1 use crate::ntapi_base::{PCLIENT_ID, PRTL_ATOM, RTL_ATOM}; 2 use crate::ntdbg::DEBUGOBJECTINFOCLASS; 3 use crate::ntexapi::{ 4 ATOM_INFORMATION_CLASS, EVENT_INFORMATION_CLASS, MUTANT_INFORMATION_CLASS, PBOOT_ENTRY, 5 PBOOT_OPTIONS, PCWNF_TYPE_ID, PEFI_DRIVER_ENTRY, PFILE_PATH, PT2_CANCEL_PARAMETERS, 6 PT2_SET_PARAMETERS, PTIMER_APC_ROUTINE, PWNF_CHANGE_STAMP, PWNF_DELIVERY_DESCRIPTOR, 7 SEMAPHORE_INFORMATION_CLASS, SHUTDOWN_ACTION, SYSDBG_COMMAND, SYSTEM_INFORMATION_CLASS, 8 TIMER_INFORMATION_CLASS, TIMER_SET_INFORMATION_CLASS, WNF_CHANGE_STAMP, WNF_DATA_SCOPE, 9 WNF_STATE_NAME_INFORMATION, WNF_STATE_NAME_LIFETIME, WORKERFACTORYINFOCLASS, 10 }; 11 use crate::ntioapi::{ 12 FILE_INFORMATION_CLASS, FILE_IO_COMPLETION_INFORMATION, FS_INFORMATION_CLASS, 13 IO_COMPLETION_INFORMATION_CLASS, IO_SESSION_EVENT, IO_SESSION_STATE, PFILE_BASIC_INFORMATION, 14 PFILE_IO_COMPLETION_INFORMATION, PFILE_NETWORK_OPEN_INFORMATION, PIO_APC_ROUTINE, 15 PIO_STATUS_BLOCK, 16 }; 17 use crate::ntkeapi::KPROFILE_SOURCE; 18 use crate::ntlpcapi::{ 19 ALPC_HANDLE, ALPC_MESSAGE_INFORMATION_CLASS, ALPC_PORT_INFORMATION_CLASS, PALPC_CONTEXT_ATTR, 20 PALPC_DATA_VIEW_ATTR, PALPC_HANDLE, PALPC_MESSAGE_ATTRIBUTES, PALPC_PORT_ATTRIBUTES, 21 PALPC_SECURITY_ATTR, PORT_INFORMATION_CLASS, PPORT_MESSAGE, PPORT_VIEW, PREMOTE_PORT_VIEW, 22 }; 23 use crate::ntmisc::VDMSERVICECLASS; 24 use crate::ntmmapi::{ 25 MEMORY_INFORMATION_CLASS, MEMORY_PARTITION_INFORMATION_CLASS, PMEMORY_RANGE_ENTRY, 26 SECTION_INFORMATION_CLASS, SECTION_INHERIT, VIRTUAL_MEMORY_INFORMATION_CLASS, 27 }; 28 use crate::ntobapi::OBJECT_INFORMATION_CLASS; 29 use crate::ntpnpapi::{PLUGPLAY_CONTROL_CLASS, PPLUGPLAY_EVENT_BLOCK}; 30 use crate::ntpsapi::{ 31 MEMORY_RESERVE_TYPE, PINITIAL_TEB, PPS_APC_ROUTINE, PPS_ATTRIBUTE_LIST, PPS_CREATE_INFO, 32 PROCESSINFOCLASS, THREADINFOCLASS, 33 }; 34 use crate::ntregapi::{ 35 KEY_INFORMATION_CLASS, KEY_SET_INFORMATION_CLASS, KEY_VALUE_INFORMATION_CLASS, 36 PKEY_VALUE_ENTRY, 37 }; 38 use crate::ntseapi::PTOKEN_SECURITY_ATTRIBUTES_INFORMATION; 39 use winapi::shared::basetsd::{ 40 KAFFINITY, PSIZE_T, PULONG64, PULONG_PTR, SIZE_T, ULONG64, ULONG_PTR, 41 }; 42 use winapi::shared::guiddef::LPGUID; 43 use winapi::shared::ktmtypes::{NOTIFICATION_MASK, PCRM_PROTOCOL_ID, PTRANSACTION_NOTIFICATION}; 44 use winapi::shared::ntdef::{ 45 BOOLEAN, EVENT_TYPE, HANDLE, LANGID, LCID, LOGICAL, LONG, NTSTATUS, OBJECT_ATTRIBUTES, 46 PBOOLEAN, PCHAR, PCWNF_STATE_NAME, PGROUP_AFFINITY, PHANDLE, PLARGE_INTEGER, PLCID, PLONG, 47 PLUID, PNTSTATUS, POBJECT_ATTRIBUTES, PUCHAR, PULARGE_INTEGER, PULONG, PULONGLONG, 48 PUNICODE_STRING, PUSHORT, PVOID, PWNF_STATE_NAME, PWSTR, TIMER_TYPE, ULONG, USHORT, VOID, 49 WAIT_TYPE, 50 }; 51 use winapi::um::winnt::{ 52 ACCESS_MASK, AUDIT_EVENT_TYPE, ENLISTMENT_INFORMATION_CLASS, EXECUTION_STATE, 53 JOBOBJECTINFOCLASS, KTMOBJECT_TYPE, LATENCY_TIME, PACCESS_MASK, PCONTEXT, PDEVICE_POWER_STATE, 54 PEXCEPTION_RECORD, PFILE_SEGMENT_ELEMENT, PGENERIC_MAPPING, PJOB_SET_ARRAY, PKTMOBJECT_CURSOR, 55 POBJECT_TYPE_LIST, POWER_ACTION, POWER_INFORMATION_LEVEL, PPRIVILEGE_SET, PSECURITY_DESCRIPTOR, 56 PSECURITY_QUALITY_OF_SERVICE, PSE_SIGNING_LEVEL, PSID, PSID_AND_ATTRIBUTES, 57 PTOKEN_DEFAULT_DACL, PTOKEN_GROUPS, PTOKEN_MANDATORY_POLICY, PTOKEN_OWNER, 58 PTOKEN_PRIMARY_GROUP, PTOKEN_PRIVILEGES, PTOKEN_SOURCE, PTOKEN_USER, 59 RESOURCEMANAGER_INFORMATION_CLASS, SECURITY_INFORMATION, SE_SIGNING_LEVEL, SYSTEM_POWER_STATE, 60 TOKEN_INFORMATION_CLASS, TOKEN_TYPE, TRANSACTIONMANAGER_INFORMATION_CLASS, 61 TRANSACTION_INFORMATION_CLASS, 62 }; 63 EXTERN!{extern "system" { 64 fn ZwAcceptConnectPort( 65 PortHandle: PHANDLE, 66 PortContext: PVOID, 67 ConnectionRequest: PPORT_MESSAGE, 68 AcceptConnection: BOOLEAN, 69 ServerView: PPORT_VIEW, 70 ClientView: PREMOTE_PORT_VIEW, 71 ) -> NTSTATUS; 72 fn ZwAccessCheck( 73 SecurityDescriptor: PSECURITY_DESCRIPTOR, 74 ClientToken: HANDLE, 75 DesiredAccess: ACCESS_MASK, 76 GenericMapping: PGENERIC_MAPPING, 77 PrivilegeSet: PPRIVILEGE_SET, 78 PrivilegeSetLength: PULONG, 79 GrantedAccess: PACCESS_MASK, 80 AccessStatus: PNTSTATUS, 81 ) -> NTSTATUS; 82 fn ZwAccessCheckAndAuditAlarm( 83 SubsystemName: PUNICODE_STRING, 84 HandleId: PVOID, 85 ObjectTypeName: PUNICODE_STRING, 86 ObjectName: PUNICODE_STRING, 87 SecurityDescriptor: PSECURITY_DESCRIPTOR, 88 DesiredAccess: ACCESS_MASK, 89 GenericMapping: PGENERIC_MAPPING, 90 ObjectCreation: BOOLEAN, 91 GrantedAccess: PACCESS_MASK, 92 AccessStatus: PNTSTATUS, 93 GenerateOnClose: PBOOLEAN, 94 ) -> NTSTATUS; 95 fn ZwAccessCheckByType( 96 SecurityDescriptor: PSECURITY_DESCRIPTOR, 97 PrincipalSelfSid: PSID, 98 ClientToken: HANDLE, 99 DesiredAccess: ACCESS_MASK, 100 ObjectTypeList: POBJECT_TYPE_LIST, 101 ObjectTypeListLength: ULONG, 102 GenericMapping: PGENERIC_MAPPING, 103 PrivilegeSet: PPRIVILEGE_SET, 104 PrivilegeSetLength: PULONG, 105 GrantedAccess: PACCESS_MASK, 106 AccessStatus: PNTSTATUS, 107 ) -> NTSTATUS; 108 fn ZwAccessCheckByTypeAndAuditAlarm( 109 SubsystemName: PUNICODE_STRING, 110 HandleId: PVOID, 111 ObjectTypeName: PUNICODE_STRING, 112 ObjectName: PUNICODE_STRING, 113 SecurityDescriptor: PSECURITY_DESCRIPTOR, 114 PrincipalSelfSid: PSID, 115 DesiredAccess: ACCESS_MASK, 116 AuditType: AUDIT_EVENT_TYPE, 117 Flags: ULONG, 118 ObjectTypeList: POBJECT_TYPE_LIST, 119 ObjectTypeListLength: ULONG, 120 GenericMapping: PGENERIC_MAPPING, 121 ObjectCreation: BOOLEAN, 122 GrantedAccess: PACCESS_MASK, 123 AccessStatus: PNTSTATUS, 124 GenerateOnClose: PBOOLEAN, 125 ) -> NTSTATUS; 126 fn ZwAccessCheckByTypeResultList( 127 SecurityDescriptor: PSECURITY_DESCRIPTOR, 128 PrincipalSelfSid: PSID, 129 ClientToken: HANDLE, 130 DesiredAccess: ACCESS_MASK, 131 ObjectTypeList: POBJECT_TYPE_LIST, 132 ObjectTypeListLength: ULONG, 133 GenericMapping: PGENERIC_MAPPING, 134 PrivilegeSet: PPRIVILEGE_SET, 135 PrivilegeSetLength: PULONG, 136 GrantedAccess: PACCESS_MASK, 137 AccessStatus: PNTSTATUS, 138 ) -> NTSTATUS; 139 fn ZwAccessCheckByTypeResultListAndAuditAlarm( 140 SubsystemName: PUNICODE_STRING, 141 HandleId: PVOID, 142 ObjectTypeName: PUNICODE_STRING, 143 ObjectName: PUNICODE_STRING, 144 SecurityDescriptor: PSECURITY_DESCRIPTOR, 145 PrincipalSelfSid: PSID, 146 DesiredAccess: ACCESS_MASK, 147 AuditType: AUDIT_EVENT_TYPE, 148 Flags: ULONG, 149 ObjectTypeList: POBJECT_TYPE_LIST, 150 ObjectTypeListLength: ULONG, 151 GenericMapping: PGENERIC_MAPPING, 152 ObjectCreation: BOOLEAN, 153 GrantedAccess: PACCESS_MASK, 154 AccessStatus: PNTSTATUS, 155 GenerateOnClose: PBOOLEAN, 156 ) -> NTSTATUS; 157 fn ZwAccessCheckByTypeResultListAndAuditAlarmByHandle( 158 SubsystemName: PUNICODE_STRING, 159 HandleId: PVOID, 160 ClientToken: HANDLE, 161 ObjectTypeName: PUNICODE_STRING, 162 ObjectName: PUNICODE_STRING, 163 SecurityDescriptor: PSECURITY_DESCRIPTOR, 164 PrincipalSelfSid: PSID, 165 DesiredAccess: ACCESS_MASK, 166 AuditType: AUDIT_EVENT_TYPE, 167 Flags: ULONG, 168 ObjectTypeList: POBJECT_TYPE_LIST, 169 ObjectTypeListLength: ULONG, 170 GenericMapping: PGENERIC_MAPPING, 171 ObjectCreation: BOOLEAN, 172 GrantedAccess: PACCESS_MASK, 173 AccessStatus: PNTSTATUS, 174 GenerateOnClose: PBOOLEAN, 175 ) -> NTSTATUS; 176 fn ZwAcquireCMFViewOwnership( 177 TimeStamp: PULONGLONG, 178 tokenTaken: PBOOLEAN, 179 replaceExisting: BOOLEAN, 180 ) -> NTSTATUS; 181 fn ZwAddAtom( 182 AtomName: PWSTR, 183 Length: ULONG, 184 Atom: PRTL_ATOM, 185 ) -> NTSTATUS; 186 fn ZwAddAtomEx( 187 AtomName: PWSTR, 188 Length: ULONG, 189 Atom: PRTL_ATOM, 190 Flags: ULONG, 191 ) -> NTSTATUS; 192 fn ZwAddBootEntry( 193 BootEntry: PBOOT_ENTRY, 194 Id: PULONG, 195 ) -> NTSTATUS; 196 fn ZwAddDriverEntry( 197 DriverEntry: PEFI_DRIVER_ENTRY, 198 Id: PULONG, 199 ) -> NTSTATUS; 200 fn ZwAdjustGroupsToken( 201 TokenHandle: HANDLE, 202 ResetToDefault: BOOLEAN, 203 NewState: PTOKEN_GROUPS, 204 BufferLength: ULONG, 205 PreviousState: PTOKEN_GROUPS, 206 ReturnLength: PULONG, 207 ) -> NTSTATUS; 208 fn ZwAdjustPrivilegesToken( 209 TokenHandle: HANDLE, 210 DisableAllPrivileges: BOOLEAN, 211 NewState: PTOKEN_PRIVILEGES, 212 BufferLength: ULONG, 213 PreviousState: PTOKEN_PRIVILEGES, 214 ReturnLength: PULONG, 215 ) -> NTSTATUS; 216 fn ZwAdjustTokenClaimsAndDeviceGroups( 217 TokenHandle: HANDLE, 218 UserResetToDefault: BOOLEAN, 219 DeviceResetToDefault: BOOLEAN, 220 DeviceGroupsResetToDefault: BOOLEAN, 221 NewUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, 222 NewDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, 223 NewDeviceGroupsState: PTOKEN_GROUPS, 224 UserBufferLength: ULONG, 225 PreviousUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, 226 DeviceBufferLength: ULONG, 227 PreviousDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, 228 DeviceGroupsBufferLength: ULONG, 229 PreviousDeviceGroups: PTOKEN_GROUPS, 230 UserReturnLength: PULONG, 231 DeviceReturnLength: PULONG, 232 DeviceGroupsReturnBufferLength: PULONG, 233 ) -> NTSTATUS; 234 fn ZwAlertResumeThread( 235 ThreadHandle: HANDLE, 236 PreviousSuspendCount: PULONG, 237 ) -> NTSTATUS; 238 fn ZwAlertThread( 239 ThreadHandle: HANDLE, 240 ) -> NTSTATUS; 241 fn ZwAlertThreadByThreadId( 242 ThreadId: HANDLE, 243 ) -> NTSTATUS; 244 fn ZwAllocateLocallyUniqueId( 245 Luid: PLUID, 246 ) -> NTSTATUS; 247 fn ZwAllocateReserveObject( 248 MemoryReserveHandle: PHANDLE, 249 ObjectAttributes: POBJECT_ATTRIBUTES, 250 Type: MEMORY_RESERVE_TYPE, 251 ) -> NTSTATUS; 252 fn ZwAllocateUserPhysicalPages( 253 ProcessHandle: HANDLE, 254 NumberOfPages: PULONG_PTR, 255 UserPfnArray: PULONG_PTR, 256 ) -> NTSTATUS; 257 fn ZwAllocateUuids( 258 Time: PULARGE_INTEGER, 259 Range: PULONG, 260 Sequence: PULONG, 261 Seed: PCHAR, 262 ) -> NTSTATUS; 263 fn ZwAllocateVirtualMemory( 264 ProcessHandle: HANDLE, 265 BaseAddress: *mut PVOID, 266 ZeroBits: ULONG_PTR, 267 RegionSize: PSIZE_T, 268 AllocationType: ULONG, 269 Protect: ULONG, 270 ) -> NTSTATUS; 271 fn ZwAlpcAcceptConnectPort( 272 PortHandle: PHANDLE, 273 ConnectionPortHandle: HANDLE, 274 Flags: ULONG, 275 ObjectAttributes: POBJECT_ATTRIBUTES, 276 PortAttributes: PALPC_PORT_ATTRIBUTES, 277 PortContext: PVOID, 278 ConnectionRequest: PPORT_MESSAGE, 279 ConnectionMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, 280 AcceptConnection: BOOLEAN, 281 ) -> NTSTATUS; 282 fn ZwAlpcCancelMessage( 283 PortHandle: HANDLE, 284 Flags: ULONG, 285 MessageContext: PALPC_CONTEXT_ATTR, 286 ) -> NTSTATUS; 287 fn ZwAlpcConnectPort( 288 PortHandle: PHANDLE, 289 PortName: PUNICODE_STRING, 290 ObjectAttributes: POBJECT_ATTRIBUTES, 291 PortAttributes: PALPC_PORT_ATTRIBUTES, 292 Flags: ULONG, 293 RequiredServerSid: PSID, 294 ConnectionMessage: PPORT_MESSAGE, 295 BufferLength: PULONG, 296 OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, 297 InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, 298 Timeout: PLARGE_INTEGER, 299 ) -> NTSTATUS; 300 fn ZwAlpcConnectPortEx( 301 PortHandle: PHANDLE, 302 ConnectionPortObjectAttributes: POBJECT_ATTRIBUTES, 303 ClientPortObjectAttributes: POBJECT_ATTRIBUTES, 304 PortAttributes: PALPC_PORT_ATTRIBUTES, 305 Flags: ULONG, 306 ServerSecurityRequirements: PSECURITY_DESCRIPTOR, 307 ConnectionMessage: PPORT_MESSAGE, 308 BufferLength: PSIZE_T, 309 OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, 310 InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, 311 Timeout: PLARGE_INTEGER, 312 ) -> NTSTATUS; 313 fn ZwAlpcCreatePort( 314 PortHandle: PHANDLE, 315 ObjectAttributes: POBJECT_ATTRIBUTES, 316 PortAttributes: PALPC_PORT_ATTRIBUTES, 317 ) -> NTSTATUS; 318 fn ZwAlpcCreatePortSection( 319 PortHandle: HANDLE, 320 Flags: ULONG, 321 SectionHandle: HANDLE, 322 SectionSize: SIZE_T, 323 AlpcSectionHandle: PALPC_HANDLE, 324 ActualSectionSize: PSIZE_T, 325 ) -> NTSTATUS; 326 fn ZwAlpcCreateResourceReserve( 327 PortHandle: HANDLE, 328 Flags: ULONG, 329 MessageSize: SIZE_T, 330 ResourceId: PALPC_HANDLE, 331 ) -> NTSTATUS; 332 fn ZwAlpcCreateSectionView( 333 PortHandle: HANDLE, 334 Flags: ULONG, 335 ViewAttributes: PALPC_DATA_VIEW_ATTR, 336 ) -> NTSTATUS; 337 fn ZwAlpcCreateSecurityContext( 338 PortHandle: HANDLE, 339 Flags: ULONG, 340 SecurityAttribute: PALPC_SECURITY_ATTR, 341 ) -> NTSTATUS; 342 fn ZwAlpcDeletePortSection( 343 PortHandle: HANDLE, 344 Flags: ULONG, 345 SectionHandle: ALPC_HANDLE, 346 ) -> NTSTATUS; 347 fn ZwAlpcDeleteResourceReserve( 348 PortHandle: HANDLE, 349 Flags: ULONG, 350 ResourceId: ALPC_HANDLE, 351 ) -> NTSTATUS; 352 fn ZwAlpcDeleteSectionView( 353 PortHandle: HANDLE, 354 Flags: ULONG, 355 ViewBase: PVOID, 356 ) -> NTSTATUS; 357 fn ZwAlpcDeleteSecurityContext( 358 PortHandle: HANDLE, 359 Flags: ULONG, 360 ContextHandle: ALPC_HANDLE, 361 ) -> NTSTATUS; 362 fn ZwAlpcDisconnectPort( 363 PortHandle: HANDLE, 364 Flags: ULONG, 365 ) -> NTSTATUS; 366 fn ZwAlpcImpersonateClientContainerOfPort( 367 PortHandle: HANDLE, 368 Message: PPORT_MESSAGE, 369 Flags: ULONG, 370 ) -> NTSTATUS; 371 fn ZwAlpcImpersonateClientOfPort( 372 PortHandle: HANDLE, 373 Message: PPORT_MESSAGE, 374 Flags: PVOID, 375 ) -> NTSTATUS; 376 fn ZwAlpcOpenSenderProcess( 377 ProcessHandle: PHANDLE, 378 PortHandle: HANDLE, 379 PortMessage: PPORT_MESSAGE, 380 Flags: ULONG, 381 DesiredAccess: ACCESS_MASK, 382 ObjectAttributes: POBJECT_ATTRIBUTES, 383 ) -> NTSTATUS; 384 fn ZwAlpcOpenSenderThread( 385 ThreadHandle: PHANDLE, 386 PortHandle: HANDLE, 387 PortMessage: PPORT_MESSAGE, 388 Flags: ULONG, 389 DesiredAccess: ACCESS_MASK, 390 ObjectAttributes: POBJECT_ATTRIBUTES, 391 ) -> NTSTATUS; 392 fn ZwAlpcQueryInformation( 393 PortHandle: HANDLE, 394 PortInformationClass: ALPC_PORT_INFORMATION_CLASS, 395 PortInformation: PVOID, 396 Length: ULONG, 397 ReturnLength: PULONG, 398 ) -> NTSTATUS; 399 fn ZwAlpcQueryInformationMessage( 400 PortHandle: HANDLE, 401 PortMessage: PPORT_MESSAGE, 402 MessageInformationClass: ALPC_MESSAGE_INFORMATION_CLASS, 403 MessageInformation: PVOID, 404 Length: ULONG, 405 ReturnLength: PULONG, 406 ) -> NTSTATUS; 407 fn ZwAlpcRevokeSecurityContext( 408 PortHandle: HANDLE, 409 Flags: ULONG, 410 ContextHandle: ALPC_HANDLE, 411 ) -> NTSTATUS; 412 fn ZwAlpcSendWaitReceivePort( 413 PortHandle: HANDLE, 414 Flags: ULONG, 415 SendMessageA: PPORT_MESSAGE, 416 SendMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, 417 ReceiveMessage: PPORT_MESSAGE, 418 BufferLength: PSIZE_T, 419 ReceiveMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, 420 Timeout: PLARGE_INTEGER, 421 ) -> NTSTATUS; 422 fn ZwAlpcSetInformation( 423 PortHandle: HANDLE, 424 PortInformationClass: ALPC_PORT_INFORMATION_CLASS, 425 PortInformation: PVOID, 426 Length: ULONG, 427 ) -> NTSTATUS; 428 fn ZwAreMappedFilesTheSame( 429 File1MappedAsAnImage: PVOID, 430 File2MappedAsFile: PVOID, 431 ) -> NTSTATUS; 432 fn ZwAssignProcessToJobObject( 433 JobHandle: HANDLE, 434 ProcessHandle: HANDLE, 435 ) -> NTSTATUS; 436 fn ZwAssociateWaitCompletionPacket( 437 WaitCompletionPacketHandle: HANDLE, 438 IoCompletionHandle: HANDLE, 439 TargetObjectHandle: HANDLE, 440 KeyContext: PVOID, 441 ApcContext: PVOID, 442 IoStatus: NTSTATUS, 443 IoStatusInformation: ULONG_PTR, 444 AlreadySignaled: PBOOLEAN, 445 ) -> NTSTATUS; 446 fn ZwCallbackReturn( 447 OutputBuffer: PVOID, 448 OutputLength: ULONG, 449 Status: NTSTATUS, 450 ) -> NTSTATUS; 451 fn ZwCancelIoFile( 452 FileHandle: HANDLE, 453 IoStatusBlock: PIO_STATUS_BLOCK, 454 ) -> NTSTATUS; 455 fn ZwCancelIoFileEx( 456 FileHandle: HANDLE, 457 IoRequestToCancel: PIO_STATUS_BLOCK, 458 IoStatusBlock: PIO_STATUS_BLOCK, 459 ) -> NTSTATUS; 460 fn ZwCancelSynchronousIoFile( 461 ThreadHandle: HANDLE, 462 IoRequestToCancel: PIO_STATUS_BLOCK, 463 IoStatusBlock: PIO_STATUS_BLOCK, 464 ) -> NTSTATUS; 465 fn ZwCancelTimer( 466 TimerHandle: HANDLE, 467 CurrentState: PBOOLEAN, 468 ) -> NTSTATUS; 469 fn ZwCancelTimer2( 470 TimerHandle: HANDLE, 471 Parameters: PT2_CANCEL_PARAMETERS, 472 ) -> NTSTATUS; 473 fn ZwCancelWaitCompletionPacket( 474 WaitCompletionPacketHandle: HANDLE, 475 RemoveSignaledPacket: BOOLEAN, 476 ) -> NTSTATUS; 477 fn ZwClearEvent( 478 EventHandle: HANDLE, 479 ) -> NTSTATUS; 480 fn ZwClose( 481 Handle: HANDLE, 482 ) -> NTSTATUS; 483 fn ZwCloseObjectAuditAlarm( 484 SubsystemName: PUNICODE_STRING, 485 HandleId: PVOID, 486 GenerateOnClose: BOOLEAN, 487 ) -> NTSTATUS; 488 fn ZwCommitComplete( 489 EnlistmentHandle: HANDLE, 490 TmVirtualClock: PLARGE_INTEGER, 491 ) -> NTSTATUS; 492 fn ZwCommitEnlistment( 493 EnlistmentHandle: HANDLE, 494 TmVirtualClock: PLARGE_INTEGER, 495 ) -> NTSTATUS; 496 fn ZwCommitTransaction( 497 TransactionHandle: HANDLE, 498 Wait: BOOLEAN, 499 ) -> NTSTATUS; 500 fn ZwCompactKeys( 501 Count: ULONG, 502 KeyArray: *mut HANDLE, 503 ) -> NTSTATUS; 504 fn ZwCompareObjects( 505 FirstObjectHandle: HANDLE, 506 SecondObjectHandle: HANDLE, 507 ) -> NTSTATUS; 508 fn ZwCompareTokens( 509 FirstTokenHandle: HANDLE, 510 SecondTokenHandle: HANDLE, 511 Equal: PBOOLEAN, 512 ) -> NTSTATUS; 513 fn ZwCompleteConnectPort( 514 PortHandle: HANDLE, 515 ) -> NTSTATUS; 516 fn ZwCompressKey( 517 Key: HANDLE, 518 ) -> NTSTATUS; 519 fn ZwConnectPort( 520 PortHandle: PHANDLE, 521 PortName: PUNICODE_STRING, 522 SecurityQos: PSECURITY_QUALITY_OF_SERVICE, 523 ClientView: PPORT_VIEW, 524 ServerView: PREMOTE_PORT_VIEW, 525 MaxMessageLength: PULONG, 526 ConnectionInformation: PVOID, 527 ConnectionInformationLength: PULONG, 528 ) -> NTSTATUS; 529 fn ZwContinue( 530 ContextRecord: PCONTEXT, 531 TestAlert: BOOLEAN, 532 ) -> NTSTATUS; 533 fn ZwCreateDebugObject( 534 DebugObjectHandle: PHANDLE, 535 DesiredAccess: ACCESS_MASK, 536 ObjectAttributes: POBJECT_ATTRIBUTES, 537 Flags: ULONG, 538 ) -> NTSTATUS; 539 fn ZwCreateDirectoryObject( 540 DirectoryHandle: PHANDLE, 541 DesiredAccess: ACCESS_MASK, 542 ObjectAttributes: POBJECT_ATTRIBUTES, 543 ) -> NTSTATUS; 544 fn ZwCreateDirectoryObjectEx( 545 DirectoryHandle: PHANDLE, 546 DesiredAccess: ACCESS_MASK, 547 ObjectAttributes: POBJECT_ATTRIBUTES, 548 ShadowDirectoryHandle: HANDLE, 549 Flags: ULONG, 550 ) -> NTSTATUS; 551 fn ZwCreateEnlistment( 552 EnlistmentHandle: PHANDLE, 553 DesiredAccess: ACCESS_MASK, 554 ResourceManagerHandle: HANDLE, 555 TransactionHandle: HANDLE, 556 ObjectAttributes: POBJECT_ATTRIBUTES, 557 CreateOptions: ULONG, 558 NotificationMask: NOTIFICATION_MASK, 559 EnlistmentKey: PVOID, 560 ) -> NTSTATUS; 561 fn ZwCreateEvent( 562 EventHandle: PHANDLE, 563 DesiredAccess: ACCESS_MASK, 564 ObjectAttributes: POBJECT_ATTRIBUTES, 565 EventType: EVENT_TYPE, 566 InitialState: BOOLEAN, 567 ) -> NTSTATUS; 568 fn ZwCreateEventPair( 569 EventPairHandle: PHANDLE, 570 DesiredAccess: ACCESS_MASK, 571 ObjectAttributes: POBJECT_ATTRIBUTES, 572 ) -> NTSTATUS; 573 fn ZwCreateFile( 574 FileHandle: PHANDLE, 575 DesiredAccess: ACCESS_MASK, 576 ObjectAttributes: POBJECT_ATTRIBUTES, 577 IoStatusBlock: PIO_STATUS_BLOCK, 578 AllocationSize: PLARGE_INTEGER, 579 FileAttributes: ULONG, 580 ShareAccess: ULONG, 581 CreateDisposition: ULONG, 582 CreateOptions: ULONG, 583 EaBuffer: PVOID, 584 EaLength: ULONG, 585 ) -> NTSTATUS; 586 fn ZwCreateIRTimer( 587 TimerHandle: PHANDLE, 588 DesiredAccess: ACCESS_MASK, 589 ) -> NTSTATUS; 590 fn ZwCreateIoCompletion( 591 IoCompletionHandle: PHANDLE, 592 DesiredAccess: ACCESS_MASK, 593 ObjectAttributes: POBJECT_ATTRIBUTES, 594 Count: ULONG, 595 ) -> NTSTATUS; 596 fn ZwCreateJobObject( 597 JobHandle: PHANDLE, 598 DesiredAccess: ACCESS_MASK, 599 ObjectAttributes: POBJECT_ATTRIBUTES, 600 ) -> NTSTATUS; 601 fn ZwCreateJobSet( 602 NumJob: ULONG, 603 UserJobSet: PJOB_SET_ARRAY, 604 Flags: ULONG, 605 ) -> NTSTATUS; 606 fn ZwCreateKey( 607 KeyHandle: PHANDLE, 608 DesiredAccess: ACCESS_MASK, 609 ObjectAttributes: POBJECT_ATTRIBUTES, 610 TitleIndex: ULONG, 611 Class: PUNICODE_STRING, 612 CreateOptions: ULONG, 613 Disposition: PULONG, 614 ) -> NTSTATUS; 615 fn ZwCreateKeyTransacted( 616 KeyHandle: PHANDLE, 617 DesiredAccess: ACCESS_MASK, 618 ObjectAttributes: POBJECT_ATTRIBUTES, 619 TitleIndex: ULONG, 620 Class: PUNICODE_STRING, 621 CreateOptions: ULONG, 622 TransactionHandle: HANDLE, 623 Disposition: PULONG, 624 ) -> NTSTATUS; 625 fn ZwCreateKeyedEvent( 626 KeyedEventHandle: PHANDLE, 627 DesiredAccess: ACCESS_MASK, 628 ObjectAttributes: POBJECT_ATTRIBUTES, 629 Flags: ULONG, 630 ) -> NTSTATUS; 631 fn ZwCreateLowBoxToken( 632 TokenHandle: PHANDLE, 633 ExistingTokenHandle: HANDLE, 634 DesiredAccess: ACCESS_MASK, 635 ObjectAttributes: POBJECT_ATTRIBUTES, 636 PackageSid: PSID, 637 CapabilityCount: ULONG, 638 Capabilities: PSID_AND_ATTRIBUTES, 639 HandleCount: ULONG, 640 Handles: *mut HANDLE, 641 ) -> NTSTATUS; 642 fn ZwCreateMailslotFile( 643 FileHandle: PHANDLE, 644 DesiredAccess: ULONG, 645 ObjectAttributes: POBJECT_ATTRIBUTES, 646 IoStatusBlock: PIO_STATUS_BLOCK, 647 CreateOptions: ULONG, 648 MailslotQuota: ULONG, 649 MaximumMessageSize: ULONG, 650 ReadTimeout: PLARGE_INTEGER, 651 ) -> NTSTATUS; 652 fn ZwCreateMutant( 653 MutantHandle: PHANDLE, 654 DesiredAccess: ACCESS_MASK, 655 ObjectAttributes: POBJECT_ATTRIBUTES, 656 InitialOwner: BOOLEAN, 657 ) -> NTSTATUS; 658 fn ZwCreateNamedPipeFile( 659 FileHandle: PHANDLE, 660 DesiredAccess: ULONG, 661 ObjectAttributes: POBJECT_ATTRIBUTES, 662 IoStatusBlock: PIO_STATUS_BLOCK, 663 ShareAccess: ULONG, 664 CreateDisposition: ULONG, 665 CreateOptions: ULONG, 666 NamedPipeType: ULONG, 667 ReadMode: ULONG, 668 CompletionMode: ULONG, 669 MaximumInstances: ULONG, 670 InboundQuota: ULONG, 671 OutboundQuota: ULONG, 672 DefaultTimeout: PLARGE_INTEGER, 673 ) -> NTSTATUS; 674 fn ZwCreatePagingFile( 675 PageFileName: PUNICODE_STRING, 676 MinimumSize: PLARGE_INTEGER, 677 MaximumSize: PLARGE_INTEGER, 678 Priority: ULONG, 679 ) -> NTSTATUS; 680 fn ZwCreatePartition( 681 PartitionHandle: PHANDLE, 682 DesiredAccess: ACCESS_MASK, 683 ObjectAttributes: POBJECT_ATTRIBUTES, 684 PreferredNode: ULONG, 685 ) -> NTSTATUS; 686 fn ZwCreatePort( 687 PortHandle: PHANDLE, 688 ObjectAttributes: POBJECT_ATTRIBUTES, 689 MaxConnectionInfoLength: ULONG, 690 MaxMessageLength: ULONG, 691 MaxPoolUsage: ULONG, 692 ) -> NTSTATUS; 693 fn ZwCreatePrivateNamespace( 694 NamespaceHandle: PHANDLE, 695 DesiredAccess: ACCESS_MASK, 696 ObjectAttributes: POBJECT_ATTRIBUTES, 697 BoundaryDescriptor: PVOID, 698 ) -> NTSTATUS; 699 fn ZwCreateProcess( 700 ProcessHandle: PHANDLE, 701 DesiredAccess: ACCESS_MASK, 702 ObjectAttributes: POBJECT_ATTRIBUTES, 703 ParentProcess: HANDLE, 704 InheritObjectTable: BOOLEAN, 705 SectionHandle: HANDLE, 706 DebugPort: HANDLE, 707 ExceptionPort: HANDLE, 708 ) -> NTSTATUS; 709 fn ZwCreateProcessEx( 710 ProcessHandle: PHANDLE, 711 DesiredAccess: ACCESS_MASK, 712 ObjectAttributes: POBJECT_ATTRIBUTES, 713 ParentProcess: HANDLE, 714 Flags: ULONG, 715 SectionHandle: HANDLE, 716 DebugPort: HANDLE, 717 ExceptionPort: HANDLE, 718 JobMemberLevel: ULONG, 719 ) -> NTSTATUS; 720 fn ZwCreateProfile( 721 ProfileHandle: PHANDLE, 722 Process: HANDLE, 723 ProfileBase: PVOID, 724 ProfileSize: SIZE_T, 725 BucketSize: ULONG, 726 Buffer: PULONG, 727 BufferSize: ULONG, 728 ProfileSource: KPROFILE_SOURCE, 729 Affinity: KAFFINITY, 730 ) -> NTSTATUS; 731 fn ZwCreateProfileEx( 732 ProfileHandle: PHANDLE, 733 Process: HANDLE, 734 ProfileBase: PVOID, 735 ProfileSize: SIZE_T, 736 BucketSize: ULONG, 737 Buffer: PULONG, 738 BufferSize: ULONG, 739 ProfileSource: KPROFILE_SOURCE, 740 GroupCount: USHORT, 741 GroupAffinity: PGROUP_AFFINITY, 742 ) -> NTSTATUS; 743 fn ZwCreateResourceManager( 744 ResourceManagerHandle: PHANDLE, 745 DesiredAccess: ACCESS_MASK, 746 TmHandle: HANDLE, 747 ResourceManagerGuid: LPGUID, 748 ObjectAttributes: POBJECT_ATTRIBUTES, 749 CreateOptions: ULONG, 750 Description: PUNICODE_STRING, 751 ) -> NTSTATUS; 752 fn ZwCreateSection( 753 SectionHandle: PHANDLE, 754 DesiredAccess: ACCESS_MASK, 755 ObjectAttributes: POBJECT_ATTRIBUTES, 756 MaximumSize: PLARGE_INTEGER, 757 SectionPageProtection: ULONG, 758 AllocationAttributes: ULONG, 759 FileHandle: HANDLE, 760 ) -> NTSTATUS; 761 fn ZwCreateSemaphore( 762 SemaphoreHandle: PHANDLE, 763 DesiredAccess: ACCESS_MASK, 764 ObjectAttributes: POBJECT_ATTRIBUTES, 765 InitialCount: LONG, 766 MaximumCount: LONG, 767 ) -> NTSTATUS; 768 fn ZwCreateSymbolicLinkObject( 769 LinkHandle: PHANDLE, 770 DesiredAccess: ACCESS_MASK, 771 ObjectAttributes: POBJECT_ATTRIBUTES, 772 LinkTarget: PUNICODE_STRING, 773 ) -> NTSTATUS; 774 fn ZwCreateThread( 775 ThreadHandle: PHANDLE, 776 DesiredAccess: ACCESS_MASK, 777 ObjectAttributes: POBJECT_ATTRIBUTES, 778 ProcessHandle: HANDLE, 779 ClientId: PCLIENT_ID, 780 ThreadContext: PCONTEXT, 781 InitialTeb: PINITIAL_TEB, 782 CreateSuspended: BOOLEAN, 783 ) -> NTSTATUS; 784 fn ZwCreateThreadEx( 785 ThreadHandle: PHANDLE, 786 DesiredAccess: ACCESS_MASK, 787 ObjectAttributes: POBJECT_ATTRIBUTES, 788 ProcessHandle: HANDLE, 789 StartRoutine: PVOID, 790 Argument: PVOID, 791 CreateFlags: ULONG, 792 ZeroBits: SIZE_T, 793 StackSize: SIZE_T, 794 MaximumStackSize: SIZE_T, 795 AttributeList: PPS_ATTRIBUTE_LIST, 796 ) -> NTSTATUS; 797 fn ZwCreateTimer( 798 TimerHandle: PHANDLE, 799 DesiredAccess: ACCESS_MASK, 800 ObjectAttributes: POBJECT_ATTRIBUTES, 801 TimerType: TIMER_TYPE, 802 ) -> NTSTATUS; 803 fn ZwCreateTimer2( 804 TimerHandle: PHANDLE, 805 Reserved1: PVOID, 806 Reserved2: PVOID, 807 Attributes: ULONG, 808 DesiredAccess: ACCESS_MASK, 809 ) -> NTSTATUS; 810 fn ZwCreateToken( 811 TokenHandle: PHANDLE, 812 DesiredAccess: ACCESS_MASK, 813 ObjectAttributes: POBJECT_ATTRIBUTES, 814 TokenType: TOKEN_TYPE, 815 AuthenticationId: PLUID, 816 ExpirationTime: PLARGE_INTEGER, 817 User: PTOKEN_USER, 818 Groups: PTOKEN_GROUPS, 819 Privileges: PTOKEN_PRIVILEGES, 820 Owner: PTOKEN_OWNER, 821 PrimaryGroup: PTOKEN_PRIMARY_GROUP, 822 DefaultDacl: PTOKEN_DEFAULT_DACL, 823 TokenSource: PTOKEN_SOURCE, 824 ) -> NTSTATUS; 825 fn ZwCreateTokenEx( 826 TokenHandle: PHANDLE, 827 DesiredAccess: ACCESS_MASK, 828 ObjectAttributes: POBJECT_ATTRIBUTES, 829 TokenType: TOKEN_TYPE, 830 AuthenticationId: PLUID, 831 ExpirationTime: PLARGE_INTEGER, 832 User: PTOKEN_USER, 833 Groups: PTOKEN_GROUPS, 834 Privileges: PTOKEN_PRIVILEGES, 835 UserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, 836 DeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, 837 DeviceGroups: PTOKEN_GROUPS, 838 TokenMandatoryPolicy: PTOKEN_MANDATORY_POLICY, 839 Owner: PTOKEN_OWNER, 840 PrimaryGroup: PTOKEN_PRIMARY_GROUP, 841 DefaultDacl: PTOKEN_DEFAULT_DACL, 842 TokenSource: PTOKEN_SOURCE, 843 ) -> NTSTATUS; 844 fn ZwCreateTransaction( 845 TransactionHandle: PHANDLE, 846 DesiredAccess: ACCESS_MASK, 847 ObjectAttributes: POBJECT_ATTRIBUTES, 848 Uow: LPGUID, 849 TmHandle: HANDLE, 850 CreateOptions: ULONG, 851 IsolationLevel: ULONG, 852 IsolationFlags: ULONG, 853 Timeout: PLARGE_INTEGER, 854 Description: PUNICODE_STRING, 855 ) -> NTSTATUS; 856 fn ZwCreateTransactionManager( 857 TmHandle: PHANDLE, 858 DesiredAccess: ACCESS_MASK, 859 ObjectAttributes: POBJECT_ATTRIBUTES, 860 LogFileName: PUNICODE_STRING, 861 CreateOptions: ULONG, 862 CommitStrength: ULONG, 863 ) -> NTSTATUS; 864 fn ZwCreateUserProcess( 865 ProcessHandle: PHANDLE, 866 ThreadHandle: PHANDLE, 867 ProcessDesiredAccess: ACCESS_MASK, 868 ThreadDesiredAccess: ACCESS_MASK, 869 ProcessObjectAttributes: POBJECT_ATTRIBUTES, 870 ThreadObjectAttributes: POBJECT_ATTRIBUTES, 871 ProcessFlags: ULONG, 872 ThreadFlags: ULONG, 873 ProcessParameters: PVOID, 874 CreateInfo: PPS_CREATE_INFO, 875 AttributeList: PPS_ATTRIBUTE_LIST, 876 ) -> NTSTATUS; 877 fn ZwCreateWaitCompletionPacket( 878 WaitCompletionPacketHandle: PHANDLE, 879 DesiredAccess: ACCESS_MASK, 880 ObjectAttributes: POBJECT_ATTRIBUTES, 881 ) -> NTSTATUS; 882 fn ZwCreateWaitablePort( 883 PortHandle: PHANDLE, 884 ObjectAttributes: POBJECT_ATTRIBUTES, 885 MaxConnectionInfoLength: ULONG, 886 MaxMessageLength: ULONG, 887 MaxPoolUsage: ULONG, 888 ) -> NTSTATUS; 889 fn ZwCreateWnfStateName( 890 StateName: PWNF_STATE_NAME, 891 NameLifetime: WNF_STATE_NAME_LIFETIME, 892 DataScope: WNF_DATA_SCOPE, 893 PersistData: BOOLEAN, 894 TypeId: PCWNF_TYPE_ID, 895 MaximumStateSize: ULONG, 896 SecurityDescriptor: PSECURITY_DESCRIPTOR, 897 ) -> NTSTATUS; 898 fn ZwCreateWorkerFactory( 899 WorkerFactoryHandleReturn: PHANDLE, 900 DesiredAccess: ACCESS_MASK, 901 ObjectAttributes: POBJECT_ATTRIBUTES, 902 CompletionPortHandle: HANDLE, 903 WorkerProcessHandle: HANDLE, 904 StartRoutine: PVOID, 905 StartParameter: PVOID, 906 MaxThreadCount: ULONG, 907 StackReserve: SIZE_T, 908 StackCommit: SIZE_T, 909 ) -> NTSTATUS; 910 fn ZwDebugActiveProcess( 911 ProcessHandle: HANDLE, 912 DebugObjectHandle: HANDLE, 913 ) -> NTSTATUS; 914 fn ZwDebugContinue( 915 DebugObjectHandle: HANDLE, 916 ClientId: PCLIENT_ID, 917 ContinueStatus: NTSTATUS, 918 ) -> NTSTATUS; 919 fn ZwDelayExecution( 920 Alertable: BOOLEAN, 921 DelayInterval: PLARGE_INTEGER, 922 ) -> NTSTATUS; 923 fn ZwDeleteAtom( 924 Atom: RTL_ATOM, 925 ) -> NTSTATUS; 926 fn ZwDeleteBootEntry( 927 Id: ULONG, 928 ) -> NTSTATUS; 929 fn ZwDeleteDriverEntry( 930 Id: ULONG, 931 ) -> NTSTATUS; 932 fn ZwDeleteFile( 933 ObjectAttributes: POBJECT_ATTRIBUTES, 934 ) -> NTSTATUS; 935 fn ZwDeleteKey( 936 KeyHandle: HANDLE, 937 ) -> NTSTATUS; 938 fn ZwDeleteObjectAuditAlarm( 939 SubsystemName: PUNICODE_STRING, 940 HandleId: PVOID, 941 GenerateOnClose: BOOLEAN, 942 ) -> NTSTATUS; 943 fn ZwDeletePrivateNamespace( 944 NamespaceHandle: HANDLE, 945 ) -> NTSTATUS; 946 fn ZwDeleteValueKey( 947 KeyHandle: HANDLE, 948 ValueName: PUNICODE_STRING, 949 ) -> NTSTATUS; 950 fn ZwDeleteWnfStateData( 951 StateName: PCWNF_STATE_NAME, 952 ExplicitScope: *const VOID, 953 ) -> NTSTATUS; 954 fn ZwDeleteWnfStateName( 955 StateName: PCWNF_STATE_NAME, 956 ) -> NTSTATUS; 957 fn ZwDeviceIoControlFile( 958 FileHandle: HANDLE, 959 Event: HANDLE, 960 ApcRoutine: PIO_APC_ROUTINE, 961 ApcContext: PVOID, 962 IoStatusBlock: PIO_STATUS_BLOCK, 963 IoControlCode: ULONG, 964 InputBuffer: PVOID, 965 InputBufferLength: ULONG, 966 OutputBuffer: PVOID, 967 OutputBufferLength: ULONG, 968 ) -> NTSTATUS; 969 fn ZwDisableLastKnownGood() -> NTSTATUS; 970 fn ZwDisplayString( 971 String: PUNICODE_STRING, 972 ) -> NTSTATUS; 973 fn ZwDrawText( 974 String: PUNICODE_STRING, 975 ) -> NTSTATUS; 976 fn ZwDuplicateObject( 977 SourceProcessHandle: HANDLE, 978 SourceHandle: HANDLE, 979 TargetProcessHandle: HANDLE, 980 TargetHandle: PHANDLE, 981 DesiredAccess: ACCESS_MASK, 982 HandleAttributes: ULONG, 983 Options: ULONG, 984 ) -> NTSTATUS; 985 fn ZwDuplicateToken( 986 ExistingTokenHandle: HANDLE, 987 DesiredAccess: ACCESS_MASK, 988 ObjectAttributes: POBJECT_ATTRIBUTES, 989 EffectiveOnly: BOOLEAN, 990 TokenType: TOKEN_TYPE, 991 NewTokenHandle: PHANDLE, 992 ) -> NTSTATUS; 993 fn ZwEnableLastKnownGood() -> NTSTATUS; 994 fn ZwEnumerateBootEntries( 995 Buffer: PVOID, 996 BufferLength: PULONG, 997 ) -> NTSTATUS; 998 fn ZwEnumerateDriverEntries( 999 Buffer: PVOID, 1000 BufferLength: PULONG, 1001 ) -> NTSTATUS; 1002 fn ZwEnumerateKey( 1003 KeyHandle: HANDLE, 1004 Index: ULONG, 1005 KeyInformationClass: KEY_INFORMATION_CLASS, 1006 KeyInformation: PVOID, 1007 Length: ULONG, 1008 ResultLength: PULONG, 1009 ) -> NTSTATUS; 1010 fn ZwEnumerateSystemEnvironmentValuesEx( 1011 InformationClass: ULONG, 1012 Buffer: PVOID, 1013 BufferLength: PULONG, 1014 ) -> NTSTATUS; 1015 fn ZwEnumerateTransactionObject( 1016 RootObjectHandle: HANDLE, 1017 QueryType: KTMOBJECT_TYPE, 1018 ObjectCursor: PKTMOBJECT_CURSOR, 1019 ObjectCursorLength: ULONG, 1020 ReturnLength: PULONG, 1021 ) -> NTSTATUS; 1022 fn ZwEnumerateValueKey( 1023 KeyHandle: HANDLE, 1024 Index: ULONG, 1025 KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS, 1026 KeyValueInformation: PVOID, 1027 Length: ULONG, 1028 ResultLength: PULONG, 1029 ) -> NTSTATUS; 1030 fn ZwExtendSection( 1031 SectionHandle: HANDLE, 1032 NewSectionSize: PLARGE_INTEGER, 1033 ) -> NTSTATUS; 1034 fn ZwFilterToken( 1035 ExistingTokenHandle: HANDLE, 1036 Flags: ULONG, 1037 SidsToDisable: PTOKEN_GROUPS, 1038 PrivilegesToDelete: PTOKEN_PRIVILEGES, 1039 RestrictedSids: PTOKEN_GROUPS, 1040 NewTokenHandle: PHANDLE, 1041 ) -> NTSTATUS; 1042 fn ZwFilterTokenEx( 1043 ExistingTokenHandle: HANDLE, 1044 Flags: ULONG, 1045 SidsToDisable: PTOKEN_GROUPS, 1046 PrivilegesToDelete: PTOKEN_PRIVILEGES, 1047 RestrictedSids: PTOKEN_GROUPS, 1048 DisableUserClaimsCount: ULONG, 1049 UserClaimsToDisable: PUNICODE_STRING, 1050 DisableDeviceClaimsCount: ULONG, 1051 DeviceClaimsToDisable: PUNICODE_STRING, 1052 DeviceGroupsToDisable: PTOKEN_GROUPS, 1053 RestrictedUserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, 1054 RestrictedDeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, 1055 RestrictedDeviceGroups: PTOKEN_GROUPS, 1056 NewTokenHandle: PHANDLE, 1057 ) -> NTSTATUS; 1058 fn ZwFindAtom( 1059 AtomName: PWSTR, 1060 Length: ULONG, 1061 Atom: PRTL_ATOM, 1062 ) -> NTSTATUS; 1063 fn ZwFlushBuffersFile( 1064 FileHandle: HANDLE, 1065 IoStatusBlock: PIO_STATUS_BLOCK, 1066 ) -> NTSTATUS; 1067 fn ZwFlushBuffersFileEx( 1068 FileHandle: HANDLE, 1069 Flags: ULONG, 1070 Parameters: PVOID, 1071 ParametersSize: ULONG, 1072 IoStatusBlock: PIO_STATUS_BLOCK, 1073 ) -> NTSTATUS; 1074 fn ZwFlushInstallUILanguage( 1075 InstallUILanguage: LANGID, 1076 SetComittedFlag: ULONG, 1077 ) -> NTSTATUS; 1078 fn ZwFlushInstructionCache( 1079 ProcessHandle: HANDLE, 1080 BaseAddress: PVOID, 1081 Length: SIZE_T, 1082 ) -> NTSTATUS; 1083 fn ZwFlushKey( 1084 KeyHandle: HANDLE, 1085 ) -> NTSTATUS; 1086 fn ZwFlushProcessWriteBuffers(); 1087 fn ZwFlushWriteBuffer() -> NTSTATUS; 1088 fn ZwFreeUserPhysicalPages( 1089 ProcessHandle: HANDLE, 1090 NumberOfPages: PULONG_PTR, 1091 UserPfnArray: PULONG_PTR, 1092 ) -> NTSTATUS; 1093 fn ZwFreeVirtualMemory( 1094 ProcessHandle: HANDLE, 1095 BaseAddress: *mut PVOID, 1096 RegionSize: PSIZE_T, 1097 FreeType: ULONG, 1098 ) -> NTSTATUS; 1099 fn ZwFreezeRegistry( 1100 TimeOutInSeconds: ULONG, 1101 ) -> NTSTATUS; 1102 fn ZwFreezeTransactions( 1103 FreezeTimeout: PLARGE_INTEGER, 1104 ThawTimeout: PLARGE_INTEGER, 1105 ) -> NTSTATUS; 1106 fn ZwFsControlFile( 1107 FileHandle: HANDLE, 1108 Event: HANDLE, 1109 ApcRoutine: PIO_APC_ROUTINE, 1110 ApcContext: PVOID, 1111 IoStatusBlock: PIO_STATUS_BLOCK, 1112 FsControlCode: ULONG, 1113 InputBuffer: PVOID, 1114 InputBufferLength: ULONG, 1115 OutputBuffer: PVOID, 1116 OutputBufferLength: ULONG, 1117 ) -> NTSTATUS; 1118 fn ZwGetCachedSigningLevel( 1119 File: HANDLE, 1120 Flags: PULONG, 1121 SigningLevel: PSE_SIGNING_LEVEL, 1122 Thumbprint: PUCHAR, 1123 ThumbprintSize: PULONG, 1124 ThumbprintAlgorithm: PULONG, 1125 ) -> NTSTATUS; 1126 fn ZwGetCompleteWnfStateSubscription( 1127 OldDescriptorStateName: PWNF_STATE_NAME, 1128 OldSubscriptionId: *mut ULONG64, 1129 OldDescriptorEventMask: ULONG, 1130 OldDescriptorStatus: ULONG, 1131 NewDeliveryDescriptor: PWNF_DELIVERY_DESCRIPTOR, 1132 DescriptorSize: ULONG, 1133 ) -> NTSTATUS; 1134 fn ZwGetContextThread( 1135 ThreadHandle: HANDLE, 1136 ThreadContext: PCONTEXT, 1137 ) -> NTSTATUS; 1138 fn ZwGetCurrentProcessorNumber() -> ULONG; 1139 fn ZwGetDevicePowerState( 1140 Device: HANDLE, 1141 State: PDEVICE_POWER_STATE, 1142 ) -> NTSTATUS; 1143 fn ZwGetMUIRegistryInfo( 1144 Flags: ULONG, 1145 DataSize: PULONG, 1146 Data: PVOID, 1147 ) -> NTSTATUS; 1148 fn ZwGetNextProcess( 1149 ProcessHandle: HANDLE, 1150 DesiredAccess: ACCESS_MASK, 1151 HandleAttributes: ULONG, 1152 Flags: ULONG, 1153 NewProcessHandle: PHANDLE, 1154 ) -> NTSTATUS; 1155 fn ZwGetNextThread( 1156 ProcessHandle: HANDLE, 1157 ThreadHandle: HANDLE, 1158 DesiredAccess: ACCESS_MASK, 1159 HandleAttributes: ULONG, 1160 Flags: ULONG, 1161 NewThreadHandle: PHANDLE, 1162 ) -> NTSTATUS; 1163 fn ZwGetNlsSectionPtr( 1164 SectionType: ULONG, 1165 SectionData: ULONG, 1166 ContextData: PVOID, 1167 SectionPointer: *mut PVOID, 1168 SectionSize: PULONG, 1169 ) -> NTSTATUS; 1170 fn ZwGetNotificationResourceManager( 1171 ResourceManagerHandle: HANDLE, 1172 TransactionNotification: PTRANSACTION_NOTIFICATION, 1173 NotificationLength: ULONG, 1174 Timeout: PLARGE_INTEGER, 1175 ReturnLength: PULONG, 1176 Asynchronous: ULONG, 1177 AsynchronousContext: ULONG_PTR, 1178 ) -> NTSTATUS; 1179 fn ZwGetPlugPlayEvent( 1180 EventHandle: HANDLE, 1181 Context: PVOID, 1182 EventBlock: PPLUGPLAY_EVENT_BLOCK, 1183 EventBufferSize: ULONG, 1184 ) -> NTSTATUS; 1185 fn ZwGetWriteWatch( 1186 ProcessHandle: HANDLE, 1187 Flags: ULONG, 1188 BaseAddress: PVOID, 1189 RegionSize: SIZE_T, 1190 UserAddressArray: *mut PVOID, 1191 EntriesInUserAddressArray: PULONG_PTR, 1192 Granularity: PULONG, 1193 ) -> NTSTATUS; 1194 fn ZwImpersonateAnonymousToken( 1195 ThreadHandle: HANDLE, 1196 ) -> NTSTATUS; 1197 fn ZwImpersonateClientOfPort( 1198 PortHandle: HANDLE, 1199 Message: PPORT_MESSAGE, 1200 ) -> NTSTATUS; 1201 fn ZwImpersonateThread( 1202 ServerThreadHandle: HANDLE, 1203 ClientThreadHandle: HANDLE, 1204 SecurityQos: PSECURITY_QUALITY_OF_SERVICE, 1205 ) -> NTSTATUS; 1206 fn ZwInitializeNlsFiles( 1207 BaseAddress: *mut PVOID, 1208 DefaultLocaleId: PLCID, 1209 DefaultCasingTableSize: PLARGE_INTEGER, 1210 ) -> NTSTATUS; 1211 fn ZwInitializeRegistry( 1212 BootCondition: USHORT, 1213 ) -> NTSTATUS; 1214 fn ZwInitiatePowerAction( 1215 SystemAction: POWER_ACTION, 1216 LightestSystemState: SYSTEM_POWER_STATE, 1217 Flags: ULONG, 1218 Asynchronous: BOOLEAN, 1219 ) -> NTSTATUS; 1220 fn ZwIsProcessInJob( 1221 ProcessHandle: HANDLE, 1222 JobHandle: HANDLE, 1223 ) -> NTSTATUS; 1224 fn ZwIsSystemResumeAutomatic() -> BOOLEAN; 1225 fn ZwIsUILanguageComitted() -> NTSTATUS; 1226 fn ZwListenPort( 1227 PortHandle: HANDLE, 1228 ConnectionRequest: PPORT_MESSAGE, 1229 ) -> NTSTATUS; 1230 fn ZwLoadDriver( 1231 DriverServiceName: PUNICODE_STRING, 1232 ) -> NTSTATUS; 1233 fn ZwLoadKey( 1234 TargetKey: POBJECT_ATTRIBUTES, 1235 SourceFile: POBJECT_ATTRIBUTES, 1236 ) -> NTSTATUS; 1237 fn ZwLoadKey2( 1238 TargetKey: POBJECT_ATTRIBUTES, 1239 SourceFile: POBJECT_ATTRIBUTES, 1240 Flags: ULONG, 1241 ) -> NTSTATUS; 1242 fn ZwLoadKeyEx( 1243 TargetKey: POBJECT_ATTRIBUTES, 1244 SourceFile: POBJECT_ATTRIBUTES, 1245 Flags: ULONG, 1246 TrustClassKey: HANDLE, 1247 Event: HANDLE, 1248 DesiredAccess: ACCESS_MASK, 1249 RootHandle: PHANDLE, 1250 IoStatus: PIO_STATUS_BLOCK, 1251 ) -> NTSTATUS; 1252 fn ZwLockFile( 1253 FileHandle: HANDLE, 1254 Event: HANDLE, 1255 ApcRoutine: PIO_APC_ROUTINE, 1256 ApcContext: PVOID, 1257 IoStatusBlock: PIO_STATUS_BLOCK, 1258 ByteOffset: PLARGE_INTEGER, 1259 Length: PLARGE_INTEGER, 1260 Key: ULONG, 1261 FailImmediately: BOOLEAN, 1262 ExclusiveLock: BOOLEAN, 1263 ) -> NTSTATUS; 1264 fn ZwLockProductActivationKeys( 1265 pPrivateVer: *mut ULONG, 1266 pSafeMode: *mut ULONG, 1267 ) -> NTSTATUS; 1268 fn ZwLockRegistryKey( 1269 KeyHandle: HANDLE, 1270 ) -> NTSTATUS; 1271 fn ZwLockVirtualMemory( 1272 ProcessHandle: HANDLE, 1273 BaseAddress: *mut PVOID, 1274 RegionSize: PSIZE_T, 1275 MapType: ULONG, 1276 ) -> NTSTATUS; 1277 fn ZwMakePermanentObject( 1278 Handle: HANDLE, 1279 ) -> NTSTATUS; 1280 fn ZwMakeTemporaryObject( 1281 Handle: HANDLE, 1282 ) -> NTSTATUS; 1283 fn ZwManagePartition( 1284 PartitionInformationClass: MEMORY_PARTITION_INFORMATION_CLASS, 1285 PartitionInformation: PVOID, 1286 PartitionInformationLength: ULONG, 1287 ) -> NTSTATUS; 1288 fn ZwMapCMFModule( 1289 What: ULONG, 1290 Index: ULONG, 1291 CacheIndexOut: PULONG, 1292 CacheFlagsOut: PULONG, 1293 ViewSizeOut: PULONG, 1294 BaseAddress: *mut PVOID, 1295 ) -> NTSTATUS; 1296 fn ZwMapUserPhysicalPages( 1297 VirtualAddress: PVOID, 1298 NumberOfPages: ULONG_PTR, 1299 UserPfnArray: PULONG_PTR, 1300 ) -> NTSTATUS; 1301 fn ZwMapUserPhysicalPagesScatter( 1302 VirtualAddresses: *mut PVOID, 1303 NumberOfPages: ULONG_PTR, 1304 UserPfnArray: PULONG_PTR, 1305 ) -> NTSTATUS; 1306 fn ZwMapViewOfSection( 1307 SectionHandle: HANDLE, 1308 ProcessHandle: HANDLE, 1309 BaseAddress: *mut PVOID, 1310 ZeroBits: ULONG_PTR, 1311 CommitSize: SIZE_T, 1312 SectionOffset: PLARGE_INTEGER, 1313 ViewSize: PSIZE_T, 1314 InheritDisposition: SECTION_INHERIT, 1315 AllocationType: ULONG, 1316 Win32Protect: ULONG, 1317 ) -> NTSTATUS; 1318 fn ZwModifyBootEntry( 1319 BootEntry: PBOOT_ENTRY, 1320 ) -> NTSTATUS; 1321 fn ZwModifyDriverEntry( 1322 DriverEntry: PEFI_DRIVER_ENTRY, 1323 ) -> NTSTATUS; 1324 fn ZwNotifyChangeDirectoryFile( 1325 FileHandle: HANDLE, 1326 Event: HANDLE, 1327 ApcRoutine: PIO_APC_ROUTINE, 1328 ApcContext: PVOID, 1329 IoStatusBlock: PIO_STATUS_BLOCK, 1330 Buffer: PVOID, 1331 Length: ULONG, 1332 CompletionFilter: ULONG, 1333 WatchTree: BOOLEAN, 1334 ) -> NTSTATUS; 1335 fn ZwNotifyChangeKey( 1336 KeyHandle: HANDLE, 1337 Event: HANDLE, 1338 ApcRoutine: PIO_APC_ROUTINE, 1339 ApcContext: PVOID, 1340 IoStatusBlock: PIO_STATUS_BLOCK, 1341 CompletionFilter: ULONG, 1342 WatchTree: BOOLEAN, 1343 Buffer: PVOID, 1344 BufferSize: ULONG, 1345 Asynchronous: BOOLEAN, 1346 ) -> NTSTATUS; 1347 fn ZwNotifyChangeMultipleKeys( 1348 MasterKeyHandle: HANDLE, 1349 Count: ULONG, 1350 SubordinateObjects: *mut OBJECT_ATTRIBUTES, 1351 Event: HANDLE, 1352 ApcRoutine: PIO_APC_ROUTINE, 1353 ApcContext: PVOID, 1354 IoStatusBlock: PIO_STATUS_BLOCK, 1355 CompletionFilter: ULONG, 1356 WatchTree: BOOLEAN, 1357 Buffer: PVOID, 1358 BufferSize: ULONG, 1359 Asynchronous: BOOLEAN, 1360 ) -> NTSTATUS; 1361 fn ZwNotifyChangeSession( 1362 SessionHandle: HANDLE, 1363 ChangeSequenceNumber: ULONG, 1364 ChangeTimeStamp: PLARGE_INTEGER, 1365 Event: IO_SESSION_EVENT, 1366 NewState: IO_SESSION_STATE, 1367 PreviousState: IO_SESSION_STATE, 1368 Payload: PVOID, 1369 PayloadSize: ULONG, 1370 ) -> NTSTATUS; 1371 fn ZwOpenDirectoryObject( 1372 DirectoryHandle: PHANDLE, 1373 DesiredAccess: ACCESS_MASK, 1374 ObjectAttributes: POBJECT_ATTRIBUTES, 1375 ) -> NTSTATUS; 1376 fn ZwOpenEnlistment( 1377 EnlistmentHandle: PHANDLE, 1378 DesiredAccess: ACCESS_MASK, 1379 RmHandle: HANDLE, 1380 EnlistmentGuid: LPGUID, 1381 ObjectAttributes: POBJECT_ATTRIBUTES, 1382 ) -> NTSTATUS; 1383 fn ZwOpenEvent( 1384 EventHandle: PHANDLE, 1385 DesiredAccess: ACCESS_MASK, 1386 ObjectAttributes: POBJECT_ATTRIBUTES, 1387 ) -> NTSTATUS; 1388 fn ZwOpenEventPair( 1389 EventPairHandle: PHANDLE, 1390 DesiredAccess: ACCESS_MASK, 1391 ObjectAttributes: POBJECT_ATTRIBUTES, 1392 ) -> NTSTATUS; 1393 fn ZwOpenFile( 1394 FileHandle: PHANDLE, 1395 DesiredAccess: ACCESS_MASK, 1396 ObjectAttributes: POBJECT_ATTRIBUTES, 1397 IoStatusBlock: PIO_STATUS_BLOCK, 1398 ShareAccess: ULONG, 1399 OpenOptions: ULONG, 1400 ) -> NTSTATUS; 1401 fn ZwOpenIoCompletion( 1402 IoCompletionHandle: PHANDLE, 1403 DesiredAccess: ACCESS_MASK, 1404 ObjectAttributes: POBJECT_ATTRIBUTES, 1405 ) -> NTSTATUS; 1406 fn ZwOpenJobObject( 1407 JobHandle: PHANDLE, 1408 DesiredAccess: ACCESS_MASK, 1409 ObjectAttributes: POBJECT_ATTRIBUTES, 1410 ) -> NTSTATUS; 1411 fn ZwOpenKey( 1412 KeyHandle: PHANDLE, 1413 DesiredAccess: ACCESS_MASK, 1414 ObjectAttributes: POBJECT_ATTRIBUTES, 1415 ) -> NTSTATUS; 1416 fn ZwOpenKeyEx( 1417 KeyHandle: PHANDLE, 1418 DesiredAccess: ACCESS_MASK, 1419 ObjectAttributes: POBJECT_ATTRIBUTES, 1420 OpenOptions: ULONG, 1421 ) -> NTSTATUS; 1422 fn ZwOpenKeyTransacted( 1423 KeyHandle: PHANDLE, 1424 DesiredAccess: ACCESS_MASK, 1425 ObjectAttributes: POBJECT_ATTRIBUTES, 1426 TransactionHandle: HANDLE, 1427 ) -> NTSTATUS; 1428 fn ZwOpenKeyTransactedEx( 1429 KeyHandle: PHANDLE, 1430 DesiredAccess: ACCESS_MASK, 1431 ObjectAttributes: POBJECT_ATTRIBUTES, 1432 OpenOptions: ULONG, 1433 TransactionHandle: HANDLE, 1434 ) -> NTSTATUS; 1435 fn ZwOpenKeyedEvent( 1436 KeyedEventHandle: PHANDLE, 1437 DesiredAccess: ACCESS_MASK, 1438 ObjectAttributes: POBJECT_ATTRIBUTES, 1439 ) -> NTSTATUS; 1440 fn ZwOpenMutant( 1441 MutantHandle: PHANDLE, 1442 DesiredAccess: ACCESS_MASK, 1443 ObjectAttributes: POBJECT_ATTRIBUTES, 1444 ) -> NTSTATUS; 1445 fn ZwOpenObjectAuditAlarm( 1446 SubsystemName: PUNICODE_STRING, 1447 HandleId: PVOID, 1448 ObjectTypeName: PUNICODE_STRING, 1449 ObjectName: PUNICODE_STRING, 1450 SecurityDescriptor: PSECURITY_DESCRIPTOR, 1451 ClientToken: HANDLE, 1452 DesiredAccess: ACCESS_MASK, 1453 GrantedAccess: ACCESS_MASK, 1454 Privileges: PPRIVILEGE_SET, 1455 ObjectCreation: BOOLEAN, 1456 AccessGranted: BOOLEAN, 1457 GenerateOnClose: PBOOLEAN, 1458 ) -> NTSTATUS; 1459 fn ZwOpenPartition( 1460 PartitionHandle: PHANDLE, 1461 DesiredAccess: ACCESS_MASK, 1462 ObjectAttributes: POBJECT_ATTRIBUTES, 1463 ) -> NTSTATUS; 1464 fn ZwOpenPrivateNamespace( 1465 NamespaceHandle: PHANDLE, 1466 DesiredAccess: ACCESS_MASK, 1467 ObjectAttributes: POBJECT_ATTRIBUTES, 1468 BoundaryDescriptor: PVOID, 1469 ) -> NTSTATUS; 1470 fn ZwOpenProcess( 1471 ProcessHandle: PHANDLE, 1472 DesiredAccess: ACCESS_MASK, 1473 ObjectAttributes: POBJECT_ATTRIBUTES, 1474 ClientId: PCLIENT_ID, 1475 ) -> NTSTATUS; 1476 fn ZwOpenProcessToken( 1477 ProcessHandle: HANDLE, 1478 DesiredAccess: ACCESS_MASK, 1479 TokenHandle: PHANDLE, 1480 ) -> NTSTATUS; 1481 fn ZwOpenProcessTokenEx( 1482 ProcessHandle: HANDLE, 1483 DesiredAccess: ACCESS_MASK, 1484 HandleAttributes: ULONG, 1485 TokenHandle: PHANDLE, 1486 ) -> NTSTATUS; 1487 fn ZwOpenResourceManager( 1488 ResourceManagerHandle: PHANDLE, 1489 DesiredAccess: ACCESS_MASK, 1490 TmHandle: HANDLE, 1491 ResourceManagerGuid: LPGUID, 1492 ObjectAttributes: POBJECT_ATTRIBUTES, 1493 ) -> NTSTATUS; 1494 fn ZwOpenSection( 1495 SectionHandle: PHANDLE, 1496 DesiredAccess: ACCESS_MASK, 1497 ObjectAttributes: POBJECT_ATTRIBUTES, 1498 ) -> NTSTATUS; 1499 fn ZwOpenSemaphore( 1500 SemaphoreHandle: PHANDLE, 1501 DesiredAccess: ACCESS_MASK, 1502 ObjectAttributes: POBJECT_ATTRIBUTES, 1503 ) -> NTSTATUS; 1504 fn ZwOpenSession( 1505 SessionHandle: PHANDLE, 1506 DesiredAccess: ACCESS_MASK, 1507 ObjectAttributes: POBJECT_ATTRIBUTES, 1508 ) -> NTSTATUS; 1509 fn ZwOpenSymbolicLinkObject( 1510 LinkHandle: PHANDLE, 1511 DesiredAccess: ACCESS_MASK, 1512 ObjectAttributes: POBJECT_ATTRIBUTES, 1513 ) -> NTSTATUS; 1514 fn ZwOpenThread( 1515 ThreadHandle: PHANDLE, 1516 DesiredAccess: ACCESS_MASK, 1517 ObjectAttributes: POBJECT_ATTRIBUTES, 1518 ClientId: PCLIENT_ID, 1519 ) -> NTSTATUS; 1520 fn ZwOpenThreadToken( 1521 ThreadHandle: HANDLE, 1522 DesiredAccess: ACCESS_MASK, 1523 OpenAsSelf: BOOLEAN, 1524 TokenHandle: PHANDLE, 1525 ) -> NTSTATUS; 1526 fn ZwOpenThreadTokenEx( 1527 ThreadHandle: HANDLE, 1528 DesiredAccess: ACCESS_MASK, 1529 OpenAsSelf: BOOLEAN, 1530 HandleAttributes: ULONG, 1531 TokenHandle: PHANDLE, 1532 ) -> NTSTATUS; 1533 fn ZwOpenTimer( 1534 TimerHandle: PHANDLE, 1535 DesiredAccess: ACCESS_MASK, 1536 ObjectAttributes: POBJECT_ATTRIBUTES, 1537 ) -> NTSTATUS; 1538 fn ZwOpenTransaction( 1539 TransactionHandle: PHANDLE, 1540 DesiredAccess: ACCESS_MASK, 1541 ObjectAttributes: POBJECT_ATTRIBUTES, 1542 Uow: LPGUID, 1543 TmHandle: HANDLE, 1544 ) -> NTSTATUS; 1545 fn ZwOpenTransactionManager( 1546 TmHandle: PHANDLE, 1547 DesiredAccess: ACCESS_MASK, 1548 ObjectAttributes: POBJECT_ATTRIBUTES, 1549 LogFileName: PUNICODE_STRING, 1550 TmIdentity: LPGUID, 1551 OpenOptions: ULONG, 1552 ) -> NTSTATUS; 1553 fn ZwPlugPlayControl( 1554 PnPControlClass: PLUGPLAY_CONTROL_CLASS, 1555 PnPControlData: PVOID, 1556 PnPControlDataLength: ULONG, 1557 ) -> NTSTATUS; 1558 fn ZwPowerInformation( 1559 InformationLevel: POWER_INFORMATION_LEVEL, 1560 InputBuffer: PVOID, 1561 InputBufferLength: ULONG, 1562 OutputBuffer: PVOID, 1563 OutputBufferLength: ULONG, 1564 ) -> NTSTATUS; 1565 fn ZwPrePrepareComplete( 1566 EnlistmentHandle: HANDLE, 1567 TmVirtualClock: PLARGE_INTEGER, 1568 ) -> NTSTATUS; 1569 fn ZwPrePrepareEnlistment( 1570 EnlistmentHandle: HANDLE, 1571 TmVirtualClock: PLARGE_INTEGER, 1572 ) -> NTSTATUS; 1573 fn ZwPrepareComplete( 1574 EnlistmentHandle: HANDLE, 1575 TmVirtualClock: PLARGE_INTEGER, 1576 ) -> NTSTATUS; 1577 fn ZwPrepareEnlistment( 1578 EnlistmentHandle: HANDLE, 1579 TmVirtualClock: PLARGE_INTEGER, 1580 ) -> NTSTATUS; 1581 fn ZwPrivilegeCheck( 1582 ClientToken: HANDLE, 1583 RequiredPrivileges: PPRIVILEGE_SET, 1584 Result: PBOOLEAN, 1585 ) -> NTSTATUS; 1586 fn ZwPrivilegeObjectAuditAlarm( 1587 SubsystemName: PUNICODE_STRING, 1588 HandleId: PVOID, 1589 ClientToken: HANDLE, 1590 DesiredAccess: ACCESS_MASK, 1591 Privileges: PPRIVILEGE_SET, 1592 AccessGranted: BOOLEAN, 1593 ) -> NTSTATUS; 1594 fn ZwPrivilegedServiceAuditAlarm( 1595 SubsystemName: PUNICODE_STRING, 1596 ServiceName: PUNICODE_STRING, 1597 ClientToken: HANDLE, 1598 Privileges: PPRIVILEGE_SET, 1599 AccessGranted: BOOLEAN, 1600 ) -> NTSTATUS; 1601 fn ZwPropagationComplete( 1602 ResourceManagerHandle: HANDLE, 1603 RequestCookie: ULONG, 1604 BufferLength: ULONG, 1605 Buffer: PVOID, 1606 ) -> NTSTATUS; 1607 fn ZwPropagationFailed( 1608 ResourceManagerHandle: HANDLE, 1609 RequestCookie: ULONG, 1610 PropStatus: NTSTATUS, 1611 ) -> NTSTATUS; 1612 fn ZwProtectVirtualMemory( 1613 ProcessHandle: HANDLE, 1614 BaseAddress: *mut PVOID, 1615 RegionSize: PSIZE_T, 1616 NewProtect: ULONG, 1617 OldProtect: PULONG, 1618 ) -> NTSTATUS; 1619 fn ZwPulseEvent( 1620 EventHandle: HANDLE, 1621 PreviousState: PLONG, 1622 ) -> NTSTATUS; 1623 fn ZwQueryAttributesFile( 1624 ObjectAttributes: POBJECT_ATTRIBUTES, 1625 FileInformation: PFILE_BASIC_INFORMATION, 1626 ) -> NTSTATUS; 1627 fn ZwQueryBootEntryOrder( 1628 Ids: PULONG, 1629 Count: PULONG, 1630 ) -> NTSTATUS; 1631 fn ZwQueryBootOptions( 1632 BootOptions: PBOOT_OPTIONS, 1633 BootOptionsLength: PULONG, 1634 ) -> NTSTATUS; 1635 fn ZwQueryDebugFilterState( 1636 ComponentId: ULONG, 1637 Level: ULONG, 1638 ) -> NTSTATUS; 1639 fn ZwQueryDefaultLocale( 1640 UserProfile: BOOLEAN, 1641 DefaultLocaleId: PLCID, 1642 ) -> NTSTATUS; 1643 fn ZwQueryDefaultUILanguage( 1644 DefaultUILanguageId: *mut LANGID, 1645 ) -> NTSTATUS; 1646 fn ZwQueryDirectoryFile( 1647 FileHandle: HANDLE, 1648 Event: HANDLE, 1649 ApcRoutine: PIO_APC_ROUTINE, 1650 ApcContext: PVOID, 1651 IoStatusBlock: PIO_STATUS_BLOCK, 1652 FileInformation: PVOID, 1653 Length: ULONG, 1654 FileInformationClass: FILE_INFORMATION_CLASS, 1655 ReturnSingleEntry: BOOLEAN, 1656 FileName: PUNICODE_STRING, 1657 RestartScan: BOOLEAN, 1658 ) -> NTSTATUS; 1659 fn ZwQueryDirectoryObject( 1660 DirectoryHandle: HANDLE, 1661 Buffer: PVOID, 1662 Length: ULONG, 1663 ReturnSingleEntry: BOOLEAN, 1664 RestartScan: BOOLEAN, 1665 Context: PULONG, 1666 ReturnLength: PULONG, 1667 ) -> NTSTATUS; 1668 fn ZwQueryDriverEntryOrder( 1669 Ids: PULONG, 1670 Count: PULONG, 1671 ) -> NTSTATUS; 1672 fn ZwQueryEaFile( 1673 FileHandle: HANDLE, 1674 IoStatusBlock: PIO_STATUS_BLOCK, 1675 Buffer: PVOID, 1676 Length: ULONG, 1677 ReturnSingleEntry: BOOLEAN, 1678 EaList: PVOID, 1679 EaListLength: ULONG, 1680 EaIndex: PULONG, 1681 RestartScan: BOOLEAN, 1682 ) -> NTSTATUS; 1683 fn ZwQueryEvent( 1684 EventHandle: HANDLE, 1685 EventInformationClass: EVENT_INFORMATION_CLASS, 1686 EventInformation: PVOID, 1687 EventInformationLength: ULONG, 1688 ReturnLength: PULONG, 1689 ) -> NTSTATUS; 1690 fn ZwQueryFullAttributesFile( 1691 ObjectAttributes: POBJECT_ATTRIBUTES, 1692 FileInformation: PFILE_NETWORK_OPEN_INFORMATION, 1693 ) -> NTSTATUS; 1694 fn ZwQueryInformationAtom( 1695 Atom: RTL_ATOM, 1696 AtomInformationClass: ATOM_INFORMATION_CLASS, 1697 AtomInformation: PVOID, 1698 AtomInformationLength: ULONG, 1699 ReturnLength: PULONG, 1700 ) -> NTSTATUS; 1701 fn ZwQueryInformationEnlistment( 1702 EnlistmentHandle: HANDLE, 1703 EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS, 1704 EnlistmentInformation: PVOID, 1705 EnlistmentInformationLength: ULONG, 1706 ReturnLength: PULONG, 1707 ) -> NTSTATUS; 1708 fn ZwQueryInformationFile( 1709 FileHandle: HANDLE, 1710 IoStatusBlock: PIO_STATUS_BLOCK, 1711 FileInformation: PVOID, 1712 Length: ULONG, 1713 FileInformationClass: FILE_INFORMATION_CLASS, 1714 ) -> NTSTATUS; 1715 fn ZwQueryInformationJobObject( 1716 JobHandle: HANDLE, 1717 JobObjectInformationClass: JOBOBJECTINFOCLASS, 1718 JobObjectInformation: PVOID, 1719 JobObjectInformationLength: ULONG, 1720 ReturnLength: PULONG, 1721 ) -> NTSTATUS; 1722 fn ZwQueryInformationPort( 1723 PortHandle: HANDLE, 1724 PortInformationClass: PORT_INFORMATION_CLASS, 1725 PortInformation: PVOID, 1726 Length: ULONG, 1727 ReturnLength: PULONG, 1728 ) -> NTSTATUS; 1729 fn ZwQueryInformationProcess( 1730 ProcessHandle: HANDLE, 1731 ProcessInformationClass: PROCESSINFOCLASS, 1732 ProcessInformation: PVOID, 1733 ProcessInformationLength: ULONG, 1734 ReturnLength: PULONG, 1735 ) -> NTSTATUS; 1736 fn ZwQueryInformationResourceManager( 1737 ResourceManagerHandle: HANDLE, 1738 ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS, 1739 ResourceManagerInformation: PVOID, 1740 ResourceManagerInformationLength: ULONG, 1741 ReturnLength: PULONG, 1742 ) -> NTSTATUS; 1743 fn ZwQueryInformationThread( 1744 ThreadHandle: HANDLE, 1745 ThreadInformationClass: THREADINFOCLASS, 1746 ThreadInformation: PVOID, 1747 ThreadInformationLength: ULONG, 1748 ReturnLength: PULONG, 1749 ) -> NTSTATUS; 1750 fn ZwQueryInformationToken( 1751 TokenHandle: HANDLE, 1752 TokenInformationClass: TOKEN_INFORMATION_CLASS, 1753 TokenInformation: PVOID, 1754 TokenInformationLength: ULONG, 1755 ReturnLength: PULONG, 1756 ) -> NTSTATUS; 1757 fn ZwQueryInformationTransaction( 1758 TransactionHandle: HANDLE, 1759 TransactionInformationClass: TRANSACTION_INFORMATION_CLASS, 1760 TransactionInformation: PVOID, 1761 TransactionInformationLength: ULONG, 1762 ReturnLength: PULONG, 1763 ) -> NTSTATUS; 1764 fn ZwQueryInformationTransactionManager( 1765 TransactionManagerHandle: HANDLE, 1766 TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS, 1767 TransactionManagerInformation: PVOID, 1768 TransactionManagerInformationLength: ULONG, 1769 ReturnLength: PULONG, 1770 ) -> NTSTATUS; 1771 fn ZwQueryInformationWorkerFactory( 1772 WorkerFactoryHandle: HANDLE, 1773 WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS, 1774 WorkerFactoryInformation: PVOID, 1775 WorkerFactoryInformationLength: ULONG, 1776 ReturnLength: PULONG, 1777 ) -> NTSTATUS; 1778 fn ZwQueryInstallUILanguage( 1779 InstallUILanguageId: *mut LANGID, 1780 ) -> NTSTATUS; 1781 fn ZwQueryIntervalProfile( 1782 ProfileSource: KPROFILE_SOURCE, 1783 Interval: PULONG, 1784 ) -> NTSTATUS; 1785 fn ZwQueryIoCompletion( 1786 IoCompletionHandle: HANDLE, 1787 IoCompletionInformationClass: IO_COMPLETION_INFORMATION_CLASS, 1788 IoCompletionInformation: PVOID, 1789 IoCompletionInformationLength: ULONG, 1790 ReturnLength: PULONG, 1791 ) -> NTSTATUS; 1792 fn ZwQueryKey( 1793 KeyHandle: HANDLE, 1794 KeyInformationClass: KEY_INFORMATION_CLASS, 1795 KeyInformation: PVOID, 1796 Length: ULONG, 1797 ResultLength: PULONG, 1798 ) -> NTSTATUS; 1799 fn ZwQueryLicenseValue( 1800 ValueName: PUNICODE_STRING, 1801 Type: PULONG, 1802 Data: PVOID, 1803 DataSize: ULONG, 1804 ResultDataSize: PULONG, 1805 ) -> NTSTATUS; 1806 fn ZwQueryMultipleValueKey( 1807 KeyHandle: HANDLE, 1808 ValueEntries: PKEY_VALUE_ENTRY, 1809 EntryCount: ULONG, 1810 ValueBuffer: PVOID, 1811 BufferLength: PULONG, 1812 RequiredBufferLength: PULONG, 1813 ) -> NTSTATUS; 1814 fn ZwQueryMutant( 1815 MutantHandle: HANDLE, 1816 MutantInformationClass: MUTANT_INFORMATION_CLASS, 1817 MutantInformation: PVOID, 1818 MutantInformationLength: ULONG, 1819 ReturnLength: PULONG, 1820 ) -> NTSTATUS; 1821 fn ZwQueryObject( 1822 Handle: HANDLE, 1823 ObjectInformationClass: OBJECT_INFORMATION_CLASS, 1824 ObjectInformation: PVOID, 1825 ObjectInformationLength: ULONG, 1826 ReturnLength: PULONG, 1827 ) -> NTSTATUS; 1828 fn ZwQueryOpenSubKeys( 1829 TargetKey: POBJECT_ATTRIBUTES, 1830 HandleCount: PULONG, 1831 ) -> NTSTATUS; 1832 fn ZwQueryOpenSubKeysEx( 1833 TargetKey: POBJECT_ATTRIBUTES, 1834 BufferLength: ULONG, 1835 Buffer: PVOID, 1836 RequiredSize: PULONG, 1837 ) -> NTSTATUS; 1838 fn ZwQueryPerformanceCounter( 1839 PerformanceCounter: PLARGE_INTEGER, 1840 PerformanceFrequency: PLARGE_INTEGER, 1841 ) -> NTSTATUS; 1842 fn ZwQueryPortInformationProcess() -> NTSTATUS; 1843 fn ZwQueryQuotaInformationFile( 1844 FileHandle: HANDLE, 1845 IoStatusBlock: PIO_STATUS_BLOCK, 1846 Buffer: PVOID, 1847 Length: ULONG, 1848 ReturnSingleEntry: BOOLEAN, 1849 SidList: PVOID, 1850 SidListLength: ULONG, 1851 StartSid: PSID, 1852 RestartScan: BOOLEAN, 1853 ) -> NTSTATUS; 1854 fn ZwQuerySection( 1855 SectionHandle: HANDLE, 1856 SectionInformationClass: SECTION_INFORMATION_CLASS, 1857 SectionInformation: PVOID, 1858 SectionInformationLength: SIZE_T, 1859 ReturnLength: PSIZE_T, 1860 ) -> NTSTATUS; 1861 fn ZwQuerySecurityAttributesToken( 1862 TokenHandle: HANDLE, 1863 Attributes: PUNICODE_STRING, 1864 NumberOfAttributes: ULONG, 1865 Buffer: PVOID, 1866 Length: ULONG, 1867 ReturnLength: PULONG, 1868 ) -> NTSTATUS; 1869 fn ZwQuerySecurityObject( 1870 Handle: HANDLE, 1871 SecurityInformation: SECURITY_INFORMATION, 1872 SecurityDescriptor: PSECURITY_DESCRIPTOR, 1873 Length: ULONG, 1874 LengthNeeded: PULONG, 1875 ) -> NTSTATUS; 1876 fn ZwQuerySemaphore( 1877 SemaphoreHandle: HANDLE, 1878 SemaphoreInformationClass: SEMAPHORE_INFORMATION_CLASS, 1879 SemaphoreInformation: PVOID, 1880 SemaphoreInformationLength: ULONG, 1881 ReturnLength: PULONG, 1882 ) -> NTSTATUS; 1883 fn ZwQuerySymbolicLinkObject( 1884 LinkHandle: HANDLE, 1885 LinkTarget: PUNICODE_STRING, 1886 ReturnedLength: PULONG, 1887 ) -> NTSTATUS; 1888 fn ZwQuerySystemEnvironmentValue( 1889 VariableName: PUNICODE_STRING, 1890 VariableValue: PWSTR, 1891 ValueLength: USHORT, 1892 ReturnLength: PUSHORT, 1893 ) -> NTSTATUS; 1894 fn ZwQuerySystemEnvironmentValueEx( 1895 VariableName: PUNICODE_STRING, 1896 VendorGuid: LPGUID, 1897 Value: PVOID, 1898 ValueLength: PULONG, 1899 Attributes: PULONG, 1900 ) -> NTSTATUS; 1901 fn ZwQuerySystemInformation( 1902 SystemInformationClass: SYSTEM_INFORMATION_CLASS, 1903 SystemInformation: PVOID, 1904 SystemInformationLength: ULONG, 1905 ReturnLength: PULONG, 1906 ) -> NTSTATUS; 1907 fn ZwQuerySystemInformationEx( 1908 SystemInformationClass: SYSTEM_INFORMATION_CLASS, 1909 InputBuffer: PVOID, 1910 InputBufferLength: ULONG, 1911 SystemInformation: PVOID, 1912 SystemInformationLength: ULONG, 1913 ReturnLength: PULONG, 1914 ) -> NTSTATUS; 1915 fn ZwQuerySystemTime( 1916 SystemTime: PLARGE_INTEGER, 1917 ) -> NTSTATUS; 1918 fn ZwQueryTimer( 1919 TimerHandle: HANDLE, 1920 TimerInformationClass: TIMER_INFORMATION_CLASS, 1921 TimerInformation: PVOID, 1922 TimerInformationLength: ULONG, 1923 ReturnLength: PULONG, 1924 ) -> NTSTATUS; 1925 fn ZwQueryTimerResolution( 1926 MaximumTime: PULONG, 1927 MinimumTime: PULONG, 1928 CurrentTime: PULONG, 1929 ) -> NTSTATUS; 1930 fn ZwQueryValueKey( 1931 KeyHandle: HANDLE, 1932 ValueName: PUNICODE_STRING, 1933 KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS, 1934 KeyValueInformation: PVOID, 1935 Length: ULONG, 1936 ResultLength: PULONG, 1937 ) -> NTSTATUS; 1938 fn ZwQueryVirtualMemory( 1939 ProcessHandle: HANDLE, 1940 BaseAddress: PVOID, 1941 MemoryInformationClass: MEMORY_INFORMATION_CLASS, 1942 MemoryInformation: PVOID, 1943 MemoryInformationLength: SIZE_T, 1944 ReturnLength: PSIZE_T, 1945 ) -> NTSTATUS; 1946 fn ZwQueryVolumeInformationFile( 1947 FileHandle: HANDLE, 1948 IoStatusBlock: PIO_STATUS_BLOCK, 1949 FsInformation: PVOID, 1950 Length: ULONG, 1951 FsInformationClass: FS_INFORMATION_CLASS, 1952 ) -> NTSTATUS; 1953 fn ZwQueryWnfStateData( 1954 StateName: PCWNF_STATE_NAME, 1955 TypeId: PCWNF_TYPE_ID, 1956 ExplicitScope: *const VOID, 1957 ChangeStamp: PWNF_CHANGE_STAMP, 1958 Buffer: PVOID, 1959 BufferSize: PULONG, 1960 ) -> NTSTATUS; 1961 fn ZwQueryWnfStateNameInformation( 1962 StateName: PCWNF_STATE_NAME, 1963 NameInfoClass: WNF_STATE_NAME_INFORMATION, 1964 ExplicitScope: *const VOID, 1965 InfoBuffer: PVOID, 1966 InfoBufferSize: ULONG, 1967 ) -> NTSTATUS; 1968 fn ZwQueueApcThread( 1969 ThreadHandle: HANDLE, 1970 ApcRoutine: PPS_APC_ROUTINE, 1971 ApcArgument1: PVOID, 1972 ApcArgument2: PVOID, 1973 ApcArgument3: PVOID, 1974 ) -> NTSTATUS; 1975 fn ZwQueueApcThreadEx( 1976 ThreadHandle: HANDLE, 1977 UserApcReserveHandle: HANDLE, 1978 ApcRoutine: PPS_APC_ROUTINE, 1979 ApcArgument1: PVOID, 1980 ApcArgument2: PVOID, 1981 ApcArgument3: PVOID, 1982 ) -> NTSTATUS; 1983 fn ZwRaiseException( 1984 ExceptionRecord: PEXCEPTION_RECORD, 1985 ContextRecord: PCONTEXT, 1986 FirstChance: BOOLEAN, 1987 ) -> NTSTATUS; 1988 fn ZwRaiseHardError( 1989 ErrorStatus: NTSTATUS, 1990 NumberOfParameters: ULONG, 1991 UnicodeStringParameterMask: ULONG, 1992 Parameters: PULONG_PTR, 1993 ValidResponseOptions: ULONG, 1994 Response: PULONG, 1995 ) -> NTSTATUS; 1996 fn ZwReadFile( 1997 FileHandle: HANDLE, 1998 Event: HANDLE, 1999 ApcRoutine: PIO_APC_ROUTINE, 2000 ApcContext: PVOID, 2001 IoStatusBlock: PIO_STATUS_BLOCK, 2002 Buffer: PVOID, 2003 Length: ULONG, 2004 ByteOffset: PLARGE_INTEGER, 2005 Key: PULONG, 2006 ) -> NTSTATUS; 2007 fn ZwReadFileScatter( 2008 FileHandle: HANDLE, 2009 Event: HANDLE, 2010 ApcRoutine: PIO_APC_ROUTINE, 2011 ApcContext: PVOID, 2012 IoStatusBlock: PIO_STATUS_BLOCK, 2013 SegmentArray: PFILE_SEGMENT_ELEMENT, 2014 Length: ULONG, 2015 ByteOffset: PLARGE_INTEGER, 2016 Key: PULONG, 2017 ) -> NTSTATUS; 2018 fn ZwReadOnlyEnlistment( 2019 EnlistmentHandle: HANDLE, 2020 TmVirtualClock: PLARGE_INTEGER, 2021 ) -> NTSTATUS; 2022 fn ZwReadRequestData( 2023 PortHandle: HANDLE, 2024 Message: PPORT_MESSAGE, 2025 DataEntryIndex: ULONG, 2026 Buffer: PVOID, 2027 BufferSize: SIZE_T, 2028 NumberOfBytesRead: PSIZE_T, 2029 ) -> NTSTATUS; 2030 fn ZwReadVirtualMemory( 2031 ProcessHandle: HANDLE, 2032 BaseAddress: PVOID, 2033 Buffer: PVOID, 2034 BufferSize: SIZE_T, 2035 NumberOfBytesRead: PSIZE_T, 2036 ) -> NTSTATUS; 2037 fn ZwRecoverEnlistment( 2038 EnlistmentHandle: HANDLE, 2039 EnlistmentKey: PVOID, 2040 ) -> NTSTATUS; 2041 fn ZwRecoverResourceManager( 2042 ResourceManagerHandle: HANDLE, 2043 ) -> NTSTATUS; 2044 fn ZwRecoverTransactionManager( 2045 TransactionManagerHandle: HANDLE, 2046 ) -> NTSTATUS; 2047 fn ZwRegisterProtocolAddressInformation( 2048 ResourceManager: HANDLE, 2049 ProtocolId: PCRM_PROTOCOL_ID, 2050 ProtocolInformationSize: ULONG, 2051 ProtocolInformation: PVOID, 2052 CreateOptions: ULONG, 2053 ) -> NTSTATUS; 2054 fn ZwRegisterThreadTerminatePort( 2055 PortHandle: HANDLE, 2056 ) -> NTSTATUS; 2057 fn ZwReleaseCMFViewOwnership() -> NTSTATUS; 2058 fn ZwReleaseKeyedEvent( 2059 KeyedEventHandle: HANDLE, 2060 KeyValue: PVOID, 2061 Alertable: BOOLEAN, 2062 Timeout: PLARGE_INTEGER, 2063 ) -> NTSTATUS; 2064 fn ZwReleaseMutant( 2065 MutantHandle: HANDLE, 2066 PreviousCount: PLONG, 2067 ) -> NTSTATUS; 2068 fn ZwReleaseSemaphore( 2069 SemaphoreHandle: HANDLE, 2070 ReleaseCount: LONG, 2071 PreviousCount: PLONG, 2072 ) -> NTSTATUS; 2073 fn ZwReleaseWorkerFactoryWorker( 2074 WorkerFactoryHandle: HANDLE, 2075 ) -> NTSTATUS; 2076 fn ZwRemoveIoCompletion( 2077 IoCompletionHandle: HANDLE, 2078 KeyContext: *mut PVOID, 2079 ApcContext: *mut PVOID, 2080 IoStatusBlock: PIO_STATUS_BLOCK, 2081 Timeout: PLARGE_INTEGER, 2082 ) -> NTSTATUS; 2083 fn ZwRemoveIoCompletionEx( 2084 IoCompletionHandle: HANDLE, 2085 IoCompletionInformation: PFILE_IO_COMPLETION_INFORMATION, 2086 Count: ULONG, 2087 NumEntriesRemoved: PULONG, 2088 Timeout: PLARGE_INTEGER, 2089 Alertable: BOOLEAN, 2090 ) -> NTSTATUS; 2091 fn ZwRemoveProcessDebug( 2092 ProcessHandle: HANDLE, 2093 DebugObjectHandle: HANDLE, 2094 ) -> NTSTATUS; 2095 fn ZwRenameKey( 2096 KeyHandle: HANDLE, 2097 NewName: PUNICODE_STRING, 2098 ) -> NTSTATUS; 2099 fn ZwRenameTransactionManager( 2100 LogFileName: PUNICODE_STRING, 2101 ExistingTransactionManagerGuid: LPGUID, 2102 ) -> NTSTATUS; 2103 fn ZwReplaceKey( 2104 NewFile: POBJECT_ATTRIBUTES, 2105 TargetHandle: HANDLE, 2106 OldFile: POBJECT_ATTRIBUTES, 2107 ) -> NTSTATUS; 2108 fn ZwReplacePartitionUnit( 2109 TargetInstancePath: PUNICODE_STRING, 2110 SpareInstancePath: PUNICODE_STRING, 2111 Flags: ULONG, 2112 ) -> NTSTATUS; 2113 fn ZwReplyPort( 2114 PortHandle: HANDLE, 2115 ReplyMessage: PPORT_MESSAGE, 2116 ) -> NTSTATUS; 2117 fn ZwReplyWaitReceivePort( 2118 PortHandle: HANDLE, 2119 PortContext: *mut PVOID, 2120 ReplyMessage: PPORT_MESSAGE, 2121 ReceiveMessage: PPORT_MESSAGE, 2122 ) -> NTSTATUS; 2123 fn ZwReplyWaitReceivePortEx( 2124 PortHandle: HANDLE, 2125 PortContext: *mut PVOID, 2126 ReplyMessage: PPORT_MESSAGE, 2127 ReceiveMessage: PPORT_MESSAGE, 2128 Timeout: PLARGE_INTEGER, 2129 ) -> NTSTATUS; 2130 fn ZwReplyWaitReplyPort( 2131 PortHandle: HANDLE, 2132 ReplyMessage: PPORT_MESSAGE, 2133 ) -> NTSTATUS; 2134 fn ZwRequestPort( 2135 PortHandle: HANDLE, 2136 RequestMessage: PPORT_MESSAGE, 2137 ) -> NTSTATUS; 2138 fn ZwRequestWaitReplyPort( 2139 PortHandle: HANDLE, 2140 RequestMessage: PPORT_MESSAGE, 2141 ReplyMessage: PPORT_MESSAGE, 2142 ) -> NTSTATUS; 2143 fn ZwRequestWakeupLatency( 2144 latency: LATENCY_TIME, 2145 ) -> NTSTATUS; 2146 fn ZwResetEvent( 2147 EventHandle: HANDLE, 2148 PreviousState: PLONG, 2149 ) -> NTSTATUS; 2150 fn ZwResetWriteWatch( 2151 ProcessHandle: HANDLE, 2152 BaseAddress: PVOID, 2153 RegionSize: SIZE_T, 2154 ) -> NTSTATUS; 2155 fn ZwRestoreKey( 2156 KeyHandle: HANDLE, 2157 FileHandle: HANDLE, 2158 Flags: ULONG, 2159 ) -> NTSTATUS; 2160 fn ZwResumeProcess( 2161 ProcessHandle: HANDLE, 2162 ) -> NTSTATUS; 2163 fn ZwResumeThread( 2164 ThreadHandle: HANDLE, 2165 PreviousSuspendCount: PULONG, 2166 ) -> NTSTATUS; 2167 fn ZwRevertContainerImpersonation() -> NTSTATUS; 2168 fn ZwRollbackComplete( 2169 EnlistmentHandle: HANDLE, 2170 TmVirtualClock: PLARGE_INTEGER, 2171 ) -> NTSTATUS; 2172 fn ZwRollbackEnlistment( 2173 EnlistmentHandle: HANDLE, 2174 TmVirtualClock: PLARGE_INTEGER, 2175 ) -> NTSTATUS; 2176 fn ZwRollbackTransaction( 2177 TransactionHandle: HANDLE, 2178 Wait: BOOLEAN, 2179 ) -> NTSTATUS; 2180 fn ZwRollforwardTransactionManager( 2181 TransactionManagerHandle: HANDLE, 2182 TmVirtualClock: PLARGE_INTEGER, 2183 ) -> NTSTATUS; 2184 fn ZwSaveKey( 2185 KeyHandle: HANDLE, 2186 FileHandle: HANDLE, 2187 ) -> NTSTATUS; 2188 fn ZwSaveKeyEx( 2189 KeyHandle: HANDLE, 2190 FileHandle: HANDLE, 2191 Format: ULONG, 2192 ) -> NTSTATUS; 2193 fn ZwSaveMergedKeys( 2194 HighPrecedenceKeyHandle: HANDLE, 2195 LowPrecedenceKeyHandle: HANDLE, 2196 FileHandle: HANDLE, 2197 ) -> NTSTATUS; 2198 fn ZwSecureConnectPort( 2199 PortHandle: PHANDLE, 2200 PortName: PUNICODE_STRING, 2201 SecurityQos: PSECURITY_QUALITY_OF_SERVICE, 2202 ClientView: PPORT_VIEW, 2203 RequiredServerSid: PSID, 2204 ServerView: PREMOTE_PORT_VIEW, 2205 MaxMessageLength: PULONG, 2206 ConnectionInformation: PVOID, 2207 ConnectionInformationLength: PULONG, 2208 ) -> NTSTATUS; 2209 fn ZwSerializeBoot() -> NTSTATUS; 2210 fn ZwSetBootEntryOrder( 2211 Ids: PULONG, 2212 Count: ULONG, 2213 ) -> NTSTATUS; 2214 fn ZwSetBootOptions( 2215 BootOptions: PBOOT_OPTIONS, 2216 FieldsToChange: ULONG, 2217 ) -> NTSTATUS; 2218 fn ZwSetCachedSigningLevel( 2219 Flags: ULONG, 2220 InputSigningLevel: SE_SIGNING_LEVEL, 2221 SourceFiles: PHANDLE, 2222 SourceFileCount: ULONG, 2223 TargetFile: HANDLE, 2224 ) -> NTSTATUS; 2225 fn ZwSetContextThread( 2226 ThreadHandle: HANDLE, 2227 ThreadContext: PCONTEXT, 2228 ) -> NTSTATUS; 2229 fn ZwSetDebugFilterState( 2230 ComponentId: ULONG, 2231 Level: ULONG, 2232 State: BOOLEAN, 2233 ) -> NTSTATUS; 2234 fn ZwSetDefaultHardErrorPort( 2235 DefaultHardErrorPort: HANDLE, 2236 ) -> NTSTATUS; 2237 fn ZwSetDefaultLocale( 2238 UserProfile: BOOLEAN, 2239 DefaultLocaleId: LCID, 2240 ) -> NTSTATUS; 2241 fn ZwSetDefaultUILanguage( 2242 DefaultUILanguageId: LANGID, 2243 ) -> NTSTATUS; 2244 fn ZwSetDriverEntryOrder( 2245 Ids: PULONG, 2246 Count: ULONG, 2247 ) -> NTSTATUS; 2248 fn ZwSetEaFile( 2249 FileHandle: HANDLE, 2250 IoStatusBlock: PIO_STATUS_BLOCK, 2251 Buffer: PVOID, 2252 Length: ULONG, 2253 ) -> NTSTATUS; 2254 fn ZwSetEvent( 2255 EventHandle: HANDLE, 2256 PreviousState: PLONG, 2257 ) -> NTSTATUS; 2258 fn ZwSetEventBoostPriority( 2259 EventHandle: HANDLE, 2260 ) -> NTSTATUS; 2261 fn ZwSetHighEventPair( 2262 EventPairHandle: HANDLE, 2263 ) -> NTSTATUS; 2264 fn ZwSetHighWaitLowEventPair( 2265 EventPairHandle: HANDLE, 2266 ) -> NTSTATUS; 2267 fn ZwSetIRTimer( 2268 TimerHandle: HANDLE, 2269 DueTime: PLARGE_INTEGER, 2270 ) -> NTSTATUS; 2271 fn ZwSetInformationDebugObject( 2272 DebugObjectHandle: HANDLE, 2273 DebugObjectInformationClass: DEBUGOBJECTINFOCLASS, 2274 DebugInformation: PVOID, 2275 DebugInformationLength: ULONG, 2276 ReturnLength: PULONG, 2277 ) -> NTSTATUS; 2278 fn ZwSetInformationEnlistment( 2279 EnlistmentHandle: HANDLE, 2280 EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS, 2281 EnlistmentInformation: PVOID, 2282 EnlistmentInformationLength: ULONG, 2283 ) -> NTSTATUS; 2284 fn ZwSetInformationFile( 2285 FileHandle: HANDLE, 2286 IoStatusBlock: PIO_STATUS_BLOCK, 2287 FileInformation: PVOID, 2288 Length: ULONG, 2289 FileInformationClass: FILE_INFORMATION_CLASS, 2290 ) -> NTSTATUS; 2291 fn ZwSetInformationJobObject( 2292 JobHandle: HANDLE, 2293 JobObjectInformationClass: JOBOBJECTINFOCLASS, 2294 JobObjectInformation: PVOID, 2295 JobObjectInformationLength: ULONG, 2296 ) -> NTSTATUS; 2297 fn ZwSetInformationKey( 2298 KeyHandle: HANDLE, 2299 KeySetInformationClass: KEY_SET_INFORMATION_CLASS, 2300 KeySetInformation: PVOID, 2301 KeySetInformationLength: ULONG, 2302 ) -> NTSTATUS; 2303 fn ZwSetInformationObject( 2304 Handle: HANDLE, 2305 ObjectInformationClass: OBJECT_INFORMATION_CLASS, 2306 ObjectInformation: PVOID, 2307 ObjectInformationLength: ULONG, 2308 ) -> NTSTATUS; 2309 fn ZwSetInformationProcess( 2310 ProcessHandle: HANDLE, 2311 ProcessInformationClass: PROCESSINFOCLASS, 2312 ProcessInformation: PVOID, 2313 ProcessInformationLength: ULONG, 2314 ) -> NTSTATUS; 2315 fn ZwSetInformationResourceManager( 2316 ResourceManagerHandle: HANDLE, 2317 ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS, 2318 ResourceManagerInformation: PVOID, 2319 ResourceManagerInformationLength: ULONG, 2320 ) -> NTSTATUS; 2321 fn ZwSetInformationThread( 2322 ThreadHandle: HANDLE, 2323 ThreadInformationClass: THREADINFOCLASS, 2324 ThreadInformation: PVOID, 2325 ThreadInformationLength: ULONG, 2326 ) -> NTSTATUS; 2327 fn ZwSetInformationToken( 2328 TokenHandle: HANDLE, 2329 TokenInformationClass: TOKEN_INFORMATION_CLASS, 2330 TokenInformation: PVOID, 2331 TokenInformationLength: ULONG, 2332 ) -> NTSTATUS; 2333 fn ZwSetInformationTransaction( 2334 TransactionHandle: HANDLE, 2335 TransactionInformationClass: TRANSACTION_INFORMATION_CLASS, 2336 TransactionInformation: PVOID, 2337 TransactionInformationLength: ULONG, 2338 ) -> NTSTATUS; 2339 fn ZwSetInformationTransactionManager( 2340 TmHandle: HANDLE, 2341 TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS, 2342 TransactionManagerInformation: PVOID, 2343 TransactionManagerInformationLength: ULONG, 2344 ) -> NTSTATUS; 2345 fn ZwSetInformationVirtualMemory( 2346 ProcessHandle: HANDLE, 2347 VmInformationClass: VIRTUAL_MEMORY_INFORMATION_CLASS, 2348 NumberOfEntries: ULONG_PTR, 2349 VirtualAddresses: PMEMORY_RANGE_ENTRY, 2350 VmInformation: PVOID, 2351 VmInformationLength: ULONG, 2352 ) -> NTSTATUS; 2353 fn ZwSetInformationWorkerFactory( 2354 WorkerFactoryHandle: HANDLE, 2355 WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS, 2356 WorkerFactoryInformation: PVOID, 2357 WorkerFactoryInformationLength: ULONG, 2358 ) -> NTSTATUS; 2359 fn ZwSetIntervalProfile( 2360 Interval: ULONG, 2361 Source: KPROFILE_SOURCE, 2362 ) -> NTSTATUS; 2363 fn ZwSetIoCompletion( 2364 IoCompletionHandle: HANDLE, 2365 KeyContext: PVOID, 2366 ApcContext: PVOID, 2367 IoStatus: NTSTATUS, 2368 IoStatusInformation: ULONG_PTR, 2369 ) -> NTSTATUS; 2370 fn ZwSetIoCompletionEx( 2371 IoCompletionHandle: HANDLE, 2372 IoCompletionPacketHandle: HANDLE, 2373 KeyContext: PVOID, 2374 ApcContext: PVOID, 2375 IoStatus: NTSTATUS, 2376 IoStatusInformation: ULONG_PTR, 2377 ) -> NTSTATUS; 2378 fn ZwSetLdtEntries( 2379 Selector0: ULONG, 2380 Entry0Low: ULONG, 2381 Entry0Hi: ULONG, 2382 Selector1: ULONG, 2383 Entry1Low: ULONG, 2384 Entry1Hi: ULONG, 2385 ) -> NTSTATUS; 2386 fn ZwSetLowEventPair( 2387 EventPairHandle: HANDLE, 2388 ) -> NTSTATUS; 2389 fn ZwSetLowWaitHighEventPair( 2390 EventPairHandle: HANDLE, 2391 ) -> NTSTATUS; 2392 fn ZwSetQuotaInformationFile( 2393 FileHandle: HANDLE, 2394 IoStatusBlock: PIO_STATUS_BLOCK, 2395 Buffer: PVOID, 2396 Length: ULONG, 2397 ) -> NTSTATUS; 2398 fn ZwSetSecurityObject( 2399 Handle: HANDLE, 2400 SecurityInformation: SECURITY_INFORMATION, 2401 SecurityDescriptor: PSECURITY_DESCRIPTOR, 2402 ) -> NTSTATUS; 2403 fn ZwSetSystemEnvironmentValue( 2404 VariableName: PUNICODE_STRING, 2405 VariableValue: PUNICODE_STRING, 2406 ) -> NTSTATUS; 2407 fn ZwSetSystemEnvironmentValueEx( 2408 VariableName: PUNICODE_STRING, 2409 VendorGuid: LPGUID, 2410 Value: PVOID, 2411 ValueLength: ULONG, 2412 Attributes: ULONG, 2413 ) -> NTSTATUS; 2414 fn ZwSetSystemInformation( 2415 SystemInformationClass: SYSTEM_INFORMATION_CLASS, 2416 SystemInformation: PVOID, 2417 SystemInformationLength: ULONG, 2418 ) -> NTSTATUS; 2419 fn ZwSetSystemPowerState( 2420 SystemAction: POWER_ACTION, 2421 LightestSystemState: SYSTEM_POWER_STATE, 2422 Flags: ULONG, 2423 ) -> NTSTATUS; 2424 fn ZwSetSystemTime( 2425 SystemTime: PLARGE_INTEGER, 2426 PreviousTime: PLARGE_INTEGER, 2427 ) -> NTSTATUS; 2428 fn ZwSetThreadExecutionState( 2429 NewFlags: EXECUTION_STATE, 2430 PreviousFlags: *mut EXECUTION_STATE, 2431 ) -> NTSTATUS; 2432 fn ZwSetTimer( 2433 TimerHandle: HANDLE, 2434 DueTime: PLARGE_INTEGER, 2435 TimerApcRoutine: PTIMER_APC_ROUTINE, 2436 TimerContext: PVOID, 2437 ResumeTimer: BOOLEAN, 2438 Period: LONG, 2439 PreviousState: PBOOLEAN, 2440 ) -> NTSTATUS; 2441 fn ZwSetTimer2( 2442 TimerHandle: HANDLE, 2443 DueTime: PLARGE_INTEGER, 2444 Period: PLARGE_INTEGER, 2445 Parameters: PT2_SET_PARAMETERS, 2446 ) -> NTSTATUS; 2447 fn ZwSetTimerEx( 2448 TimerHandle: HANDLE, 2449 TimerSetInformationClass: TIMER_SET_INFORMATION_CLASS, 2450 TimerSetInformation: PVOID, 2451 TimerSetInformationLength: ULONG, 2452 ) -> NTSTATUS; 2453 fn ZwSetTimerResolution( 2454 DesiredTime: ULONG, 2455 SetResolution: BOOLEAN, 2456 ActualTime: PULONG, 2457 ) -> NTSTATUS; 2458 fn ZwSetUuidSeed( 2459 Seed: PCHAR, 2460 ) -> NTSTATUS; 2461 fn ZwSetValueKey( 2462 KeyHandle: HANDLE, 2463 ValueName: PUNICODE_STRING, 2464 TitleIndex: ULONG, 2465 Type: ULONG, 2466 Data: PVOID, 2467 DataSize: ULONG, 2468 ) -> NTSTATUS; 2469 fn ZwSetVolumeInformationFile( 2470 FileHandle: HANDLE, 2471 IoStatusBlock: PIO_STATUS_BLOCK, 2472 FsInformation: PVOID, 2473 Length: ULONG, 2474 FsInformationClass: FS_INFORMATION_CLASS, 2475 ) -> NTSTATUS; 2476 fn ZwSetWnfProcessNotificationEvent( 2477 NotificationEvent: HANDLE, 2478 ) -> NTSTATUS; 2479 fn ZwShutdownSystem( 2480 Action: SHUTDOWN_ACTION, 2481 ) -> NTSTATUS; 2482 fn ZwShutdownWorkerFactory( 2483 WorkerFactoryHandle: HANDLE, 2484 PendingWorkerCount: *mut LONG, 2485 ) -> NTSTATUS; 2486 fn ZwSignalAndWaitForSingleObject( 2487 SignalHandle: HANDLE, 2488 WaitHandle: HANDLE, 2489 Alertable: BOOLEAN, 2490 Timeout: PLARGE_INTEGER, 2491 ) -> NTSTATUS; 2492 fn ZwSinglePhaseReject( 2493 EnlistmentHandle: HANDLE, 2494 TmVirtualClock: PLARGE_INTEGER, 2495 ) -> NTSTATUS; 2496 fn ZwStartProfile( 2497 ProfileHandle: HANDLE, 2498 ) -> NTSTATUS; 2499 fn ZwStopProfile( 2500 ProfileHandle: HANDLE, 2501 ) -> NTSTATUS; 2502 fn ZwSubscribeWnfStateChange( 2503 StateName: PCWNF_STATE_NAME, 2504 ChangeStamp: WNF_CHANGE_STAMP, 2505 EventMask: ULONG, 2506 SubscriptionId: PULONG64, 2507 ) -> NTSTATUS; 2508 fn ZwSuspendProcess( 2509 ProcessHandle: HANDLE, 2510 ) -> NTSTATUS; 2511 fn ZwSuspendThread( 2512 ThreadHandle: HANDLE, 2513 PreviousSuspendCount: PULONG, 2514 ) -> NTSTATUS; 2515 fn ZwSystemDebugControl( 2516 Command: SYSDBG_COMMAND, 2517 InputBuffer: PVOID, 2518 InputBufferLength: ULONG, 2519 OutputBuffer: PVOID, 2520 OutputBufferLength: ULONG, 2521 ReturnLength: PULONG, 2522 ) -> NTSTATUS; 2523 fn ZwTerminateJobObject( 2524 JobHandle: HANDLE, 2525 ExitStatus: NTSTATUS, 2526 ) -> NTSTATUS; 2527 fn ZwTerminateProcess( 2528 ProcessHandle: HANDLE, 2529 ExitStatus: NTSTATUS, 2530 ) -> NTSTATUS; 2531 fn ZwTerminateThread( 2532 ThreadHandle: HANDLE, 2533 ExitStatus: NTSTATUS, 2534 ) -> NTSTATUS; 2535 fn ZwTestAlert() -> NTSTATUS; 2536 fn ZwThawRegistry() -> NTSTATUS; 2537 fn ZwThawTransactions() -> NTSTATUS; 2538 fn ZwTraceControl( 2539 FunctionCode: ULONG, 2540 InBuffer: PVOID, 2541 InBufferLen: ULONG, 2542 OutBuffer: PVOID, 2543 OutBufferLen: ULONG, 2544 ReturnLength: PULONG, 2545 ) -> NTSTATUS; 2546 fn ZwTraceEvent( 2547 TraceHandle: HANDLE, 2548 Flags: ULONG, 2549 FieldSize: ULONG, 2550 Fields: PVOID, 2551 ) -> NTSTATUS; 2552 fn ZwTranslateFilePath( 2553 InputFilePath: PFILE_PATH, 2554 OutputType: ULONG, 2555 OutputFilePath: PFILE_PATH, 2556 OutputFilePathLength: PULONG, 2557 ) -> NTSTATUS; 2558 fn ZwUmsThreadYield( 2559 SchedulerParam: PVOID, 2560 ) -> NTSTATUS; 2561 fn ZwUnloadDriver( 2562 DriverServiceName: PUNICODE_STRING, 2563 ) -> NTSTATUS; 2564 fn ZwUnloadKey( 2565 TargetKey: POBJECT_ATTRIBUTES, 2566 ) -> NTSTATUS; 2567 fn ZwUnloadKey2( 2568 TargetKey: POBJECT_ATTRIBUTES, 2569 Flags: ULONG, 2570 ) -> NTSTATUS; 2571 fn ZwUnloadKeyEx( 2572 TargetKey: POBJECT_ATTRIBUTES, 2573 Event: HANDLE, 2574 ) -> NTSTATUS; 2575 fn ZwUnlockFile( 2576 FileHandle: HANDLE, 2577 IoStatusBlock: PIO_STATUS_BLOCK, 2578 ByteOffset: PLARGE_INTEGER, 2579 Length: PLARGE_INTEGER, 2580 Key: ULONG, 2581 ) -> NTSTATUS; 2582 fn ZwUnlockVirtualMemory( 2583 ProcessHandle: HANDLE, 2584 BaseAddress: *mut PVOID, 2585 RegionSize: PSIZE_T, 2586 MapType: ULONG, 2587 ) -> NTSTATUS; 2588 fn ZwUnmapViewOfSection( 2589 ProcessHandle: HANDLE, 2590 BaseAddress: PVOID, 2591 ) -> NTSTATUS; 2592 fn ZwUnmapViewOfSectionEx( 2593 ProcessHandle: HANDLE, 2594 BaseAddress: PVOID, 2595 Flags: ULONG, 2596 ) -> NTSTATUS; 2597 fn ZwUnsubscribeWnfStateChange( 2598 StateName: PCWNF_STATE_NAME, 2599 ) -> NTSTATUS; 2600 fn ZwUpdateWnfStateData( 2601 StateName: PCWNF_STATE_NAME, 2602 Buffer: *const VOID, 2603 Length: ULONG, 2604 TypeId: PCWNF_TYPE_ID, 2605 ExplicitScope: *const VOID, 2606 MatchingChangeStamp: WNF_CHANGE_STAMP, 2607 CheckStamp: LOGICAL, 2608 ) -> NTSTATUS; 2609 fn ZwVdmControl( 2610 Service: VDMSERVICECLASS, 2611 ServiceData: PVOID, 2612 ) -> NTSTATUS; 2613 fn ZwWaitForAlertByThreadId( 2614 Address: PVOID, 2615 Timeout: PLARGE_INTEGER, 2616 ) -> NTSTATUS; 2617 fn ZwWaitForDebugEvent( 2618 DebugObjectHandle: HANDLE, 2619 Alertable: BOOLEAN, 2620 Timeout: PLARGE_INTEGER, 2621 WaitStateChange: PVOID, 2622 ) -> NTSTATUS; 2623 fn ZwWaitForKeyedEvent( 2624 KeyedEventHandle: HANDLE, 2625 KeyValue: PVOID, 2626 Alertable: BOOLEAN, 2627 Timeout: PLARGE_INTEGER, 2628 ) -> NTSTATUS; 2629 fn ZwWaitForMultipleObjects( 2630 Count: ULONG, 2631 Handles: *mut HANDLE, 2632 WaitType: WAIT_TYPE, 2633 Alertable: BOOLEAN, 2634 Timeout: PLARGE_INTEGER, 2635 ) -> NTSTATUS; 2636 fn ZwWaitForMultipleObjects32( 2637 Count: ULONG, 2638 Handles: *mut LONG, 2639 WaitType: WAIT_TYPE, 2640 Alertable: BOOLEAN, 2641 Timeout: PLARGE_INTEGER, 2642 ) -> NTSTATUS; 2643 fn ZwWaitForSingleObject( 2644 Handle: HANDLE, 2645 Alertable: BOOLEAN, 2646 Timeout: PLARGE_INTEGER, 2647 ) -> NTSTATUS; 2648 fn ZwWaitForWorkViaWorkerFactory( 2649 WorkerFactoryHandle: HANDLE, 2650 MiniPacket: *mut FILE_IO_COMPLETION_INFORMATION, 2651 ) -> NTSTATUS; 2652 fn ZwWaitHighEventPair( 2653 EventPairHandle: HANDLE, 2654 ) -> NTSTATUS; 2655 fn ZwWaitLowEventPair( 2656 EventPairHandle: HANDLE, 2657 ) -> NTSTATUS; 2658 fn ZwWorkerFactoryWorkerReady( 2659 WorkerFactoryHandle: HANDLE, 2660 ) -> NTSTATUS; 2661 fn ZwWriteFile( 2662 FileHandle: HANDLE, 2663 Event: HANDLE, 2664 ApcRoutine: PIO_APC_ROUTINE, 2665 ApcContext: PVOID, 2666 IoStatusBlock: PIO_STATUS_BLOCK, 2667 Buffer: PVOID, 2668 Length: ULONG, 2669 ByteOffset: PLARGE_INTEGER, 2670 Key: PULONG, 2671 ) -> NTSTATUS; 2672 fn ZwWriteFileGather( 2673 FileHandle: HANDLE, 2674 Event: HANDLE, 2675 ApcRoutine: PIO_APC_ROUTINE, 2676 ApcContext: PVOID, 2677 IoStatusBlock: PIO_STATUS_BLOCK, 2678 SegmentArray: PFILE_SEGMENT_ELEMENT, 2679 Length: ULONG, 2680 ByteOffset: PLARGE_INTEGER, 2681 Key: PULONG, 2682 ) -> NTSTATUS; 2683 fn ZwWriteRequestData( 2684 PortHandle: HANDLE, 2685 Message: PPORT_MESSAGE, 2686 DataEntryIndex: ULONG, 2687 Buffer: PVOID, 2688 BufferSize: SIZE_T, 2689 NumberOfBytesWritten: PSIZE_T, 2690 ) -> NTSTATUS; 2691 fn ZwWriteVirtualMemory( 2692 ProcessHandle: HANDLE, 2693 BaseAddress: PVOID, 2694 Buffer: PVOID, 2695 BufferSize: SIZE_T, 2696 NumberOfBytesWritten: PSIZE_T, 2697 ) -> NTSTATUS; 2698 fn ZwYieldExecution() -> NTSTATUS; 2699 }} 2700