuffer); 01935 01936 NTSTATUS 01937 NTAPI 01938 RtlDestroyQueryDebugBuffer( 01939 /*IN*/ PDEBUG_BUFFER DebugBuffer); 01940 01941 /* DEBUG_MODULE_INFORMATION.Flags constants */ 01942 #define LDRP_STATIC_LINK 0x00000002 01943 #define LDRP_IMAGE_DLL 0x00000004 01944 #define LDRP_LOAD_IN_PROGRESS 0x00001000 01945 #define LDRP_UNLOAD_IN_PROGRESS 0x00002000 01946 #define LDRP_ENTRY_PROCESSED 0x00004000 01947 #define LDRP_ENTRY_INSERTED 0x00008000 01948 #define LDRP_CURRENT_LOAD 0x00010000 01949 #define LDRP_FAILED_BUILTIN_LOAD 0x00020000 01950 #define LDRP_DONT_CALL_FOR_THREADS 0x00040000 01951 #define LDRP_PROCESS_ATTACH_CALLED 0x00080000 01952 #define LDRP_DEBUG_SYMBOLS_LOADED 0x00100000 01953 #define LDRP_IMAGE_NOT_AT_BASE 0x00200000 01954 #define LDRP_WX86_IGNORE_MACHINETYPE 0x00400000 01955 01956 typedef struct _DEBUG_MODULE_INFORMATION { 01957 ULONG Reserved[2]; 01958 ULONG Base; 01959 ULONG Size; 01960 ULONG Flags; 01961 USHORT Index; 01962 USHORT Unknown; 01963 USHORT LoadCount; 01964 USHORT ModuleNameOffset; 01965 CHAR ImageName[256]; 01966 } DEBUG_MODULE_INFORMATION, *PDEBUG_MODULE_INFORMATION; 01967 01968 typedef struct _DEBUG_HEAP_INFORMATION { 01969 ULONG Base; 01970 ULONG Flags; 01971 USHORT Granularity; 01972 USHORT Unknown; 01973 ULONG Allocated; 01974 ULONG Committed; 01975 ULONG TagCount; 01976 ULONG BlockCount; 01977 ULONG Reserved[7]; 01978 PVOID Tags; 01979 PVOID Blocks; 01980 } DEBUG_HEAP_INFORMATION, *PDEBUG_HEAP_INFORMATION; 01981 01982 typedef struct _DEBUG_LOCK_INFORMATION { 01983 PVOID Address; 01984 USHORT Type; 01985 USHORT CreatorBackTraceIndex; 01986 ULONG OwnerThreadId; 01987 ULONG ActiveCount; 01988 ULONG ContentionCount; 01989 ULONG EntryCount; 01990 ULONG RecursionCount; 01991 ULONG NumberOfSharedWaiters; 01992 ULONG NumberOfExclusiveWaiters; 01993 } DEBUG_LOCK_INFORMATION, *PDEBUG_LOCK_INFORMATION; 01994 01995 01996 01997 /* Jobs */ 01998 01999 NTOSAPI 02000 NTSTATUS 02001 NTAPI 02002 NtCreateJobObject( 02003 /*OUT*/ PHANDLE JobHandle, 02004 /*IN*/ ACCESS_MASK DesiredAccess, 02005 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes); 02006 02007 NTOSAPI 02008 NTSTATUS 02009 NTAPI 02010 ZwCreateJobObject( 02011 /*OUT*/ PHANDLE JobHandle, 02012 /*IN*/ ACCESS_MASK DesiredAccess, 02013 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes); 02014 02015 NTOSAPI 02016 NTSTATUS 02017 NTAPI 02018 NtOpenJobObject( 02019 /*OUT*/ PHANDLE JobHandle, 02020 /*IN*/ ACCESS_MASK DesiredAccess, 02021 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes); 02022 02023 NTOSAPI 02024 NTSTATUS 02025 NTAPI 02026 ZwOpenJobObject( 02027 /*OUT*/ PHANDLE JobHandle, 02028 /*IN*/ ACCESS_MASK DesiredAccess, 02029 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes); 02030 02031 NTOSAPI 02032 NTSTATUS 02033 NTAPI 02034 NtTerminateJobObject( 02035 /*IN*/ HANDLE JobHandle, 02036 /*IN*/ NTSTATUS ExitStatus); 02037 02038 NTOSAPI 02039 NTSTATUS 02040 NTAPI 02041 ZwTerminateJobObject( 02042 /*IN*/ HANDLE JobHandle, 02043 /*IN*/ NTSTATUS ExitStatus); 02044 02045 NTOSAPI 02046 NTSTATUS 02047 NTAPI 02048 NtAssignProcessToJobObject( 02049 /*IN*/ HANDLE JobHandle, 02050 /*IN*/ HANDLE ProcessHandle); 02051 02052 NTOSAPI 02053 NTSTATUS 02054 NTAPI 02055 ZwAssignProcessToJobObject( 02056 /*IN*/ HANDLE JobHandle, 02057 /*IN*/ HANDLE ProcessHandle); 02058 02059 NTOSAPI 02060 NTSTATUS 02061 NTAPI 02062 NtQueryInformationJobObject( 02063 /*IN*/ HANDLE JobHandle, 02064 /*IN*/ JOBOBJECTINFOCLASS JobInformationClass, 02065 /*OUT*/ PVOID JobInformation, 02066 /*IN*/ ULONG JobInformationLength, 02067 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 02068 02069 NTOSAPI 02070 NTSTATUS 02071 NTAPI 02072 ZwQueryInformationJobObject( 02073 /*IN*/ HANDLE JobHandle, 02074 /*IN*/ JOBOBJECTINFOCLASS JobInformationClass, 02075 /*OUT*/ PVOID JobInformation, 02076 /*IN*/ ULONG JobInformationLength, 02077 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 02078 02079 NTOSAPI 02080 NTSTATUS 02081 NTAPI 02082 NtSetInformationJobObject( 02083 /*IN*/ HANDLE JobHandle, 02084 /*IN*/ JOBOBJECTINFOCLASS JobInformationClass, 02085 /*IN*/ PVOID JobInformation, 02086 /*IN*/ ULONG JobInformationLength); 02087 02088 NTOSAPI 02089 NTSTATUS 02090 NTAPI 02091 ZwSetInformationJobObject( 02092 /*IN*/ HANDLE JobHandle, 02093 /*IN*/ JOBOBJECTINFOCLASS JobInformationClass, 02094 /*IN*/ PVOID JobInformation, 02095 /*IN*/ ULONG JobInformationLength); 02096 02097 02098 /* Tokens */ 02099 02100 NTOSAPI 02101 NTSTATUS 02102 NTAPI 02103 NtCreateToken( 02104 /*OUT*/ PHANDLE TokenHandle, 02105 /*IN*/ ACCESS_MASK DesiredAccess, 02106 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 02107 /*IN*/ TOKEN_TYPE Type, 02108 /*IN*/ PLUID AuthenticationId, 02109 /*IN*/ PLARGE_INTEGER ExpirationTime, 02110 /*IN*/ PTOKEN_USER User, 02111 /*IN*/ PTOKEN_GROUPS Groups, 02112 /*IN*/ PTOKEN_PRIVILEGES Privileges, 02113 /*IN*/ PTOKEN_OWNER Owner, 02114 /*IN*/ PTOKEN_PRIMARY_GROUP PrimaryGroup, 02115 /*IN*/ PTOKEN_DEFAULT_DACL DefaultDacl, 02116 /*IN*/ PTOKEN_SOURCE Source 02117 ); 02118 02119 NTOSAPI 02120 NTSTATUS 02121 NTAPI 02122 ZwCreateToken( 02123 /*OUT*/ PHANDLE TokenHandle, 02124 /*IN*/ ACCESS_MASK DesiredAccess, 02125 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 02126 /*IN*/ TOKEN_TYPE Type, 02127 /*IN*/ PLUID AuthenticationId, 02128 /*IN*/ PLARGE_INTEGER ExpirationTime, 02129 /*IN*/ PTOKEN_USER User, 02130 /*IN*/ PTOKEN_GROUPS Groups, 02131 /*IN*/ PTOKEN_PRIVILEGES Privileges, 02132 /*IN*/ PTOKEN_OWNER Owner, 02133 /*IN*/ PTOKEN_PRIMARY_GROUP PrimaryGroup, 02134 /*IN*/ PTOKEN_DEFAULT_DACL DefaultDacl, 02135 /*IN*/ PTOKEN_SOURCE Source 02136 ); 02137 02138 NTOSAPI 02139 NTSTATUS 02140 NTAPI 02141 NtOpenProcessToken( 02142 /*IN*/ HANDLE ProcessHandle, 02143 /*IN*/ ACCESS_MASK DesiredAccess, 02144 /*OUT*/ PHANDLE TokenHandle); 02145 02146 NTOSAPI 02147 NTSTATUS 02148 NTAPI 02149 ZwOpenProcessToken( 02150 /*IN*/ HANDLE ProcessHandle, 02151 /*IN*/ ACCESS_MASK DesiredAccess, 02152 /*OUT*/ PHANDLE TokenHandle); 02153 02154 NTOSAPI 02155 NTSTATUS 02156 NTAPI 02157 NtOpenThreadToken( 02158 /*IN*/ HANDLE ThreadHandle, 02159 /*IN*/ ACCESS_MASK DesiredAccess, 02160 /*IN*/ BOOLEAN OpenAsSelf, 02161 /*OUT*/ PHANDLE TokenHandle); 02162 02163 NTOSAPI 02164 NTSTATUS 02165 NTAPI 02166 ZwOpenThreadToken( 02167 /*IN*/ HANDLE ThreadHandle, 02168 /*IN*/ ACCESS_MASK DesiredAccess, 02169 /*IN*/ BOOLEAN OpenAsSelf, 02170 /*OUT*/ PHANDLE TokenHandle); 02171 02172 NTOSAPI 02173 NTSTATUS 02174 NTAPI 02175 NtDuplicateToken( 02176 /*IN*/ HANDLE ExistingTokenHandle, 02177 /*IN*/ ACCESS_MASK DesiredAccess, 02178 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 02179 /*IN*/ BOOLEAN EffectiveOnly, 02180 /*IN*/ TOKEN_TYPE TokenType, 02181 /*OUT*/ PHANDLE NewTokenHandle); 02182 02183 NTOSAPI 02184 NTSTATUS 02185 NTAPI 02186 ZwDuplicateToken( 02187 /*IN*/ HANDLE ExistingTokenHandle, 02188 /*IN*/ ACCESS_MASK DesiredAccess, 02189 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 02190 /*IN*/ BOOLEAN EffectiveOnly, 02191 /*IN*/ TOKEN_TYPE TokenType, 02192 /*OUT*/ PHANDLE NewTokenHandle); 02193 02194 NTOSAPI 02195 NTSTATUS 02196 NTAPI 02197 NtFilterToken( 02198 /*IN*/ HANDLE ExistingTokenHandle, 02199 /*IN*/ ULONG Flags, 02200 /*IN*/ PTOKEN_GROUPS SidsToDisable, 02201 /*IN*/ PTOKEN_PRIVILEGES PrivilegesToDelete, 02202 /*IN*/ PTOKEN_GROUPS SidsToRestricted, 02203 /*OUT*/ PHANDLE NewTokenHandle); 02204 02205 NTOSAPI 02206 NTSTATUS 02207 NTAPI 02208 ZwFilterToken( 02209 /*IN*/ HANDLE ExistingTokenHandle, 02210 /*IN*/ ULONG Flags, 02211 /*IN*/ PTOKEN_GROUPS SidsToDisable, 02212 /*IN*/ PTOKEN_PRIVILEGES PrivilegesToDelete, 02213 /*IN*/ PTOKEN_GROUPS SidsToRestricted, 02214 /*OUT*/ PHANDLE NewTokenHandle); 02215 02216 NTOSAPI 02217 NTSTATUS 02218 NTAPI 02219 NtAdjustPrivilegesToken( 02220 /*IN*/ HANDLE TokenHandle, 02221 /*IN*/ BOOLEAN DisableAllPrivileges, 02222 /*IN*/ PTOKEN_PRIVILEGES NewState, 02223 /*IN*/ ULONG BufferLength, 02224 /*OUT*/ PTOKEN_PRIVILEGES PreviousState /*OPTIONAL*/, 02225 /*OUT*/ PULONG ReturnLength); 02226 02227 NTOSAPI 02228 NTSTATUS 02229 NTAPI 02230 ZwAdjustPrivilegesToken( 02231 /*IN*/ HANDLE TokenHandle, 02232 /*IN*/ BOOLEAN DisableAllPrivileges, 02233 /*IN*/ PTOKEN_PRIVILEGES NewState, 02234 /*IN*/ ULONG BufferLength, 02235 /*OUT*/ PTOKEN_PRIVILEGES PreviousState /*OPTIONAL*/, 02236 /*OUT*/ PULONG ReturnLength); 02237 02238 NTOSAPI 02239 NTSTATUS 02240 NTAPI 02241 NtAdjustGroupsToken( 02242 /*IN*/ HANDLE TokenHandle, 02243 /*IN*/ BOOLEAN ResetToDefault, 02244 /*IN*/ PTOKEN_GROUPS NewState, 02245 /*IN*/ ULONG BufferLength, 02246 /*OUT*/ PTOKEN_GROUPS PreviousState /*OPTIONAL*/, 02247 /*OUT*/ PULONG ReturnLength); 02248 02249 NTOSAPI 02250 NTSTATUS 02251 NTAPI 02252 ZwAdjustGroupsToken( 02253 /*IN*/ HANDLE TokenHandle, 02254 /*IN*/ BOOLEAN ResetToDefault, 02255 /*IN*/ PTOKEN_GROUPS NewState, 02256 /*IN*/ ULONG BufferLength, 02257 /*OUT*/ PTOKEN_GROUPS PreviousState /*OPTIONAL*/, 02258 /*OUT*/ PULONG ReturnLength); 02259 02260 NTOSAPI 02261 NTSTATUS 02262 NTAPI 02263 NtQueryInformationToken( 02264 /*IN*/ HANDLE TokenHandle, 02265 /*IN*/ TOKEN_INFORMATION_CLASS TokenInformationClass, 02266 /*OUT*/ PVOID TokenInformation, 02267 /*IN*/ ULONG TokenInformationLength, 02268 /*OUT*/ PULONG ReturnLength); 02269 02270 NTOSAPI 02271 NTSTATUS 02272 NTAPI 02273 ZwQueryInformationToken( 02274 /*IN*/ HANDLE TokenHandle, 02275 /*IN*/ TOKEN_INFORMATION_CLASS TokenInformationClass, 02276 /*OUT*/ PVOID TokenInformation, 02277 /*IN*/ ULONG TokenInformationLength, 02278 /*OUT*/ PULONG ReturnLength); 02279 02280 NTOSAPI 02281 NTSTATUS 02282 NTAPI 02283 NtSetInformationToken( 02284 /*IN*/ HANDLE TokenHandle, 02285 /*IN*/ TOKEN_INFORMATION_CLASS TokenInformationClass, 02286 /*IN*/ PVOID TokenInformation, 02287 /*IN*/ ULONG TokenInformationLength); 02288 02289 NTOSAPI 02290 NTSTATUS 02291 NTAPI 02292 ZwSetInformationToken( 02293 /*IN*/ HANDLE TokenHandle, 02294 /*IN*/ TOKEN_INFORMATION_CLASS TokenInformationClass, 02295 /*IN*/ PVOID TokenInformation, 02296 /*IN*/ ULONG TokenInformationLength); 02297 02298 02299 02300 02301 /* Time */ 02302 02303 NTOSAPI 02304 NTSTATUS 02305 NTAPI 02306 NtQuerySystemTime( 02307 /*OUT*/ PLARGE_INTEGER CurrentTime); 02308 02309 NTOSAPI 02310 NTSTATUS 02311 NTAPI 02312 ZwQuerySystemTime( 02313 /*OUT*/ PLARGE_INTEGER CurrentTime); 02314 02315 NTOSAPI 02316 NTSTATUS 02317 NTAPI 02318 NtSetSystemTime( 02319 /*IN*/ PLARGE_INTEGER NewTime, 02320 /*OUT*/ PLARGE_INTEGER OldTime /*OPTIONAL*/); 02321 02322 NTOSAPI 02323 NTSTATUS 02324 NTAPI 02325 ZwSetSystemTime( 02326 /*IN*/ PLARGE_INTEGER NewTime, 02327 /*OUT*/ PLARGE_INTEGER OldTime /*OPTIONAL*/); 02328 02329 NTOSAPI 02330 NTSTATUS 02331 NTAPI 02332 NtQueryPerformanceCounter( 02333 /*OUT*/ PLARGE_INTEGER PerformanceCount, 02334 /*OUT*/ PLARGE_INTEGER PerformanceFrequency /*OPTIONAL*/); 02335 02336 NTOSAPI 02337 NTSTATUS 02338 NTAPI 02339 ZwQueryPerformanceCounter( 02340 /*OUT*/ PLARGE_INTEGER PerformanceCount, 02341 /*OUT*/ PLARGE_INTEGER PerformanceFrequency /*OPTIONAL*/); 02342 02343 NTOSAPI 02344 NTSTATUS 02345 NTAPI 02346 NtQueryTimerResolution( 02347 /*OUT*/ PULONG CoarsestResolution, 02348 /*OUT*/ PULONG FinestResolution, 02349 /*OUT*/ PULONG ActualResolution); 02350 02351 NTOSAPI 02352 NTSTATUS 02353 NTAPI 02354 ZwQueryTimerResolution( 02355 /*OUT*/ PULONG CoarsestResolution, 02356 /*OUT*/ PULONG FinestResolution, 02357 /*OUT*/ PULONG ActualResolution); 02358 02359 NTOSAPI 02360 NTSTATUS 02361 NTAPI 02362 NtDelayExecution( 02363 /*IN*/ BOOLEAN Alertable, 02364 /*IN*/ PLARGE_INTEGER Interval); 02365 02366 NTOSAPI 02367 NTSTATUS 02368 NTAPI 02369 ZwDelayExecution( 02370 /*IN*/ BOOLEAN Alertable, 02371 /*IN*/ PLARGE_INTEGER Interval); 02372 02373 NTOSAPI 02374 NTSTATUS 02375 NTAPI 02376 NtYieldExecution( 02377 VOID); 02378 02379 NTOSAPI 02380 NTSTATUS 02381 NTAPI 02382 ZwYieldExecution( 02383 VOID); 02384 02385 NTOSAPI 02386 ULONG 02387 NTAPI 02388 NtGetTickCount( 02389 VOID); 02390 02391 NTOSAPI 02392 ULONG 02393 NTAPI 02394 ZwGetTickCount( 02395 VOID); 02396 02397 02398 02399 02400 /* Execution profiling */ 02401 02402 NTOSAPI 02403 NTSTATUS 02404 NTAPI 02405 NtCreateProfile( 02406 /*OUT*/ PHANDLE ProfileHandle, 02407 /*IN*/ HANDLE ProcessHandle, 02408 /*IN*/ PVOID Base, 02409 /*IN*/ ULONG Size, 02410 /*IN*/ ULONG BucketShift, 02411 /*IN*/ PULONG Buffer, 02412 /*IN*/ ULONG BufferLength, 02413 /*IN*/ KPROFILE_SOURCE Source, 02414 /*IN*/ ULONG ProcessorMask); 02415 02416 NTOSAPI 02417 NTSTATUS 02418 NTAPI 02419 ZwCreateProfile( 02420 /*OUT*/ PHANDLE ProfileHandle, 02421 /*IN*/ HANDLE ProcessHandle, 02422 /*IN*/ PVOID Base, 02423 /*IN*/ ULONG Size, 02424 /*IN*/ ULONG BucketShift, 02425 /*IN*/ PULONG Buffer, 02426 /*IN*/ ULONG BufferLength, 02427 /*IN*/ KPROFILE_SOURCE Source, 02428 /*IN*/ ULONG ProcessorMask); 02429 02430 NTOSAPI 02431 NTSTATUS 02432 NTAPI 02433 NtSetIntervalProfile( 02434 /*IN*/ ULONG Interval, 02435 /*IN*/ KPROFILE_SOURCE Source); 02436 02437 NTOSAPI 02438 NTSTATUS 02439 NTAPI 02440 ZwSetIntervalProfile( 02441 /*IN*/ ULONG Interval, 02442 /*IN*/ KPROFILE_SOURCE Source); 02443 02444 NTOSAPI 02445 NTSTATUS 02446 NTAPI 02447 NtQueryIntervalProfile( 02448 /*IN*/ KPROFILE_SOURCE Source, 02449 /*OUT*/ PULONG Interval); 02450 02451 NTOSAPI 02452 NTSTATUS 02453 NTAPI 02454 ZwQueryIntervalProfile( 02455 /*IN*/ KPROFILE_SOURCE Source, 02456 /*OUT*/ PULONG Interval); 02457 02458 NTOSAPI 02459 NTSTATUS 02460 NTAPI 02461 NtStartProfile( 02462 /*IN*/ HANDLE ProfileHandle); 02463 02464 NTOSAPI 02465 NTSTATUS 02466 NTAPI 02467 ZwStartProfile( 02468 /*IN*/ HANDLE ProfileHandle); 02469 02470 NTOSAPI 02471 NTSTATUS 02472 NTAPI 02473 NtStopProfile( 02474 /*IN*/ HANDLE ProfileHandle); 02475 02476 NTOSAPI 02477 NTSTATUS 02478 NTAPI 02479 ZwStopProfile( 02480 /*IN*/ HANDLE ProfileHandle); 02481 02482 /* Local Procedure Call (LPC) */ 02483 02484 typedef struct _LPC_MESSAGE { 02485 USHORT DataSize; 02486 USHORT MessageSize; 02487 USHORT MessageType; 02488 USHORT VirtualRangesOffset; 02489 CLIENT_ID ClientId; 02490 ULONG MessageId; 02491 ULONG SectionSize; 02492 UCHAR Data[ANYSIZE_ARRAY]; 02493 } LPC_MESSAGE, *PLPC_MESSAGE; 02494 02495 #define LPC_MESSAGE_BASE_SIZE 24 02496 02497 typedef enum _LPC_TYPE { 02498 LPC_NEW_MESSAGE, 02499 LPC_REQUEST, 02500 LPC_REPLY, 02501 LPC_DATAGRAM, 02502 LPC_LOST_REPLY, 02503 LPC_PORT_CLOSED, 02504 LPC_CLIENT_DIED, 02505 LPC_EXCEPTION, 02506 LPC_DEBUG_EVENT, 02507 LPC_ERROR_EVENT, 02508 LPC_CONNECTION_REQUEST, 02509 LPC_CONNECTION_REFUSED, 02510 LPC_MAXIMUM 02511 } LPC_TYPE; 02512 02513 typedef struct _LPC_SECTION_WRITE { 02514 ULONG Length; 02515 HANDLE SectionHandle; 02516 ULONG SectionOffset; 02517 ULONG ViewSize; 02518 PVOID ViewBase; 02519 PVOID TargetViewBase; 02520 } LPC_SECTION_WRITE, *PLPC_SECTION_WRITE; 02521 02522 typedef struct _LPC_SECTION_READ { 02523 ULONG Length; 02524 ULONG ViewSize; 02525 PVOID ViewBase; 02526 } LPC_SECTION_READ, *PLPC_SECTION_READ; 02527 02528 NTOSAPI 02529 NTSTATUS 02530 NTAPI 02531 NtCreatePort( 02532 /*OUT*/ PHANDLE PortHandle, 02533 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 02534 /*IN*/ ULONG MaxDataSize, 02535 /*IN*/ ULONG MaxMessageSize, 02536 /*IN*/ ULONG Reserved); 02537 02538 NTOSAPI 02539 NTSTATUS 02540 NTAPI 02541 ZwCreatePort( 02542 /*OUT*/ PHANDLE PortHandle, 02543 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 02544 /*IN*/ ULONG MaxDataSize, 02545 /*IN*/ ULONG MaxMessageSize, 02546 /*IN*/ ULONG Reserved); 02547 02548 NTOSAPI 02549 NTSTATUS 02550 NTAPI 02551 NtCreateWaitablePort( 02552 /*OUT*/ PHANDLE PortHandle, 02553 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 02554 /*IN*/ ULONG MaxDataSize, 02555 /*IN*/ ULONG MaxMessageSize, 02556 /*IN*/ ULONG Reserved); 02557 02558 NTOSAPI 02559 NTSTATUS 02560 NTAPI 02561 ZwCreateWaitablePort( 02562 /*OUT*/ PHANDLE PortHandle, 02563 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 02564 /*IN*/ ULONG MaxDataSize, 02565 /*IN*/ ULONG MaxMessageSize, 02566 /*IN*/ ULONG Reserved); 02567 02568 NTOSAPI 02569 NTSTATUS 02570 NTAPI 02571 NtConnectPort( 02572 /*OUT*/ PHANDLE PortHandle, 02573 /*IN*/ PUNICODE_STRING PortName, 02574 /*IN*/ PSECURITY_QUALITY_OF_SERVICE SecurityQos, 02575 /*IN OUT*/ PLPC_SECTION_WRITE WriteSection /*OPTIONAL*/, 02576 /*IN OUT*/ PLPC_SECTION_READ ReadSection /*OPTIONAL*/, 02577 /*OUT*/ PULONG MaxMessageSize /*OPTIONAL*/, 02578 /*IN OUT*/ PVOID ConnectData /*OPTIONAL*/, 02579 /*IN OUT*/ PULONG ConnectDataLength /*OPTIONAL*/); 02580 02581 NTOSAPI 02582 NTSTATUS 02583 NTAPI 02584 ZwConnectPort( 02585 /*OUT*/ PHANDLE PortHandle, 02586 /*IN*/ PUNICODE_STRING PortName, 02587 /*IN*/ PSECURITY_QUALITY_OF_SERVICE SecurityQos, 02588 /*IN OUT*/ PLPC_SECTION_WRITE WriteSection /*OPTIONAL*/, 02589 /*IN OUT*/ PLPC_SECTION_READ ReadSection /*OPTIONAL*/, 02590 /*OUT*/ PULONG MaxMessageSize /*OPTIONAL*/, 02591 /*IN OUT*/ PVOID ConnectData /*OPTIONAL*/, 02592 /*IN OUT*/ PULONG ConnectDataLength /*OPTIONAL*/); 02593 02594 NTOSAPI 02595 NTSTATUS 02596 NTAPI 02597 NtListenPort( 02598 /*IN*/ HANDLE PortHandle, 02599 /*OUT*/ PLPC_MESSAGE Message); 02600 02601 NTOSAPI 02602 NTSTATUS 02603 NTAPI 02604 ZwListenPort( 02605 /*IN*/ HANDLE PortHandle, 02606 /*OUT*/ PLPC_MESSAGE Message); 02607 02608 NTOSAPI 02609 NTSTATUS 02610 NTAPI 02611 NtAcceptConnectPort( 02612 /*OUT*/ PHANDLE PortHandle, 02613 /*IN*/ ULONG PortIdentifier, 02614 /*IN*/ PLPC_MESSAGE Message, 02615 /*IN*/ BOOLEAN Accept, 02616 /*IN OUT*/ PLPC_SECTION_WRITE WriteSection /*OPTIONAL*/, 02617 /*IN OUT*/ PLPC_SECTION_READ ReadSection /*OPTIONAL*/); 02618 02619 NTOSAPI 02620 NTSTATUS 02621 NTAPI 02622 ZwAcceptConnectPort( 02623 /*OUT*/ PHANDLE PortHandle, 02624 /*IN*/ ULONG PortIdentifier, 02625 /*IN*/ PLPC_MESSAGE Message, 02626 /*IN*/ BOOLEAN Accept, 02627 /*IN OUT*/ PLPC_SECTION_WRITE WriteSection /*OPTIONAL*/, 02628 /*IN OUT*/ PLPC_SECTION_READ ReadSection /*OPTIONAL*/); 02629 02630 NTOSAPI 02631 NTSTATUS 02632 NTAPI 02633 NtCompleteConnectPort( 02634 /*IN*/ HANDLE PortHandle); 02635 02636 NTOSAPI 02637 NTSTATUS 02638 NTAPI 02639 ZwCompleteConnectPort( 02640 /*IN*/ HANDLE PortHandle); 02641 02642 NTOSAPI 02643 NTSTATUS 02644 NTAPI 02645 NtRequestPort( 02646 /*IN*/ HANDLE PortHandle, 02647 /*IN*/ PLPC_MESSAGE RequestMessage); 02648 02649 NTOSAPI 02650 NTSTATUS 02651 NTAPI 02652 ZwRequestPort( 02653 /*IN*/ HANDLE PortHandle, 02654 /*IN*/ PLPC_MESSAGE RequestMessage); 02655 02656 NTOSAPI 02657 NTSTATUS 02658 NTAPI 02659 NtRequestWaitReplyPort( 02660 /*IN*/ HANDLE PortHandle, 02661 /*IN*/ PLPC_MESSAGE RequestMessage, 02662 /*OUT*/ PLPC_MESSAGE ReplyMessage); 02663 02664 NTOSAPI 02665 NTSTATUS 02666 NTAPI 02667 ZwRequestWaitReplyPort( 02668 /*IN*/ HANDLE PortHandle, 02669 /*IN*/ PLPC_MESSAGE RequestMessage, 02670 /*OUT*/ PLPC_MESSAGE ReplyMessage); 02671 02672 NTOSAPI 02673 NTSTATUS 02674 NTAPI 02675 NtReplyPort( 02676 /*IN*/ HANDLE PortHandle, 02677 /*IN*/ PLPC_MESSAGE ReplyMessage); 02678 02679 NTOSAPI 02680 NTSTATUS 02681 NTAPI 02682 ZwReplyPort( 02683 /*IN*/ HANDLE PortHandle, 02684 /*IN*/ PLPC_MESSAGE ReplyMessage); 02685 02686 NTOSAPI 02687 NTSTATUS 02688 NTAPI 02689 NtReplyWaitReplyPort( 02690 /*IN*/ HANDLE PortHandle, 02691 /*IN OUT*/ PLPC_MESSAGE ReplyMessage); 02692 02693 NTOSAPI 02694 NTSTATUS 02695 NTAPI 02696 ZwReplyWaitReplyPort( 02697 /*IN*/ HANDLE PortHandle, 02698 /*IN OUT*/ PLPC_MESSAGE ReplyMessage); 02699 02700 NTOSAPI 02701 NTSTATUS 02702 NTAPI 02703 NtReplyWaitReceivePort( 02704 /*IN*/ HANDLE PortHandle, 02705 /*OUT*/ PULONG PortIdentifier /*OPTIONAL*/, 02706 /*IN*/ PLPC_MESSAGE ReplyMessage /*OPTIONAL*/, 02707 /*OUT*/ PLPC_MESSAGE Message); 02708 02709 NTOSAPI 02710 NTSTATUS 02711 NTAPI 02712 ZwReplyWaitReceivePort( 02713 /*IN*/ HANDLE PortHandle, 02714 /*OUT*/ PULONG PortIdentifier /*OPTIONAL*/, 02715 /*IN*/ PLPC_MESSAGE ReplyMessage /*OPTIONAL*/, 02716 /*OUT*/ PLPC_MESSAGE Message); 02717 02718 NTOSAPI 02719 NTSTATUS 02720 NTAPI 02721 NtReplyWaitReceivePortEx( 02722 /*IN*/ HANDLE PortHandle, 02723 /*OUT*/ PULONG PortIdentifier /*OPTIONAL*/, 02724 /*IN*/ PLPC_MESSAGE ReplyMessage /*OPTIONAL*/, 02725 /*OUT*/ PLPC_MESSAGE Message, 02726 /*IN*/ PLARGE_INTEGER Timeout); 02727 02728 NTOSAPI 02729 NTSTATUS 02730 NTAPI 02731 ZwReplyWaitReceivePortEx( 02732 /*IN*/ HANDLE PortHandle, 02733 /*OUT*/ PULONG PortIdentifier /*OPTIONAL*/, 02734 /*IN*/ PLPC_MESSAGE ReplyMessage /*OPTIONAL*/, 02735 /*OUT*/ PLPC_MESSAGE Message, 02736 /*IN*/ PLARGE_INTEGER Timeout); 02737 02738 NTOSAPI 02739 NTSTATUS 02740 NTAPI 02741 NtReadRequestData( 02742 /*IN*/ HANDLE PortHandle, 02743 /*IN*/ PLPC_MESSAGE Message, 02744 /*IN*/ ULONG Index, 02745 /*OUT*/ PVOID Buffer, 02746 /*IN*/ ULONG BufferLength, 02747 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 02748 02749 NTOSAPI 02750 NTSTATUS 02751 NTAPI 02752 ZwReadRequestData( 02753 /*IN*/ HANDLE PortHandle, 02754 /*IN*/ PLPC_MESSAGE Message, 02755 /*IN*/ ULONG Index, 02756 /*OUT*/ PVOID Buffer, 02757 /*IN*/ ULONG BufferLength, 02758 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 02759 02760 NTOSAPI 02761 NTSTATUS 02762 NTAPI 02763 NtWriteRequestData( 02764 /*IN*/ HANDLE PortHandle, 02765 /*IN*/ PLPC_MESSAGE Message, 02766 /*IN*/ ULONG Index, 02767 /*IN*/ PVOID Buffer, 02768 /*IN*/ ULONG BufferLength, 02769 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 02770 02771 NTOSAPI 02772 NTSTATUS 02773 NTAPI 02774 ZwWriteRequestData( 02775 /*IN*/ HANDLE PortHandle, 02776 /*IN*/ PLPC_MESSAGE Message, 02777 /*IN*/ ULONG Index, 02778 /*IN*/ PVOID Buffer, 02779 /*IN*/ ULONG BufferLength, 02780 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 02781 02782 typedef enum _PORT_INFORMATION_CLASS { 02783 PortBasicInformation 02784 } PORT_INFORMATION_CLASS; 02785 02786 NTOSAPI 02787 NTSTATUS 02788 NTAPI 02789 NtQueryInformationPort( 02790 /*IN*/ HANDLE PortHandle, 02791 /*IN*/ PORT_INFORMATION_CLASS PortInformationClass, 02792 /*OUT*/ PVOID PortInformation, 02793 /*IN*/ ULONG PortInformationLength, 02794 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 02795 02796 NTOSAPI 02797 NTSTATUS 02798 NTAPI 02799 ZwQueryInformationPort( 02800 /*IN*/ HANDLE PortHandle, 02801 /*IN*/ PORT_INFORMATION_CLASS PortInformationClass, 02802 /*OUT*/ PVOID PortInformation, 02803 /*IN*/ ULONG PortInformationLength, 02804 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 02805 02806 NTOSAPI 02807 NTSTATUS 02808 NTAPI 02809 NtImpersonateClientOfPort( 02810 /*IN*/ HANDLE PortHandle, 02811 /*IN*/ PLPC_MESSAGE Message); 02812 02813 NTOSAPI 02814 NTSTATUS 02815 NTAPI 02816 ZwImpersonateClientOfPort( 02817 /*IN*/ HANDLE PortHandle, 02818 /*IN*/ PLPC_MESSAGE Message); 02819 02820 02821 02822 02823 /* Files */ 02824 02825 NTOSAPI 02826 NTSTATUS 02827 NTAPI 02828 NtDeleteFile( 02829 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes); 02830 02831 NTOSAPI 02832 NTSTATUS 02833 NTAPI 02834 ZwDeleteFile( 02835 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes); 02836 02837 NTOSAPI 02838 NTSTATUS 02839 NTAPI 02840 NtFlushBuffersFile( 02841 /*IN*/ HANDLE FileHandle, 02842 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock); 02843 02844 NTOSAPI 02845 NTSTATUS 02846 NTAPI 02847 ZwFlushBuffersFile( 02848 /*IN*/ HANDLE FileHandle, 02849 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock); 02850 02851 NTOSAPI 02852 NTSTATUS 02853 NTAPI 02854 NtCancelIoFile( 02855 /*IN*/ HANDLE FileHandle, 02856 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock); 02857 02858 NTOSAPI 02859 NTSTATUS 02860 NTAPI 02861 ZwCancelIoFile( 02862 /*IN*/ HANDLE FileHandle, 02863 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock); 02864 02865 NTOSAPI 02866 NTSTATUS 02867 NTAPI 02868 NtReadFileScatter( 02869 /*IN*/ HANDLE FileHandle, 02870 /*IN*/ HANDLE Event /*OPTIONAL*/, 02871 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, 02872 /*IN*/ PVOID ApcContext /*OPTIONAL*/, 02873 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, 02874 /*IN*/ PFILE_SEGMENT_ELEMENT Buffer, 02875 /*IN*/ ULONG Length, 02876 /*IN*/ PLARGE_INTEGER ByteOffset /*OPTIONAL*/, 02877 /*IN*/ PULONG Key /*OPTIONAL*/); 02878 02879 NTOSAPI 02880 NTSTATUS 02881 NTAPI 02882 ZwReadFileScatter( 02883 /*IN*/ HANDLE FileHandle, 02884 /*IN*/ HANDLE Event /*OPTIONAL*/, 02885 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, 02886 /*IN*/ PVOID ApcContext /*OPTIONAL*/, 02887 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, 02888 /*IN*/ PFILE_SEGMENT_ELEMENT Buffer, 02889 /*IN*/ ULONG Length, 02890 /*IN*/ PLARGE_INTEGER ByteOffset /*OPTIONAL*/, 02891 /*IN*/ PULONG Key /*OPTIONAL*/); 02892 02893 NTOSAPI 02894 NTSTATUS 02895 NTAPI 02896 NtWriteFileGather( 02897 /*IN*/ HANDLE FileHandle, 02898 /*IN*/ HANDLE Event /*OPTIONAL*/, 02899 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, 02900 /*IN*/ PVOID ApcContext /*OPTIONAL*/, 02901 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, 02902 /*IN*/ PFILE_SEGMENT_ELEMENT Buffer, 02903 /*IN*/ ULONG Length, 02904 /*IN*/ PLARGE_INTEGER ByteOffset /*OPTIONAL*/, 02905 /*IN*/ PULONG Key /*OPTIONAL*/); 02906 02907 NTOSAPI 02908 NTSTATUS 02909 NTAPI 02910 ZwWriteFileGather( 02911 /*IN*/ HANDLE FileHandle, 02912 /*IN*/ HANDLE Event /*OPTIONAL*/, 02913 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, 02914 /*IN*/ PVOID ApcContext /*OPTIONAL*/, 02915 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, 02916 /*IN*/ PFILE_SEGMENT_ELEMENT Buffer, 02917 /*IN*/ ULONG Length, 02918 /*IN*/ PLARGE_INTEGER ByteOffset /*OPTIONAL*/, 02919 /*IN*/ PULONG Key /*OPTIONAL*/); 02920 02921 02922 02923 02924 /* Registry keys */ 02925 02926 NTOSAPI 02927 NTSTATUS 02928 NTAPI 02929 NtSaveKey( 02930 /*IN*/ HANDLE KeyHandle, 02931 /*IN*/ HANDLE FileHandle); 02932 02933 NTOSAPI 02934 NTSTATUS 02935 NTAPI 02936 ZwSaveKey( 02937 /*IN*/ HANDLE KeyHandle, 02938 /*IN*/ HANDLE FileHandle); 02939 02940 NTOSAPI 02941 NTSTATUS 02942 NTAPI 02943 NtSaveMergedKeys( 02944 /*IN*/ HANDLE KeyHandle1, 02945 /*IN*/ HANDLE KeyHandle2, 02946 /*IN*/ HANDLE FileHandle); 02947 02948 NTOSAPI 02949 NTSTATUS 02950 NTAPI 02951 ZwSaveMergedKeys( 02952 /*IN*/ HANDLE KeyHandle1, 02953 /*IN*/ HANDLE KeyHandle2, 02954 /*IN*/ HANDLE FileHandle); 02955 02956 NTOSAPI 02957 NTSTATUS 02958 NTAPI 02959 NtRestoreKey( 02960 /*IN*/ HANDLE KeyHandle, 02961 /*IN*/ HANDLE FileHandle, 02962 /*IN*/ ULONG Flags); 02963 02964 NTOSAPI 02965 NTSTATUS 02966 NTAPI 02967 ZwRestoreKey( 02968 /*IN*/ HANDLE KeyHandle, 02969 /*IN*/ HANDLE FileHandle, 02970 /*IN*/ ULONG Flags); 02971 02972 NTOSAPI 02973 NTSTATUS 02974 NTAPI 02975 NtLoadKey( 02976 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes, 02977 /*IN*/ POBJECT_ATTRIBUTES FileObjectAttributes); 02978 02979 NTOSAPI 02980 NTSTATUS 02981 NTAPI 02982 ZwLoadKey( 02983 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes, 02984 /*IN*/ POBJECT_ATTRIBUTES FileObjectAttributes); 02985 02986 NTOSAPI 02987 NTSTATUS 02988 NTAPI 02989 NtLoadKey2( 02990 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes, 02991 /*IN*/ POBJECT_ATTRIBUTES FileObjectAttributes, 02992 /*IN*/ ULONG Flags); 02993 02994 NTOSAPI 02995 NTSTATUS 02996 NTAPI 02997 ZwLoadKey2( 02998 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes, 02999 /*IN*/ POBJECT_ATTRIBUTES FileObjectAttributes, 03000 /*IN*/ ULONG Flags); 03001 03002 NTOSAPI 03003 NTSTATUS 03004 NTAPI 03005 NtUnloadKey( 03006 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes); 03007 03008 NTOSAPI 03009 NTSTATUS 03010 NTAPI 03011 ZwUnloadKey( 03012 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes); 03013 03014 NTOSAPI 03015 NTSTATUS 03016 NTAPI 03017 NtQueryOpenSubKeys( 03018 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes, 03019 /*OUT*/ PULONG NumberOfKeys); 03020 03021 NTOSAPI 03022 NTSTATUS 03023 NTAPI 03024 ZwQueryOpenSubKeys( 03025 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes, 03026 /*OUT*/ PULONG NumberOfKeys); 03027 03028 NTOSAPI 03029 NTSTATUS 03030 NTAPI 03031 NtReplaceKey( 03032 /*IN*/ POBJECT_ATTRIBUTES NewFileObjectAttributes, 03033 /*IN*/ HANDLE KeyHandle, 03034 /*IN*/ POBJECT_ATTRIBUTES OldFileObjectAttributes); 03035 03036 NTOSAPI 03037 NTSTATUS 03038 NTAPI 03039 ZwReplaceKey( 03040 /*IN*/ POBJECT_ATTRIBUTES NewFileObjectAttributes, 03041 /*IN*/ HANDLE KeyHandle, 03042 /*IN*/ POBJECT_ATTRIBUTES OldFileObjectAttributes); 03043 03044 typedef enum _KEY_SET_INFORMATION_CLASS { 03045 KeyLastWriteTimeInformation 03046 } KEY_SET_INFORMATION_CLASS; 03047 03048 NTOSAPI 03049 NTSTATUS 03050 NTAPI 03051 NtSetInformationKey( 03052 /*IN*/ HANDLE KeyHandle, 03053 /*IN*/ KEY_SET_INFORMATION_CLASS KeyInformationClass, 03054 /*IN*/ PVOID KeyInformation, 03055 /*IN*/ ULONG KeyInformationLength); 03056 03057 NTOSAPI 03058 NTSTATUS 03059 NTAPI 03060 ZwSetInformationKey( 03061 /*IN*/ HANDLE KeyHandle, 03062 /*IN*/ KEY_SET_INFORMATION_CLASS KeyInformationClass, 03063 /*IN*/ PVOID KeyInformation, 03064 /*IN*/ ULONG KeyInformationLength); 03065 03066 typedef struct _KEY_LAST_WRITE_TIME_INFORMATION { 03067 LARGE_INTEGER LastWriteTime; 03068 } KEY_LAST_WRITE_TIME_INFORMATION, *PKEY_LAST_WRITE_TIME_INFORMATION; 03069 03070 typedef struct _KEY_NAME_INFORMATION { 03071 ULONG NameLength; 03072 WCHAR Name[1]; 03073 } KEY_NAME_INFORMATION, *PKEY_NAME_INFORMATION; 03074 03075 NTOSAPI 03076 NTSTATUS 03077 NTAPI 03078 NtNotifyChangeKey( 03079 /*IN*/ HANDLE KeyHandle, 03080 /*IN*/ HANDLE EventHandle /*OPTIONAL*/, 03081 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, 03082 /*IN*/ PVOID ApcContext /*OPTIONAL*/, 03083 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, 03084 /*IN*/ ULONG NotifyFilter, 03085 /*IN*/ BOOLEAN WatchSubtree, 03086 /*IN*/ PVOID Buffer, 03087 /*IN*/ ULONG BufferLength, 03088 /*IN*/ BOOLEAN Asynchronous); 03089 03090 NTOSAPI 03091 NTSTATUS 03092 NTAPI 03093 ZwNotifyChangeKey( 03094 /*IN*/ HANDLE KeyHandle, 03095 /*IN*/ HANDLE EventHandle /*OPTIONAL*/, 03096 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, 03097 /*IN*/ PVOID ApcContext /*OPTIONAL*/, 03098 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, 03099 /*IN*/ ULONG NotifyFilter, 03100 /*IN*/ BOOLEAN WatchSubtree, 03101 /*IN*/ PVOID Buffer, 03102 /*IN*/ ULONG BufferLength, 03103 /*IN*/ BOOLEAN Asynchronous); 03104 03105 /* ZwNotifyChangeMultipleKeys.Flags constants */ 03106 #define REG_MONITOR_SINGLE_KEY 0x00 03107 #define REG_MONITOR_SECOND_KEY 0x01 03108 03109 NTOSAPI 03110 NTSTATUS 03111 NTAPI 03112 NtNotifyChangeMultipleKeys( 03113 /*IN*/ HANDLE KeyHandle, 03114 /*IN*/ ULONG Flags, 03115 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes, 03116 /*IN*/ HANDLE EventHandle /*OPTIONAL*/, 03117 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, 03118 /*IN*/ PVOID ApcContext /*OPTIONAL*/, 03119 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, 03120 /*IN*/ ULONG NotifyFilter, 03121 /*IN*/ BOOLEAN WatchSubtree, 03122 /*IN*/ PVOID Buffer, 03123 /*IN*/ ULONG BufferLength, 03124 /*IN*/ BOOLEAN Asynchronous); 03125 03126 NTOSAPI 03127 NTSTATUS 03128 NTAPI 03129 ZwNotifyChangeMultipleKeys( 03130 /*IN*/ HANDLE KeyHandle, 03131 /*IN*/ ULONG Flags, 03132 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes, 03133 /*IN*/ HANDLE EventHandle /*OPTIONAL*/, 03134 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, 03135 /*IN*/ PVOID ApcContext /*OPTIONAL*/, 03136 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, 03137 /*IN*/ ULONG NotifyFilter, 03138 /*IN*/ BOOLEAN WatchSubtree, 03139 /*IN*/ PVOID Buffer, 03140 /*IN*/ ULONG BufferLength, 03141 /*IN*/ BOOLEAN Asynchronous); 03142 03143 NTOSAPI 03144 NTSTATUS 03145 NTAPI 03146 NtQueryMultipleValueKey( 03147 /*IN*/ HANDLE KeyHandle, 03148 /*IN OUT*/ PKEY_VALUE_ENTRY ValueList, 03149 /*IN*/ ULONG NumberOfValues, 03150 /*OUT*/ PVOID Buffer, 03151 /*IN OUT*/ PULONG Length, 03152 /*OUT*/ PULONG ReturnLength); 03153 03154 NTOSAPI 03155 NTSTATUS 03156 NTAPI 03157 ZwQueryMultipleValueKey( 03158 /*IN*/ HANDLE KeyHandle, 03159 /*IN OUT*/ PKEY_VALUE_ENTRY ValueList, 03160 /*IN*/ ULONG NumberOfValues, 03161 /*OUT*/ PVOID Buffer, 03162 /*IN OUT*/ PULONG Length, 03163 /*OUT*/ PULONG ReturnLength); 03164 03165 NTOSAPI 03166 NTSTATUS 03167 NTAPI 03168 NtInitializeRegistry( 03169 /*IN*/ BOOLEAN Setup); 03170 03171 NTOSAPI 03172 NTSTATUS 03173 NTAPI 03174 ZwInitializeRegistry( 03175 /*IN*/ BOOLEAN Setup); 03176 03177 03178 03179 03180 /* Security and auditing */ 03181 03182 NTOSAPI 03183 NTSTATUS 03184 NTAPI 03185 NtPrivilegeCheck( 03186 /*IN*/ HANDLE TokenHandle, 03187 /*IN*/ PPRIVILEGE_SET RequiredPrivileges, 03188 /*OUT*/ PBOOLEAN Result); 03189 03190 NTOSAPI 03191 NTSTATUS 03192 NTAPI 03193 ZwPrivilegeCheck( 03194 /*IN*/ HANDLE TokenHandle, 03195 /*IN*/ PPRIVILEGE_SET RequiredPrivileges, 03196 /*OUT*/ PBOOLEAN Result); 03197 03198 NTOSAPI 03199 NTSTATUS 03200 NTAPI 03201 NtPrivilegeObjectAuditAlarm( 03202 /*IN*/ PUNICODE_STRING SubsystemName, 03203 /*IN*/ PVOID HandleId, 03204 /*IN*/ HANDLE TokenHandle, 03205 /*IN*/ ACCESS_MASK DesiredAccess, 03206 /*IN*/ PPRIVILEGE_SET Privileges, 03207 /*IN*/ BOOLEAN AccessGranted); 03208 03209 NTOSAPI 03210 NTSTATUS 03211 NTAPI 03212 ZwPrivilegeObjectAuditAlarm( 03213 /*IN*/ PUNICODE_STRING SubsystemName, 03214 /*IN*/ PVOID HandleId, 03215 /*IN*/ HANDLE TokenHandle, 03216 /*IN*/ ACCESS_MASK DesiredAccess, 03217 /*IN*/ PPRIVILEGE_SET Privileges, 03218 /*IN*/ BOOLEAN AccessGranted); 03219 03220 NTOSAPI 03221 NTSTATUS 03222 NTAPI 03223 NtAccessCheck( 03224 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 03225 /*IN*/ HANDLE TokenHandle, 03226 /*IN*/ ACCESS_MASK DesiredAccess, 03227 /*IN*/ PGENERIC_MAPPING GenericMapping, 03228 /*IN*/ PPRIVILEGE_SET PrivilegeSet, 03229 /*IN*/ PULONG PrivilegeSetLength, 03230 /*OUT*/ PACCESS_MASK GrantedAccess, 03231 /*OUT*/ PBOOLEAN AccessStatus); 03232 03233 NTOSAPI 03234 NTSTATUS 03235 NTAPI 03236 ZwAccessCheck( 03237 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 03238 /*IN*/ HANDLE TokenHandle, 03239 /*IN*/ ACCESS_MASK DesiredAccess, 03240 /*IN*/ PGENERIC_MAPPING GenericMapping, 03241 /*IN*/ PPRIVILEGE_SET PrivilegeSet, 03242 /*IN*/ PULONG PrivilegeSetLength, 03243 /*OUT*/ PACCESS_MASK GrantedAccess, 03244 /*OUT*/ PBOOLEAN AccessStatus); 03245 03246 NTOSAPI 03247 NTSTATUS 03248 NTAPI 03249 NtAccessCheckAndAuditAlarm( 03250 /*IN*/ PUNICODE_STRING SubsystemName, 03251 /*IN*/ PVOID HandleId, 03252 /*IN*/ PUNICODE_STRING ObjectTypeName, 03253 /*IN*/ PUNICODE_STRING ObjectName, 03254 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 03255 /*IN*/ ACCESS_MASK DesiredAccess, 03256 /*IN*/ PGENERIC_MAPPING GenericMapping, 03257 /*IN*/ BOOLEAN ObjectCreation, 03258 /*OUT*/ PACCESS_MASK GrantedAccess, 03259 /*OUT*/ PBOOLEAN AccessStatus, 03260 /*OUT*/ PBOOLEAN GenerateOnClose); 03261 03262 NTOSAPI 03263 NTSTATUS 03264 NTAPI 03265 ZwAccessCheckAndAuditAlarm( 03266 /*IN*/ PUNICODE_STRING SubsystemName, 03267 /*IN*/ PVOID HandleId, 03268 /*IN*/ PUNICODE_STRING ObjectTypeName, 03269 /*IN*/ PUNICODE_STRING ObjectName, 03270 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 03271 /*IN*/ ACCESS_MASK DesiredAccess, 03272 /*IN*/ PGENERIC_MAPPING GenericMapping, 03273 /*IN*/ BOOLEAN ObjectCreation, 03274 /*OUT*/ PACCESS_MASK GrantedAccess, 03275 /*OUT*/ PBOOLEAN AccessStatus, 03276 /*OUT*/ PBOOLEAN GenerateOnClose); 03277 03278 NTOSAPI 03279 NTSTATUS 03280 NTAPI 03281 NtAccessCheckByType( 03282 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 03283 /*IN*/ PSID PrincipalSelfSid, 03284 /*IN*/ HANDLE TokenHandle, 03285 /*IN*/ ULONG DesiredAccess, 03286 /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, 03287 /*IN*/ ULONG ObjectTypeListLength, 03288 /*IN*/ PGENERIC_MAPPING GenericMapping, 03289 /*IN*/ PPRIVILEGE_SET PrivilegeSet, 03290 /*IN*/ PULONG PrivilegeSetLength, 03291 /*OUT*/ PACCESS_MASK GrantedAccess, 03292 /*OUT*/ PULONG AccessStatus); 03293 03294 NTOSAPI 03295 NTSTATUS 03296 NTAPI 03297 ZwAccessCheckByType( 03298 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 03299 /*IN*/ PSID PrincipalSelfSid, 03300 /*IN*/ HANDLE TokenHandle, 03301 /*IN*/ ULONG DesiredAccess, 03302 /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, 03303 /*IN*/ ULONG ObjectTypeListLength, 03304 /*IN*/ PGENERIC_MAPPING GenericMapping, 03305 /*IN*/ PPRIVILEGE_SET PrivilegeSet, 03306 /*IN*/ PULONG PrivilegeSetLength, 03307 /*OUT*/ PACCESS_MASK GrantedAccess, 03308 /*OUT*/ PULONG AccessStatus); 03309 03310 typedef enum _AUDIT_EVENT_TYPE { 03311 AuditEventObjectAccess, 03312 AuditEventDirectoryServiceAccess 03313 } AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE; 03314 03315 NTOSAPI 03316 NTSTATUS 03317 NTAPI 03318 NtAccessCheckByTypeAndAuditAlarm( 03319 /*IN*/ PUNICODE_STRING SubsystemName, 03320 /*IN*/ PVOID HandleId, 03321 /*IN*/ PUNICODE_STRING ObjectTypeName, 03322 /*IN*/ PUNICODE_STRING ObjectName, 03323 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 03324 /*IN*/ PSID PrincipalSelfSid, 03325 /*IN*/ ACCESS_MASK DesiredAccess, 03326 /*IN*/ AUDIT_EVENT_TYPE AuditType, 03327 /*IN*/ ULONG Flags, 03328 /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, 03329 /*IN*/ ULONG ObjectTypeListLength, 03330 /*IN*/ PGENERIC_MAPPING GenericMapping, 03331 /*IN*/ BOOLEAN ObjectCreation, 03332 /*OUT*/ PACCESS_MASK GrantedAccess, 03333 /*OUT*/ PULONG AccessStatus, 03334 /*OUT*/ PBOOLEAN GenerateOnClose); 03335 03336 NTOSAPI 03337 NTSTATUS 03338 NTAPI 03339 ZwAccessCheckByTypeAndAuditAlarm( 03340 /*IN*/ PUNICODE_STRING SubsystemName, 03341 /*IN*/ PVOID HandleId, 03342 /*IN*/ PUNICODE_STRING ObjectTypeName, 03343 /*IN*/ PUNICODE_STRING ObjectName, 03344 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 03345 /*IN*/ PSID PrincipalSelfSid, 03346 /*IN*/ ACCESS_MASK DesiredAccess, 03347 /*IN*/ AUDIT_EVENT_TYPE AuditType, 03348 /*IN*/ ULONG Flags, 03349 /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, 03350 /*IN*/ ULONG ObjectTypeListLength, 03351 /*IN*/ PGENERIC_MAPPING GenericMapping, 03352 /*IN*/ BOOLEAN ObjectCreation, 03353 /*OUT*/ PACCESS_MASK GrantedAccess, 03354 /*OUT*/ PULONG AccessStatus, 03355 /*OUT*/ PBOOLEAN GenerateOnClose); 03356 03357 NTOSAPI 03358 NTSTATUS 03359 NTAPI 03360 NtAccessCheckByTypeResultList( 03361 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 03362 /*IN*/ PSID PrincipalSelfSid, 03363 /*IN*/ HANDLE TokenHandle, 03364 /*IN*/ ACCESS_MASK DesiredAccess, 03365 /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, 03366 /*IN*/ ULONG ObjectTypeListLength, 03367 /*IN*/ PGENERIC_MAPPING GenericMapping, 03368 /*IN*/ PPRIVILEGE_SET PrivilegeSet, 03369 /*IN*/ PULONG PrivilegeSetLength, 03370 /*OUT*/ PACCESS_MASK GrantedAccessList, 03371 /*OUT*/ PULONG AccessStatusList); 03372 03373 NTOSAPI 03374 NTSTATUS 03375 NTAPI 03376 ZwAccessCheckByTypeResultList( 03377 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 03378 /*IN*/ PSID PrincipalSelfSid, 03379 /*IN*/ HANDLE TokenHandle, 03380 /*IN*/ ACCESS_MASK DesiredAccess, 03381 /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, 03382 /*IN*/ ULONG ObjectTypeListLength, 03383 /*IN*/ PGENERIC_MAPPING GenericMapping, 03384 /*IN*/ PPRIVILEGE_SET PrivilegeSet, 03385 /*IN*/ PULONG PrivilegeSetLength, 03386 /*OUT*/ PACCESS_MASK GrantedAccessList, 03387 /*OUT*/ PULONG AccessStatusList); 03388 03389 NTOSAPI 03390 NTSTATUS 03391 NTAPI 03392 NtAccessCheckByTypeResultListAndAuditAlarm( 03393 /*IN*/ PUNICODE_STRING SubsystemName, 03394 /*IN*/ PVOID HandleId, 03395 /*IN*/ PUNICODE_STRING ObjectTypeName, 03396 /*IN*/ PUNICODE_STRING ObjectName, 03397 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 03398 /*IN*/ PSID PrincipalSelfSid, 03399 /*IN*/ ACCESS_MASK DesiredAccess, 03400 /*IN*/ AUDIT_EVENT_TYPE AuditType, 03401 /*IN*/ ULONG Flags, 03402 /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, 03403 /*IN*/ ULONG ObjectTypeListLength, 03404 /*IN*/ PGENERIC_MAPPING GenericMapping, 03405 /*IN*/ BOOLEAN ObjectCreation, 03406 /*OUT*/ PACCESS_MASK GrantedAccessList, 03407 /*OUT*/ PULONG AccessStatusList, 03408 /*OUT*/ PULONG GenerateOnClose); 03409 03410 NTOSAPI 03411 NTSTATUS 03412 NTAPI 03413 ZwAccessCheckByTypeResultListAndAuditAlarm( 03414 /*IN*/ PUNICODE_STRING SubsystemName, 03415 /*IN*/ PVOID HandleId, 03416 /*IN*/ PUNICODE_STRING ObjectTypeName, 03417 /*IN*/ PUNICODE_STRING ObjectName, 03418 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 03419 /*IN*/ PSID PrincipalSelfSid, 03420 /*IN*/ ACCESS_MASK DesiredAccess, 03421 /*IN*/ AUDIT_EVENT_TYPE AuditType, 03422 /*IN*/ ULONG Flags, 03423 /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, 03424 /*IN*/ ULONG ObjectTypeListLength, 03425 /*IN*/ PGENERIC_MAPPING GenericMapping, 03426 /*IN*/ BOOLEAN ObjectCreation, 03427 /*OUT*/ PACCESS_MASK GrantedAccessList, 03428 /*OUT*/ PULONG AccessStatusList, 03429 /*OUT*/ PULONG GenerateOnClose); 03430 03431 NTOSAPI 03432 NTSTATUS 03433 NTAPI 03434 NtAccessCheckByTypeResultListAndAuditAlarmByHandle( 03435 /*IN*/ PUNICODE_STRING SubsystemName, 03436 /*IN*/ PVOID HandleId, 03437 /*IN*/ HANDLE TokenHandle, 03438 /*IN*/ PUNICODE_STRING ObjectTypeName, 03439 /*IN*/ PUNICODE_STRING ObjectName, 03440 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 03441 /*IN*/ PSID PrincipalSelfSid, 03442 /*IN*/ ACCESS_MASK DesiredAccess, 03443 /*IN*/ AUDIT_EVENT_TYPE AuditType, 03444 /*IN*/ ULONG Flags, 03445 /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, 03446 /*IN*/ ULONG ObjectTypeListLength, 03447 /*IN*/ PGENERIC_MAPPING GenericMapping, 03448 /*IN*/ BOOLEAN ObjectCreation, 03449 /*OUT*/ PACCESS_MASK GrantedAccessList, 03450 /*OUT*/ PULONG AccessStatusList, 03451 /*OUT*/ PULONG GenerateOnClose); 03452 03453 NTOSAPI 03454 NTSTATUS 03455 NTAPI 03456 ZwAccessCheckByTypeResultListAndAuditAlarmByHandle( 03457 /*IN*/ PUNICODE_STRING SubsystemName, 03458 /*IN*/ PVOID HandleId, 03459 /*IN*/ HANDLE TokenHandle, 03460 /*IN*/ PUNICODE_STRING ObjectTypeName, 03461 /*IN*/ PUNICODE_STRING ObjectName, 03462 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 03463 /*IN*/ PSID PrincipalSelfSid, 03464 /*IN*/ ACCESS_MASK DesiredAccess, 03465 /*IN*/ AUDIT_EVENT_TYPE AuditType, 03466 /*IN*/ ULONG Flags, 03467 /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, 03468 /*IN*/ ULONG ObjectTypeListLength, 03469 /*IN*/ PGENERIC_MAPPING GenericMapping, 03470 /*IN*/ BOOLEAN ObjectCreation, 03471 /*OUT*/ PACCESS_MASK GrantedAccessList, 03472 /*OUT*/ PULONG AccessStatusList, 03473 /*OUT*/ PULONG GenerateOnClose); 03474 03475 NTOSAPI 03476 NTSTATUS 03477 NTAPI 03478 NtOpenObjectAuditAlarm( 03479 /*IN*/ PUNICODE_STRING SubsystemName, 03480 /*IN*/ PVOID *HandleId, 03481 /*IN*/ PUNICODE_STRING ObjectTypeName, 03482 /*IN*/ PUNICODE_STRING ObjectName, 03483 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 03484 /*IN*/ HANDLE TokenHandle, 03485 /*IN*/ ACCESS_MASK DesiredAccess, 03486 /*IN*/ ACCESS_MASK GrantedAccess, 03487 /*IN*/ PPRIVILEGE_SET Privileges /*OPTIONAL*/, 03488 /*IN*/ BOOLEAN ObjectCreation, 03489 /*IN*/ BOOLEAN AccessGranted, 03490 /*OUT*/ PBOOLEAN GenerateOnClose); 03491 03492 NTOSAPI 03493 NTSTATUS 03494 NTAPI 03495 ZwOpenObjectAuditAlarm( 03496 /*IN*/ PUNICODE_STRING SubsystemName, 03497 /*IN*/ PVOID *HandleId, 03498 /*IN*/ PUNICODE_STRING ObjectTypeName, 03499 /*IN*/ PUNICODE_STRING ObjectName, 03500 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 03501 /*IN*/ HANDLE TokenHandle, 03502 /*IN*/ ACCESS_MASK DesiredAccess, 03503 /*IN*/ ACCESS_MASK GrantedAccess, 03504 /*IN*/ PPRIVILEGE_SET Privileges /*OPTIONAL*/, 03505 /*IN*/ BOOLEAN ObjectCreation, 03506 /*IN*/ BOOLEAN AccessGranted, 03507 /*OUT*/ PBOOLEAN GenerateOnClose); 03508 03509 NTOSAPI 03510 NTSTATUS 03511 NTAPI 03512 NtCloseObjectAuditAlarm( 03513 /*IN*/ PUNICODE_STRING SubsystemName, 03514 /*IN*/ PVOID HandleId, 03515 /*IN*/ BOOLEAN GenerateOnClose); 03516 03517 NTOSAPI 03518 NTSTATUS 03519 NTAPI 03520 ZwCloseObjectAuditAlarm( 03521 /*IN*/ PUNICODE_STRING SubsystemName, 03522 /*IN*/ PVOID HandleId, 03523 /*IN*/ BOOLEAN GenerateOnClose); 03524 03525 NTOSAPI 03526 NTSTATUS 03527 NTAPI 03528 NtDeleteObjectAuditAlarm( 03529 /*IN*/ PUNICODE_STRING SubsystemName, 03530 /*IN*/ PVOID HandleId, 03531 /*IN*/ BOOLEAN GenerateOnClose); 03532 03533 NTOSAPI 03534 NTSTATUS 03535 NTAPI 03536 ZwDeleteObjectAuditAlarm( 03537 /*IN*/ PUNICODE_STRING SubsystemName, 03538 /*IN*/ PVOID HandleId, 03539 /*IN*/ BOOLEAN GenerateOnClose); 03540 03541 03542 03543 03544 /* Plug and play and power management */ 03545 03546 NTOSAPI 03547 NTSTATUS 03548 NTAPI 03549 ZwRequestWakeupLatency( 03550 /*IN*/ LATENCY_TIME Latency); 03551 03552 NTOSAPI 03553 NTSTATUS 03554 NTAPI 03555 ZwRequestDeviceWakeup( 03556 /*IN*/ HANDLE DeviceHandle); 03557 03558 NTOSAPI 03559 NTSTATUS 03560 NTAPI 03561 ZwCancelDeviceWakeupRequest( 03562 /*IN*/ HANDLE DeviceHandle); 03563 03564 NTOSAPI 03565 BOOLEAN 03566 NTAPI 03567 ZwIsSystemResumeAutomatic( 03568 VOID); 03569 03570 NTOSAPI 03571 NTSTATUS 03572 NTAPI 03573 ZwSetThreadExecutionState( 03574 /*IN*/ EXECUTION_STATE ExecutionState, 03575 /*OUT*/ PEXECUTION_STATE PreviousExecutionState); 03576 03577 NTOSAPI 03578 NTSTATUS 03579 NTAPI 03580 ZwGetDevicePowerState( 03581 /*IN*/ HANDLE DeviceHandle, 03582 /*OUT*/ PDEVICE_POWER_STATE DevicePowerState); 03583 03584 NTOSAPI 03585 NTSTATUS 03586 NTAPI 03587 ZwSetSystemPowerState( 03588 /*IN*/ POWER_ACTION SystemAction, 03589 /*IN*/ SYSTEM_POWER_STATE MinSystemState, 03590 /*IN*/ ULONG Flags); 03591 03592 NTOSAPI 03593 NTSTATUS 03594 NTAPI 03595 ZwInitiatePowerAction( 03596 /*IN*/ POWER_ACTION SystemAction, 03597 /*IN*/ SYSTEM_POWER_STATE MinSystemState, 03598 /*IN*/ ULONG Flags, 03599 /*IN*/ BOOLEAN Asynchronous); 03600 03601 NTOSAPI 03602 NTSTATUS 03603 NTAPI 03604 ZwPowerInformation( 03605 /*IN*/ POWER_INFORMATION_LEVEL PowerInformationLevel, 03606 /*IN*/ PVOID InputBuffer /*OPTIONAL*/, 03607 /*IN*/ ULONG InputBufferLength, 03608 /*OUT*/ PVOID OutputBuffer /*OPTIONAL*/, 03609 /*IN*/ ULONG OutputBufferLength); 03610 03611 NTOSAPI 03612 NTSTATUS 03613 NTAPI 03614 NtPlugPlayControl( 03615 /*IN*/ ULONG ControlCode, 03616 /*IN OUT*/ PVOID Buffer, 03617 /*IN*/ ULONG BufferLength); 03618 03619 NTOSAPI 03620 NTSTATUS 03621 NTAPI 03622 ZwPlugPlayControl( 03623 /*IN*/ ULONG ControlCode, 03624 /*IN OUT*/ PVOID Buffer, 03625 /*IN*/ ULONG BufferLength); 03626 03627 NTOSAPI 03628 NTSTATUS 03629 NTAPI 03630 NtGetPlugPlayEvent( 03631 /*IN*/ ULONG Reserved1, 03632 /*IN*/ ULONG Reserved2, 03633 /*OUT*/ PVOID Buffer, 03634 /*IN*/ ULONG BufferLength); 03635 03636 NTOSAPI 03637 NTSTATUS 03638 NTAPI 03639 ZwGetPlugPlayEvent( 03640 /*IN*/ ULONG Reserved1, 03641 /*IN*/ ULONG Reserved2, 03642 /*OUT*/ PVOID Buffer, 03643 /*IN*/ ULONG BufferLength); 03644 03645 03646 03647 03648 /* Miscellany */ 03649 03650 NTOSAPI 03651 NTSTATUS 03652 NTAPI 03653 NtRaiseException( 03654 /*IN*/ PEXCEPTION_RECORD ExceptionRecord, 03655 /*IN*/ PCONTEXT Context, 03656 /*IN*/ BOOLEAN SearchFrames); 03657 03658 NTOSAPI 03659 NTSTATUS 03660 NTAPI 03661 ZwRaiseException( 03662 /*IN*/ PEXCEPTION_RECORD ExceptionRecord, 03663 /*IN*/ PCONTEXT Context, 03664 /*IN*/ BOOLEAN SearchFrames); 03665 03666 NTOSAPI 03667 NTSTATUS 03668 NTAPI 03669 NtContinue( 03670 /*IN*/ PCONTEXT Context, 03671 /*IN*/ BOOLEAN TestAlert); 03672 03673 NTOSAPI 03674 NTSTATUS 03675 NTAPI 03676 ZwContinue( 03677 /*IN*/ PCONTEXT Context, 03678 /*IN*/ BOOLEAN TestAlert); 03679 03680 NTOSAPI 03681 NTSTATUS 03682 NTAPI 03683 ZwW32Call( 03684 /*IN*/ ULONG RoutineIndex, 03685 /*IN*/ PVOID Argument, 03686 /*IN*/ ULONG ArgumentLength, 03687 /*OUT*/ PVOID *Result /*OPTIONAL*/, 03688 /*OUT*/ PULONG ResultLength /*OPTIONAL*/); 03689 03690 NTOSAPI 03691 NTSTATUS 03692 NTAPI 03693 NtSetLowWaitHighThread( 03694 VOID); 03695 03696 NTOSAPI 03697 NTSTATUS 03698 NTAPI 03699 ZwSetLowWaitHighThread( 03700 VOID); 03701 03702 NTOSAPI 03703 NTSTATUS 03704 NTAPI 03705 NtSetHighWaitLowThread( 03706 VOID); 03707 03708 NTOSAPI 03709 NTSTATUS 03710 NTAPI 03711 ZwSetHighWaitLowThread( 03712 VOID); 03713 03714 NTOSAPI 03715 NTSTATUS 03716 NTAPI 03717 NtLoadDriver( 03718 /*IN*/ PUNICODE_STRING DriverServiceName); 03719 03720 NTOSAPI 03721 NTSTATUS 03722 NTAPI 03723 ZwLoadDriver( 03724 /*IN*/ PUNICODE_STRING DriverServiceName); 03725 03726 NTOSAPI 03727 NTSTATUS 03728 NTAPI 03729 NtUnloadDriver( 03730 /*IN*/ PUNICODE_STRING DriverServiceName); 03731 03732 NTOSAPI 03733 NTSTATUS 03734 NTAPI 03735 ZwUnloadDriver( 03736 /*IN*/ PUNICODE_STRING DriverServiceName); 03737 03738 NTOSAPI 03739 NTSTATUS 03740 NTAPI 03741 NtFlushInstructionCache( 03742 /*IN*/ HANDLE ProcessHandle, 03743 /*IN*/ PVOID BaseAddress /*OPTIONAL*/, 03744 /*IN*/ ULONG FlushSize); 03745 03746 NTOSAPI 03747 NTSTATUS 03748 NTAPI 03749 ZwFlushInstructionCache( 03750 /*IN*/ HANDLE ProcessHandle, 03751 /*IN*/ PVOID BaseAddress /*OPTIONAL*/, 03752 /*IN*/ ULONG FlushSize); 03753 03754 NTOSAPI 03755 NTSTATUS 03756 NTAPI 03757 NtFlushWriteBuffer( 03758 VOID); 03759 03760 NTOSAPI 03761 NTSTATUS 03762 NTAPI 03763 ZwFlushWriteBuffer( 03764 VOID); 03765 03766 NTOSAPI 03767 NTSTATUS 03768 NTAPI 03769 NtQueryDefaultLocale( 03770 /*IN*/ BOOLEAN ThreadOrSystem, 03771 /*OUT*/ PLCID Locale); 03772 03773 NTOSAPI 03774 NTSTATUS 03775 NTAPI 03776 ZwQueryDefaultLocale( 03777 /*IN*/ BOOLEAN ThreadOrSystem, 03778 /*OUT*/ PLCID Locale); 03779 03780 NTOSAPI 03781 NTSTATUS 03782 NTAPI 03783 NtSetDefaultLocale( 03784 /*IN*/ BOOLEAN ThreadOrSystem, 03785 /*IN*/ LCID Locale); 03786 03787 NTOSAPI 03788 NTSTATUS 03789 NTAPI 03790 ZwSetDefaultLocale( 03791 /*IN*/ BOOLEAN ThreadOrSystem, 03792 /*IN*/ LCID Locale); 03793 03794 NTOSAPI 03795 NTSTATUS 03796 NTAPI 03797 NtQueryDefaultUILanguage( 03798 /*OUT*/ PLANGID LanguageId); 03799 03800 NTOSAPI 03801 NTSTATUS 03802 NTAPI 03803 ZwQueryDefaultUILanguage( 03804 /*OUT*/ PLANGID LanguageId); 03805 03806 NTOSAPI 03807 NTSTATUS 03808 NTAPI 03809 NtSetDefaultUILanguage( 03810 /*IN*/ LANGID LanguageId); 03811 03812 NTOSAPI 03813 NTSTATUS 03814 NTAPI 03815 ZwSetDefaultUILanguage( 03816 /*IN*/ LANGID LanguageId); 03817 03818 NTOSAPI 03819 NTSTATUS 03820 NTAPI 03821 NtQueryInstallUILanguage( 03822 /*OUT*/ PLANGID LanguageId); 03823 03824 NTOSAPI 03825 NTSTATUS 03826 NTAPI 03827 ZwQueryInstallUILanguage( 03828 /*OUT*/ PLANGID LanguageId); 03829 03830 NTOSAPI 03831 NTSTATUS 03832 NTAPI 03833 NtAllocateLocallyUniqueId( 03834 /*OUT*/ PLUID Luid); 03835 03836 NTOSAPI 03837 NTSTATUS 03838 NTAPI 03839 NtAllocateUuids( 03840 /*OUT*/ PLARGE_INTEGER UuidLastTimeAllocated, 03841 /*OUT*/ PULONG UuidDeltaTime, 03842 /*OUT*/ PULONG UuidSequenceNumber, 03843 /*OUT*/ PUCHAR UuidSeed); 03844 03845 NTOSAPI 03846 NTSTATUS 03847 NTAPI 03848 ZwAllocateUuids( 03849 /*OUT*/ PLARGE_INTEGER UuidLastTimeAllocated, 03850 /*OUT*/ PULONG UuidDeltaTime, 03851 /*OUT*/ PULONG UuidSequenceNumber, 03852 /*OUT*/ PUCHAR UuidSeed); 03853 03854 NTOSAPI 03855 NTSTATUS 03856 NTAPI 03857 NtSetUuidSeed( 03858 /*IN*/ PUCHAR UuidSeed); 03859 03860 NTOSAPI 03861 NTSTATUS 03862 NTAPI 03863 ZwSetUuidSeed( 03864 /*IN*/ PUCHAR UuidSeed); 03865 03866 typedef enum _HARDERROR_RESPONSE_OPTION { 03867 OptionAbortRetryIgnore, 03868 OptionOk, 03869 OptionOkCancel, 03870 OptionRetryCancel, 03871 OptionYesNo, 03872 OptionYesNoCancel, 03873 OptionShutdownSystem 03874 } HARDERROR_RESPONSE_OPTION, *PHARDERROR_RESPONSE_OPTION; 03875 03876 typedef enum _HARDERROR_RESPONSE { 03877 ResponseReturnToCaller, 03878 ResponseNotHandled, 03879 ResponseAbort, 03880 ResponseCancel, 03881 ResponseIgnore, 03882 ResponseNo, 03883 ResponseOk, 03884 ResponseRetry, 03885 ResponseYes 03886 } HARDERROR_RESPONSE, *PHARDERROR_RESPONSE; 03887 03888 NTOSAPI 03889 NTSTATUS 03890 NTAPI 03891 NtRaiseHardError( 03892 /*IN*/ NTSTATUS Status, 03893 /*IN*/ ULONG NumberOfArguments, 03894 /*IN*/ ULONG StringArgumentsMask, 03895 /*IN*/ PULONG Arguments, 03896 /*IN*/ HARDERROR_RESPONSE_OPTION ResponseOption, 03897 /*OUT*/ PHARDERROR_RESPONSE Response); 03898 03899 NTOSAPI 03900 NTSTATUS 03901 NTAPI 03902 ZwRaiseHardError( 03903 /*IN*/ NTSTATUS Status, 03904 /*IN*/ ULONG NumberOfArguments, 03905 /*IN*/ ULONG StringArgumentsMask, 03906 /*IN*/ PULONG Arguments, 03907 /*IN*/ HARDERROR_RESPONSE_OPTION ResponseOption, 03908 /*OUT*/ PHARDERROR_RESPONSE Response); 03909 03910 NTOSAPI 03911 NTSTATUS 03912 NTAPI 03913 NtSetDefaultHardErrorPort( 03914 /*IN*/ HANDLE PortHandle); 03915 03916 NTOSAPI 03917 NTSTATUS 03918 NTAPI 03919 ZwSetDefaultHardErrorPort( 03920 /*IN*/ HANDLE PortHandle); 03921 03922 NTOSAPI 03923 NTSTATUS 03924 NTAPI 03925 NtDisplayString( 03926 /*IN*/ PUNICODE_STRING String); 03927 03928 NTOSAPI 03929 NTSTATUS 03930 NTAPI 03931 ZwDisplayString( 03932 /*IN*/ PUNICODE_STRING String); 03933 03934 NTOSAPI 03935 NTSTATUS 03936 NTAPI 03937 NtCreatePagingFile( 03938 /*IN*/ PUNICODE_STRING FileName, 03939 /*IN*/ PULARGE_INTEGER InitialSize, 03940 /*IN*/ PULARGE_INTEGER MaximumSize, 03941 /*IN*/ ULONG Reserved); 03942 03943 NTOSAPI 03944 NTSTATUS 03945 NTAPI 03946 ZwCreatePagingFile( 03947 /*IN*/ PUNICODE_STRING FileName, 03948 /*IN*/ PULARGE_INTEGER InitialSize, 03949 /*IN*/ PULARGE_INTEGER MaximumSize, 03950 /*IN*/ ULONG Reserved); 03951 03952 typedef USHORT RTL_ATOM, *PRTL_ATOM; 03953 03954 NTOSAPI 03955 NTSTATUS 03956 NTAPI 03957 NtAddAtom( 03958 /*IN*/ PWSTR AtomName, 03959 /*IN*/ ULONG AtomNameLength, 03960 /*OUT*/ PRTL_ATOM Atom); 03961 03962 NTOSAPI 03963 NTSTATUS 03964 NTAPI 03965 ZwAddAtom( 03966 /*IN*/ PWSTR AtomName, 03967 /*IN*/ ULONG AtomNameLength, 03968 /*OUT*/ PRTL_ATOM Atom); 03969 03970 NTOSAPI 03971 NTSTATUS 03972 NTAPI 03973 NtFindAtom( 03974 /*IN*/ PWSTR AtomName, 03975 /*IN*/ ULONG AtomNameLength, 03976 /*OUT*/ PRTL_ATOM Atom); 03977 03978 NTOSAPI 03979 NTSTATUS 03980 NTAPI 03981 ZwFindAtom( 03982 /*IN*/ PWSTR AtomName, 03983 /*IN*/ ULONG AtomNameLength, 03984 /*OUT*/ PRTL_ATOM Atom); 03985 03986 NTOSAPI 03987 NTSTATUS 03988 NTAPI 03989 NtDeleteAtom( 03990 /*IN*/ RTL_ATOM Atom); 03991 03992 NTOSAPI 03993 NTSTATUS 03994 NTAPI 03995 ZwDeleteAtom( 03996 /*IN*/ RTL_ATOM Atom); 03997 03998 typedef enum _ATOM_INFORMATION_CLASS { 03999 AtomBasicInformation, 04000 AtomListInformation 04001 } ATOM_INFORMATION_CLASS; 04002 04003 NTOSAPI 04004 NTSTATUS 04005 NTAPI 04006 NtQueryInformationAtom( 04007 /*IN*/ RTL_ATOM Atom, 04008 /*IN*/ ATOM_INFORMATION_CLASS AtomInformationClass, 04009 /*OUT*/ PVOID AtomInformation, 04010 /*IN*/ ULONG AtomInformationLength, 04011 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 04012 04013 NTOSAPI 04014 NTSTATUS 04015 NTAPI 04016 ZwQueryInformationAtom( 04017 /*IN*/ RTL_ATOM Atom, 04018 /*IN*/ ATOM_INFORMATION_CLASS AtomInformationClass, 04019 /*OUT*/ PVOID AtomInformation, 04020 /*IN*/ ULONG AtomInformationLength, 04021 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 04022 04023 typedef struct _ATOM_BASIC_INFORMATION { 04024 USHORT ReferenceCount; 04025 USHORT Pinned; 04026 USHORT NameLength; 04027 WCHAR Name[1]; 04028 } ATOM_BASIC_INFORMATION, *PATOM_BASIC_INFORMATION; 04029 04030 typedef struct _ATOM_LIST_INFORMATION { 04031 ULONG NumberOfAtoms; 04032 ATOM Atoms[1]; 04033 } ATOM_LIST_INFORMATION, *PATOM_LIST_INFORMATION; 04034 04035 NTOSAPI 04036 NTSTATUS 04037 NTAPI 04038 NtSetLdtEntries( 04039 /*IN*/ ULONG Selector1, 04040 /*IN*/ LDT_ENTRY LdtEntry1, 04041 /*IN*/ ULONG Selector2, 04042 /*IN*/ LDT_ENTRY LdtEntry2); 04043 04044 NTOSAPI 04045 NTSTATUS 04046 NTAPI 04047 ZwSetLdtEntries( 04048 /*IN*/ ULONG Selector1, 04049 /*IN*/ LDT_ENTRY LdtEntry1, 04050 /*IN*/ ULONG Selector2, 04051 /*IN*/ LDT_ENTRY LdtEntry2); 04052 04053 NTOSAPI 04054 NTSTATUS 04055 NTAPI 04056 NtVdmControl( 04057 /*IN*/ ULONG ControlCode, 04058 /*IN*/ PVOID ControlData); 04059 04060 NTOSAPI 04061 NTSTATUS 04062 NTAPI 04063 ZwVdmControl( 04064 /*IN*/ ULONG ControlCode, 04065 /*IN*/ PVOID ControlData); 04066 04067 #pragma pack(pop) 04068 04069 #ifdef __cplusplus 04070 } 04071 #endif 04072 04073 #endif /* __NTAPI_H */
Generated on Tue Jul 12 2022 19:59:54 by
1.7.2