1 /*++ NDK Version: 0098 2 3 Copyright (c) Alex Ionescu. All rights reserved. 4 5 Header Name: 6 7 rtlfuncs.h 8 9 Abstract: 10 11 Function definitions for the Run-Time Library 12 13 Author: 14 15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 16 17 --*/ 18 19 #ifndef _RTLFUNCS_H 20 #define _RTLFUNCS_H 21 22 // 23 // Dependencies 24 // 25 #include <umtypes.h> 26 #include <ntnls.h> 27 #include <rtltypes.h> 28 #include <pstypes.h> 29 #include <extypes.h> 30 #include "in6addr.h" 31 #include "inaddr.h" 32 33 #ifdef __cplusplus 34 extern "C" { 35 #endif 36 37 #ifdef NTOS_MODE_USER 38 39 // 40 // List Functions 41 // 42 FORCEINLINE 43 VOID 44 InitializeListHead( 45 _Out_ PLIST_ENTRY ListHead 46 ) 47 { 48 ListHead->Flink = ListHead->Blink = ListHead; 49 } 50 51 FORCEINLINE 52 VOID 53 InsertHeadList( 54 _Inout_ PLIST_ENTRY ListHead, 55 _Inout_ PLIST_ENTRY Entry 56 ) 57 { 58 PLIST_ENTRY OldFlink; 59 OldFlink = ListHead->Flink; 60 Entry->Flink = OldFlink; 61 Entry->Blink = ListHead; 62 OldFlink->Blink = Entry; 63 ListHead->Flink = Entry; 64 } 65 66 FORCEINLINE 67 VOID 68 InsertTailList( 69 _Inout_ PLIST_ENTRY ListHead, 70 _Inout_ PLIST_ENTRY Entry 71 ) 72 { 73 PLIST_ENTRY OldBlink; 74 OldBlink = ListHead->Blink; 75 Entry->Flink = ListHead; 76 Entry->Blink = OldBlink; 77 OldBlink->Flink = Entry; 78 ListHead->Blink = Entry; 79 } 80 81 _Must_inspect_result_ 82 FORCEINLINE 83 BOOLEAN 84 IsListEmpty( 85 _In_ const LIST_ENTRY * ListHead 86 ) 87 { 88 return (BOOLEAN)(ListHead->Flink == ListHead); 89 } 90 91 FORCEINLINE 92 PSINGLE_LIST_ENTRY 93 PopEntryList( 94 _Inout_ PSINGLE_LIST_ENTRY ListHead 95 ) 96 { 97 PSINGLE_LIST_ENTRY FirstEntry; 98 FirstEntry = ListHead->Next; 99 if (FirstEntry != NULL) { 100 ListHead->Next = FirstEntry->Next; 101 } 102 103 return FirstEntry; 104 } 105 106 FORCEINLINE 107 VOID 108 PushEntryList( 109 _Inout_ PSINGLE_LIST_ENTRY ListHead, 110 _Inout_ PSINGLE_LIST_ENTRY Entry 111 ) 112 { 113 Entry->Next = ListHead->Next; 114 ListHead->Next = Entry; 115 } 116 117 FORCEINLINE 118 BOOLEAN 119 RemoveEntryList( 120 _In_ PLIST_ENTRY Entry) 121 { 122 PLIST_ENTRY OldFlink; 123 PLIST_ENTRY OldBlink; 124 125 OldFlink = Entry->Flink; 126 OldBlink = Entry->Blink; 127 OldFlink->Blink = OldBlink; 128 OldBlink->Flink = OldFlink; 129 return (BOOLEAN)(OldFlink == OldBlink); 130 } 131 132 FORCEINLINE 133 PLIST_ENTRY 134 RemoveHeadList( 135 _Inout_ PLIST_ENTRY ListHead) 136 { 137 PLIST_ENTRY Flink; 138 PLIST_ENTRY Entry; 139 140 Entry = ListHead->Flink; 141 Flink = Entry->Flink; 142 ListHead->Flink = Flink; 143 Flink->Blink = ListHead; 144 return Entry; 145 } 146 147 FORCEINLINE 148 PLIST_ENTRY 149 RemoveTailList( 150 _Inout_ PLIST_ENTRY ListHead) 151 { 152 PLIST_ENTRY Blink; 153 PLIST_ENTRY Entry; 154 155 Entry = ListHead->Blink; 156 Blink = Entry->Blink; 157 ListHead->Blink = Blink; 158 Blink->Flink = ListHead; 159 return Entry; 160 } 161 162 // 163 // Unicode string macros 164 // 165 _At_(UnicodeString->Buffer, _Post_equal_to_(Buffer)) 166 _At_(UnicodeString->Length, _Post_equal_to_(0)) 167 _At_(UnicodeString->MaximumLength, _Post_equal_to_(BufferSize)) 168 FORCEINLINE 169 VOID 170 RtlInitEmptyUnicodeString( 171 _Out_ PUNICODE_STRING UnicodeString, 172 _When_(BufferSize != 0, _Notnull_) _Writable_bytes_(BufferSize) __drv_aliasesMem PWCHAR Buffer, 173 _In_ USHORT BufferSize) 174 { 175 UnicodeString->Length = 0; 176 UnicodeString->MaximumLength = BufferSize; 177 UnicodeString->Buffer = Buffer; 178 } 179 180 _At_(AnsiString->Buffer, _Post_equal_to_(Buffer)) 181 _At_(AnsiString->Length, _Post_equal_to_(0)) 182 _At_(AnsiString->MaximumLength, _Post_equal_to_(BufferSize)) 183 FORCEINLINE 184 VOID 185 RtlInitEmptyAnsiString( 186 _Out_ PANSI_STRING AnsiString, 187 _When_(BufferSize != 0, _Notnull_) _Writable_bytes_(BufferSize) __drv_aliasesMem PCHAR Buffer, 188 _In_ USHORT BufferSize) 189 { 190 AnsiString->Length = 0; 191 AnsiString->MaximumLength = BufferSize; 192 AnsiString->Buffer = Buffer; 193 } 194 195 // 196 // LUID Macros 197 // 198 #define RtlEqualLuid(L1, L2) (((L1)->HighPart == (L2)->HighPart) && \ 199 ((L1)->LowPart == (L2)->LowPart)) 200 FORCEINLINE 201 LUID 202 NTAPI_INLINE 203 RtlConvertUlongToLuid( 204 _In_ ULONG Ulong) 205 { 206 LUID TempLuid; 207 208 TempLuid.LowPart = Ulong; 209 TempLuid.HighPart = 0; 210 return TempLuid; 211 } 212 213 // 214 // ASSERT Macros 215 // 216 #ifndef ASSERT 217 #if DBG 218 219 #define ASSERT( exp ) \ 220 ((void)((!(exp)) ? \ 221 (RtlAssert( (PVOID)#exp, (PVOID)__FILE__, __LINE__, NULL ),FALSE) : \ 222 TRUE)) 223 224 #define ASSERTMSG( msg, exp ) \ 225 ((void)((!(exp)) ? \ 226 (RtlAssert( (PVOID)#exp, (PVOID)__FILE__, __LINE__, (PCHAR)msg ),FALSE) : \ 227 TRUE)) 228 229 #else 230 231 #define ASSERT( exp ) ((void) 0) 232 #define ASSERTMSG( msg, exp ) ((void) 0) 233 234 #endif 235 #endif 236 237 #ifdef NTOS_KERNEL_RUNTIME 238 239 // 240 // Executing RTL functions at DISPATCH_LEVEL or higher will result in a 241 // bugcheck. 242 // 243 #define RTL_PAGED_CODE PAGED_CODE 244 245 #else 246 247 // 248 // This macro does nothing in user mode 249 // 250 #define RTL_PAGED_CODE NOP_FUNCTION 251 252 #endif 253 254 // 255 // RTL Splay Tree Functions 256 // 257 #ifndef RTL_USE_AVL_TABLES 258 259 NTSYSAPI 260 VOID 261 NTAPI 262 RtlInitializeGenericTable( 263 _Out_ PRTL_GENERIC_TABLE Table, 264 _In_ PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine, 265 _In_opt_ PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine, 266 _In_opt_ PRTL_GENERIC_FREE_ROUTINE FreeRoutine, 267 _In_opt_ PVOID TableContext 268 ); 269 270 NTSYSAPI 271 PVOID 272 NTAPI 273 RtlInsertElementGenericTable( 274 _In_ PRTL_GENERIC_TABLE Table, 275 _In_reads_bytes_(BufferSize) PVOID Buffer, 276 _In_ CLONG BufferSize, 277 _Out_opt_ PBOOLEAN NewElement 278 ); 279 280 NTSYSAPI 281 PVOID 282 NTAPI 283 RtlInsertElementGenericTableFull( 284 _In_ PRTL_GENERIC_TABLE Table, 285 _In_reads_bytes_(BufferSize) PVOID Buffer, 286 _In_ CLONG BufferSize, 287 _Out_opt_ PBOOLEAN NewElement, 288 _In_ PVOID NodeOrParent, 289 _In_ TABLE_SEARCH_RESULT SearchResult 290 ); 291 292 NTSYSAPI 293 BOOLEAN 294 NTAPI 295 RtlDeleteElementGenericTable( 296 _In_ PRTL_GENERIC_TABLE Table, 297 _In_ PVOID Buffer 298 ); 299 300 _Must_inspect_result_ 301 NTSYSAPI 302 PVOID 303 NTAPI 304 RtlLookupElementGenericTable( 305 _In_ PRTL_GENERIC_TABLE Table, 306 _In_ PVOID Buffer 307 ); 308 309 NTSYSAPI 310 PVOID 311 NTAPI 312 RtlLookupElementGenericTableFull( 313 _In_ PRTL_GENERIC_TABLE Table, 314 _In_ PVOID Buffer, 315 _Out_ PVOID *NodeOrParent, 316 _Out_ TABLE_SEARCH_RESULT *SearchResult 317 ); 318 319 _Must_inspect_result_ 320 NTSYSAPI 321 PVOID 322 NTAPI 323 RtlEnumerateGenericTable( 324 _In_ PRTL_GENERIC_TABLE Table, 325 _In_ BOOLEAN Restart 326 ); 327 328 _Must_inspect_result_ 329 NTSYSAPI 330 PVOID 331 NTAPI 332 RtlEnumerateGenericTableWithoutSplaying( 333 _In_ PRTL_GENERIC_TABLE Table, 334 _Inout_ PVOID *RestartKey 335 ); 336 337 _Must_inspect_result_ 338 NTSYSAPI 339 PVOID 340 NTAPI 341 RtlGetElementGenericTable( 342 _In_ PRTL_GENERIC_TABLE Table, 343 _In_ ULONG I 344 ); 345 346 NTSYSAPI 347 ULONG 348 NTAPI 349 RtlNumberGenericTableElements( 350 _In_ PRTL_GENERIC_TABLE Table 351 ); 352 353 _Must_inspect_result_ 354 NTSYSAPI 355 BOOLEAN 356 NTAPI 357 RtlIsGenericTableEmpty( 358 _In_ PRTL_GENERIC_TABLE Table 359 ); 360 361 #endif /* !RTL_USE_AVL_TABLES */ 362 363 NTSYSAPI 364 PRTL_SPLAY_LINKS 365 NTAPI 366 RtlSplay( 367 _Inout_ PRTL_SPLAY_LINKS Links 368 ); 369 370 NTSYSAPI 371 PRTL_SPLAY_LINKS 372 NTAPI 373 RtlDelete( 374 _In_ PRTL_SPLAY_LINKS Links 375 ); 376 377 NTSYSAPI 378 VOID 379 NTAPI 380 RtlDeleteNoSplay( 381 _In_ PRTL_SPLAY_LINKS Links, 382 _Inout_ PRTL_SPLAY_LINKS *Root 383 ); 384 385 _Must_inspect_result_ 386 NTSYSAPI 387 PRTL_SPLAY_LINKS 388 NTAPI 389 RtlSubtreeSuccessor( 390 _In_ PRTL_SPLAY_LINKS Links 391 ); 392 393 _Must_inspect_result_ 394 NTSYSAPI 395 PRTL_SPLAY_LINKS 396 NTAPI 397 RtlSubtreePredecessor( 398 _In_ PRTL_SPLAY_LINKS Links 399 ); 400 401 _Must_inspect_result_ 402 NTSYSAPI 403 PRTL_SPLAY_LINKS 404 NTAPI 405 RtlRealSuccessor( 406 _In_ PRTL_SPLAY_LINKS Links 407 ); 408 409 _Must_inspect_result_ 410 NTSYSAPI 411 PRTL_SPLAY_LINKS 412 NTAPI 413 RtlRealPredecessor( 414 _In_ PRTL_SPLAY_LINKS Links 415 ); 416 417 #define RtlIsLeftChild(Links) \ 418 (RtlLeftChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links)) 419 420 #define RtlIsRightChild(Links) \ 421 (RtlRightChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links)) 422 423 #define RtlRightChild(Links) \ 424 ((PRTL_SPLAY_LINKS)(Links))->RightChild 425 426 #define RtlIsRoot(Links) \ 427 (RtlParent(Links) == (PRTL_SPLAY_LINKS)(Links)) 428 429 #define RtlLeftChild(Links) \ 430 ((PRTL_SPLAY_LINKS)(Links))->LeftChild 431 432 #define RtlParent(Links) \ 433 ((PRTL_SPLAY_LINKS)(Links))->Parent 434 435 // FIXME: use inline function 436 437 #define RtlInitializeSplayLinks(Links) \ 438 { \ 439 PRTL_SPLAY_LINKS _SplayLinks; \ 440 _SplayLinks = (PRTL_SPLAY_LINKS)(Links); \ 441 _SplayLinks->Parent = _SplayLinks; \ 442 _SplayLinks->LeftChild = NULL; \ 443 _SplayLinks->RightChild = NULL; \ 444 } 445 446 #define RtlInsertAsLeftChild(ParentLinks,ChildLinks) \ 447 { \ 448 PRTL_SPLAY_LINKS _SplayParent; \ 449 PRTL_SPLAY_LINKS _SplayChild; \ 450 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \ 451 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \ 452 _SplayParent->LeftChild = _SplayChild; \ 453 _SplayChild->Parent = _SplayParent; \ 454 } 455 456 #define RtlInsertAsRightChild(ParentLinks,ChildLinks) \ 457 { \ 458 PRTL_SPLAY_LINKS _SplayParent; \ 459 PRTL_SPLAY_LINKS _SplayChild; \ 460 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \ 461 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \ 462 _SplayParent->RightChild = _SplayChild; \ 463 _SplayChild->Parent = _SplayParent; \ 464 } 465 466 // 467 // RTL AVL Tree Functions 468 // 469 NTSYSAPI 470 VOID 471 NTAPI 472 RtlInitializeGenericTableAvl( 473 _Out_ PRTL_AVL_TABLE Table, 474 _In_ PRTL_AVL_COMPARE_ROUTINE CompareRoutine, 475 _In_opt_ PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine, 476 _In_opt_ PRTL_AVL_FREE_ROUTINE FreeRoutine, 477 _In_opt_ PVOID TableContext 478 ); 479 480 NTSYSAPI 481 PVOID 482 NTAPI 483 RtlInsertElementGenericTableAvl( 484 _In_ PRTL_AVL_TABLE Table, 485 _In_reads_bytes_(BufferSize) PVOID Buffer, 486 _In_ CLONG BufferSize, 487 _Out_opt_ PBOOLEAN NewElement 488 ); 489 490 NTSYSAPI 491 PVOID 492 NTAPI 493 RtlInsertElementGenericTableFullAvl( 494 _In_ PRTL_AVL_TABLE Table, 495 _In_reads_bytes_(BufferSize) PVOID Buffer, 496 _In_ CLONG BufferSize, 497 _Out_opt_ PBOOLEAN NewElement, 498 _In_ PVOID NodeOrParent, 499 _In_ TABLE_SEARCH_RESULT SearchResult 500 ); 501 502 NTSYSAPI 503 BOOLEAN 504 NTAPI 505 RtlDeleteElementGenericTableAvl( 506 _In_ PRTL_AVL_TABLE Table, 507 _In_ PVOID Buffer 508 ); 509 510 _Must_inspect_result_ 511 NTSYSAPI 512 PVOID 513 NTAPI 514 RtlLookupElementGenericTableAvl( 515 _In_ PRTL_AVL_TABLE Table, 516 _In_ PVOID Buffer 517 ); 518 519 NTSYSAPI 520 PVOID 521 NTAPI 522 RtlLookupElementGenericTableFullAvl( 523 _In_ PRTL_AVL_TABLE Table, 524 _In_ PVOID Buffer, 525 _Out_ PVOID *NodeOrParent, 526 _Out_ TABLE_SEARCH_RESULT *SearchResult 527 ); 528 529 _Must_inspect_result_ 530 NTSYSAPI 531 PVOID 532 NTAPI 533 RtlEnumerateGenericTableAvl( 534 _In_ PRTL_AVL_TABLE Table, 535 _In_ BOOLEAN Restart 536 ); 537 538 _Must_inspect_result_ 539 NTSYSAPI 540 PVOID 541 NTAPI 542 RtlEnumerateGenericTableWithoutSplayingAvl( 543 _In_ PRTL_AVL_TABLE Table, 544 _Inout_ PVOID *RestartKey 545 ); 546 547 _Must_inspect_result_ 548 NTSYSAPI 549 PVOID 550 NTAPI 551 RtlLookupFirstMatchingElementGenericTableAvl( 552 _In_ PRTL_AVL_TABLE Table, 553 _In_ PVOID Buffer, 554 _Out_ PVOID *RestartKey 555 ); 556 557 _Must_inspect_result_ 558 NTSYSAPI 559 PVOID 560 NTAPI 561 RtlEnumerateGenericTableLikeADirectory( 562 _In_ PRTL_AVL_TABLE Table, 563 _In_opt_ PRTL_AVL_MATCH_FUNCTION MatchFunction, 564 _In_opt_ PVOID MatchData, 565 _In_ ULONG NextFlag, 566 _Inout_ PVOID *RestartKey, 567 _Inout_ PULONG DeleteCount, 568 _In_ PVOID Buffer 569 ); 570 571 _Must_inspect_result_ 572 NTSYSAPI 573 PVOID 574 NTAPI 575 RtlGetElementGenericTableAvl( 576 _In_ PRTL_AVL_TABLE Table, 577 _In_ ULONG I 578 ); 579 580 NTSYSAPI 581 ULONG 582 NTAPI 583 RtlNumberGenericTableElementsAvl( 584 _In_ PRTL_AVL_TABLE Table 585 ); 586 587 _Must_inspect_result_ 588 NTSYSAPI 589 BOOLEAN 590 NTAPI 591 RtlIsGenericTableEmptyAvl( 592 _In_ PRTL_AVL_TABLE Table 593 ); 594 595 #ifdef RTL_USE_AVL_TABLES 596 597 #define RtlInitializeGenericTable RtlInitializeGenericTableAvl 598 #define RtlInsertElementGenericTable RtlInsertElementGenericTableAvl 599 #define RtlInsertElementGenericTableFull RtlInsertElementGenericTableFullAvl 600 #define RtlDeleteElementGenericTable RtlDeleteElementGenericTableAvl 601 #define RtlLookupElementGenericTable RtlLookupElementGenericTableAvl 602 #define RtlLookupElementGenericTableFull RtlLookupElementGenericTableFullAvl 603 #define RtlEnumerateGenericTable RtlEnumerateGenericTableAvl 604 #define RtlEnumerateGenericTableWithoutSplaying RtlEnumerateGenericTableWithoutSplayingAvl 605 #define RtlGetElementGenericTable RtlGetElementGenericTableAvl 606 #define RtlNumberGenericTableElements RtlNumberGenericTableElementsAvl 607 #define RtlIsGenericTableEmpty RtlIsGenericTableEmptyAvl 608 609 #endif /* RTL_USE_AVL_TABLES */ 610 611 // 612 // Exception and Error Functions 613 // 614 NTSYSAPI 615 PVOID 616 NTAPI 617 RtlAddVectoredExceptionHandler( 618 _In_ ULONG FirstHandler, 619 _In_ PVECTORED_EXCEPTION_HANDLER VectoredHandler 620 ); 621 622 NTSYSAPI 623 ULONG 624 NTAPI 625 RtlRemoveVectoredExceptionHandler( 626 _In_ PVOID VectoredHandlerHandle 627 ); 628 629 NTSYSAPI 630 PVOID 631 NTAPI 632 RtlAddVectoredContinueHandler( 633 _In_ ULONG FirstHandler, 634 _In_ PVECTORED_EXCEPTION_HANDLER VectoredHandler 635 ); 636 637 NTSYSAPI 638 ULONG 639 NTAPI 640 RtlRemoveVectoredContinueHandler( 641 _In_ PVOID VectoredHandlerHandle 642 ); 643 644 NTSYSAPI 645 VOID 646 NTAPI 647 RtlSetUnhandledExceptionFilter( 648 _In_ PRTLP_UNHANDLED_EXCEPTION_FILTER TopLevelExceptionFilter 649 ); 650 651 NTSYSAPI 652 LONG 653 NTAPI 654 RtlUnhandledExceptionFilter( 655 _In_ struct _EXCEPTION_POINTERS* ExceptionInfo 656 ); 657 658 __analysis_noreturn 659 NTSYSAPI 660 VOID 661 NTAPI 662 RtlAssert( 663 _In_ PVOID FailedAssertion, 664 _In_ PVOID FileName, 665 _In_ ULONG LineNumber, 666 _In_opt_z_ PCHAR Message 667 ); 668 669 NTSYSAPI 670 PVOID 671 NTAPI 672 RtlEncodePointer( 673 _In_ PVOID Pointer 674 ); 675 676 NTSYSAPI 677 PVOID 678 NTAPI 679 RtlDecodePointer( 680 _In_ PVOID Pointer 681 ); 682 683 NTSYSAPI 684 PVOID 685 NTAPI 686 RtlEncodeSystemPointer( 687 _In_ PVOID Pointer 688 ); 689 690 NTSYSAPI 691 PVOID 692 NTAPI 693 RtlDecodeSystemPointer( 694 _In_ PVOID Pointer 695 ); 696 697 NTSYSAPI 698 NTSTATUS 699 NTAPI 700 RtlGetLastNtStatus( 701 VOID 702 ); 703 704 NTSYSAPI 705 ULONG 706 NTAPI 707 RtlGetLastWin32Error( 708 VOID 709 ); 710 711 NTSYSAPI 712 VOID 713 NTAPI 714 RtlSetLastWin32Error( 715 _In_ ULONG LastError 716 ); 717 718 NTSYSAPI 719 VOID 720 NTAPI 721 RtlSetLastWin32ErrorAndNtStatusFromNtStatus( 722 _In_ NTSTATUS Status 723 ); 724 725 NTSYSAPI 726 NTSTATUS 727 NTAPI 728 RtlSetThreadErrorMode( 729 _In_ ULONG NewMode, 730 _Out_opt_ PULONG OldMode 731 ); 732 733 NTSYSAPI 734 ULONG 735 NTAPI 736 RtlGetThreadErrorMode( 737 VOID 738 ); 739 740 #endif /* NTOS_MODE_USER */ 741 742 NTSYSAPI 743 VOID 744 NTAPI 745 RtlCaptureContext( 746 _Out_ PCONTEXT ContextRecord 747 ); 748 749 NTSYSAPI 750 BOOLEAN 751 NTAPI 752 RtlDispatchException( 753 _In_ PEXCEPTION_RECORD ExceptionRecord, 754 _In_ PCONTEXT Context 755 ); 756 757 _IRQL_requires_max_(APC_LEVEL) 758 _When_(Status < 0, _Out_range_(>, 0)) 759 _When_(Status >= 0, _Out_range_(==, 0)) 760 NTSYSAPI 761 ULONG 762 NTAPI 763 RtlNtStatusToDosError( 764 _In_ NTSTATUS Status 765 ); 766 767 _When_(Status < 0, _Out_range_(>, 0)) 768 _When_(Status >= 0, _Out_range_(==, 0)) 769 NTSYSAPI 770 ULONG 771 NTAPI 772 RtlNtStatusToDosErrorNoTeb( 773 _In_ NTSTATUS Status 774 ); 775 776 NTSYSAPI 777 NTSTATUS 778 NTAPI 779 RtlMapSecurityErrorToNtStatus( 780 _In_ ULONG SecurityError 781 ); 782 783 NTSYSAPI 784 VOID 785 NTAPI 786 RtlRaiseException( 787 _In_ PEXCEPTION_RECORD ExceptionRecord 788 ); 789 790 DECLSPEC_NORETURN 791 NTSYSAPI 792 VOID 793 NTAPI 794 RtlRaiseStatus( 795 _In_ NTSTATUS Status 796 ); 797 798 NTSYSAPI 799 VOID 800 NTAPI 801 RtlUnwind( 802 _In_opt_ PVOID TargetFrame, 803 _In_opt_ PVOID TargetIp, 804 _In_opt_ PEXCEPTION_RECORD ExceptionRecord, 805 _In_ PVOID ReturnValue 806 ); 807 808 #define RTL_STACK_WALKING_MODE_FRAMES_TO_SKIP_SHIFT 8 809 810 // 811 // Tracing Functions 812 // 813 NTSYSAPI 814 ULONG 815 NTAPI 816 RtlWalkFrameChain( 817 _Out_writes_(Count - (Flags >> RTL_STACK_WALKING_MODE_FRAMES_TO_SKIP_SHIFT)) PVOID *Callers, 818 _In_ ULONG Count, 819 _In_ ULONG Flags 820 ); 821 822 NTSYSAPI 823 USHORT 824 NTAPI 825 RtlLogStackBackTrace( 826 VOID 827 ); 828 829 #ifdef NTOS_MODE_USER 830 // 831 // Heap Functions 832 // 833 _Must_inspect_result_ 834 _Ret_maybenull_ 835 _Post_writable_byte_size_(Size) 836 NTSYSAPI 837 PVOID 838 NTAPI 839 RtlAllocateHeap( 840 _In_ PVOID HeapHandle, 841 _In_opt_ ULONG Flags, 842 _In_ SIZE_T Size 843 ); 844 845 _Must_inspect_result_ 846 NTSYSAPI 847 PVOID 848 NTAPI 849 RtlCreateHeap( 850 _In_ ULONG Flags, 851 _In_opt_ PVOID BaseAddress, 852 _In_opt_ SIZE_T SizeToReserve, 853 _In_opt_ SIZE_T SizeToCommit, 854 _In_opt_ PVOID Lock, 855 _In_opt_ PRTL_HEAP_PARAMETERS Parameters 856 ); 857 858 NTSYSAPI 859 ULONG 860 NTAPI 861 RtlCreateTagHeap( 862 _In_ HANDLE HeapHandle, 863 _In_ ULONG Flags, 864 _In_ PWSTR TagName, 865 _In_ PWSTR TagSubName 866 ); 867 868 ULONG 869 NTAPI 870 RtlCompactHeap( 871 _In_ HANDLE Heap, 872 _In_ ULONG Flags 873 ); 874 875 _Must_inspect_result_ 876 NTSYSAPI 877 PVOID 878 NTAPI 879 RtlDebugCreateHeap( 880 _In_ ULONG Flags, 881 _In_opt_ PVOID BaseAddress, 882 _In_opt_ SIZE_T SizeToReserve, 883 _In_opt_ SIZE_T SizeToCommit, 884 _In_opt_ PVOID Lock, 885 _In_opt_ PRTL_HEAP_PARAMETERS Parameters 886 ); 887 888 NTSYSAPI 889 HANDLE 890 NTAPI 891 RtlDestroyHeap( 892 _In_ _Post_invalid_ HANDLE Heap 893 ); 894 895 NTSYSAPI 896 ULONG 897 NTAPI 898 RtlExtendHeap( 899 _In_ HANDLE Heap, 900 _In_ ULONG Flags, 901 _In_ PVOID P, 902 _In_ SIZE_T Size 903 ); 904 905 _Success_(return != 0) 906 NTSYSAPI 907 BOOLEAN 908 NTAPI 909 RtlFreeHeap( 910 _In_ HANDLE HeapHandle, 911 _In_opt_ ULONG Flags, 912 _In_ _Post_invalid_ PVOID P 913 ); 914 915 ULONG 916 NTAPI 917 RtlGetProcessHeaps( 918 _In_ ULONG HeapCount, 919 _Out_cap_(HeapCount) HANDLE *HeapArray 920 ); 921 922 _Success_(return != 0) 923 BOOLEAN 924 NTAPI 925 RtlGetUserInfoHeap( 926 _In_ PVOID HeapHandle, 927 _In_ ULONG Flags, 928 _In_ PVOID BaseAddress, 929 _Inout_opt_ PVOID *UserValue, 930 _Out_opt_ PULONG UserFlags 931 ); 932 933 NTSYSAPI 934 PVOID 935 NTAPI 936 RtlProtectHeap( 937 _In_ PVOID HeapHandle, 938 _In_ BOOLEAN Protect 939 ); 940 941 NTSYSAPI 942 NTSTATUS 943 NTAPI 944 RtlQueryHeapInformation( 945 _In_ PVOID HeapHandle, 946 _In_ HEAP_INFORMATION_CLASS HeapInformationClass, 947 _Out_ PVOID HeapInformation, 948 _In_ SIZE_T HeapInformationLength, 949 _When_(HeapInformationClass==HeapCompatibilityInformation, _On_failure_(_Out_opt_)) 950 _Out_opt_ PSIZE_T ReturnLength 951 ); 952 953 _Ret_opt_z_ 954 NTSYSAPI 955 PWSTR 956 NTAPI 957 RtlQueryTagHeap( 958 _In_ PVOID HeapHandle, 959 _In_ ULONG Flags, 960 _In_ USHORT TagIndex, 961 _In_ BOOLEAN ResetCounters, 962 _Out_ PRTL_HEAP_TAG_INFO HeapTagInfo 963 ); 964 965 _Must_inspect_result_ 966 _Ret_maybenull_ 967 _Post_writable_byte_size_(Size) 968 NTSYSAPI 969 PVOID 970 NTAPI 971 RtlReAllocateHeap( 972 _In_ HANDLE Heap, 973 _In_opt_ ULONG Flags, 974 _In_ _Post_invalid_ PVOID Ptr, 975 _In_ SIZE_T Size 976 ); 977 978 NTSYSAPI 979 NTSTATUS 980 NTAPI 981 RtlSetHeapInformation( 982 _In_ PVOID HeapHandle, 983 _In_ HEAP_INFORMATION_CLASS HeapInformationClass, 984 _When_(HeapInformationClass==HeapCompatibilityInformation,_In_) PVOID HeapInformation, 985 _In_ SIZE_T HeapInformationLength 986 ); 987 988 NTSYSAPI 989 BOOLEAN 990 NTAPI 991 RtlLockHeap( 992 _In_ HANDLE Heap 993 ); 994 995 _Must_inspect_result_ 996 NTSYSAPI 997 NTSTATUS 998 NTAPI 999 RtlMultipleAllocateHeap ( 1000 _In_ HANDLE HeapHandle, 1001 _In_ ULONG Flags, 1002 _In_ SIZE_T Size, 1003 _In_ ULONG Count, 1004 _Out_cap_(Count) _Deref_post_bytecap_(Size) PVOID * Array 1005 ); 1006 1007 NTSYSAPI 1008 NTSTATUS 1009 NTAPI 1010 RtlMultipleFreeHeap ( 1011 _In_ HANDLE HeapHandle, 1012 _In_ ULONG Flags, 1013 _In_ ULONG Count, 1014 _In_count_(Count) /* _Deref_ _Post_invalid_ */ PVOID * Array 1015 ); 1016 1017 NTSYSAPI 1018 NTSTATUS 1019 NTAPI 1020 RtlUsageHeap( 1021 _In_ HANDLE Heap, 1022 _In_ ULONG Flags, 1023 _Out_ PRTL_HEAP_USAGE Usage 1024 ); 1025 1026 NTSYSAPI 1027 BOOLEAN 1028 NTAPI 1029 RtlUnlockHeap( 1030 _In_ HANDLE Heap 1031 ); 1032 1033 BOOLEAN 1034 NTAPI 1035 RtlSetUserValueHeap( 1036 _In_ PVOID HeapHandle, 1037 _In_ ULONG Flags, 1038 _In_ PVOID BaseAddress, 1039 _In_ PVOID UserValue 1040 ); 1041 1042 BOOLEAN 1043 NTAPI 1044 RtlSetUserFlagsHeap( 1045 _In_ PVOID HeapHandle, 1046 _In_ ULONG Flags, 1047 _In_ PVOID BaseAddress, 1048 _In_ ULONG UserFlagsReset, 1049 _In_ ULONG UserFlagsSet 1050 ); 1051 1052 NTSYSAPI 1053 BOOLEAN 1054 NTAPI 1055 RtlValidateHeap( 1056 _In_ HANDLE Heap, 1057 _In_ ULONG Flags, 1058 _In_opt_ PVOID P 1059 ); 1060 1061 NTSYSAPI 1062 NTSTATUS 1063 NTAPI 1064 RtlWalkHeap( 1065 _In_ HANDLE HeapHandle, 1066 _In_ PVOID HeapEntry 1067 ); 1068 1069 #define RtlGetProcessHeap() (NtCurrentPeb()->ProcessHeap) 1070 1071 #endif // NTOS_MODE_USER 1072 1073 #define NtCurrentPeb() (NtCurrentTeb()->ProcessEnvironmentBlock) 1074 1075 NTSYSAPI 1076 SIZE_T 1077 NTAPI 1078 RtlSizeHeap( 1079 _In_ PVOID HeapHandle, 1080 _In_ ULONG Flags, 1081 _In_ PVOID MemoryPointer 1082 ); 1083 1084 1085 // 1086 // Security Functions 1087 // 1088 _IRQL_requires_max_(APC_LEVEL) 1089 NTSYSAPI 1090 NTSTATUS 1091 NTAPI 1092 RtlAbsoluteToSelfRelativeSD( 1093 _In_ PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, 1094 _Out_writes_bytes_to_opt_(*BufferLength, *BufferLength) PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, 1095 _Inout_ PULONG BufferLength 1096 ); 1097 1098 _IRQL_requires_max_(APC_LEVEL) 1099 NTSYSAPI 1100 NTSTATUS 1101 NTAPI 1102 RtlAddAccessAllowedAce( 1103 _Inout_ PACL Acl, 1104 _In_ ULONG Revision, 1105 _In_ ACCESS_MASK AccessMask, 1106 _In_ PSID Sid 1107 ); 1108 1109 _IRQL_requires_max_(APC_LEVEL) 1110 NTSYSAPI 1111 NTSTATUS 1112 NTAPI 1113 RtlAddAccessAllowedAceEx( 1114 _Inout_ PACL pAcl, 1115 _In_ ULONG dwAceRevision, 1116 _In_ ULONG AceFlags, 1117 _In_ ACCESS_MASK AccessMask, 1118 _In_ PSID pSid 1119 ); 1120 1121 NTSYSAPI 1122 NTSTATUS 1123 NTAPI 1124 RtlAddAccessAllowedObjectAce( 1125 _Inout_ PACL pAcl, 1126 _In_ ULONG dwAceRevision, 1127 _In_ ULONG AceFlags, 1128 _In_ ACCESS_MASK AccessMask, 1129 _In_opt_ GUID *ObjectTypeGuid, 1130 _In_opt_ GUID *InheritedObjectTypeGuid, 1131 _In_ PSID pSid 1132 ); 1133 1134 NTSYSAPI 1135 NTSTATUS 1136 NTAPI 1137 RtlAddAccessDeniedAce( 1138 _Inout_ PACL Acl, 1139 _In_ ULONG Revision, 1140 _In_ ACCESS_MASK AccessMask, 1141 _In_ PSID Sid 1142 ); 1143 1144 NTSYSAPI 1145 NTSTATUS 1146 NTAPI 1147 RtlAddAccessDeniedAceEx( 1148 _Inout_ PACL Acl, 1149 _In_ ULONG Revision, 1150 _In_ ULONG Flags, 1151 _In_ ACCESS_MASK AccessMask, 1152 _In_ PSID Sid 1153 ); 1154 1155 NTSYSAPI 1156 NTSTATUS 1157 NTAPI 1158 RtlAddAccessDeniedObjectAce( 1159 _Inout_ PACL pAcl, 1160 _In_ ULONG dwAceRevision, 1161 _In_ ULONG AceFlags, 1162 _In_ ACCESS_MASK AccessMask, 1163 _In_opt_ GUID *ObjectTypeGuid, 1164 _In_opt_ GUID *InheritedObjectTypeGuid, 1165 _In_ PSID pSid 1166 ); 1167 1168 NTSYSAPI 1169 NTSTATUS 1170 NTAPI 1171 RtlAddAce( 1172 _Inout_ PACL Acl, 1173 _In_ ULONG AceRevision, 1174 _In_ ULONG StartingAceIndex, 1175 _In_reads_bytes_(AceListLength) PVOID AceList, 1176 _In_ ULONG AceListLength 1177 ); 1178 1179 NTSYSAPI 1180 NTSTATUS 1181 NTAPI 1182 RtlAddAuditAccessAce( 1183 _Inout_ PACL Acl, 1184 _In_ ULONG Revision, 1185 _In_ ACCESS_MASK AccessMask, 1186 _In_ PSID Sid, 1187 _In_ BOOLEAN Success, 1188 _In_ BOOLEAN Failure 1189 ); 1190 1191 NTSYSAPI 1192 NTSTATUS 1193 NTAPI 1194 RtlAcquirePrivilege( 1195 _In_ PULONG Privilege, 1196 _In_ ULONG NumPriv, 1197 _In_ ULONG Flags, 1198 _Out_ PVOID *ReturnedState 1199 ); 1200 1201 NTSYSAPI 1202 NTSTATUS 1203 NTAPI 1204 RtlAddAuditAccessAceEx( 1205 _Inout_ PACL Acl, 1206 _In_ ULONG Revision, 1207 _In_ ULONG Flags, 1208 _In_ ACCESS_MASK AccessMask, 1209 _In_ PSID Sid, 1210 _In_ BOOLEAN Success, 1211 _In_ BOOLEAN Failure 1212 ); 1213 1214 NTSYSAPI 1215 NTSTATUS 1216 NTAPI 1217 RtlAddAuditAccessObjectAce( 1218 _Inout_ PACL Acl, 1219 _In_ ULONG Revision, 1220 _In_ ULONG Flags, 1221 _In_ ACCESS_MASK AccessMask, 1222 _In_opt_ GUID *ObjectTypeGuid, 1223 _In_opt_ GUID *InheritedObjectTypeGuid, 1224 _In_ PSID Sid, 1225 _In_ BOOLEAN Success, 1226 _In_ BOOLEAN Failure 1227 ); 1228 1229 NTSYSAPI 1230 NTSTATUS 1231 NTAPI 1232 RtlAddMandatoryAce( 1233 _Inout_ PACL Acl, 1234 _In_ ULONG Revision, 1235 _In_ ULONG Flags, 1236 _In_ ULONG MandatoryFlags, 1237 _In_ UCHAR AceType, 1238 _In_ PSID LabelSid); 1239 1240 NTSYSAPI 1241 NTSTATUS 1242 NTAPI 1243 RtlAdjustPrivilege( 1244 _In_ ULONG Privilege, 1245 _In_ BOOLEAN NewValue, 1246 _In_ BOOLEAN ForThread, 1247 _Out_ PBOOLEAN OldValue 1248 ); 1249 1250 _Must_inspect_result_ 1251 NTSYSAPI 1252 NTSTATUS 1253 NTAPI 1254 RtlAllocateAndInitializeSid( 1255 _In_ PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, 1256 _In_ UCHAR SubAuthorityCount, 1257 _In_ ULONG SubAuthority0, 1258 _In_ ULONG SubAuthority1, 1259 _In_ ULONG SubAuthority2, 1260 _In_ ULONG SubAuthority3, 1261 _In_ ULONG SubAuthority4, 1262 _In_ ULONG SubAuthority5, 1263 _In_ ULONG SubAuthority6, 1264 _In_ ULONG SubAuthority7, 1265 _Outptr_ PSID *Sid 1266 ); 1267 1268 NTSYSAPI 1269 BOOLEAN 1270 NTAPI 1271 RtlAreAllAccessesGranted( 1272 ACCESS_MASK GrantedAccess, 1273 ACCESS_MASK DesiredAccess 1274 ); 1275 1276 NTSYSAPI 1277 BOOLEAN 1278 NTAPI 1279 RtlAreAnyAccessesGranted( 1280 ACCESS_MASK GrantedAccess, 1281 ACCESS_MASK DesiredAccess 1282 ); 1283 1284 _IRQL_requires_max_(APC_LEVEL) 1285 NTSYSAPI 1286 VOID 1287 NTAPI 1288 RtlCopyLuid ( 1289 _Out_ PLUID DestinationLuid, 1290 _In_ PLUID SourceLuid 1291 ); 1292 1293 NTSYSAPI 1294 VOID 1295 NTAPI 1296 RtlCopyLuidAndAttributesArray( 1297 ULONG Count, 1298 PLUID_AND_ATTRIBUTES Src, 1299 PLUID_AND_ATTRIBUTES Dest 1300 ); 1301 1302 NTSYSAPI 1303 NTSTATUS 1304 NTAPI 1305 RtlCopySidAndAttributesArray( 1306 _In_ ULONG Count, 1307 _In_ PSID_AND_ATTRIBUTES Src, 1308 _In_ ULONG SidAreaSize, 1309 _In_ PSID_AND_ATTRIBUTES Dest, 1310 _In_ PSID SidArea, 1311 _Out_ PSID* RemainingSidArea, 1312 _Out_ PULONG RemainingSidAreaSize 1313 ); 1314 1315 _IRQL_requires_max_(APC_LEVEL) 1316 NTSYSAPI 1317 NTSTATUS 1318 NTAPI 1319 RtlConvertSidToUnicodeString( 1320 _Inout_ PUNICODE_STRING UnicodeString, 1321 _In_ PSID Sid, 1322 _In_ BOOLEAN AllocateDestinationString 1323 ); 1324 1325 _IRQL_requires_max_(APC_LEVEL) 1326 NTSYSAPI 1327 NTSTATUS 1328 NTAPI 1329 RtlCopySid( 1330 _In_ ULONG DestinationSidLength, 1331 _Out_writes_bytes_(DestinationSidLength) PSID DestinationSid, 1332 _In_ PSID SourceSid 1333 ); 1334 1335 NTSYSAPI 1336 NTSTATUS 1337 NTAPI 1338 RtlCreateAcl( 1339 PACL Acl, 1340 ULONG AclSize, 1341 ULONG AclRevision 1342 ); 1343 1344 NTSYSAPI 1345 NTSTATUS 1346 NTAPI 1347 RtlCreateSecurityDescriptor( 1348 _Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, 1349 _In_ ULONG Revision 1350 ); 1351 1352 NTSYSAPI 1353 NTSTATUS 1354 NTAPI 1355 RtlCreateSecurityDescriptorRelative( 1356 _Out_ PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor, 1357 _In_ ULONG Revision 1358 ); 1359 1360 NTSYSAPI 1361 NTSTATUS 1362 NTAPI 1363 RtlCopySecurityDescriptor( 1364 _In_ PSECURITY_DESCRIPTOR pSourceSecurityDescriptor, 1365 _Out_ PSECURITY_DESCRIPTOR *pDestinationSecurityDescriptor 1366 ); 1367 1368 NTSYSAPI 1369 NTSTATUS 1370 NTAPI 1371 RtlDeleteAce( 1372 PACL Acl, 1373 ULONG AceIndex 1374 ); 1375 1376 NTSYSAPI 1377 BOOLEAN 1378 NTAPI 1379 RtlEqualPrefixSid( 1380 PSID Sid1, 1381 PSID Sid2 1382 ); 1383 1384 NTSYSAPI 1385 BOOLEAN 1386 NTAPI 1387 RtlEqualSid ( 1388 _In_ PSID Sid1, 1389 _In_ PSID Sid2 1390 ); 1391 1392 NTSYSAPI 1393 BOOLEAN 1394 NTAPI 1395 RtlFirstFreeAce( 1396 PACL Acl, 1397 PACE* Ace 1398 ); 1399 1400 NTSYSAPI 1401 PVOID 1402 NTAPI 1403 RtlFreeSid( 1404 _In_ _Post_invalid_ PSID Sid 1405 ); 1406 1407 NTSYSAPI 1408 NTSTATUS 1409 NTAPI 1410 RtlGetAce( 1411 PACL Acl, 1412 ULONG AceIndex, 1413 PVOID *Ace 1414 ); 1415 1416 NTSYSAPI 1417 NTSTATUS 1418 NTAPI 1419 RtlGetControlSecurityDescriptor( 1420 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 1421 _Out_ PSECURITY_DESCRIPTOR_CONTROL Control, 1422 _Out_ PULONG Revision 1423 ); 1424 1425 NTSYSAPI 1426 NTSTATUS 1427 NTAPI 1428 RtlGetDaclSecurityDescriptor( 1429 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 1430 _Out_ PBOOLEAN DaclPresent, 1431 _Out_ PACL *Dacl, 1432 _Out_ PBOOLEAN DaclDefaulted 1433 ); 1434 1435 NTSYSAPI 1436 NTSTATUS 1437 NTAPI 1438 RtlGetSaclSecurityDescriptor( 1439 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 1440 _Out_ PBOOLEAN SaclPresent, 1441 _Out_ PACL* Sacl, 1442 _Out_ PBOOLEAN SaclDefaulted 1443 ); 1444 1445 NTSYSAPI 1446 NTSTATUS 1447 NTAPI 1448 RtlGetGroupSecurityDescriptor( 1449 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 1450 _Out_ PSID *Group, 1451 _Out_ PBOOLEAN GroupDefaulted 1452 ); 1453 1454 NTSYSAPI 1455 NTSTATUS 1456 NTAPI 1457 RtlGetOwnerSecurityDescriptor( 1458 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 1459 _Out_ PSID *Owner, 1460 _Out_ PBOOLEAN OwnerDefaulted 1461 ); 1462 1463 NTSYSAPI 1464 BOOLEAN 1465 NTAPI 1466 RtlGetSecurityDescriptorRMControl( 1467 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 1468 _Out_ PUCHAR RMControl 1469 ); 1470 1471 NTSYSAPI 1472 PSID_IDENTIFIER_AUTHORITY 1473 NTAPI 1474 RtlIdentifierAuthoritySid(PSID Sid); 1475 1476 NTSYSAPI 1477 NTSTATUS 1478 NTAPI 1479 RtlImpersonateSelf(IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel); 1480 1481 _IRQL_requires_max_(APC_LEVEL) 1482 NTSYSAPI 1483 NTSTATUS 1484 NTAPI 1485 RtlInitializeSid( 1486 _Out_ PSID Sid, 1487 _In_ PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, 1488 _In_ UCHAR SubAuthorityCount 1489 ); 1490 1491 NTSYSAPI 1492 ULONG 1493 NTAPI 1494 RtlLengthRequiredSid(IN ULONG SubAuthorityCount); 1495 1496 _IRQL_requires_max_(APC_LEVEL) 1497 NTSYSAPI 1498 ULONG 1499 NTAPI 1500 RtlLengthSecurityDescriptor( 1501 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor); 1502 1503 NTSYSAPI 1504 ULONG 1505 NTAPI 1506 RtlLengthSid(IN PSID Sid); 1507 1508 NTSYSAPI 1509 NTSTATUS 1510 NTAPI 1511 RtlMakeSelfRelativeSD( 1512 _In_ PSECURITY_DESCRIPTOR AbsoluteSD, 1513 _Out_ PSECURITY_DESCRIPTOR SelfRelativeSD, 1514 _Inout_ PULONG BufferLength); 1515 1516 NTSYSAPI 1517 VOID 1518 NTAPI 1519 RtlMapGenericMask( 1520 PACCESS_MASK AccessMask, 1521 PGENERIC_MAPPING GenericMapping 1522 ); 1523 1524 #ifdef NTOS_MODE_USER 1525 1526 NTSYSAPI 1527 NTSTATUS 1528 NTAPI 1529 RtlQueryInformationAcl( 1530 PACL Acl, 1531 PVOID Information, 1532 ULONG InformationLength, 1533 ACL_INFORMATION_CLASS InformationClass 1534 ); 1535 1536 #endif 1537 1538 NTSYSAPI 1539 VOID 1540 NTAPI 1541 RtlReleasePrivilege( 1542 _In_ PVOID ReturnedState 1543 ); 1544 1545 _IRQL_requires_max_(APC_LEVEL) 1546 NTSYSAPI 1547 NTSTATUS 1548 NTAPI 1549 RtlSelfRelativeToAbsoluteSD( 1550 _In_ PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, 1551 _Out_writes_bytes_to_opt_(*AbsoluteSecurityDescriptorSize, *AbsoluteSecurityDescriptorSize) PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, 1552 _Inout_ PULONG AbsoluteSecurityDescriptorSize, 1553 _Out_writes_bytes_to_opt_(*DaclSize, *DaclSize) PACL Dacl, 1554 _Inout_ PULONG DaclSize, 1555 _Out_writes_bytes_to_opt_(*SaclSize, *SaclSize) PACL Sacl, 1556 _Inout_ PULONG SaclSize, 1557 _Out_writes_bytes_to_opt_(*OwnerSize, *OwnerSize) PSID Owner, 1558 _Inout_ PULONG OwnerSize, 1559 _Out_writes_bytes_to_opt_(*PrimaryGroupSize, *PrimaryGroupSize) PSID PrimaryGroup, 1560 _Inout_ PULONG PrimaryGroupSize 1561 ); 1562 1563 NTSYSAPI 1564 NTSTATUS 1565 NTAPI 1566 RtlSelfRelativeToAbsoluteSD2( 1567 _Inout_ PSECURITY_DESCRIPTOR SelfRelativeSD, 1568 _Out_ PULONG BufferSize 1569 ); 1570 1571 NTSYSAPI 1572 NTSTATUS 1573 NTAPI 1574 RtlSetAttributesSecurityDescriptor( 1575 _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, 1576 _In_ SECURITY_DESCRIPTOR_CONTROL Control, 1577 _Out_ PULONG Revision 1578 ); 1579 1580 NTSYSAPI 1581 NTSTATUS 1582 NTAPI 1583 RtlSetControlSecurityDescriptor( 1584 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 1585 _In_ SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest, 1586 _In_ SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet 1587 ); 1588 1589 _IRQL_requires_max_(APC_LEVEL) 1590 NTSYSAPI 1591 NTSTATUS 1592 NTAPI 1593 RtlSetDaclSecurityDescriptor( 1594 _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, 1595 _In_ BOOLEAN DaclPresent, 1596 _In_opt_ PACL Dacl, 1597 _In_opt_ BOOLEAN DaclDefaulted 1598 ); 1599 1600 _IRQL_requires_max_(APC_LEVEL) 1601 NTSYSAPI 1602 NTSTATUS 1603 NTAPI 1604 RtlSetGroupSecurityDescriptor( 1605 _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, 1606 _In_opt_ PSID Group, 1607 _In_opt_ BOOLEAN GroupDefaulted 1608 ); 1609 1610 #ifdef NTOS_MODE_USER 1611 1612 NTSYSAPI 1613 NTSTATUS 1614 NTAPI 1615 RtlSetInformationAcl( 1616 PACL Acl, 1617 PVOID Information, 1618 ULONG InformationLength, 1619 ACL_INFORMATION_CLASS InformationClass 1620 ); 1621 1622 #endif 1623 1624 _IRQL_requires_max_(APC_LEVEL) 1625 NTSYSAPI 1626 NTSTATUS 1627 NTAPI 1628 RtlSetOwnerSecurityDescriptor( 1629 _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, 1630 _In_opt_ PSID Owner, 1631 _In_opt_ BOOLEAN OwnerDefaulted 1632 ); 1633 1634 NTSYSAPI 1635 NTSTATUS 1636 NTAPI 1637 RtlSetSaclSecurityDescriptor( 1638 _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, 1639 _In_ BOOLEAN SaclPresent, 1640 _In_ PACL Sacl, 1641 _In_ BOOLEAN SaclDefaulted 1642 ); 1643 1644 NTSYSAPI 1645 VOID 1646 NTAPI 1647 RtlSetSecurityDescriptorRMControl( 1648 _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, 1649 _In_ PUCHAR RMControl 1650 ); 1651 1652 NTSYSAPI 1653 PUCHAR 1654 NTAPI 1655 RtlSubAuthorityCountSid( 1656 _In_ PSID Sid 1657 ); 1658 1659 NTSYSAPI 1660 PULONG 1661 NTAPI 1662 RtlSubAuthoritySid( 1663 _In_ PSID Sid, 1664 _In_ ULONG SubAuthority 1665 ); 1666 1667 _IRQL_requires_max_(APC_LEVEL) 1668 _Must_inspect_result_ 1669 NTSYSAPI 1670 BOOLEAN 1671 NTAPI 1672 RtlValidRelativeSecurityDescriptor( 1673 _In_reads_bytes_(SecurityDescriptorLength) PSECURITY_DESCRIPTOR SecurityDescriptorInput, 1674 _In_ ULONG SecurityDescriptorLength, 1675 _In_ SECURITY_INFORMATION RequiredInformation 1676 ); 1677 1678 NTSYSAPI 1679 BOOLEAN 1680 NTAPI 1681 RtlValidSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor); 1682 1683 NTSYSAPI 1684 BOOLEAN 1685 NTAPI 1686 RtlValidSid(IN PSID Sid); 1687 1688 NTSYSAPI 1689 BOOLEAN 1690 NTAPI 1691 RtlValidAcl(PACL Acl); 1692 1693 NTSYSAPI 1694 NTSTATUS 1695 NTAPI 1696 RtlDeleteSecurityObject( 1697 _In_ PSECURITY_DESCRIPTOR *ObjectDescriptor 1698 ); 1699 1700 NTSYSAPI 1701 NTSTATUS 1702 NTAPI 1703 RtlNewSecurityObject( 1704 _In_ PSECURITY_DESCRIPTOR ParentDescriptor, 1705 _In_ PSECURITY_DESCRIPTOR CreatorDescriptor, 1706 _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, 1707 _In_ BOOLEAN IsDirectoryObject, 1708 _In_ HANDLE Token, 1709 _In_ PGENERIC_MAPPING GenericMapping 1710 ); 1711 1712 NTSYSAPI 1713 NTSTATUS 1714 NTAPI 1715 RtlQuerySecurityObject( 1716 _In_ PSECURITY_DESCRIPTOR ObjectDescriptor, 1717 _In_ SECURITY_INFORMATION SecurityInformation, 1718 _Out_ PSECURITY_DESCRIPTOR ResultantDescriptor, 1719 _In_ ULONG DescriptorLength, 1720 _Out_ PULONG ReturnLength 1721 ); 1722 1723 NTSYSAPI 1724 NTSTATUS 1725 NTAPI 1726 RtlSetSecurityObject( 1727 _In_ SECURITY_INFORMATION SecurityInformation, 1728 _In_ PSECURITY_DESCRIPTOR ModificationDescriptor, 1729 _Out_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, 1730 _In_ PGENERIC_MAPPING GenericMapping, 1731 _In_ HANDLE Token 1732 ); 1733 1734 // 1735 // Single-Character Functions 1736 // 1737 NTSYSAPI 1738 NTSTATUS 1739 NTAPI 1740 RtlLargeIntegerToChar( 1741 _In_ PLARGE_INTEGER Value, 1742 _In_ ULONG Base, 1743 _In_ ULONG Length, 1744 _Out_ PCHAR String 1745 ); 1746 1747 NTSYSAPI 1748 CHAR 1749 NTAPI 1750 RtlUpperChar(CHAR Source); 1751 1752 NTSYSAPI 1753 WCHAR 1754 NTAPI 1755 RtlUpcaseUnicodeChar(WCHAR Source); 1756 1757 NTSYSAPI 1758 WCHAR 1759 NTAPI 1760 RtlDowncaseUnicodeChar(IN WCHAR Source); 1761 1762 NTSYSAPI 1763 NTSTATUS 1764 NTAPI 1765 RtlIntegerToChar( 1766 _In_ ULONG Value, 1767 _In_ ULONG Base, 1768 _In_ ULONG Length, 1769 _Out_ PCHAR String 1770 ); 1771 1772 NTSYSAPI 1773 NTSTATUS 1774 NTAPI 1775 RtlIntegerToUnicode( 1776 _In_ ULONG Value, 1777 _In_opt_ ULONG Base, 1778 _In_opt_ ULONG Length, 1779 _Inout_ LPWSTR String 1780 ); 1781 1782 _IRQL_requires_max_(PASSIVE_LEVEL) 1783 _At_(String->MaximumLength, _Const_) 1784 NTSYSAPI 1785 NTSTATUS 1786 NTAPI 1787 RtlIntegerToUnicodeString( 1788 _In_ ULONG Value, 1789 _In_opt_ ULONG Base, 1790 _Inout_ PUNICODE_STRING String 1791 ); 1792 1793 NTSYSAPI 1794 NTSTATUS 1795 NTAPI 1796 RtlCharToInteger( 1797 PCSZ String, 1798 ULONG Base, 1799 PULONG Value 1800 ); 1801 1802 // 1803 // Byte Swap Functions 1804 // 1805 #ifdef NTOS_MODE_USER 1806 1807 unsigned short __cdecl _byteswap_ushort(unsigned short); 1808 unsigned long __cdecl _byteswap_ulong (unsigned long); 1809 unsigned __int64 __cdecl _byteswap_uint64(unsigned __int64); 1810 #ifdef _MSC_VER 1811 #pragma intrinsic(_byteswap_ushort) 1812 #pragma intrinsic(_byteswap_ulong) 1813 #pragma intrinsic(_byteswap_uint64) 1814 #endif // _MSC_VER 1815 #define RtlUshortByteSwap(_x) _byteswap_ushort((USHORT)(_x)) 1816 #define RtlUlongByteSwap(_x) _byteswap_ulong((_x)) 1817 #define RtlUlonglongByteSwap(_x) _byteswap_uint64((_x)) 1818 1819 #endif // NTOS_MODE_USER 1820 1821 // 1822 // Unicode->Ansi String Functions 1823 // 1824 NTSYSAPI 1825 ULONG 1826 NTAPI 1827 RtlxUnicodeStringToAnsiSize(IN PCUNICODE_STRING UnicodeString); 1828 1829 #ifdef NTOS_MODE_USER 1830 1831 #define RtlUnicodeStringToAnsiSize(STRING) ( \ 1832 NLS_MB_CODE_PAGE_TAG ? \ 1833 RtlxUnicodeStringToAnsiSize(STRING) : \ 1834 ((STRING)->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR) \ 1835 ) 1836 1837 #endif 1838 1839 NTSYSAPI 1840 NTSTATUS 1841 NTAPI 1842 RtlUnicodeStringToAnsiString( 1843 PANSI_STRING DestinationString, 1844 PCUNICODE_STRING SourceString, 1845 BOOLEAN AllocateDestinationString 1846 ); 1847 1848 // 1849 // Unicode->OEM String Functions 1850 // 1851 NTSYSAPI 1852 NTSTATUS 1853 NTAPI 1854 RtlUpcaseUnicodeStringToOemString( 1855 POEM_STRING DestinationString, 1856 PCUNICODE_STRING SourceString, 1857 BOOLEAN AllocateDestinationString 1858 ); 1859 1860 _IRQL_requires_max_(PASSIVE_LEVEL) 1861 _Must_inspect_result_ 1862 //_At_(DestinationString->Buffer, _Post_bytecount_(DestinationString->Length)) 1863 NTSYSAPI 1864 NTSTATUS 1865 NTAPI 1866 RtlUpcaseUnicodeStringToCountedOemString( 1867 _When_(AllocateDestinationString, _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem))) 1868 _When_(!AllocateDestinationString, _Inout_) 1869 POEM_STRING DestinationString, 1870 _In_ PCUNICODE_STRING SourceString, 1871 _In_ BOOLEAN AllocateDestinationString 1872 ); 1873 1874 NTSYSAPI 1875 NTSTATUS 1876 NTAPI 1877 RtlUnicodeStringToOemString( 1878 POEM_STRING DestinationString, 1879 PCUNICODE_STRING SourceString, 1880 BOOLEAN AllocateDestinationString 1881 ); 1882 1883 NTSYSAPI 1884 NTSTATUS 1885 NTAPI 1886 RtlUpcaseUnicodeToOemN( 1887 PCHAR OemString, 1888 ULONG OemSize, 1889 PULONG ResultSize, 1890 PCWCH UnicodeString, 1891 ULONG UnicodeSize 1892 ); 1893 1894 NTSYSAPI 1895 ULONG 1896 NTAPI 1897 RtlxUnicodeStringToOemSize(IN PCUNICODE_STRING UnicodeString); 1898 1899 #ifdef NTOS_MODE_USER 1900 1901 #define RtlUnicodeStringToOemSize(STRING) ( \ 1902 NLS_MB_OEM_CODE_PAGE_TAG ? \ 1903 RtlxUnicodeStringToOemSize(STRING) : \ 1904 ((STRING)->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR) \ 1905 ) 1906 1907 #define RtlUnicodeStringToCountedOemSize(STRING) ( \ 1908 (ULONG)(RtlUnicodeStringToOemSize(STRING) - sizeof(ANSI_NULL)) \ 1909 ) 1910 1911 #endif 1912 1913 NTSYSAPI 1914 NTSTATUS 1915 NTAPI 1916 RtlUnicodeToOemN( 1917 PCHAR OemString, 1918 ULONG OemSize, 1919 PULONG ResultSize, 1920 PCWCH UnicodeString, 1921 ULONG UnicodeSize 1922 ); 1923 1924 // 1925 // Unicode->MultiByte String Functions 1926 // 1927 NTSYSAPI 1928 NTSTATUS 1929 NTAPI 1930 RtlUnicodeToMultiByteN( 1931 PCHAR MbString, 1932 ULONG MbSize, 1933 PULONG ResultSize, 1934 PCWCH UnicodeString, 1935 ULONG UnicodeSize 1936 ); 1937 1938 NTSYSAPI 1939 NTSTATUS 1940 NTAPI 1941 RtlUpcaseUnicodeToMultiByteN( 1942 PCHAR MbString, 1943 ULONG MbSize, 1944 PULONG ResultSize, 1945 PCWCH UnicodeString, 1946 ULONG UnicodeSize 1947 ); 1948 1949 NTSYSAPI 1950 NTSTATUS 1951 NTAPI 1952 RtlUnicodeToMultiByteSize( 1953 PULONG MbSize, 1954 PCWCH UnicodeString, 1955 ULONG UnicodeSize 1956 ); 1957 1958 NTSYSAPI 1959 ULONG 1960 NTAPI 1961 RtlxOemStringToUnicodeSize(IN PCOEM_STRING OemString); 1962 1963 // 1964 // OEM to Unicode Functions 1965 // 1966 NTSYSAPI 1967 NTSTATUS 1968 NTAPI 1969 RtlOemStringToUnicodeString( 1970 PUNICODE_STRING DestinationString, 1971 PCOEM_STRING SourceString, 1972 BOOLEAN AllocateDestinationString 1973 ); 1974 1975 _IRQL_requires_max_(PASSIVE_LEVEL) 1976 NTSYSAPI 1977 NTSTATUS 1978 NTAPI 1979 RtlOemToUnicodeN( 1980 _Out_writes_bytes_to_(MaxBytesInUnicodeString, *BytesInUnicodeString) PWCH UnicodeString, 1981 _In_ ULONG MaxBytesInUnicodeString, 1982 _Out_opt_ PULONG BytesInUnicodeString, 1983 _In_reads_bytes_(BytesInOemString) PCCH OemString, 1984 _In_ ULONG BytesInOemString 1985 ); 1986 1987 #ifdef NTOS_MODE_USER 1988 1989 #define RtlOemStringToUnicodeSize(STRING) ( \ 1990 NLS_MB_OEM_CODE_PAGE_TAG ? \ 1991 RtlxOemStringToUnicodeSize(STRING) : \ 1992 ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \ 1993 ) 1994 1995 #define RtlOemStringToCountedUnicodeSize(STRING) ( \ 1996 (ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \ 1997 ) 1998 1999 #endif 2000 2001 // 2002 // Ansi->Unicode String Functions 2003 // 2004 _IRQL_requires_max_(APC_LEVEL) 2005 NTSYSAPI 2006 WCHAR 2007 NTAPI 2008 RtlAnsiCharToUnicodeChar( 2009 _Inout_ PUCHAR *SourceCharacter); 2010 2011 NTSYSAPI 2012 NTSTATUS 2013 NTAPI 2014 RtlAnsiStringToUnicodeString( 2015 PUNICODE_STRING DestinationString, 2016 PCANSI_STRING SourceString, 2017 BOOLEAN AllocateDestinationString 2018 ); 2019 2020 NTSYSAPI 2021 ULONG 2022 NTAPI 2023 RtlxAnsiStringToUnicodeSize( 2024 PCANSI_STRING AnsiString 2025 ); 2026 2027 #ifdef NTOS_MODE_USER 2028 2029 #define RtlAnsiStringToUnicodeSize(STRING) ( \ 2030 NLS_MB_CODE_PAGE_TAG ? \ 2031 RtlxAnsiStringToUnicodeSize(STRING) : \ 2032 ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \ 2033 ) 2034 2035 #endif 2036 2037 NTSYSAPI 2038 BOOLEAN 2039 NTAPI 2040 RtlCreateUnicodeStringFromAsciiz( 2041 _Out_ PUNICODE_STRING Destination, 2042 _In_ PCSZ Source 2043 ); 2044 2045 // 2046 // Unicode String Functions 2047 // 2048 NTSYSAPI 2049 NTSTATUS 2050 NTAPI 2051 RtlAppendUnicodeToString( 2052 PUNICODE_STRING Destination, 2053 PCWSTR Source 2054 ); 2055 2056 NTSYSAPI 2057 NTSTATUS 2058 NTAPI 2059 RtlAppendUnicodeStringToString( 2060 PUNICODE_STRING Destination, 2061 PCUNICODE_STRING Source 2062 ); 2063 2064 NTSYSAPI 2065 LONG 2066 NTAPI 2067 RtlCompareUnicodeString( 2068 PCUNICODE_STRING String1, 2069 PCUNICODE_STRING String2, 2070 BOOLEAN CaseInsensitive 2071 ); 2072 2073 NTSYSAPI 2074 VOID 2075 NTAPI 2076 RtlCopyUnicodeString( 2077 PUNICODE_STRING DestinationString, 2078 PCUNICODE_STRING SourceString 2079 ); 2080 2081 NTSYSAPI 2082 BOOLEAN 2083 NTAPI 2084 RtlCreateUnicodeString( 2085 PUNICODE_STRING DestinationString, 2086 PCWSTR SourceString 2087 ); 2088 2089 #ifdef NTOS_MODE_USER 2090 2091 NTSYSAPI 2092 NTSTATUS 2093 NTAPI 2094 RtlDowncaseUnicodeString( 2095 _Inout_ PUNICODE_STRING UniDest, 2096 _In_ PCUNICODE_STRING UniSource, 2097 _In_ BOOLEAN AllocateDestinationString 2098 ); 2099 2100 NTSYSAPI 2101 NTSTATUS 2102 NTAPI 2103 RtlDuplicateUnicodeString( 2104 _In_ ULONG Flags, 2105 _In_ PCUNICODE_STRING SourceString, 2106 _Out_ PUNICODE_STRING DestinationString 2107 ); 2108 2109 // 2110 // Memory Functions 2111 // 2112 NTSYSAPI 2113 VOID 2114 NTAPI 2115 RtlFillMemoryUlong( 2116 _In_ PVOID Destination, 2117 _In_ SIZE_T Length, 2118 _In_ ULONG Fill 2119 ); 2120 2121 NTSYSAPI 2122 VOID 2123 NTAPI 2124 RtlFillMemoryUlonglong( 2125 _Out_ PVOID Destination, 2126 _In_ SIZE_T Length, 2127 _In_ ULONGLONG Pattern 2128 ); 2129 2130 NTSYSAPI 2131 NTSTATUS 2132 NTAPI 2133 RtlCopyMappedMemory( 2134 _Out_writes_bytes_all_(Size) PVOID Destination, 2135 _In_reads_bytes_(Size) const VOID *Source, 2136 _In_ SIZE_T Size 2137 ); 2138 2139 NTSYSAPI 2140 SIZE_T 2141 NTAPI 2142 RtlCompareMemoryUlong( 2143 _In_ PVOID Source, 2144 _In_ SIZE_T Length, 2145 _In_ ULONG Pattern 2146 ); 2147 2148 #ifndef RtlEqualMemory 2149 #define RtlEqualMemory(Destination, Source, Length) \ 2150 (!memcmp(Destination, Source, Length)) 2151 #endif 2152 2153 #define RtlCopyBytes RtlCopyMemory 2154 #define RtlFillBytes RtlFillMemory 2155 #define RtlZeroBytes RtlZeroMemory 2156 2157 #endif 2158 2159 NTSYSAPI 2160 BOOLEAN 2161 NTAPI 2162 RtlEqualUnicodeString( 2163 PCUNICODE_STRING String1, 2164 PCUNICODE_STRING String2, 2165 BOOLEAN CaseInsensitive 2166 ); 2167 2168 NTSYSAPI 2169 NTSTATUS 2170 NTAPI 2171 RtlFindCharInUnicodeString( 2172 _In_ ULONG Flags, 2173 _In_ PCUNICODE_STRING SearchString, 2174 _In_ PCUNICODE_STRING MatchString, 2175 _Out_ PUSHORT Position 2176 ); 2177 2178 _IRQL_requires_max_(PASSIVE_LEVEL) 2179 NTSYSAPI 2180 VOID 2181 NTAPI 2182 RtlFreeUnicodeString( 2183 _Inout_ _At_(UnicodeString->Buffer, __drv_freesMem(Mem)) 2184 PUNICODE_STRING UnicodeString 2185 ); 2186 2187 NTSYSAPI 2188 VOID 2189 NTAPI 2190 RtlEraseUnicodeString( 2191 _Inout_ PUNICODE_STRING String 2192 ); 2193 2194 NTSYSAPI 2195 NTSTATUS 2196 NTAPI 2197 RtlHashUnicodeString( 2198 _In_ CONST UNICODE_STRING *String, 2199 _In_ BOOLEAN CaseInSensitive, 2200 _In_ ULONG HashAlgorithm, 2201 _Out_ PULONG HashValue 2202 ); 2203 2204 _IRQL_requires_max_(DISPATCH_LEVEL) 2205 _At_(DestinationString->Buffer, _Post_equal_to_(SourceString)) 2206 _When_(SourceString != NULL, 2207 _At_(DestinationString->Length, _Post_equal_to_(_String_length_(SourceString) * sizeof(WCHAR))) 2208 _At_(DestinationString->MaximumLength, _Post_equal_to_(DestinationString->Length + sizeof(WCHAR)))) 2209 _When_(SourceString == NULL, 2210 _At_(DestinationString->Length, _Post_equal_to_(0)) 2211 _At_(DestinationString->MaximumLength, _Post_equal_to_(0))) 2212 NTSYSAPI 2213 VOID 2214 NTAPI 2215 RtlInitUnicodeString( 2216 _Out_ PUNICODE_STRING DestinationString, 2217 _In_opt_z_ __drv_aliasesMem PCWSTR SourceString 2218 ); 2219 2220 _IRQL_requires_max_(DISPATCH_LEVEL) 2221 NTSYSAPI 2222 NTSTATUS 2223 NTAPI 2224 RtlInitUnicodeStringEx( 2225 _Out_ PUNICODE_STRING DestinationString, 2226 _In_opt_z_ __drv_aliasesMem PCWSTR SourceString 2227 ); 2228 2229 NTSYSAPI 2230 BOOLEAN 2231 NTAPI 2232 RtlIsTextUnicode( 2233 _In_ CONST VOID* Buffer, 2234 _In_ INT Size, 2235 _Inout_opt_ INT* Flags 2236 ); 2237 2238 _IRQL_requires_max_(PASSIVE_LEVEL) 2239 _Must_inspect_result_ 2240 NTSYSAPI 2241 BOOLEAN 2242 NTAPI 2243 RtlPrefixString( 2244 _In_ const STRING *String1, 2245 _In_ const STRING *String2, 2246 _In_ BOOLEAN CaseInsensitive 2247 ); 2248 2249 _IRQL_requires_max_(PASSIVE_LEVEL) 2250 _Must_inspect_result_ 2251 NTSYSAPI 2252 BOOLEAN 2253 NTAPI 2254 RtlPrefixUnicodeString( 2255 _In_ PCUNICODE_STRING String1, 2256 _In_ PCUNICODE_STRING String2, 2257 _In_ BOOLEAN CaseInsensitive 2258 ); 2259 2260 _IRQL_requires_max_(PASSIVE_LEVEL) 2261 NTSYSAPI 2262 VOID 2263 NTAPI 2264 RtlUpperString( 2265 _Inout_ PSTRING DestinationString, 2266 _In_ const STRING *SourceString 2267 ); 2268 2269 _IRQL_requires_max_(PASSIVE_LEVEL) 2270 _Must_inspect_result_ 2271 NTSYSAPI 2272 LONG 2273 NTAPI 2274 RtlCompareString( 2275 _In_ const STRING *String1, 2276 _In_ const STRING *String2, 2277 _In_ BOOLEAN CaseInSensitive 2278 ); 2279 2280 NTSYSAPI 2281 VOID 2282 NTAPI 2283 RtlCopyString( 2284 _Out_ PSTRING DestinationString, 2285 _In_opt_ const STRING *SourceString 2286 ); 2287 2288 _IRQL_requires_max_(PASSIVE_LEVEL) 2289 _Must_inspect_result_ 2290 NTSYSAPI 2291 BOOLEAN 2292 NTAPI 2293 RtlEqualString( 2294 _In_ const STRING *String1, 2295 _In_ const STRING *String2, 2296 _In_ BOOLEAN CaseInSensitive 2297 ); 2298 2299 _IRQL_requires_max_(APC_LEVEL) 2300 NTSYSAPI 2301 NTSTATUS 2302 NTAPI 2303 RtlAppendStringToString( 2304 _Inout_ PSTRING Destination, 2305 _In_ const STRING *Source 2306 ); 2307 2308 _IRQL_requires_max_(PASSIVE_LEVEL) 2309 _When_(AllocateDestinationString, _Must_inspect_result_) 2310 NTSYSAPI 2311 NTSTATUS 2312 NTAPI 2313 RtlUpcaseUnicodeString( 2314 _When_(AllocateDestinationString, _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem))) 2315 _When_(!AllocateDestinationString, _Inout_) 2316 PUNICODE_STRING DestinationString, 2317 _In_ PCUNICODE_STRING SourceString, 2318 _In_ BOOLEAN AllocateDestinationString 2319 ); 2320 2321 _IRQL_requires_max_(PASSIVE_LEVEL) 2322 NTSYSAPI 2323 NTSTATUS 2324 NTAPI 2325 RtlUnicodeStringToInteger( 2326 _In_ PCUNICODE_STRING String, 2327 _In_opt_ ULONG Base, 2328 _Out_ PULONG Value 2329 ); 2330 2331 NTSYSAPI 2332 NTSTATUS 2333 NTAPI 2334 RtlValidateUnicodeString( 2335 _In_ ULONG Flags, 2336 _In_ PCUNICODE_STRING String 2337 ); 2338 2339 #define RTL_SKIP_BUFFER_COPY 0x00000001 2340 2341 NTSYSAPI 2342 NTSTATUS 2343 NTAPI 2344 RtlpEnsureBufferSize( 2345 _In_ ULONG Flags, 2346 _Inout_ PRTL_BUFFER Buffer, 2347 _In_ SIZE_T RequiredSize 2348 ); 2349 2350 #ifdef NTOS_MODE_USER 2351 2352 FORCEINLINE 2353 VOID 2354 RtlInitBuffer( 2355 _Inout_ PRTL_BUFFER Buffer, 2356 _In_ PUCHAR Data, 2357 _In_ ULONG DataSize 2358 ) 2359 { 2360 Buffer->Buffer = Buffer->StaticBuffer = Data; 2361 Buffer->Size = Buffer->StaticSize = DataSize; 2362 Buffer->ReservedForAllocatedSize = 0; 2363 Buffer->ReservedForIMalloc = NULL; 2364 } 2365 2366 FORCEINLINE 2367 NTSTATUS 2368 RtlEnsureBufferSize( 2369 _In_ ULONG Flags, 2370 _Inout_ PRTL_BUFFER Buffer, 2371 _In_ ULONG RequiredSize 2372 ) 2373 { 2374 if (Buffer && RequiredSize <= Buffer->Size) 2375 return STATUS_SUCCESS; 2376 return RtlpEnsureBufferSize(Flags, Buffer, RequiredSize); 2377 } 2378 2379 FORCEINLINE 2380 VOID 2381 RtlFreeBuffer( 2382 _Inout_ PRTL_BUFFER Buffer 2383 ) 2384 { 2385 if (Buffer->Buffer != Buffer->StaticBuffer && Buffer->Buffer) 2386 RtlFreeHeap(RtlGetProcessHeap(), 0, Buffer->Buffer); 2387 Buffer->Buffer = Buffer->StaticBuffer; 2388 Buffer->Size = Buffer->StaticSize; 2389 } 2390 2391 #endif /* NTOS_MODE_USER */ 2392 2393 // 2394 // Ansi String Functions 2395 // 2396 _IRQL_requires_max_(PASSIVE_LEVEL) 2397 NTSYSAPI 2398 VOID 2399 NTAPI 2400 RtlFreeAnsiString( 2401 _Inout_ _At_(AnsiString->Buffer, __drv_freesMem(Mem)) 2402 PANSI_STRING AnsiString 2403 ); 2404 2405 _IRQL_requires_max_(DISPATCH_LEVEL) 2406 NTSYSAPI 2407 VOID 2408 NTAPI 2409 RtlInitAnsiString( 2410 _Out_ PANSI_STRING DestinationString, 2411 _In_opt_z_ __drv_aliasesMem PCSZ SourceString 2412 ); 2413 2414 _IRQL_requires_max_(DISPATCH_LEVEL) 2415 NTSYSAPI 2416 NTSTATUS 2417 NTAPI 2418 RtlInitAnsiStringEx( 2419 _Out_ PANSI_STRING DestinationString, 2420 _In_opt_z_ __drv_aliasesMem PCSZ SourceString 2421 ); 2422 2423 // 2424 // OEM String Functions 2425 // 2426 _IRQL_requires_max_(PASSIVE_LEVEL) 2427 NTSYSAPI 2428 VOID 2429 NTAPI 2430 RtlFreeOemString( 2431 _Inout_ _At_(OemString->Buffer, __drv_freesMem(Mem)) 2432 POEM_STRING OemString 2433 ); 2434 2435 // 2436 // MultiByte->Unicode String Functions 2437 // 2438 _IRQL_requires_max_(PASSIVE_LEVEL) 2439 NTSYSAPI 2440 NTSTATUS 2441 NTAPI 2442 RtlMultiByteToUnicodeN( 2443 _Out_writes_bytes_to_(MaxBytesInUnicodeString, *BytesInUnicodeString) PWCH UnicodeString, 2444 _In_ ULONG MaxBytesInUnicodeString, 2445 _Out_opt_ PULONG BytesInUnicodeString, 2446 _In_reads_bytes_(BytesInMultiByteString) const CHAR *MultiByteString, 2447 _In_ ULONG BytesInMultiByteString 2448 ); 2449 2450 _IRQL_requires_max_(PASSIVE_LEVEL) 2451 NTSYSAPI 2452 NTSTATUS 2453 NTAPI 2454 RtlMultiByteToUnicodeSize( 2455 _Out_ PULONG BytesInUnicodeString, 2456 _In_reads_bytes_(BytesInMultiByteString) const CHAR *MultiByteString, 2457 _In_ ULONG BytesInMultiByteString 2458 ); 2459 2460 // 2461 // Atom Functions 2462 // 2463 NTSYSAPI 2464 NTSTATUS 2465 NTAPI 2466 RtlAddAtomToAtomTable( 2467 _In_ PRTL_ATOM_TABLE AtomTable, 2468 _In_ PWSTR AtomName, 2469 _Out_ PRTL_ATOM Atom 2470 ); 2471 2472 NTSYSAPI 2473 NTSTATUS 2474 NTAPI 2475 RtlCreateAtomTable( 2476 _In_ ULONG TableSize, 2477 _Inout_ PRTL_ATOM_TABLE *AtomTable 2478 ); 2479 2480 NTSYSAPI 2481 NTSTATUS 2482 NTAPI 2483 RtlDeleteAtomFromAtomTable( 2484 _In_ PRTL_ATOM_TABLE AtomTable, 2485 _In_ RTL_ATOM Atom 2486 ); 2487 2488 NTSYSAPI 2489 NTSTATUS 2490 NTAPI 2491 RtlDestroyAtomTable(IN PRTL_ATOM_TABLE AtomTable); 2492 2493 NTSYSAPI 2494 NTSTATUS 2495 NTAPI 2496 RtlQueryAtomInAtomTable( 2497 _In_ PRTL_ATOM_TABLE AtomTable, 2498 _In_ RTL_ATOM Atom, 2499 _Out_opt_ PULONG RefCount, 2500 _Out_opt_ PULONG PinCount, 2501 _Out_opt_z_bytecap_(*NameLength) PWSTR AtomName, 2502 _Inout_opt_ PULONG NameLength 2503 ); 2504 2505 NTSYSAPI 2506 NTSTATUS 2507 NTAPI 2508 RtlPinAtomInAtomTable( 2509 _In_ PRTL_ATOM_TABLE AtomTable, 2510 _In_ RTL_ATOM Atom 2511 ); 2512 2513 NTSYSAPI 2514 NTSTATUS 2515 NTAPI 2516 RtlLookupAtomInAtomTable( 2517 _In_ PRTL_ATOM_TABLE AtomTable, 2518 _In_ PWSTR AtomName, 2519 _Out_ PRTL_ATOM Atom 2520 ); 2521 2522 // 2523 // Process Management Functions 2524 // 2525 NTSYSAPI 2526 PPEB 2527 NTAPI 2528 RtlGetCurrentPeb( 2529 VOID 2530 ); 2531 2532 NTSYSAPI 2533 VOID 2534 NTAPI 2535 RtlAcquirePebLock(VOID); 2536 2537 NTSYSAPI 2538 NTSTATUS 2539 NTAPI 2540 RtlCreateProcessParameters ( 2541 _Out_ PRTL_USER_PROCESS_PARAMETERS *ProcessParameters, 2542 _In_ PUNICODE_STRING ImagePathName, 2543 _In_opt_ PUNICODE_STRING DllPath, 2544 _In_opt_ PUNICODE_STRING CurrentDirectory, 2545 _In_opt_ PUNICODE_STRING CommandLine, 2546 _In_opt_ PWSTR Environment, 2547 _In_opt_ PUNICODE_STRING WindowTitle, 2548 _In_opt_ PUNICODE_STRING DesktopInfo, 2549 _In_opt_ PUNICODE_STRING ShellInfo, 2550 _In_opt_ PUNICODE_STRING RuntimeInfo 2551 ); 2552 2553 NTSYSAPI 2554 NTSTATUS 2555 NTAPI 2556 RtlCreateUserProcess( 2557 _In_ PUNICODE_STRING ImageFileName, 2558 _In_ ULONG Attributes, 2559 _In_ PRTL_USER_PROCESS_PARAMETERS ProcessParameters, 2560 _In_opt_ PSECURITY_DESCRIPTOR ProcessSecutityDescriptor, 2561 _In_opt_ PSECURITY_DESCRIPTOR ThreadSecurityDescriptor, 2562 _In_opt_ HANDLE ParentProcess, 2563 _In_ BOOLEAN CurrentDirectory, 2564 _In_opt_ HANDLE DebugPort, 2565 _In_opt_ HANDLE ExceptionPort, 2566 _Out_ PRTL_USER_PROCESS_INFORMATION ProcessInfo 2567 ); 2568 2569 #if (NTDDI_VERSION >= NTDDI_WIN7) 2570 NTSYSAPI 2571 NTSTATUS 2572 NTAPI 2573 RtlCreateUserThread( 2574 _In_ PVOID ThreadContext, 2575 _Out_ HANDLE *OutThreadHandle, 2576 _Reserved_ PVOID Reserved1, 2577 _Reserved_ PVOID Reserved2, 2578 _Reserved_ PVOID Reserved3, 2579 _Reserved_ PVOID Reserved4, 2580 _Reserved_ PVOID Reserved5, 2581 _Reserved_ PVOID Reserved6, 2582 _Reserved_ PVOID Reserved7, 2583 _Reserved_ PVOID Reserved8 2584 ); 2585 #else 2586 NTSYSAPI 2587 NTSTATUS 2588 NTAPI 2589 RtlCreateUserThread( 2590 _In_ HANDLE ProcessHandle, 2591 _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, 2592 _In_ BOOLEAN CreateSuspended, 2593 _In_ ULONG StackZeroBits, 2594 _In_ SIZE_T StackReserve, 2595 _In_ SIZE_T StackCommit, 2596 _In_ PTHREAD_START_ROUTINE StartAddress, 2597 _In_ PVOID Parameter, 2598 _Out_opt_ PHANDLE ThreadHandle, 2599 _Out_opt_ PCLIENT_ID ClientId 2600 ); 2601 #endif 2602 2603 NTSYSAPI 2604 PRTL_USER_PROCESS_PARAMETERS 2605 NTAPI 2606 RtlDeNormalizeProcessParams( 2607 _In_ PRTL_USER_PROCESS_PARAMETERS ProcessParameters); 2608 2609 NTSYSAPI 2610 NTSTATUS 2611 NTAPI 2612 RtlDestroyProcessParameters( 2613 _In_ PRTL_USER_PROCESS_PARAMETERS ProcessParameters); 2614 2615 NTSYSAPI 2616 VOID 2617 NTAPI 2618 RtlExitUserThread( 2619 _In_ NTSTATUS Status); 2620 2621 NTSYSAPI 2622 VOID 2623 NTAPI 2624 RtlInitializeContext( 2625 _In_ HANDLE ProcessHandle, 2626 _Out_ PCONTEXT ThreadContext, 2627 _In_opt_ PVOID ThreadStartParam, 2628 _In_ PTHREAD_START_ROUTINE ThreadStartAddress, 2629 _In_ PINITIAL_TEB InitialTeb 2630 ); 2631 2632 #ifdef _M_AMD64 2633 typedef struct _WOW64_CONTEXT *PWOW64_CONTEXT; 2634 2635 NTSYSAPI 2636 NTSTATUS 2637 NTAPI 2638 RtlWow64GetThreadContext( 2639 _In_ HANDLE ThreadHandle, 2640 _Inout_ PWOW64_CONTEXT ThreadContext 2641 ); 2642 2643 2644 NTSYSAPI 2645 NTSTATUS 2646 NTAPI 2647 RtlWow64SetThreadContext( 2648 _In_ HANDLE ThreadHandle, 2649 _In_ PWOW64_CONTEXT ThreadContext 2650 ); 2651 #endif 2652 2653 NTSYSAPI 2654 BOOLEAN 2655 NTAPI 2656 RtlIsThreadWithinLoaderCallout(VOID); 2657 2658 NTSYSAPI 2659 PRTL_USER_PROCESS_PARAMETERS 2660 NTAPI 2661 RtlNormalizeProcessParams( 2662 _In_ PRTL_USER_PROCESS_PARAMETERS ProcessParameters); 2663 2664 NTSYSAPI 2665 VOID 2666 NTAPI 2667 RtlReleasePebLock(VOID); 2668 2669 NTSYSAPI 2670 NTSTATUS 2671 NTAPI 2672 RtlRemoteCall( 2673 _In_ HANDLE Process, 2674 _In_ HANDLE Thread, 2675 _In_ PVOID CallSite, 2676 _In_ ULONG ArgumentCount, 2677 _In_ PULONG Arguments, 2678 _In_ BOOLEAN PassContext, 2679 _In_ BOOLEAN AlreadySuspended 2680 ); 2681 2682 NTSYSAPI 2683 NTSTATUS 2684 __cdecl 2685 RtlSetProcessIsCritical( 2686 _In_ BOOLEAN NewValue, 2687 _Out_opt_ PBOOLEAN OldValue, 2688 _In_ BOOLEAN NeedBreaks 2689 ); 2690 2691 NTSYSAPI 2692 NTSTATUS 2693 __cdecl 2694 RtlSetThreadIsCritical( 2695 _In_ BOOLEAN NewValue, 2696 _Out_opt_ PBOOLEAN OldValue, 2697 _In_ BOOLEAN NeedBreaks 2698 ); 2699 2700 NTSYSAPI 2701 ULONG 2702 NTAPI 2703 RtlGetCurrentProcessorNumber( 2704 VOID 2705 ); 2706 2707 2708 // 2709 // Thread Pool Functions 2710 // 2711 // 2712 NTSTATUS 2713 NTAPI 2714 RtlSetThreadPoolStartFunc( 2715 _In_ PRTL_START_POOL_THREAD StartPoolThread, 2716 _In_ PRTL_EXIT_POOL_THREAD ExitPoolThread 2717 ); 2718 2719 NTSYSAPI 2720 NTSTATUS 2721 NTAPI 2722 RtlDeregisterWaitEx( 2723 _In_ HANDLE hWaitHandle, 2724 _In_opt_ HANDLE hCompletionEvent 2725 ); 2726 2727 NTSYSAPI 2728 NTSTATUS 2729 NTAPI 2730 RtlDeregisterWait( 2731 _In_ HANDLE hWaitHandle 2732 ); 2733 2734 NTSYSAPI 2735 NTSTATUS 2736 NTAPI 2737 RtlQueueWorkItem( 2738 _In_ WORKERCALLBACKFUNC Function, 2739 _In_opt_ PVOID Context, 2740 _In_ ULONG Flags 2741 ); 2742 2743 NTSYSAPI 2744 NTSTATUS 2745 NTAPI 2746 RtlSetIoCompletionCallback( 2747 _In_ HANDLE FileHandle, 2748 _In_ PIO_APC_ROUTINE Callback, 2749 _In_ ULONG Flags 2750 ); 2751 2752 NTSYSAPI 2753 NTSTATUS 2754 NTAPI 2755 RtlRegisterWait( 2756 _In_ PHANDLE phNewWaitObject, 2757 _In_ HANDLE hObject, 2758 _In_ WAITORTIMERCALLBACKFUNC Callback, 2759 _In_ PVOID pvContext, 2760 _In_ ULONG ulMilliseconds, 2761 _In_ ULONG ulFlags 2762 ); 2763 2764 // 2765 // Environment/Path Functions 2766 // 2767 NTSYSAPI 2768 NTSTATUS 2769 NTAPI 2770 RtlCreateEnvironment( 2771 _In_ BOOLEAN Inherit, 2772 _Out_ PWSTR *Environment 2773 ); 2774 2775 NTSYSAPI 2776 NTSTATUS 2777 NTAPI 2778 RtlComputePrivatizedDllName_U( 2779 _In_ PUNICODE_STRING DllName, 2780 _Out_ PUNICODE_STRING RealName, 2781 _Out_ PUNICODE_STRING LocalName 2782 ); 2783 2784 NTSYSAPI 2785 VOID 2786 NTAPI 2787 RtlDestroyEnvironment( 2788 _In_ PWSTR Environment 2789 ); 2790 2791 NTSYSAPI 2792 BOOLEAN 2793 NTAPI 2794 RtlDoesFileExists_U( 2795 _In_ PCWSTR FileName 2796 ); 2797 2798 NTSYSAPI 2799 RTL_PATH_TYPE 2800 NTAPI 2801 RtlDetermineDosPathNameType_U( 2802 _In_ PCWSTR Path 2803 ); 2804 2805 NTSYSAPI 2806 ULONG 2807 NTAPI 2808 RtlDosSearchPath_U( 2809 _In_ PCWSTR Path, 2810 _In_ PCWSTR FileName, 2811 _In_ PCWSTR Extension, 2812 _In_ ULONG BufferSize, 2813 _Out_ PWSTR Buffer, 2814 _Out_ PWSTR *PartName 2815 ); 2816 2817 NTSYSAPI 2818 NTSTATUS 2819 NTAPI 2820 RtlDosSearchPath_Ustr( 2821 _In_ ULONG Flags, 2822 _In_ PUNICODE_STRING PathString, 2823 _In_ PUNICODE_STRING FileNameString, 2824 _In_ PUNICODE_STRING ExtensionString, 2825 _In_ PUNICODE_STRING CallerBuffer, 2826 _Inout_opt_ PUNICODE_STRING DynamicString, 2827 _Out_opt_ PUNICODE_STRING* FullNameOut, 2828 _Out_opt_ PSIZE_T FilePartSize, 2829 _Out_opt_ PSIZE_T LengthNeeded 2830 ); 2831 2832 NTSYSAPI 2833 BOOLEAN 2834 NTAPI 2835 RtlDosPathNameToNtPathName_U( 2836 _In_opt_z_ PCWSTR DosPathName, 2837 _Out_ PUNICODE_STRING NtPathName, 2838 _Out_opt_ PCWSTR *NtFileNamePart, 2839 _Out_opt_ PRTL_RELATIVE_NAME_U DirectoryInfo 2840 ); 2841 2842 2843 #define RTL_UNCHANGED_UNK_PATH 1 2844 #define RTL_CONVERTED_UNC_PATH 2 2845 #define RTL_CONVERTED_NT_PATH 3 2846 #define RTL_UNCHANGED_DOS_PATH 4 2847 2848 NTSYSAPI 2849 NTSTATUS 2850 NTAPI 2851 RtlNtPathNameToDosPathName( 2852 _In_ ULONG Flags, 2853 _Inout_ PRTL_UNICODE_STRING_BUFFER Path, 2854 _Out_opt_ PULONG PathType, 2855 _Out_opt_ PULONG Unknown 2856 ); 2857 2858 2859 NTSYSAPI 2860 BOOLEAN 2861 NTAPI 2862 RtlDosPathNameToRelativeNtPathName_U( 2863 _In_ PCWSTR DosName, 2864 _Out_ PUNICODE_STRING NtName, 2865 _Out_ PCWSTR *PartName, 2866 _Out_ PRTL_RELATIVE_NAME_U RelativeName 2867 ); 2868 2869 _At_(Destination->Buffer, _Out_bytecap_(Destination->MaximumLength)) 2870 NTSYSAPI 2871 NTSTATUS 2872 NTAPI 2873 RtlExpandEnvironmentStrings_U( 2874 _In_z_ PWSTR Environment, 2875 _In_ PUNICODE_STRING Source, 2876 _Inout_ PUNICODE_STRING Destination, 2877 _Out_ PULONG Length 2878 ); 2879 2880 NTSYSAPI 2881 ULONG 2882 NTAPI 2883 RtlGetCurrentDirectory_U( 2884 _In_ ULONG MaximumLength, 2885 _Out_bytecap_(MaximumLength) PWSTR Buffer 2886 ); 2887 2888 NTSYSAPI 2889 ULONG 2890 NTAPI 2891 RtlGetFullPathName_U( 2892 _In_ PCWSTR FileName, 2893 _In_ ULONG Size, 2894 _Out_z_bytecap_(Size) PWSTR Buffer, 2895 _Out_opt_ PWSTR *ShortName 2896 ); 2897 2898 #if (NTDDI_VERSION >= NTDDI_WIN7) 2899 NTSYSAPI 2900 NTSTATUS 2901 NTAPI 2902 RtlGetFullPathName_UEx( 2903 _In_ PWSTR FileName, 2904 _In_ ULONG BufferLength, 2905 _Out_ PWSTR Buffer, 2906 _Out_opt_ PWSTR *FilePart, 2907 _Out_opt_ RTL_PATH_TYPE *InputPathType 2908 ); 2909 #endif 2910 2911 NTSTATUS 2912 NTAPI 2913 RtlGetFullPathName_UstrEx( 2914 _In_ PUNICODE_STRING FileName, 2915 _In_opt_ PUNICODE_STRING StaticString, 2916 _In_opt_ PUNICODE_STRING DynamicString, 2917 _Out_opt_ PUNICODE_STRING *StringUsed, 2918 _Out_opt_ PSIZE_T FilePartSize, 2919 _Out_opt_ PBOOLEAN NameInvalid, 2920 _Out_ RTL_PATH_TYPE* PathType, 2921 _Out_opt_ PSIZE_T LengthNeeded 2922 ); 2923 2924 NTSYSAPI 2925 NTSTATUS 2926 NTAPI 2927 RtlGetLengthWithoutTrailingPathSeperators( 2928 _Reserved_ ULONG Flags, 2929 _In_ PCUNICODE_STRING PathString, 2930 _Out_ PULONG Length 2931 ); 2932 2933 NTSYSAPI 2934 ULONG 2935 NTAPI 2936 RtlGetLongestNtPathLength( 2937 VOID 2938 ); 2939 2940 NTSYSAPI 2941 ULONG 2942 NTAPI 2943 RtlIsDosDeviceName_U( 2944 _In_ PCWSTR Name 2945 ); 2946 2947 NTSYSAPI 2948 ULONG 2949 NTAPI 2950 RtlIsDosDeviceName_Ustr( 2951 _In_ PCUNICODE_STRING Name 2952 ); 2953 2954 _IRQL_requires_max_(PASSIVE_LEVEL) 2955 _Must_inspect_result_ 2956 NTSYSAPI 2957 BOOLEAN 2958 NTAPI 2959 RtlIsNameLegalDOS8Dot3( 2960 _In_ PCUNICODE_STRING Name, 2961 _Inout_opt_ POEM_STRING OemName, 2962 _Out_opt_ PBOOLEAN NameContainsSpaces 2963 ); 2964 2965 NTSYSAPI 2966 NTSTATUS 2967 NTAPI 2968 RtlQueryEnvironmentVariable_U( 2969 _In_opt_ PWSTR Environment, 2970 _In_ PCUNICODE_STRING Name, 2971 _Out_ PUNICODE_STRING Value 2972 ); 2973 2974 VOID 2975 NTAPI 2976 RtlReleaseRelativeName( 2977 _In_ PRTL_RELATIVE_NAME_U RelativeName 2978 ); 2979 2980 NTSYSAPI 2981 NTSTATUS 2982 NTAPI 2983 RtlSetCurrentDirectory_U( 2984 _In_ PUNICODE_STRING name 2985 ); 2986 2987 NTSYSAPI 2988 NTSTATUS 2989 NTAPI 2990 RtlSetEnvironmentVariable( 2991 _In_z_ PWSTR *Environment, 2992 _In_ PUNICODE_STRING Name, 2993 _In_ PUNICODE_STRING Value 2994 ); 2995 2996 // 2997 // Critical Section/Resource Functions 2998 // 2999 NTSYSAPI 3000 NTSTATUS 3001 NTAPI 3002 RtlDeleteCriticalSection ( 3003 _In_ PRTL_CRITICAL_SECTION CriticalSection 3004 ); 3005 3006 NTSYSAPI 3007 NTSTATUS 3008 NTAPI 3009 RtlEnterCriticalSection( 3010 _In_ PRTL_CRITICAL_SECTION CriticalSection 3011 ); 3012 3013 NTSYSAPI 3014 NTSTATUS 3015 NTAPI 3016 RtlInitializeCriticalSection( 3017 _In_ PRTL_CRITICAL_SECTION CriticalSection 3018 ); 3019 3020 NTSYSAPI 3021 NTSTATUS 3022 NTAPI 3023 RtlInitializeCriticalSectionAndSpinCount( 3024 _In_ PRTL_CRITICAL_SECTION CriticalSection, 3025 _In_ ULONG SpinCount 3026 ); 3027 3028 NTSYSAPI 3029 ULONG 3030 NTAPI 3031 RtlIsCriticalSectionLocked( 3032 _In_ PRTL_CRITICAL_SECTION CriticalSection 3033 ); 3034 3035 NTSYSAPI 3036 ULONG 3037 NTAPI 3038 RtlIsCriticalSectionLockedByThread( 3039 _In_ PRTL_CRITICAL_SECTION CriticalSection 3040 ); 3041 3042 NTSYSAPI 3043 NTSTATUS 3044 NTAPI 3045 RtlLeaveCriticalSection( 3046 _In_ PRTL_CRITICAL_SECTION CriticalSection 3047 ); 3048 3049 NTSYSAPI 3050 BOOLEAN 3051 NTAPI 3052 RtlTryEnterCriticalSection( 3053 _In_ PRTL_CRITICAL_SECTION CriticalSection 3054 ); 3055 3056 NTSYSAPI 3057 VOID 3058 NTAPI 3059 RtlpUnWaitCriticalSection( 3060 _In_ PRTL_CRITICAL_SECTION CriticalSection 3061 ); 3062 3063 NTSYSAPI 3064 NTSTATUS 3065 NTAPI 3066 RtlpWaitForCriticalSection( 3067 _In_ PRTL_CRITICAL_SECTION CriticalSection 3068 ); 3069 3070 NTSYSAPI 3071 BOOLEAN 3072 NTAPI 3073 RtlAcquireResourceExclusive( 3074 _In_ PRTL_RESOURCE Resource, 3075 _In_ BOOLEAN Wait 3076 ); 3077 3078 NTSYSAPI 3079 BOOLEAN 3080 NTAPI 3081 RtlAcquireResourceShared( 3082 _In_ PRTL_RESOURCE Resource, 3083 _In_ BOOLEAN Wait 3084 ); 3085 3086 NTSYSAPI 3087 VOID 3088 NTAPI 3089 RtlConvertExclusiveToShared( 3090 _In_ PRTL_RESOURCE Resource 3091 ); 3092 3093 NTSYSAPI 3094 VOID 3095 NTAPI 3096 RtlConvertSharedToExclusive( 3097 _In_ PRTL_RESOURCE Resource 3098 ); 3099 3100 NTSYSAPI 3101 VOID 3102 NTAPI 3103 RtlDeleteResource( 3104 _In_ PRTL_RESOURCE Resource 3105 ); 3106 3107 NTSYSAPI 3108 VOID 3109 NTAPI 3110 RtlDumpResource( 3111 _In_ PRTL_RESOURCE Resource 3112 ); 3113 3114 NTSYSAPI 3115 VOID 3116 NTAPI 3117 RtlInitializeResource( 3118 _In_ PRTL_RESOURCE Resource 3119 ); 3120 3121 NTSYSAPI 3122 VOID 3123 NTAPI 3124 RtlReleaseResource( 3125 _In_ PRTL_RESOURCE Resource 3126 ); 3127 3128 // 3129 // Compression Functions 3130 // 3131 NTSYSAPI //NT_RTL_COMPRESS_API 3132 NTSTATUS 3133 NTAPI 3134 RtlCompressBuffer( 3135 _In_ USHORT CompressionFormatAndEngine, 3136 _In_reads_bytes_(UncompressedBufferSize) PUCHAR UncompressedBuffer, 3137 _In_ ULONG UncompressedBufferSize, 3138 _Out_writes_bytes_to_(CompressedBufferSize, *FinalCompressedSize) PUCHAR CompressedBuffer, 3139 _In_ ULONG CompressedBufferSize, 3140 _In_ ULONG UncompressedChunkSize, 3141 _Out_ PULONG FinalCompressedSize, 3142 _In_ PVOID WorkSpace 3143 ); 3144 3145 _IRQL_requires_max_(APC_LEVEL) 3146 NTSYSAPI //NT_RTL_COMPRESS_API 3147 NTSTATUS 3148 NTAPI 3149 RtlDecompressBuffer( 3150 _In_ USHORT CompressionFormat, 3151 _Out_writes_bytes_to_(UncompressedBufferSize, *FinalUncompressedSize) PUCHAR UncompressedBuffer, 3152 _In_ ULONG UncompressedBufferSize, 3153 _In_reads_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer, 3154 _In_ ULONG CompressedBufferSize, 3155 _Out_ PULONG FinalUncompressedSize 3156 ); 3157 3158 NTSYSAPI 3159 NTSTATUS 3160 NTAPI 3161 RtlGetCompressionWorkSpaceSize( 3162 _In_ USHORT CompressionFormatAndEngine, 3163 _Out_ PULONG CompressBufferWorkSpaceSize, 3164 _Out_ PULONG CompressFragmentWorkSpaceSize 3165 ); 3166 3167 // 3168 // Frame Functions 3169 // 3170 NTSYSAPI 3171 VOID 3172 NTAPI 3173 RtlPopFrame( 3174 _In_ PTEB_ACTIVE_FRAME Frame 3175 ); 3176 3177 NTSYSAPI 3178 VOID 3179 NTAPI 3180 RtlPushFrame( 3181 _In_ PTEB_ACTIVE_FRAME Frame 3182 ); 3183 3184 NTSYSAPI 3185 PTEB_ACTIVE_FRAME 3186 NTAPI 3187 RtlGetFrame( 3188 VOID 3189 ); 3190 3191 // 3192 // Debug Info Functions 3193 // 3194 NTSYSAPI 3195 PRTL_DEBUG_INFORMATION 3196 NTAPI 3197 RtlCreateQueryDebugBuffer( 3198 _In_ ULONG Size, 3199 _In_ BOOLEAN EventPair 3200 ); 3201 3202 NTSYSAPI 3203 NTSTATUS 3204 NTAPI 3205 RtlDestroyQueryDebugBuffer(IN PRTL_DEBUG_INFORMATION DebugBuffer); 3206 3207 NTSYSAPI 3208 NTSTATUS 3209 NTAPI 3210 RtlQueryProcessDebugInformation( 3211 _In_ ULONG ProcessId, 3212 _In_ ULONG DebugInfoClassMask, 3213 _Inout_ PRTL_DEBUG_INFORMATION DebugBuffer 3214 ); 3215 3216 // 3217 // Bitmap Functions 3218 // 3219 #ifdef NTOS_MODE_USER 3220 3221 NTSYSAPI 3222 BOOLEAN 3223 NTAPI 3224 RtlAreBitsClear( 3225 _In_ PRTL_BITMAP BitMapHeader, 3226 _In_ ULONG StartingIndex, 3227 _In_ ULONG Length 3228 ); 3229 3230 NTSYSAPI 3231 BOOLEAN 3232 NTAPI 3233 RtlAreBitsSet( 3234 _In_ PRTL_BITMAP BitMapHeader, 3235 _In_ ULONG StartingIndex, 3236 _In_ ULONG Length 3237 ); 3238 3239 NTSYSAPI 3240 VOID 3241 NTAPI 3242 RtlClearAllBits( 3243 _In_ PRTL_BITMAP BitMapHeader 3244 ); 3245 3246 NTSYSAPI 3247 VOID 3248 NTAPI 3249 RtlClearBit( 3250 _In_ PRTL_BITMAP BitMapHeader, 3251 _In_range_(<, BitMapHeader->SizeOfBitMap) ULONG BitNumber 3252 ); 3253 3254 NTSYSAPI 3255 VOID 3256 NTAPI 3257 RtlClearBits( 3258 _In_ PRTL_BITMAP BitMapHeader, 3259 _In_range_(0, BitMapHeader->SizeOfBitMap - NumberToClear) ULONG StartingIndex, 3260 _In_range_(0, BitMapHeader->SizeOfBitMap - StartingIndex) ULONG NumberToClear 3261 ); 3262 3263 NTSYSAPI 3264 ULONG 3265 NTAPI 3266 RtlFindClearBits( 3267 _In_ PRTL_BITMAP BitMapHeader, 3268 _In_ ULONG NumberToFind, 3269 _In_ ULONG HintIndex 3270 ); 3271 3272 NTSYSAPI 3273 ULONG 3274 NTAPI 3275 RtlFindClearBitsAndSet( 3276 _In_ PRTL_BITMAP BitMapHeader, 3277 _In_ ULONG NumberToFind, 3278 _In_ ULONG HintIndex 3279 ); 3280 3281 NTSYSAPI 3282 ULONG 3283 NTAPI 3284 RtlFindFirstRunClear( 3285 _In_ PRTL_BITMAP BitMapHeader, 3286 _Out_ PULONG StartingIndex 3287 ); 3288 3289 NTSYSAPI 3290 ULONG 3291 NTAPI 3292 RtlFindClearRuns( 3293 _In_ PRTL_BITMAP BitMapHeader, 3294 _Out_writes_to_(SizeOfRunArray, return) PRTL_BITMAP_RUN RunArray, 3295 _In_range_(>, 0) ULONG SizeOfRunArray, 3296 _In_ BOOLEAN LocateLongestRuns 3297 ); 3298 3299 NTSYSAPI 3300 ULONG 3301 NTAPI 3302 RtlFindLastBackwardRunClear( 3303 _In_ PRTL_BITMAP BitMapHeader, 3304 _In_ ULONG FromIndex, 3305 _Out_ PULONG StartingRunIndex 3306 ); 3307 3308 NTSYSAPI 3309 CCHAR 3310 NTAPI 3311 RtlFindLeastSignificantBit( 3312 _In_ ULONGLONG Value 3313 ); 3314 3315 NTSYSAPI 3316 ULONG 3317 NTAPI 3318 RtlFindLongestRunClear( 3319 _In_ PRTL_BITMAP BitMapHeader, 3320 _Out_ PULONG StartingIndex 3321 ); 3322 3323 NTSYSAPI 3324 CCHAR 3325 NTAPI 3326 RtlFindMostSignificantBit( 3327 _In_ ULONGLONG Value 3328 ); 3329 3330 NTSYSAPI 3331 ULONG 3332 NTAPI 3333 RtlFindNextForwardRunClear( 3334 _In_ PRTL_BITMAP BitMapHeader, 3335 _In_ ULONG FromIndex, 3336 _Out_ PULONG StartingRunIndex 3337 ); 3338 3339 NTSYSAPI 3340 ULONG 3341 NTAPI 3342 RtlFindNextForwardRunSet( 3343 _In_ PRTL_BITMAP BitMapHeader, 3344 _In_ ULONG FromIndex, 3345 _Out_ PULONG StartingRunIndex 3346 ); 3347 3348 NTSYSAPI 3349 ULONG 3350 NTAPI 3351 RtlFindSetBits( 3352 _In_ PRTL_BITMAP BitMapHeader, 3353 _In_ ULONG NumberToFind, 3354 _In_ ULONG HintIndex 3355 ); 3356 3357 NTSYSAPI 3358 ULONG 3359 NTAPI 3360 RtlFindSetBitsAndClear( 3361 _In_ PRTL_BITMAP BitMapHeader, 3362 _In_ ULONG NumberToFind, 3363 _In_ ULONG HintIndex 3364 ); 3365 3366 #ifdef _REACTOS_ // ReactOS improvement 3367 _At_(BitMapHeader->SizeOfBitMap, _Post_equal_to_(SizeOfBitMap)) 3368 _At_(BitMapHeader->Buffer, _Post_equal_to_(BitMapBuffer)) 3369 #endif 3370 NTSYSAPI 3371 VOID 3372 NTAPI 3373 RtlInitializeBitMap( 3374 _Out_ PRTL_BITMAP BitMapHeader, 3375 _In_opt_ __drv_aliasesMem PULONG BitMapBuffer, 3376 _In_opt_ ULONG SizeOfBitMap 3377 ); 3378 3379 NTSYSAPI 3380 ULONG 3381 NTAPI 3382 RtlNumberOfClearBits( 3383 _In_ PRTL_BITMAP BitMapHeader 3384 ); 3385 3386 NTSYSAPI 3387 ULONG 3388 NTAPI 3389 RtlNumberOfSetBits( 3390 _In_ PRTL_BITMAP BitMapHeader 3391 ); 3392 3393 NTSYSAPI 3394 VOID 3395 NTAPI 3396 RtlSetBit( 3397 _In_ PRTL_BITMAP BitMapHeader, 3398 _In_range_(<, BitMapHeader->SizeOfBitMap) ULONG BitNumber 3399 ); 3400 3401 NTSYSAPI 3402 VOID 3403 NTAPI 3404 RtlSetBits( 3405 _In_ PRTL_BITMAP BitMapHeader, 3406 _In_range_(0, BitMapHeader->SizeOfBitMap - NumberToSet) ULONG StartingIndex, 3407 _In_range_(0, BitMapHeader->SizeOfBitMap - StartingIndex) ULONG NumberToSet 3408 ); 3409 3410 NTSYSAPI 3411 VOID 3412 NTAPI 3413 RtlSetAllBits( 3414 _In_ PRTL_BITMAP BitMapHeader 3415 ); 3416 3417 _Must_inspect_result_ 3418 NTSYSAPI 3419 BOOLEAN 3420 NTAPI 3421 RtlTestBit( 3422 _In_ PRTL_BITMAP BitMapHeader, 3423 _In_range_(<, BitMapHeader->SizeOfBitMap) ULONG BitNumber 3424 ); 3425 3426 #if defined(_M_AMD64) 3427 _Must_inspect_result_ 3428 FORCEINLINE 3429 BOOLEAN 3430 RtlCheckBit( 3431 _In_ PRTL_BITMAP BitMapHeader, 3432 _In_range_(<, BitMapHeader->SizeOfBitMap) ULONG BitPosition) 3433 { 3434 return BitTest64((LONG64 CONST*)BitMapHeader->Buffer, (LONG64)BitPosition); 3435 } 3436 #else 3437 #define RtlCheckBit(BMH,BP) (((((PLONG)(BMH)->Buffer)[(BP)/32]) >> ((BP)%32)) & 0x1) 3438 #endif /* defined(_M_AMD64) */ 3439 3440 #endif // NTOS_MODE_USER 3441 3442 3443 // 3444 // Timer Functions 3445 // 3446 NTSYSAPI 3447 NTSTATUS 3448 NTAPI 3449 RtlCreateTimer( 3450 _In_ HANDLE TimerQueue, 3451 _In_ PHANDLE phNewTimer, 3452 _In_ WAITORTIMERCALLBACKFUNC Callback, 3453 _In_ PVOID Parameter, 3454 _In_ ULONG DueTime, 3455 _In_ ULONG Period, 3456 _In_ ULONG Flags 3457 ); 3458 3459 NTSYSAPI 3460 NTSTATUS 3461 NTAPI 3462 RtlCreateTimerQueue(PHANDLE TimerQueue); 3463 3464 NTSYSAPI 3465 NTSTATUS 3466 NTAPI 3467 RtlDeleteTimer( 3468 _In_ HANDLE TimerQueue, 3469 _In_ HANDLE Timer, 3470 _In_ HANDLE CompletionEvent 3471 ); 3472 3473 NTSYSAPI 3474 NTSTATUS 3475 NTAPI 3476 RtlUpdateTimer( 3477 _In_ HANDLE TimerQueue, 3478 _In_ HANDLE Timer, 3479 _In_ ULONG DueTime, 3480 _In_ ULONG Period 3481 ); 3482 3483 NTSYSAPI 3484 NTSTATUS 3485 NTAPI 3486 RtlDeleteTimerQueueEx( 3487 _In_ HANDLE TimerQueue, 3488 _In_opt_ HANDLE CompletionEvent 3489 ); 3490 3491 NTSYSAPI 3492 NTSTATUS 3493 NTAPI 3494 RtlDeleteTimerQueue(HANDLE TimerQueue); 3495 3496 // 3497 // SList functions 3498 // 3499 PSLIST_ENTRY 3500 FASTCALL 3501 InterlockedPushListSList( 3502 _Inout_ PSLIST_HEADER ListHead, 3503 _Inout_ __drv_aliasesMem PSLIST_ENTRY List, 3504 _Inout_ PSLIST_ENTRY ListEnd, 3505 _In_ ULONG Count 3506 ); 3507 3508 // 3509 // Range List functions 3510 // 3511 NTSYSAPI 3512 VOID 3513 NTAPI 3514 RtlInitializeRangeList( 3515 _Inout_ PRTL_RANGE_LIST RangeList 3516 ); 3517 3518 NTSYSAPI 3519 VOID 3520 NTAPI 3521 RtlFreeRangeList( 3522 _In_ PRTL_RANGE_LIST RangeList 3523 ); 3524 3525 NTSYSAPI 3526 NTSTATUS 3527 NTAPI 3528 RtlAddRange( 3529 _Inout_ PRTL_RANGE_LIST RangeList, 3530 _In_ ULONGLONG Start, 3531 _In_ ULONGLONG End, 3532 _In_ UCHAR Attributes, 3533 _In_ ULONG Flags, 3534 _In_opt_ PVOID UserData, 3535 _In_opt_ PVOID Owner 3536 ); 3537 3538 // 3539 // Debug Functions 3540 // 3541 ULONG 3542 __cdecl 3543 DbgPrint( 3544 _In_z_ _Printf_format_string_ PCSTR Format, 3545 ... 3546 ); 3547 3548 NTSYSAPI 3549 ULONG 3550 __cdecl 3551 DbgPrintEx( 3552 _In_ ULONG ComponentId, 3553 _In_ ULONG Level, 3554 _In_z_ _Printf_format_string_ PCSTR Format, 3555 ... 3556 ); 3557 3558 NTSYSAPI 3559 ULONG 3560 NTAPI 3561 DbgPrompt( 3562 _In_z_ PCCH Prompt, 3563 _Out_writes_bytes_(MaximumResponseLength) PCH Response, 3564 _In_ ULONG MaximumResponseLength 3565 ); 3566 3567 #undef DbgBreakPoint 3568 VOID 3569 NTAPI 3570 DbgBreakPoint( 3571 VOID 3572 ); 3573 3574 VOID 3575 NTAPI 3576 DbgLoadImageSymbols( 3577 _In_ PSTRING Name, 3578 _In_ PVOID Base, 3579 _In_ ULONG_PTR ProcessId 3580 ); 3581 3582 VOID 3583 NTAPI 3584 DbgUnLoadImageSymbols( 3585 _In_ PSTRING Name, 3586 _In_ PVOID Base, 3587 _In_ ULONG_PTR ProcessId 3588 ); 3589 3590 VOID 3591 NTAPI 3592 DbgCommandString( 3593 _In_ PCCH Name, 3594 _In_ PCCH Command 3595 ); 3596 3597 // 3598 // Generic Table Functions 3599 // 3600 #if defined(NTOS_MODE_USER) || defined(_NTIFS_) 3601 NTSYSAPI 3602 PVOID 3603 NTAPI 3604 RtlInsertElementGenericTable( 3605 _In_ PRTL_GENERIC_TABLE Table, 3606 _In_reads_bytes_(BufferSize) PVOID Buffer, 3607 _In_ CLONG BufferSize, 3608 _Out_opt_ PBOOLEAN NewElement 3609 ); 3610 3611 NTSYSAPI 3612 PVOID 3613 NTAPI 3614 RtlInsertElementGenericTableFull( 3615 _In_ PRTL_GENERIC_TABLE Table, 3616 _In_reads_bytes_(BufferSize) PVOID Buffer, 3617 _In_ CLONG BufferSize, 3618 _Out_opt_ PBOOLEAN NewElement, 3619 _In_ PVOID NodeOrParent, 3620 _In_ TABLE_SEARCH_RESULT SearchResult 3621 ); 3622 3623 NTSYSAPI 3624 BOOLEAN 3625 NTAPI 3626 RtlIsGenericTableEmpty( 3627 _In_ PRTL_GENERIC_TABLE Table 3628 ); 3629 3630 NTSYSAPI 3631 PVOID 3632 NTAPI 3633 RtlLookupElementGenericTableFull( 3634 _In_ PRTL_GENERIC_TABLE Table, 3635 _In_ PVOID Buffer, 3636 _Out_ PVOID *NodeOrParent, 3637 _Out_ TABLE_SEARCH_RESULT *SearchResult 3638 ); 3639 #endif 3640 3641 // 3642 // Handle Table Functions 3643 // 3644 NTSYSAPI 3645 PRTL_HANDLE_TABLE_ENTRY 3646 NTAPI 3647 RtlAllocateHandle( 3648 _In_ PRTL_HANDLE_TABLE HandleTable, 3649 _Inout_ PULONG Index 3650 ); 3651 3652 NTSYSAPI 3653 VOID 3654 NTAPI 3655 RtlDestroyHandleTable( 3656 _Inout_ PRTL_HANDLE_TABLE HandleTable); 3657 3658 NTSYSAPI 3659 BOOLEAN 3660 NTAPI 3661 RtlFreeHandle( 3662 _In_ PRTL_HANDLE_TABLE HandleTable, 3663 _In_ PRTL_HANDLE_TABLE_ENTRY Handle 3664 ); 3665 3666 NTSYSAPI 3667 VOID 3668 NTAPI 3669 RtlInitializeHandleTable( 3670 _In_ ULONG TableSize, 3671 _In_ ULONG HandleSize, 3672 _In_ PRTL_HANDLE_TABLE HandleTable 3673 ); 3674 3675 NTSYSAPI 3676 BOOLEAN 3677 NTAPI 3678 RtlIsValidHandle( 3679 _In_ PRTL_HANDLE_TABLE HandleTable, 3680 _In_ PRTL_HANDLE_TABLE_ENTRY Handle 3681 ); 3682 3683 _Success_(return!=FALSE) 3684 NTSYSAPI 3685 BOOLEAN 3686 NTAPI 3687 RtlIsValidIndexHandle( 3688 _In_ PRTL_HANDLE_TABLE HandleTable, 3689 _In_ ULONG Index, 3690 _Out_ PRTL_HANDLE_TABLE_ENTRY *Handle 3691 ); 3692 3693 // 3694 // PE Functions 3695 // 3696 NTSYSAPI 3697 NTSTATUS 3698 NTAPI 3699 RtlFindMessage( 3700 _In_ PVOID BaseAddress, 3701 _In_ ULONG Type, 3702 _In_ ULONG Language, 3703 _In_ ULONG MessageId, 3704 _Out_ PMESSAGE_RESOURCE_ENTRY *MessageResourceEntry 3705 ); 3706 3707 NTSYSAPI 3708 ULONG 3709 NTAPI 3710 RtlGetNtGlobalFlags(VOID); 3711 3712 _Success_(return!=NULL) 3713 NTSYSAPI 3714 PVOID 3715 NTAPI 3716 RtlImageDirectoryEntryToData( 3717 _In_ PVOID BaseAddress, 3718 _In_ BOOLEAN MappedAsImage, 3719 _In_ USHORT Directory, 3720 _Out_ PULONG Size 3721 ); 3722 3723 NTSYSAPI 3724 PVOID 3725 NTAPI 3726 RtlImageRvaToVa( 3727 _In_ PIMAGE_NT_HEADERS NtHeader, 3728 _In_ PVOID BaseAddress, 3729 _In_ ULONG Rva, 3730 _Inout_opt_ PIMAGE_SECTION_HEADER *SectionHeader 3731 ); 3732 3733 NTSYSAPI 3734 PIMAGE_NT_HEADERS 3735 NTAPI 3736 RtlImageNtHeader( 3737 _In_ PVOID BaseAddress); 3738 3739 NTSYSAPI 3740 NTSTATUS 3741 NTAPI 3742 RtlImageNtHeaderEx( 3743 _In_ ULONG Flags, 3744 _In_ PVOID BaseAddress, 3745 _In_ ULONGLONG Size, 3746 _Out_ PIMAGE_NT_HEADERS *NtHeader 3747 ); 3748 3749 NTSYSAPI 3750 PIMAGE_SECTION_HEADER 3751 NTAPI 3752 RtlImageRvaToSection( 3753 _In_ PIMAGE_NT_HEADERS NtHeader, 3754 _In_ PVOID BaseAddress, 3755 _In_ ULONG Rva 3756 ); 3757 3758 NTSYSAPI 3759 ULONG 3760 NTAPI 3761 LdrRelocateImageWithBias( 3762 _In_ PVOID NewAddress, 3763 _In_ LONGLONG AdditionalBias, 3764 _In_ PCCH LoaderName, 3765 _In_ ULONG Success, 3766 _In_ ULONG Conflict, 3767 _In_ ULONG Invalid 3768 ); 3769 3770 // 3771 // Activation Context Functions 3772 // 3773 #ifdef NTOS_MODE_USER 3774 NTSYSAPI 3775 NTSTATUS 3776 NTAPI 3777 RtlActivateActivationContextEx( 3778 _In_ ULONG Flags, 3779 _In_ PTEB Teb, 3780 _In_ PVOID Context, 3781 _Out_ PULONG_PTR Cookie 3782 ); 3783 3784 NTSYSAPI 3785 NTSTATUS 3786 NTAPI 3787 RtlActivateActivationContext( 3788 _In_ ULONG Flags, 3789 _In_ HANDLE Handle, 3790 _Out_ PULONG_PTR Cookie 3791 ); 3792 3793 NTSYSAPI 3794 VOID 3795 NTAPI 3796 RtlAddRefActivationContext( 3797 _In_ PVOID Context 3798 ); 3799 3800 NTSYSAPI 3801 PRTL_ACTIVATION_CONTEXT_STACK_FRAME 3802 FASTCALL 3803 RtlActivateActivationContextUnsafeFast( 3804 _In_ PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED Frame, 3805 _In_ PVOID Context 3806 ); 3807 3808 NTSYSAPI 3809 NTSTATUS 3810 NTAPI 3811 RtlAllocateActivationContextStack( 3812 _In_ PACTIVATION_CONTEXT_STACK *Stack 3813 ); 3814 3815 NTSYSAPI 3816 NTSTATUS 3817 NTAPI 3818 RtlCreateActivationContext( 3819 _In_ ULONG Flags, 3820 _In_ PACTIVATION_CONTEXT_DATA ActivationContextData, 3821 _In_ ULONG ExtraBytes, 3822 _In_ PVOID NotificationRoutine, 3823 _In_ PVOID NotificationContext, 3824 _Out_ PACTIVATION_CONTEXT *ActCtx 3825 ); 3826 3827 NTSYSAPI 3828 NTSTATUS 3829 NTAPI 3830 RtlGetActiveActivationContext( 3831 _In_ PVOID *Context 3832 ); 3833 3834 NTSYSAPI 3835 VOID 3836 NTAPI 3837 RtlReleaseActivationContext( 3838 _In_ HANDLE handle 3839 ); 3840 3841 NTSYSAPI 3842 NTSTATUS 3843 NTAPI 3844 RtlDeactivateActivationContext( 3845 _In_ ULONG dwFlags, 3846 _In_ ULONG_PTR ulCookie 3847 ); 3848 3849 NTSYSAPI 3850 VOID 3851 NTAPI 3852 RtlFreeActivationContextStack( 3853 _In_ PACTIVATION_CONTEXT_STACK Stack 3854 ); 3855 3856 NTSYSAPI 3857 VOID 3858 NTAPI 3859 RtlFreeThreadActivationContextStack(VOID); 3860 3861 NTSYSAPI 3862 PRTL_ACTIVATION_CONTEXT_STACK_FRAME 3863 FASTCALL 3864 RtlDeactivateActivationContextUnsafeFast( 3865 _In_ PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED Frame 3866 ); 3867 3868 NTSYSAPI 3869 NTSTATUS 3870 NTAPI 3871 RtlDosApplyFileIsolationRedirection_Ustr( 3872 _In_ ULONG Flags, 3873 _In_ PUNICODE_STRING OriginalName, 3874 _In_ PUNICODE_STRING Extension, 3875 _Inout_ PUNICODE_STRING StaticString, 3876 _Inout_ PUNICODE_STRING DynamicString, 3877 _Inout_ PUNICODE_STRING *NewName, 3878 _In_ PULONG NewFlags, 3879 _In_ PSIZE_T FileNameSize, 3880 _In_ PSIZE_T RequiredLength 3881 ); 3882 3883 NTSYSAPI 3884 NTSTATUS 3885 NTAPI 3886 RtlFindActivationContextSectionString( 3887 _In_ ULONG dwFlags, 3888 _In_ const GUID *ExtensionGuid, 3889 _In_ ULONG SectionType, 3890 _In_ const UNICODE_STRING *SectionName, 3891 _Inout_ PVOID ReturnedData 3892 ); 3893 3894 NTSYSAPI 3895 NTSTATUS 3896 NTAPI 3897 RtlQueryInformationActivationContext( 3898 _In_ DWORD dwFlags, 3899 _In_opt_ PVOID Context, 3900 _In_opt_ PVOID pvSubInstance, 3901 _In_ ULONG ulInfoClass, 3902 _Out_bytecap_(cbBuffer) PVOID pvBuffer, 3903 _In_opt_ SIZE_T cbBuffer, 3904 _Out_opt_ SIZE_T *pcbWrittenOrRequired 3905 ); 3906 3907 NTSYSAPI 3908 NTSTATUS 3909 NTAPI 3910 RtlQueryInformationActiveActivationContext( 3911 _In_ ULONG ulInfoClass, 3912 _Out_bytecap_(cbBuffer) PVOID pvBuffer, 3913 _In_opt_ SIZE_T cbBuffer, 3914 _Out_opt_ SIZE_T *pcbWrittenOrRequired 3915 ); 3916 3917 NTSYSAPI 3918 NTSTATUS 3919 NTAPI 3920 RtlZombifyActivationContext( 3921 PVOID Context 3922 ); 3923 3924 // 3925 // WOW64 Functions 3926 // 3927 NTSYSAPI 3928 NTSTATUS 3929 NTAPI 3930 RtlWow64EnableFsRedirection( 3931 _In_ BOOLEAN Wow64FsEnableRedirection 3932 ); 3933 3934 NTSYSAPI 3935 NTSTATUS 3936 NTAPI 3937 RtlWow64EnableFsRedirectionEx( 3938 _In_ PVOID Wow64FsEnableRedirection, 3939 _Out_ PVOID *OldFsRedirectionLevel 3940 ); 3941 3942 #endif 3943 3944 // 3945 // Registry Functions 3946 // 3947 _IRQL_requires_max_(PASSIVE_LEVEL) 3948 _Must_inspect_result_ 3949 NTSYSAPI 3950 NTSTATUS 3951 NTAPI 3952 RtlCheckRegistryKey( 3953 _In_ ULONG RelativeTo, 3954 _In_ PWSTR Path 3955 ); 3956 3957 NTSYSAPI 3958 NTSTATUS 3959 NTAPI 3960 RtlCreateRegistryKey( 3961 _In_ ULONG RelativeTo, 3962 _In_ PWSTR Path 3963 ); 3964 3965 NTSYSAPI 3966 NTSTATUS 3967 NTAPI 3968 RtlFormatCurrentUserKeyPath( 3969 _Out_ _At_(KeyPath->Buffer, __drv_allocatesMem(Mem) _Post_bytecap_(KeyPath->MaximumLength) _Post_bytecount_(KeyPath->Length)) 3970 PUNICODE_STRING KeyPath 3971 ); 3972 3973 NTSYSAPI 3974 NTSTATUS 3975 NTAPI 3976 RtlOpenCurrentUser( 3977 _In_ ACCESS_MASK DesiredAccess, 3978 _Out_ PHANDLE KeyHandle 3979 ); 3980 3981 _IRQL_requires_max_(PASSIVE_LEVEL) 3982 NTSYSAPI 3983 NTSTATUS 3984 NTAPI 3985 RtlQueryRegistryValues( 3986 _In_ ULONG RelativeTo, 3987 _In_ PCWSTR Path, 3988 _Inout_ _At_(*(*QueryTable).EntryContext, _Pre_unknown_) 3989 PRTL_QUERY_REGISTRY_TABLE QueryTable, 3990 _In_opt_ PVOID Context, 3991 _In_opt_ PVOID Environment 3992 ); 3993 3994 _IRQL_requires_max_(PASSIVE_LEVEL) 3995 NTSYSAPI 3996 NTSTATUS 3997 NTAPI 3998 RtlWriteRegistryValue( 3999 _In_ ULONG RelativeTo, 4000 _In_ PCWSTR Path, 4001 _In_z_ PCWSTR ValueName, 4002 _In_ ULONG ValueType, 4003 _In_reads_bytes_opt_(ValueLength) PVOID ValueData, 4004 _In_ ULONG ValueLength 4005 ); 4006 4007 #ifdef NTOS_MODE_USER 4008 NTSYSAPI 4009 NTSTATUS 4010 NTAPI 4011 RtlpNtCreateKey( 4012 _Out_ HANDLE KeyHandle, 4013 _In_ ACCESS_MASK DesiredAccess, 4014 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 4015 _In_ ULONG TitleIndex, 4016 _In_ PUNICODE_STRING Class, 4017 _Out_ PULONG Disposition 4018 ); 4019 4020 NTSYSAPI 4021 NTSTATUS 4022 NTAPI 4023 RtlpNtEnumerateSubKey( 4024 _In_ HANDLE KeyHandle, 4025 _Inout_ PUNICODE_STRING SubKeyName, 4026 _In_ ULONG Index, 4027 _In_ ULONG Unused 4028 ); 4029 4030 NTSYSAPI 4031 NTSTATUS 4032 NTAPI 4033 RtlpNtMakeTemporaryKey( 4034 _In_ HANDLE KeyHandle 4035 ); 4036 4037 NTSYSAPI 4038 NTSTATUS 4039 NTAPI 4040 RtlpNtOpenKey( 4041 _Out_ HANDLE KeyHandle, 4042 _In_ ACCESS_MASK DesiredAccess, 4043 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 4044 _In_ ULONG Unused 4045 ); 4046 4047 NTSYSAPI 4048 NTSTATUS 4049 NTAPI 4050 RtlpNtQueryValueKey( 4051 _In_ HANDLE KeyHandle, 4052 _Out_opt_ PULONG Type, 4053 _Out_opt_ PVOID Data, 4054 _Inout_opt_ PULONG DataLength, 4055 _In_ ULONG Unused 4056 ); 4057 4058 NTSYSAPI 4059 NTSTATUS 4060 NTAPI 4061 RtlpNtSetValueKey( 4062 _In_ HANDLE KeyHandle, 4063 _In_ ULONG Type, 4064 _In_ PVOID Data, 4065 _In_ ULONG DataLength 4066 ); 4067 #endif 4068 4069 // 4070 // NLS Functions 4071 // 4072 NTSYSAPI 4073 VOID 4074 NTAPI 4075 RtlGetDefaultCodePage( 4076 _Out_ PUSHORT AnsiCodePage, 4077 _Out_ PUSHORT OemCodePage 4078 ); 4079 4080 NTSYSAPI 4081 VOID 4082 NTAPI 4083 RtlInitNlsTables( 4084 _In_ PUSHORT AnsiTableBase, 4085 _In_ PUSHORT OemTableBase, 4086 _In_ PUSHORT CaseTableBase, 4087 _Out_ PNLSTABLEINFO NlsTable 4088 ); 4089 4090 _IRQL_requires_max_(PASSIVE_LEVEL) 4091 NTSYSAPI 4092 VOID 4093 NTAPI 4094 RtlInitCodePageTable( 4095 _In_ PUSHORT TableBase, 4096 _Out_ PCPTABLEINFO CodePageTable 4097 ); 4098 4099 NTSYSAPI 4100 VOID 4101 NTAPI 4102 RtlResetRtlTranslations( 4103 _In_ PNLSTABLEINFO NlsTable); 4104 4105 #if defined(NTOS_MODE_USER) && !defined(NO_RTL_INLINES) 4106 4107 // 4108 // Misc conversion functions 4109 // 4110 static __inline 4111 LARGE_INTEGER 4112 NTAPI_INLINE 4113 RtlConvertLongToLargeInteger( 4114 _In_ LONG SignedInteger 4115 ) 4116 { 4117 LARGE_INTEGER Result; 4118 4119 Result.QuadPart = SignedInteger; 4120 return Result; 4121 } 4122 4123 static __inline 4124 LARGE_INTEGER 4125 NTAPI_INLINE 4126 RtlEnlargedIntegerMultiply( 4127 _In_ LONG Multiplicand, 4128 _In_ LONG Multiplier 4129 ) 4130 { 4131 LARGE_INTEGER Product; 4132 4133 Product.QuadPart = (LONGLONG)Multiplicand * (ULONGLONG)Multiplier; 4134 return Product; 4135 } 4136 4137 static __inline 4138 ULONG 4139 NTAPI_INLINE 4140 RtlEnlargedUnsignedDivide( 4141 _In_ ULARGE_INTEGER Dividend, 4142 _In_ ULONG Divisor, 4143 _In_opt_ PULONG Remainder 4144 ) 4145 { 4146 ULONG Quotient; 4147 4148 Quotient = (ULONG)(Dividend.QuadPart / Divisor); 4149 if (Remainder) { 4150 *Remainder = (ULONG)(Dividend.QuadPart % Divisor); 4151 } 4152 4153 return Quotient; 4154 } 4155 4156 static __inline 4157 LARGE_INTEGER 4158 NTAPI_INLINE 4159 RtlEnlargedUnsignedMultiply( 4160 _In_ ULONG Multiplicand, 4161 _In_ ULONG Multiplier 4162 ) 4163 { 4164 LARGE_INTEGER Product; 4165 4166 Product.QuadPart = (ULONGLONG)Multiplicand * (ULONGLONG)Multiplier; 4167 return Product; 4168 } 4169 4170 #if defined(_AMD64_) || defined(_IA64_) 4171 static __inline 4172 LARGE_INTEGER 4173 NTAPI_INLINE 4174 RtlExtendedLargeIntegerDivide( 4175 _In_ LARGE_INTEGER Dividend, 4176 _In_ ULONG Divisor, 4177 _Out_opt_ PULONG Remainder) 4178 { 4179 LARGE_INTEGER ret; 4180 ret.QuadPart = (ULONG64)Dividend.QuadPart / Divisor; 4181 if (Remainder) 4182 *Remainder = (ULONG)(Dividend.QuadPart % Divisor); 4183 return ret; 4184 } 4185 4186 #else 4187 NTSYSAPI 4188 LARGE_INTEGER 4189 NTAPI 4190 RtlExtendedLargeIntegerDivide( 4191 _In_ LARGE_INTEGER Dividend, 4192 _In_ ULONG Divisor, 4193 _Out_opt_ PULONG Remainder 4194 ); 4195 4196 #endif /* defined(_AMD64_) || defined(_IA64_) */ 4197 4198 #endif 4199 4200 4201 NTSYSAPI 4202 ULONG 4203 NTAPI 4204 RtlUniform( 4205 _In_ PULONG Seed 4206 ); 4207 4208 NTSYSAPI 4209 ULONG 4210 NTAPI 4211 RtlRandom( 4212 _Inout_ PULONG Seed 4213 ); 4214 4215 NTSYSAPI 4216 ULONG 4217 NTAPI 4218 RtlComputeCrc32( 4219 _In_ ULONG InitialCrc, 4220 _In_ PUCHAR Buffer, 4221 _In_ ULONG Length 4222 ); 4223 4224 // 4225 // Network Functions 4226 // 4227 NTSYSAPI 4228 PSTR 4229 NTAPI 4230 RtlIpv4AddressToStringA( 4231 _In_ const struct in_addr *Addr, 4232 _Out_writes_(16) PCHAR S 4233 ); 4234 4235 NTSYSAPI 4236 PWSTR 4237 NTAPI 4238 RtlIpv4AddressToStringW( 4239 _In_ const struct in_addr *Addr, 4240 _Out_writes_(16) PWCHAR S 4241 ); 4242 4243 NTSYSAPI 4244 NTSTATUS 4245 NTAPI 4246 RtlIpv4AddressToStringExA( 4247 _In_ const struct in_addr *Address, 4248 _In_ USHORT Port, 4249 _Out_writes_to_(*AddressStringLength, *AddressStringLength) PCHAR AddressString, 4250 _Inout_ PULONG AddressStringLength 4251 ); 4252 4253 NTSTATUS 4254 NTAPI 4255 RtlIpv4AddressToStringExW( 4256 _In_ const struct in_addr *Address, 4257 _In_ USHORT Port, 4258 _Out_writes_to_(*AddressStringLength, *AddressStringLength) PWCHAR AddressString, 4259 _Inout_ PULONG AddressStringLength 4260 ); 4261 4262 NTSYSAPI 4263 NTSTATUS 4264 NTAPI 4265 RtlIpv4StringToAddressA( 4266 _In_ PCSTR String, 4267 _In_ BOOLEAN Strict, 4268 _Out_ PCSTR *Terminator, 4269 _Out_ struct in_addr *Addr 4270 ); 4271 4272 NTSYSAPI 4273 NTSTATUS 4274 NTAPI 4275 RtlIpv4StringToAddressW( 4276 _In_ PCWSTR String, 4277 _In_ BOOLEAN Strict, 4278 _Out_ PCWSTR *Terminator, 4279 _Out_ struct in_addr *Addr 4280 ); 4281 4282 NTSYSAPI 4283 NTSTATUS 4284 NTAPI 4285 RtlIpv4StringToAddressExA( 4286 _In_ PCSTR AddressString, 4287 _In_ BOOLEAN Strict, 4288 _Out_ struct in_addr *Address, 4289 _Out_ PUSHORT Port 4290 ); 4291 4292 NTSYSAPI 4293 NTSTATUS 4294 NTAPI 4295 RtlIpv4StringToAddressExW( 4296 _In_ PCWSTR AddressString, 4297 _In_ BOOLEAN Strict, 4298 _Out_ struct in_addr *Address, 4299 _Out_ PUSHORT Port 4300 ); 4301 4302 NTSYSAPI 4303 PSTR 4304 NTAPI 4305 RtlIpv6AddressToStringA( 4306 _In_ const struct in6_addr *Addr, 4307 _Out_writes_(46) PSTR S 4308 ); 4309 4310 NTSYSAPI 4311 PWSTR 4312 NTAPI 4313 RtlIpv6AddressToStringW( 4314 _In_ const struct in6_addr *Addr, 4315 _Out_writes_(46) PWSTR S 4316 ); 4317 4318 NTSYSAPI 4319 NTSTATUS 4320 NTAPI 4321 RtlIpv6AddressToStringExA( 4322 _In_ const struct in6_addr *Address, 4323 _In_ ULONG ScopeId, 4324 _In_ USHORT Port, 4325 _Out_writes_to_(*AddressStringLength, *AddressStringLength) PSTR AddressString, 4326 _Inout_ PULONG AddressStringLength 4327 ); 4328 4329 NTSYSAPI 4330 NTSTATUS 4331 NTAPI 4332 RtlIpv6AddressToStringExW( 4333 _In_ const struct in6_addr *Address, 4334 _In_ ULONG ScopeId, 4335 _In_ USHORT Port, 4336 _Out_writes_to_(*AddressStringLength, *AddressStringLength) PWCHAR AddressString, 4337 _Inout_ PULONG AddressStringLength 4338 ); 4339 4340 NTSYSAPI 4341 NTSTATUS 4342 NTAPI 4343 RtlIpv6StringToAddressA( 4344 _In_ PCSTR String, 4345 _Out_ PCSTR *Terminator, 4346 _Out_ struct in6_addr *Addr 4347 ); 4348 4349 NTSYSAPI 4350 NTSTATUS 4351 NTAPI 4352 RtlIpv6StringToAddressW( 4353 _In_ PCWSTR String, 4354 _Out_ PCWSTR *Terminator, 4355 _Out_ struct in6_addr *Addr 4356 ); 4357 4358 NTSYSAPI 4359 NTSTATUS 4360 NTAPI 4361 RtlIpv6StringToAddressExA( 4362 _In_ PCSTR AddressString, 4363 _Out_ struct in6_addr *Address, 4364 _Out_ PULONG ScopeId, 4365 _Out_ PUSHORT Port 4366 ); 4367 4368 NTSYSAPI 4369 NTSTATUS 4370 NTAPI 4371 RtlIpv6StringToAddressExW( 4372 _In_ PCWSTR AddressString, 4373 _Out_ struct in6_addr *Address, 4374 _Out_ PULONG ScopeId, 4375 _Out_ PUSHORT Port 4376 ); 4377 4378 4379 // 4380 // Time Functions 4381 // 4382 NTSYSAPI 4383 NTSTATUS 4384 NTAPI 4385 RtlQueryTimeZoneInformation( 4386 _Out_ PRTL_TIME_ZONE_INFORMATION TimeZoneInformation); 4387 4388 NTSYSAPI 4389 VOID 4390 NTAPI 4391 RtlSecondsSince1970ToTime( 4392 _In_ ULONG SecondsSince1970, 4393 _Out_ PLARGE_INTEGER Time 4394 ); 4395 4396 NTSYSAPI 4397 NTSTATUS 4398 NTAPI 4399 RtlSetTimeZoneInformation( 4400 _In_ PRTL_TIME_ZONE_INFORMATION TimeZoneInformation); 4401 4402 _Success_(return!=FALSE) 4403 _Must_inspect_result_ 4404 NTSYSAPI 4405 BOOLEAN 4406 NTAPI 4407 RtlTimeFieldsToTime( 4408 _In_ PTIME_FIELDS TimeFields, 4409 _Out_ PLARGE_INTEGER Time 4410 ); 4411 4412 _Success_(return != 0) 4413 _Must_inspect_result_ 4414 NTSYSAPI 4415 BOOLEAN 4416 NTAPI 4417 RtlTimeToSecondsSince1970( 4418 _In_ PLARGE_INTEGER Time, 4419 _Out_ PULONG ElapsedSeconds 4420 ); 4421 4422 NTSYSAPI 4423 VOID 4424 NTAPI 4425 RtlTimeToTimeFields( 4426 PLARGE_INTEGER Time, 4427 PTIME_FIELDS TimeFields 4428 ); 4429 4430 NTSYSAPI 4431 NTSTATUS 4432 NTAPI 4433 RtlSystemTimeToLocalTime( 4434 _In_ PLARGE_INTEGER SystemTime, 4435 _Out_ PLARGE_INTEGER LocalTime 4436 ); 4437 4438 // 4439 // Version Functions 4440 // 4441 _IRQL_requires_max_(PASSIVE_LEVEL) 4442 _Must_inspect_result_ 4443 NTSYSAPI 4444 NTSTATUS 4445 NTAPI 4446 RtlVerifyVersionInfo( 4447 _In_ PRTL_OSVERSIONINFOEXW VersionInfo, 4448 _In_ ULONG TypeMask, 4449 _In_ ULONGLONG ConditionMask 4450 ); 4451 4452 _IRQL_requires_max_(PASSIVE_LEVEL) 4453 NTSYSAPI 4454 NTSTATUS 4455 NTAPI 4456 RtlGetVersion( 4457 _Out_ 4458 _At_(lpVersionInformation->dwOSVersionInfoSize, _Pre_ _Valid_) 4459 _When_(lpVersionInformation->dwOSVersionInfoSize == sizeof(RTL_OSVERSIONINFOEXW), 4460 _At_((PRTL_OSVERSIONINFOEXW)lpVersionInformation, _Out_)) 4461 PRTL_OSVERSIONINFOW lpVersionInformation 4462 ); 4463 4464 NTSYSAPI 4465 BOOLEAN 4466 NTAPI 4467 RtlGetNtProductType(OUT PNT_PRODUCT_TYPE ProductType); 4468 4469 // 4470 // Secure Memory Functions 4471 // 4472 #ifdef NTOS_MODE_USER 4473 NTSYSAPI 4474 NTSTATUS 4475 NTAPI 4476 RtlRegisterSecureMemoryCacheCallback( 4477 _In_ PRTL_SECURE_MEMORY_CACHE_CALLBACK Callback); 4478 4479 NTSYSAPI 4480 BOOLEAN 4481 NTAPI 4482 RtlFlushSecureMemoryCache( 4483 _In_ PVOID MemoryCache, 4484 _In_opt_ SIZE_T MemoryLength 4485 ); 4486 #endif 4487 4488 // 4489 // Boot Status Data Functions 4490 // 4491 #ifdef NTOS_MODE_USER 4492 NTSYSAPI 4493 NTSTATUS 4494 NTAPI 4495 RtlCreateBootStatusDataFile( 4496 VOID 4497 ); 4498 4499 NTSYSAPI 4500 NTSTATUS 4501 NTAPI 4502 RtlGetSetBootStatusData( 4503 _In_ HANDLE FileHandle, 4504 _In_ BOOLEAN WriteMode, 4505 _In_ RTL_BSD_ITEM_TYPE DataClass, 4506 _In_ PVOID Buffer, 4507 _In_ ULONG BufferSize, 4508 _Out_opt_ PULONG ReturnLength 4509 ); 4510 4511 NTSYSAPI 4512 NTSTATUS 4513 NTAPI 4514 RtlLockBootStatusData( 4515 _Out_ PHANDLE FileHandle 4516 ); 4517 4518 NTSYSAPI 4519 NTSTATUS 4520 NTAPI 4521 RtlUnlockBootStatusData( 4522 _In_ HANDLE FileHandle 4523 ); 4524 #endif 4525 4526 #ifdef NTOS_MODE_USER 4527 _Must_inspect_result_ 4528 NTSYSAPI 4529 NTSTATUS 4530 NTAPI 4531 RtlGUIDFromString( 4532 _In_ PUNICODE_STRING GuidString, 4533 _Out_ GUID *Guid); 4534 4535 _Must_inspect_result_ 4536 NTSYSAPI 4537 NTSTATUS 4538 NTAPI 4539 RtlStringFromGUID( 4540 _In_ REFGUID Guid, 4541 _Out_ _At_(GuidString->Buffer, __drv_allocatesMem(Mem)) 4542 PUNICODE_STRING GuidString); 4543 4544 NTSYSAPI 4545 NTSTATUS 4546 NTAPI 4547 RtlComputeImportTableHash( 4548 _In_ HANDLE hFile, 4549 _Out_ PCHAR Hash, 4550 _In_ ULONG ImportTableHashRevision 4551 ); 4552 #endif 4553 4554 // 4555 // MemoryStream functions 4556 // 4557 #ifdef NTOS_MODE_USER 4558 4559 NTSYSAPI 4560 VOID 4561 NTAPI 4562 RtlInitMemoryStream( 4563 _Out_ PRTL_MEMORY_STREAM Stream 4564 ); 4565 4566 NTSYSAPI 4567 VOID 4568 NTAPI 4569 RtlInitOutOfProcessMemoryStream( 4570 _Out_ PRTL_MEMORY_STREAM Stream 4571 ); 4572 4573 NTSYSAPI 4574 VOID 4575 NTAPI 4576 RtlFinalReleaseOutOfProcessMemoryStream( 4577 _In_ PRTL_MEMORY_STREAM Stream 4578 ); 4579 4580 NTSYSAPI 4581 HRESULT 4582 NTAPI 4583 RtlQueryInterfaceMemoryStream( 4584 _In_ struct IStream *This, 4585 _In_ REFIID RequestedIid, 4586 _Outptr_ PVOID *ResultObject 4587 ); 4588 4589 NTSYSAPI 4590 ULONG 4591 NTAPI 4592 RtlAddRefMemoryStream( 4593 _In_ struct IStream *This 4594 ); 4595 4596 NTSYSAPI 4597 ULONG 4598 NTAPI 4599 RtlReleaseMemoryStream( 4600 _In_ struct IStream *This 4601 ); 4602 4603 NTSYSAPI 4604 HRESULT 4605 NTAPI 4606 RtlReadMemoryStream( 4607 _In_ struct IStream *This, 4608 _Out_writes_bytes_(Length) PVOID Buffer, 4609 _In_ ULONG Length, 4610 _Out_opt_ PULONG BytesRead 4611 ); 4612 4613 NTSYSAPI 4614 HRESULT 4615 NTAPI 4616 RtlReadOutOfProcessMemoryStream( 4617 _In_ struct IStream *This, 4618 _Out_writes_bytes_(Length) PVOID Buffer, 4619 _In_ ULONG Length, 4620 _Out_opt_ PULONG BytesRead 4621 ); 4622 4623 NTSYSAPI 4624 HRESULT 4625 NTAPI 4626 RtlSeekMemoryStream( 4627 _In_ struct IStream *This, 4628 _In_ LARGE_INTEGER RelativeOffset, 4629 _In_ ULONG Origin, 4630 _Out_opt_ PULARGE_INTEGER ResultOffset 4631 ); 4632 4633 NTSYSAPI 4634 HRESULT 4635 NTAPI 4636 RtlCopyMemoryStreamTo( 4637 _In_ struct IStream *This, 4638 _In_ struct IStream *Target, 4639 _In_ ULARGE_INTEGER Length, 4640 _Out_opt_ PULARGE_INTEGER BytesRead, 4641 _Out_opt_ PULARGE_INTEGER BytesWritten 4642 ); 4643 4644 NTSYSAPI 4645 HRESULT 4646 NTAPI 4647 RtlCopyOutOfProcessMemoryStreamTo( 4648 _In_ struct IStream *This, 4649 _In_ struct IStream *Target, 4650 _In_ ULARGE_INTEGER Length, 4651 _Out_opt_ PULARGE_INTEGER BytesRead, 4652 _Out_opt_ PULARGE_INTEGER BytesWritten 4653 ); 4654 4655 NTSYSAPI 4656 HRESULT 4657 NTAPI 4658 RtlStatMemoryStream( 4659 _In_ struct IStream *This, 4660 _Out_ struct tagSTATSTG *Stats, 4661 _In_ ULONG Flags 4662 ); 4663 4664 // Dummy functions 4665 NTSYSAPI 4666 HRESULT 4667 NTAPI 4668 RtlWriteMemoryStream( 4669 _In_ struct IStream *This, 4670 _In_reads_bytes_(Length) CONST VOID *Buffer, 4671 _In_ ULONG Length, 4672 _Out_opt_ PULONG BytesWritten 4673 ); 4674 4675 NTSYSAPI 4676 HRESULT 4677 NTAPI 4678 RtlSetMemoryStreamSize( 4679 _In_ struct IStream *This, 4680 _In_ ULARGE_INTEGER NewSize 4681 ); 4682 4683 NTSYSAPI 4684 HRESULT 4685 NTAPI 4686 RtlCommitMemoryStream( 4687 _In_ struct IStream *This, 4688 _In_ ULONG CommitFlags 4689 ); 4690 4691 NTSYSAPI 4692 HRESULT 4693 NTAPI 4694 RtlRevertMemoryStream( 4695 _In_ struct IStream *This 4696 ); 4697 4698 NTSYSAPI 4699 HRESULT 4700 NTAPI 4701 RtlLockMemoryStreamRegion( 4702 _In_ struct IStream *This, 4703 _In_ ULARGE_INTEGER Offset, 4704 _In_ ULARGE_INTEGER Length, 4705 _In_ ULONG LockType 4706 ); 4707 4708 NTSYSAPI 4709 HRESULT 4710 NTAPI 4711 RtlUnlockMemoryStreamRegion( 4712 _In_ struct IStream *This, 4713 _In_ ULARGE_INTEGER Offset, 4714 _In_ ULARGE_INTEGER Length, 4715 _In_ ULONG LockType 4716 ); 4717 4718 NTSYSAPI 4719 HRESULT 4720 NTAPI 4721 RtlCloneMemoryStream( 4722 _In_ struct IStream *This, 4723 _Outptr_ struct IStream **ResultStream 4724 ); 4725 4726 #endif // NTOS_MODE_USER 4727 4728 NTSYSAPI 4729 NTSTATUS 4730 NTAPI 4731 RtlFindActivationContextSectionGuid( 4732 ULONG flags, 4733 const GUID *extguid, 4734 ULONG section_kind, 4735 const GUID *guid, 4736 void *ptr 4737 ); 4738 4739 #ifdef __cplusplus 4740 } 4741 #endif 4742 4743 #endif 4744