1 /** 2 * @file ntapi.h 3 * Copyright 2012, 2013 MinGW.org project 4 * 5 * Permission is hereby granted, free of charge, to any person obtaining a 6 * copy of this software and associated documentation files (the "Software"), 7 * to deal in the Software without restriction, including without limitation 8 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 9 * and/or sell copies of the Software, and to permit persons to whom the 10 * Software is furnished to do so, subject to the following conditions: 11 * 12 * The above copyright notice and this permission notice (including the next 13 * paragraph) shall be included in all copies or substantial portions of the 14 * Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 21 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 22 * DEALINGS IN THE SOFTWARE. 23 */ 24 /* Created by Casper S. Hornstrup <chorns@users.sourceforge.net> */ 25 #ifndef __NTAPI_H 26 #define __NTAPI_H 27 #pragma GCC system_header 28 #include <_mingw.h> 29 30 /* 31 * Windows NT Native API 32 */ 33 34 #ifdef __cplusplus 35 extern "C" { 36 #endif 37 38 #include <stdarg.h> 39 #include <winbase.h> 40 #include "ntddk.h" 41 #include "ntpoapi.h" 42 43 #pragma pack(push,4) 44 45 typedef struct _PEB *PPEB; 46 47 /* FIXME: Unknown definitions */ 48 typedef PVOID POBJECT_TYPE_LIST; 49 typedef PVOID PEXECUTION_STATE; 50 typedef PVOID PLANGID; 51 52 #ifndef NtCurrentProcess 53 #define NtCurrentProcess() ((HANDLE)0xFFFFFFFF) 54 #endif /* NtCurrentProcess */ 55 #ifndef NtCurrentThread 56 #define NtCurrentThread() ((HANDLE)0xFFFFFFFE) 57 #endif /* NtCurrentThread */ 58 59 /* System information and control */ 60 61 typedef enum _SYSTEM_INFORMATION_CLASS { 62 SystemInformationClassMin = 0, 63 SystemBasicInformation = 0, 64 SystemProcessorInformation = 1, 65 SystemPerformanceInformation = 2, 66 SystemTimeOfDayInformation = 3, 67 SystemPathInformation = 4, 68 SystemNotImplemented1 = 4, 69 SystemProcessInformation = 5, 70 SystemProcessesAndThreadsInformation = 5, 71 SystemCallCountInfoInformation = 6, 72 SystemCallCounts = 6, 73 SystemDeviceInformation = 7, 74 SystemConfigurationInformation = 7, 75 SystemProcessorPerformanceInformation = 8, 76 SystemProcessorTimes = 8, 77 SystemFlagsInformation = 9, 78 SystemGlobalFlag = 9, 79 SystemCallTimeInformation = 10, 80 SystemNotImplemented2 = 10, 81 SystemModuleInformation = 11, 82 SystemLocksInformation = 12, 83 SystemLockInformation = 12, 84 SystemStackTraceInformation = 13, 85 SystemNotImplemented3 = 13, 86 SystemPagedPoolInformation = 14, 87 SystemNotImplemented4 = 14, 88 SystemNonPagedPoolInformation = 15, 89 SystemNotImplemented5 = 15, 90 SystemHandleInformation = 16, 91 SystemObjectInformation = 17, 92 SystemPageFileInformation = 18, 93 SystemPagefileInformation = 18, 94 SystemVdmInstemulInformation = 19, 95 SystemInstructionEmulationCounts = 19, 96 SystemVdmBopInformation = 20, 97 SystemInvalidInfoClass1 = 20, 98 SystemFileCacheInformation = 21, 99 SystemCacheInformation = 21, 100 SystemPoolTagInformation = 22, 101 SystemInterruptInformation = 23, 102 SystemProcessorStatistics = 23, 103 SystemDpcBehaviourInformation = 24, 104 SystemDpcInformation = 24, 105 SystemFullMemoryInformation = 25, 106 SystemNotImplemented6 = 25, 107 SystemLoadImage = 26, 108 SystemUnloadImage = 27, 109 SystemTimeAdjustmentInformation = 28, 110 SystemTimeAdjustment = 28, 111 SystemSummaryMemoryInformation = 29, 112 SystemNotImplemented7 = 29, 113 SystemNextEventIdInformation = 30, 114 SystemNotImplemented8 = 30, 115 SystemEventIdsInformation = 31, 116 SystemNotImplemented9 = 31, 117 SystemCrashDumpInformation = 32, 118 SystemExceptionInformation = 33, 119 SystemCrashDumpStateInformation = 34, 120 SystemKernelDebuggerInformation = 35, 121 SystemContextSwitchInformation = 36, 122 SystemRegistryQuotaInformation = 37, 123 SystemLoadAndCallImage = 38, 124 SystemPrioritySeparation = 39, 125 SystemPlugPlayBusInformation = 40, 126 SystemNotImplemented10 = 40, 127 SystemDockInformation = 41, 128 SystemNotImplemented11 = 41, 129 /* SystemPowerInformation = 42, Conflicts with POWER_INFORMATION_LEVEL 1 */ 130 SystemInvalidInfoClass2 = 42, 131 SystemProcessorSpeedInformation = 43, 132 SystemInvalidInfoClass3 = 43, 133 SystemCurrentTimeZoneInformation = 44, 134 SystemTimeZoneInformation = 44, 135 SystemLookasideInformation = 45, 136 SystemSetTimeSlipEvent = 46, 137 SystemCreateSession = 47, 138 SystemDeleteSession = 48, 139 SystemInvalidInfoClass4 = 49, 140 SystemRangeStartInformation = 50, 141 SystemVerifierInformation = 51, 142 SystemAddVerifier = 52, 143 SystemSessionProcessesInformation = 53, 144 SystemInformationClassMax 145 } SYSTEM_INFORMATION_CLASS; 146 147 typedef struct _SYSTEM_BASIC_INFORMATION { 148 ULONG Unknown; 149 ULONG MaximumIncrement; 150 ULONG PhysicalPageSize; 151 ULONG NumberOfPhysicalPages; 152 ULONG LowestPhysicalPage; 153 ULONG HighestPhysicalPage; 154 ULONG AllocationGranularity; 155 ULONG LowestUserAddress; 156 ULONG HighestUserAddress; 157 ULONG ActiveProcessors; 158 UCHAR NumberProcessors; 159 } SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION; 160 161 typedef struct _SYSTEM_PROCESSOR_INFORMATION { 162 USHORT ProcessorArchitecture; 163 USHORT ProcessorLevel; 164 USHORT ProcessorRevision; 165 USHORT Unknown; 166 ULONG FeatureBits; 167 } SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION; 168 169 typedef struct _SYSTEM_PERFORMANCE_INFORMATION { 170 LARGE_INTEGER IdleTime; 171 LARGE_INTEGER ReadTransferCount; 172 LARGE_INTEGER WriteTransferCount; 173 LARGE_INTEGER OtherTransferCount; 174 ULONG ReadOperationCount; 175 ULONG WriteOperationCount; 176 ULONG OtherOperationCount; 177 ULONG AvailablePages; 178 ULONG TotalCommittedPages; 179 ULONG TotalCommitLimit; 180 ULONG PeakCommitment; 181 ULONG PageFaults; 182 ULONG WriteCopyFaults; 183 ULONG TransitionFaults; 184 ULONG CacheTransitionFaults; 185 ULONG DemandZeroFaults; 186 ULONG PagesRead; 187 ULONG PageReadIos; 188 ULONG CacheReads; 189 ULONG CacheIos; 190 ULONG PagefilePagesWritten; 191 ULONG PagefilePageWriteIos; 192 ULONG MappedFilePagesWritten; 193 ULONG MappedFilePageWriteIos; 194 ULONG PagedPoolUsage; 195 ULONG NonPagedPoolUsage; 196 ULONG PagedPoolAllocs; 197 ULONG PagedPoolFrees; 198 ULONG NonPagedPoolAllocs; 199 ULONG NonPagedPoolFrees; 200 ULONG TotalFreeSystemPtes; 201 ULONG SystemCodePage; 202 ULONG TotalSystemDriverPages; 203 ULONG TotalSystemCodePages; 204 ULONG SmallNonPagedLookasideListAllocateHits; 205 ULONG SmallPagedLookasideListAllocateHits; 206 ULONG Reserved3; 207 ULONG MmSystemCachePage; 208 ULONG PagedPoolPage; 209 ULONG SystemDriverPage; 210 ULONG FastReadNoWait; 211 ULONG FastReadWait; 212 ULONG FastReadResourceMiss; 213 ULONG FastReadNotPossible; 214 ULONG FastMdlReadNoWait; 215 ULONG FastMdlReadWait; 216 ULONG FastMdlReadResourceMiss; 217 ULONG FastMdlReadNotPossible; 218 ULONG MapDataNoWait; 219 ULONG MapDataWait; 220 ULONG MapDataNoWaitMiss; 221 ULONG MapDataWaitMiss; 222 ULONG PinMappedDataCount; 223 ULONG PinReadNoWait; 224 ULONG PinReadWait; 225 ULONG PinReadNoWaitMiss; 226 ULONG PinReadWaitMiss; 227 ULONG CopyReadNoWait; 228 ULONG CopyReadWait; 229 ULONG CopyReadNoWaitMiss; 230 ULONG CopyReadWaitMiss; 231 ULONG MdlReadNoWait; 232 ULONG MdlReadWait; 233 ULONG MdlReadNoWaitMiss; 234 ULONG MdlReadWaitMiss; 235 ULONG ReadAheadIos; 236 ULONG LazyWriteIos; 237 ULONG LazyWritePages; 238 ULONG DataFlushes; 239 ULONG DataPages; 240 ULONG ContextSwitches; 241 ULONG FirstLevelTbFills; 242 ULONG SecondLevelTbFills; 243 ULONG SystemCalls; 244 } SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION; 245 246 typedef struct _SYSTEM_TIME_OF_DAY_INFORMATION { 247 LARGE_INTEGER BootTime; 248 LARGE_INTEGER CurrentTime; 249 LARGE_INTEGER TimeZoneBias; 250 ULONG CurrentTimeZoneId; 251 } SYSTEM_TIME_OF_DAY_INFORMATION, *PSYSTEM_TIME_OF_DAY_INFORMATION; 252 253 typedef struct _VM_COUNTERS { 254 ULONG PeakVirtualSize; 255 ULONG VirtualSize; 256 ULONG PageFaultCount; 257 ULONG PeakWorkingSetSize; 258 ULONG WorkingSetSize; 259 ULONG QuotaPeakPagedPoolUsage; 260 ULONG QuotaPagedPoolUsage; 261 ULONG QuotaPeakNonPagedPoolUsage; 262 ULONG QuotaNonPagedPoolUsage; 263 ULONG PagefileUsage; 264 ULONG PeakPagefileUsage; 265 } VM_COUNTERS; 266 267 typedef enum _THREAD_STATE { 268 StateInitialized, 269 StateReady, 270 StateRunning, 271 StateStandby, 272 StateTerminated, 273 StateWait, 274 StateTransition, 275 StateUnknown 276 } THREAD_STATE; 277 278 typedef struct _SYSTEM_THREADS { 279 LARGE_INTEGER KernelTime; 280 LARGE_INTEGER UserTime; 281 LARGE_INTEGER CreateTime; 282 ULONG WaitTime; 283 PVOID StartAddress; 284 CLIENT_ID ClientId; 285 KPRIORITY Priority; 286 KPRIORITY BasePriority; 287 ULONG ContextSwitchCount; 288 THREAD_STATE State; 289 KWAIT_REASON WaitReason; 290 } SYSTEM_THREADS, *PSYSTEM_THREADS; 291 292 typedef struct _SYSTEM_PROCESSES { 293 ULONG NextEntryDelta; 294 ULONG ThreadCount; 295 ULONG Reserved1[6]; 296 LARGE_INTEGER CreateTime; 297 LARGE_INTEGER UserTime; 298 LARGE_INTEGER KernelTime; 299 UNICODE_STRING ProcessName; 300 KPRIORITY BasePriority; 301 ULONG ProcessId; 302 ULONG InheritedFromProcessId; 303 ULONG HandleCount; 304 ULONG Reserved2[2]; 305 VM_COUNTERS VmCounters; 306 IO_COUNTERS IoCounters; 307 SYSTEM_THREADS Threads[1]; 308 } SYSTEM_PROCESSES, *PSYSTEM_PROCESSES; 309 310 typedef struct _SYSTEM_CALLS_INFORMATION { 311 ULONG Size; 312 ULONG NumberOfDescriptorTables; 313 ULONG NumberOfRoutinesInTable[1]; 314 ULONG CallCounts[ANYSIZE_ARRAY]; 315 } SYSTEM_CALLS_INFORMATION, *PSYSTEM_CALLS_INFORMATION; 316 317 typedef struct _SYSTEM_CONFIGURATION_INFORMATION { 318 ULONG DiskCount; 319 ULONG FloppyCount; 320 ULONG CdRomCount; 321 ULONG TapeCount; 322 ULONG SerialCount; 323 ULONG ParallelCount; 324 } SYSTEM_CONFIGURATION_INFORMATION, *PSYSTEM_CONFIGURATION_INFORMATION; 325 326 typedef struct _SYSTEM_PROCESSOR_TIMES { 327 LARGE_INTEGER IdleTime; 328 LARGE_INTEGER KernelTime; 329 LARGE_INTEGER UserTime; 330 LARGE_INTEGER DpcTime; 331 LARGE_INTEGER InterruptTime; 332 ULONG InterruptCount; 333 } SYSTEM_PROCESSOR_TIMES, *PSYSTEM_PROCESSOR_TIMES; 334 335 /* SYSTEM_GLOBAL_FLAG.GlobalFlag constants */ 336 #define FLG_STOP_ON_EXCEPTION 0x00000001 337 #define FLG_SHOW_LDR_SNAPS 0x00000002 338 #define FLG_DEBUG_INITIAL_COMMAND 0x00000004 339 #define FLG_STOP_ON_HUNG_GUI 0x00000008 340 #define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010 341 #define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020 342 #define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040 343 #define FLG_HEAP_VALIDATE_ALL 0x00000080 344 #define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100 345 #define FLG_POOL_ENABLE_FREE_CHECK 0x00000200 346 #define FLG_POOL_ENABLE_TAGGING 0x00000400 347 #define FLG_HEAP_ENABLE_TAGGING 0x00000800 348 #define FLG_USER_STACK_TRACE_DB 0x00001000 349 #define FLG_KERNEL_STACK_TRACE_DB 0x00002000 350 #define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000 351 #define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000 352 #define FLG_IGNORE_DEBUG_PRIV 0x00010000 353 #define FLG_ENABLE_CSRDEBUG 0x00020000 354 #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000 355 #define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000 356 #define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000 357 #define FLG_HEAP_DISABLE_COALESCING 0x00200000 358 #define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000 359 #define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000 360 #define FLG_ENABLE_DBGPRINT_BUFFERING 0x08000000 361 362 typedef struct _SYSTEM_GLOBAL_FLAG { 363 ULONG GlobalFlag; 364 } SYSTEM_GLOBAL_FLAG, *PSYSTEM_GLOBAL_FLAG; 365 366 typedef struct _SYSTEM_MODULE_INFORMATION_ENTRY { 367 ULONG Unknown1; 368 ULONG Unknown2; 369 PVOID Base; 370 ULONG Size; 371 ULONG Flags; 372 USHORT Index; 373 /* Length of module name not including the path, this 374 field contains valid value only for NTOSKRNL module */ 375 USHORT NameLength; 376 USHORT LoadCount; 377 USHORT PathLength; 378 CHAR ImageName[256]; 379 } SYSTEM_MODULE_INFORMATION_ENTRY, *PSYSTEM_MODULE_INFORMATION_ENTRY; 380 381 typedef struct _SYSTEM_MODULE_INFORMATION { 382 ULONG Count; 383 SYSTEM_MODULE_INFORMATION_ENTRY Module[1]; 384 } SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION; 385 386 typedef struct _SYSTEM_LOCK_INFORMATION { 387 PVOID Address; 388 USHORT Type; 389 USHORT Reserved1; 390 ULONG ExclusiveOwnerThreadId; 391 ULONG ActiveCount; 392 ULONG ContentionCount; 393 ULONG Reserved2[2]; 394 ULONG NumberOfSharedWaiters; 395 ULONG NumberOfExclusiveWaiters; 396 } SYSTEM_LOCK_INFORMATION, *PSYSTEM_LOCK_INFORMATION; 397 398 /*SYSTEM_HANDLE_INFORMATION.Flags cosntants */ 399 #define PROTECT_FROM_CLOSE 0x01 400 #define INHERIT 0x02 401 402 typedef struct _SYSTEM_HANDLE_INFORMATION { 403 ULONG ProcessId; 404 UCHAR ObjectTypeNumber; 405 UCHAR Flags; 406 USHORT Handle; 407 PVOID Object; 408 ACCESS_MASK GrantedAccess; 409 } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION; 410 411 typedef struct _SYSTEM_OBJECT_TYPE_INFORMATION { 412 ULONG NextEntryOffset; 413 ULONG ObjectCount; 414 ULONG HandleCount; 415 ULONG TypeNumber; 416 ULONG InvalidAttributes; 417 GENERIC_MAPPING GenericMapping; 418 ACCESS_MASK ValidAccessMask; 419 POOL_TYPE PoolType; 420 UCHAR Unknown; 421 UNICODE_STRING Name; 422 } SYSTEM_OBJECT_TYPE_INFORMATION, *PSYSTEM_OBJECT_TYPE_INFORMATION; 423 424 /* SYSTEM_OBJECT_INFORMATION.Flags constants */ 425 #define FLG_SYSOBJINFO_SINGLE_HANDLE_ENTRY 0x40 426 #define FLG_SYSOBJINFO_DEFAULT_SECURITY_QUOTA 0x20 427 #define FLG_SYSOBJINFO_PERMANENT 0x10 428 #define FLG_SYSOBJINFO_EXCLUSIVE 0x08 429 #define FLG_SYSOBJINFO_CREATOR_INFO 0x04 430 #define FLG_SYSOBJINFO_KERNEL_MODE 0x02 431 432 typedef struct _SYSTEM_OBJECT_INFORMATION { 433 ULONG NextEntryOffset; 434 PVOID Object; 435 ULONG CreatorProcessId; 436 USHORT Unknown; 437 USHORT Flags; 438 ULONG PointerCount; 439 ULONG HandleCount; 440 ULONG PagedPoolUsage; 441 ULONG NonPagedPoolUsage; 442 ULONG ExclusiveProcessId; 443 PSECURITY_DESCRIPTOR SecurityDescriptor; 444 UNICODE_STRING Name; 445 } SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION; 446 447 typedef struct _SYSTEM_PAGEFILE_INFORMATION { 448 ULONG NextEntryOffset; 449 ULONG CurrentSize; 450 ULONG TotalUsed; 451 ULONG PeakUsed; 452 UNICODE_STRING FileName; 453 } SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION; 454 455 typedef struct _SYSTEM_INSTRUCTION_EMULATION_INFORMATION { 456 ULONG SegmentNotPresent; 457 ULONG TwoByteOpcode; 458 ULONG ESprefix; 459 ULONG CSprefix; 460 ULONG SSprefix; 461 ULONG DSprefix; 462 ULONG FSPrefix; 463 ULONG GSprefix; 464 ULONG OPER32prefix; 465 ULONG ADDR32prefix; 466 ULONG INSB; 467 ULONG INSW; 468 ULONG OUTSB; 469 ULONG OUTSW; 470 ULONG PUSHFD; 471 ULONG POPFD; 472 ULONG INTnn; 473 ULONG INTO; 474 ULONG IRETD; 475 ULONG INBimm; 476 ULONG INWimm; 477 ULONG OUTBimm; 478 ULONG OUTWimm; 479 ULONG INB; 480 ULONG INW; 481 ULONG OUTB; 482 ULONG OUTW; 483 ULONG LOCKprefix; 484 ULONG REPNEprefix; 485 ULONG REPprefix; 486 ULONG HLT; 487 ULONG CLI; 488 ULONG STI; 489 ULONG GenericInvalidOpcode; 490 } SYSTEM_INSTRUCTION_EMULATION_INFORMATION, *PSYSTEM_INSTRUCTION_EMULATION_INFORMATION; 491 492 typedef struct _SYSTEM_POOL_TAG_INFORMATION { 493 CHAR Tag[4]; 494 ULONG PagedPoolAllocs; 495 ULONG PagedPoolFrees; 496 ULONG PagedPoolUsage; 497 ULONG NonPagedPoolAllocs; 498 ULONG NonPagedPoolFrees; 499 ULONG NonPagedPoolUsage; 500 } SYSTEM_POOL_TAG_INFORMATION, *PSYSTEM_POOL_TAG_INFORMATION; 501 502 typedef struct _SYSTEM_PROCESSOR_STATISTICS { 503 ULONG ContextSwitches; 504 ULONG DpcCount; 505 ULONG DpcRequestRate; 506 ULONG TimeIncrement; 507 ULONG DpcBypassCount; 508 ULONG ApcBypassCount; 509 } SYSTEM_PROCESSOR_STATISTICS, *PSYSTEM_PROCESSOR_STATISTICS; 510 511 typedef struct _SYSTEM_DPC_INFORMATION { 512 ULONG Reserved; 513 ULONG MaximumDpcQueueDepth; 514 ULONG MinimumDpcRate; 515 ULONG AdjustDpcThreshold; 516 ULONG IdealDpcRate; 517 } SYSTEM_DPC_INFORMATION, *PSYSTEM_DPC_INFORMATION; 518 519 typedef struct _SYSTEM_LOAD_IMAGE { 520 UNICODE_STRING ModuleName; 521 PVOID ModuleBase; 522 PVOID SectionPointer; 523 PVOID EntryPoint; 524 PVOID ExportDirectory; 525 } SYSTEM_LOAD_IMAGE, *PSYSTEM_LOAD_IMAGE; 526 527 typedef struct _SYSTEM_UNLOAD_IMAGE { 528 PVOID ModuleBase; 529 } SYSTEM_UNLOAD_IMAGE, *PSYSTEM_UNLOAD_IMAGE; 530 531 typedef struct _SYSTEM_QUERY_TIME_ADJUSTMENT { 532 ULONG TimeAdjustment; 533 ULONG MaximumIncrement; 534 BOOLEAN TimeSynchronization; 535 } SYSTEM_QUERY_TIME_ADJUSTMENT, *PSYSTEM_QUERY_TIME_ADJUSTMENT; 536 537 typedef struct _SYSTEM_SET_TIME_ADJUSTMENT { 538 ULONG TimeAdjustment; 539 BOOLEAN TimeSynchronization; 540 } SYSTEM_SET_TIME_ADJUSTMENT, *PSYSTEM_SET_TIME_ADJUSTMENT; 541 542 typedef struct _SYSTEM_CRASH_DUMP_INFORMATION { 543 HANDLE CrashDumpSectionHandle; 544 HANDLE Unknown; 545 } SYSTEM_CRASH_DUMP_INFORMATION, *PSYSTEM_CRASH_DUMP_INFORMATION; 546 547 typedef struct _SYSTEM_EXCEPTION_INFORMATION { 548 ULONG AlignmentFixupCount; 549 ULONG ExceptionDispatchCount; 550 ULONG FloatingEmulationCount; 551 ULONG Reserved; 552 } SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION; 553 554 typedef struct _SYSTEM_CRASH_DUMP_STATE_INFORMATION { 555 ULONG CrashDumpSectionExists; 556 ULONG Unknown; 557 } SYSTEM_CRASH_DUMP_STATE_INFORMATION, *PSYSTEM_CRASH_DUMP_STATE_INFORMATION; 558 559 typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION { 560 BOOLEAN DebuggerEnabled; 561 BOOLEAN DebuggerNotPresent; 562 } SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION; 563 564 typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION { 565 ULONG ContextSwitches; 566 ULONG ContextSwitchCounters[11]; 567 } SYSTEM_CONTEXT_SWITCH_INFORMATION, *PSYSTEM_CONTEXT_SWITCH_INFORMATION; 568 569 typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION { 570 ULONG RegistryQuota; 571 ULONG RegistryQuotaInUse; 572 ULONG PagedPoolSize; 573 } SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION; 574 575 typedef struct _SYSTEM_LOAD_AND_CALL_IMAGE { 576 UNICODE_STRING ModuleName; 577 } SYSTEM_LOAD_AND_CALL_IMAGE, *PSYSTEM_LOAD_AND_CALL_IMAGE; 578 579 typedef struct _SYSTEM_PRIORITY_SEPARATION { 580 ULONG PrioritySeparation; 581 } SYSTEM_PRIORITY_SEPARATION, *PSYSTEM_PRIORITY_SEPARATION; 582 583 typedef struct _SYSTEM_TIME_ZONE_INFORMATION { 584 LONG Bias; 585 WCHAR StandardName[32]; 586 LARGE_INTEGER StandardDate; 587 LONG StandardBias; 588 WCHAR DaylightName[32]; 589 LARGE_INTEGER DaylightDate; 590 LONG DaylightBias; 591 } SYSTEM_TIME_ZONE_INFORMATION, *PSYSTEM_TIME_ZONE_INFORMATION; 592 593 typedef struct _SYSTEM_LOOKASIDE_INFORMATION { 594 USHORT Depth; 595 USHORT MaximumDepth; 596 ULONG TotalAllocates; 597 ULONG AllocateMisses; 598 ULONG TotalFrees; 599 ULONG FreeMisses; 600 POOL_TYPE Type; 601 ULONG Tag; 602 ULONG Size; 603 } SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION; 604 605 typedef struct _SYSTEM_SET_TIME_SLIP_EVENT { 606 HANDLE TimeSlipEvent; 607 } SYSTEM_SET_TIME_SLIP_EVENT, *PSYSTEM_SET_TIME_SLIP_EVENT; 608 609 typedef struct _SYSTEM_CREATE_SESSION { 610 ULONG SessionId; 611 } SYSTEM_CREATE_SESSION, *PSYSTEM_CREATE_SESSION; 612 613 typedef struct _SYSTEM_DELETE_SESSION { 614 ULONG SessionId; 615 } SYSTEM_DELETE_SESSION, *PSYSTEM_DELETE_SESSION; 616 617 typedef struct _SYSTEM_RANGE_START_INFORMATION { 618 PVOID SystemRangeStart; 619 } SYSTEM_RANGE_START_INFORMATION, *PSYSTEM_RANGE_START_INFORMATION; 620 621 typedef struct _SYSTEM_SESSION_PROCESSES_INFORMATION { 622 ULONG SessionId; 623 ULONG BufferSize; 624 PVOID Buffer; 625 } SYSTEM_SESSION_PROCESSES_INFORMATION, *PSYSTEM_SESSION_PROCESSES_INFORMATION; 626 627 typedef struct _SYSTEM_POOL_BLOCK { 628 BOOLEAN Allocated; 629 USHORT Unknown; 630 ULONG Size; 631 CHAR Tag[4]; 632 } SYSTEM_POOL_BLOCK, *PSYSTEM_POOL_BLOCK; 633 634 typedef struct _SYSTEM_POOL_BLOCKS_INFORMATION { 635 ULONG PoolSize; 636 PVOID PoolBase; 637 USHORT Unknown; 638 ULONG NumberOfBlocks; 639 SYSTEM_POOL_BLOCK PoolBlocks[1]; 640 } SYSTEM_POOL_BLOCKS_INFORMATION, *PSYSTEM_POOL_BLOCKS_INFORMATION; 641 642 typedef struct _SYSTEM_MEMORY_USAGE { 643 PVOID Name; 644 USHORT Valid; 645 USHORT Standby; 646 USHORT Modified; 647 USHORT PageTables; 648 } SYSTEM_MEMORY_USAGE, *PSYSTEM_MEMORY_USAGE; 649 650 typedef struct _SYSTEM_MEMORY_USAGE_INFORMATION { 651 ULONG Reserved; 652 PVOID EndOfData; 653 SYSTEM_MEMORY_USAGE MemoryUsage[1]; 654 } SYSTEM_MEMORY_USAGE_INFORMATION, *PSYSTEM_MEMORY_USAGE_INFORMATION; 655 656 NTOSAPI 657 NTSTATUS 658 NTAPI 659 NtQuerySystemInformation( 660 /*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass, 661 /*IN OUT*/ PVOID SystemInformation, 662 /*IN*/ ULONG SystemInformationLength, 663 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 664 665 NTOSAPI 666 NTSTATUS 667 NTAPI 668 ZwQuerySystemInformation( 669 /*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass, 670 /*IN OUT*/ PVOID SystemInformation, 671 /*IN*/ ULONG SystemInformationLength, 672 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 673 674 NTOSAPI 675 NTAPI 676 NTSTATUS 677 NtQueryFullAttributesFile( 678 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 679 /*OUT*/ PFILE_NETWORK_OPEN_INFORMATION FileInformation); 680 681 NTOSAPI 682 NTAPI 683 NTSTATUS 684 ZwQueryFullAttributesFile( 685 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 686 /*OUT*/ PFILE_NETWORK_OPEN_INFORMATION FileInformation); 687 688 NTOSAPI 689 NTSTATUS 690 NTAPI 691 NtSetSystemInformation( 692 /*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass, 693 /*IN OUT*/ PVOID SystemInformation, 694 /*IN*/ ULONG SystemInformationLength); 695 696 NTOSAPI 697 NTSTATUS 698 NTAPI 699 ZwSetSystemInformation( 700 /*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass, 701 /*IN OUT*/ PVOID SystemInformation, 702 /*IN*/ ULONG SystemInformationLength); 703 704 NTOSAPI 705 NTSTATUS 706 NTAPI 707 NtQuerySystemEnvironmentValue( 708 /*IN*/ PUNICODE_STRING Name, 709 /*OUT*/ PVOID Value, 710 /*IN*/ ULONG ValueLength, 711 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 712 713 NTOSAPI 714 NTSTATUS 715 NTAPI 716 ZwQuerySystemEnvironmentValue( 717 /*IN*/ PUNICODE_STRING Name, 718 /*OUT*/ PVOID Value, 719 /*IN*/ ULONG ValueLength, 720 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 721 722 NTOSAPI 723 NTSTATUS 724 NTAPI 725 NtSetSystemEnvironmentValue( 726 /*IN*/ PUNICODE_STRING Name, 727 /*IN*/ PUNICODE_STRING Value); 728 729 NTOSAPI 730 NTSTATUS 731 NTAPI 732 ZwSetSystemEnvironmentValue( 733 /*IN*/ PUNICODE_STRING Name, 734 /*IN*/ PUNICODE_STRING Value); 735 736 typedef enum _SHUTDOWN_ACTION { 737 ShutdownNoReboot, 738 ShutdownReboot, 739 ShutdownPowerOff 740 } SHUTDOWN_ACTION; 741 742 NTOSAPI 743 NTSTATUS 744 NTAPI 745 NtShutdownSystem( 746 /*IN*/ SHUTDOWN_ACTION Action); 747 748 NTOSAPI 749 NTSTATUS 750 NTAPI 751 ZwShutdownSystem( 752 /*IN*/ SHUTDOWN_ACTION Action); 753 754 typedef enum _DEBUG_CONTROL_CODE { 755 DebugGetTraceInformation = 1, 756 DebugSetInternalBreakpoint, 757 DebugSetSpecialCall, 758 DebugClearSpecialCalls, 759 DebugQuerySpecialCalls, 760 DebugDbgBreakPoint, 761 DebugMaximum 762 } DEBUG_CONTROL_CODE; 763 764 765 NTOSAPI 766 NTSTATUS 767 NTAPI 768 NtSystemDebugControl( 769 /*IN*/ DEBUG_CONTROL_CODE ControlCode, 770 /*IN*/ PVOID InputBuffer /*OPTIONAL*/, 771 /*IN*/ ULONG InputBufferLength, 772 /*OUT*/ PVOID OutputBuffer /*OPTIONAL*/, 773 /*IN*/ ULONG OutputBufferLength, 774 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 775 776 NTOSAPI 777 NTSTATUS 778 NTAPI 779 ZwSystemDebugControl( 780 /*IN*/ DEBUG_CONTROL_CODE ControlCode, 781 /*IN*/ PVOID InputBuffer /*OPTIONAL*/, 782 /*IN*/ ULONG InputBufferLength, 783 /*OUT*/ PVOID OutputBuffer /*OPTIONAL*/, 784 /*IN*/ ULONG OutputBufferLength, 785 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 786 787 788 789 /* Objects, Object directories, and symbolic links */ 790 791 typedef enum _OBJECT_INFORMATION_CLASS { 792 ObjectBasicInformation, 793 ObjectNameInformation, 794 ObjectTypeInformation, 795 ObjectAllTypesInformation, 796 ObjectHandleInformation 797 } OBJECT_INFORMATION_CLASS; 798 799 NTOSAPI 800 NTSTATUS 801 NTAPI 802 NtQueryObject( 803 /*IN*/ HANDLE ObjectHandle, 804 /*IN*/ OBJECT_INFORMATION_CLASS ObjectInformationClass, 805 /*OUT*/ PVOID ObjectInformation, 806 /*IN*/ ULONG ObjectInformationLength, 807 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 808 809 NTOSAPI 810 NTSTATUS 811 NTAPI 812 ZwQueryObject( 813 /*IN*/ HANDLE ObjectHandle, 814 /*IN*/ OBJECT_INFORMATION_CLASS ObjectInformationClass, 815 /*OUT*/ PVOID ObjectInformation, 816 /*IN*/ ULONG ObjectInformationLength, 817 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 818 819 NTOSAPI 820 NTSTATUS 821 NTAPI 822 NtSetInformationObject( 823 /*IN*/ HANDLE ObjectHandle, 824 /*IN*/ OBJECT_INFORMATION_CLASS ObjectInformationClass, 825 /*IN*/ PVOID ObjectInformation, 826 /*IN*/ ULONG ObjectInformationLength); 827 828 NTOSAPI 829 NTSTATUS 830 NTAPI 831 ZwSetInformationObject( 832 /*IN*/ HANDLE ObjectHandle, 833 /*IN*/ OBJECT_INFORMATION_CLASS ObjectInformationClass, 834 /*IN*/ PVOID ObjectInformation, 835 /*IN*/ ULONG ObjectInformationLength); 836 837 /* OBJECT_BASIC_INFORMATION.Attributes constants */ 838 /* also in winbase.h */ 839 #define HANDLE_FLAG_INHERIT 0x01 840 #define HANDLE_FLAG_PROTECT_FROM_CLOSE 0x02 841 /* end winbase.h */ 842 #define PERMANENT 0x10 843 #define EXCLUSIVE 0x20 844 845 typedef struct _OBJECT_BASIC_INFORMATION { 846 ULONG Attributes; 847 ACCESS_MASK GrantedAccess; 848 ULONG HandleCount; 849 ULONG PointerCount; 850 ULONG PagedPoolUsage; 851 ULONG NonPagedPoolUsage; 852 ULONG Reserved[3]; 853 ULONG NameInformationLength; 854 ULONG TypeInformationLength; 855 ULONG SecurityDescriptorLength; 856 LARGE_INTEGER CreateTime; 857 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION; 858 #if 0 859 /* FIXME: Enable later */ 860 typedef struct _OBJECT_TYPE_INFORMATION { 861 UNICODE_STRING Name; 862 ULONG ObjectCount; 863 ULONG HandleCount; 864 ULONG Reserved1[4]; 865 ULONG PeakObjectCount; 866 ULONG PeakHandleCount; 867 ULONG Reserved2[4]; 868 ULONG InvalidAttributes; 869 GENERIC_MAPPING GenericMapping; 870 ULONG ValidAccess; 871 UCHAR Unknown; 872 BOOLEAN MaintainHandleDatabase; 873 POOL_TYPE PoolType; 874 ULONG PagedPoolUsage; 875 ULONG NonPagedPoolUsage; 876 } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION; 877 878 typedef struct _OBJECT_ALL_TYPES_INFORMATION { 879 ULONG NumberOfTypes; 880 OBJECT_TYPE_INFORMATION TypeInformation; 881 } OBJECT_ALL_TYPES_INFORMATION, *POBJECT_ALL_TYPES_INFORMATION; 882 #endif 883 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFORMATION { 884 BOOLEAN Inherit; 885 BOOLEAN ProtectFromClose; 886 } OBJECT_HANDLE_ATTRIBUTE_INFORMATION, *POBJECT_HANDLE_ATTRIBUTE_INFORMATION; 887 888 NTOSAPI 889 NTSTATUS 890 NTAPI 891 NtDuplicateObject( 892 /*IN*/ HANDLE SourceProcessHandle, 893 /*IN*/ HANDLE SourceHandle, 894 /*IN*/ HANDLE TargetProcessHandle, 895 /*OUT*/ PHANDLE TargetHandle /*OPTIONAL*/, 896 /*IN*/ ACCESS_MASK DesiredAccess, 897 /*IN*/ ULONG Attributes, 898 /*IN*/ ULONG Options); 899 900 NTOSAPI 901 NTSTATUS 902 NTAPI 903 ZwDuplicateObject( 904 /*IN*/ HANDLE SourceProcessHandle, 905 /*IN*/ HANDLE SourceHandle, 906 /*IN*/ HANDLE TargetProcessHandle, 907 /*OUT*/ PHANDLE TargetHandle /*OPTIONAL*/, 908 /*IN*/ ACCESS_MASK DesiredAccess, 909 /*IN*/ ULONG Attributes, 910 /*IN*/ ULONG Options); 911 912 NTOSAPI 913 NTSTATUS 914 NTAPI 915 NtQuerySecurityObject( 916 /*IN*/ HANDLE Handle, 917 /*IN*/ SECURITY_INFORMATION SecurityInformation, 918 /*OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 919 /*IN*/ ULONG SecurityDescriptorLength, 920 /*OUT*/ PULONG ReturnLength); 921 922 NTOSAPI 923 NTSTATUS 924 NTAPI 925 ZwQuerySecurityObject( 926 /*IN*/ HANDLE Handle, 927 /*IN*/ SECURITY_INFORMATION SecurityInformation, 928 /*OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 929 /*IN*/ ULONG SecurityDescriptorLength, 930 /*OUT*/ PULONG ReturnLength); 931 932 NTOSAPI 933 NTSTATUS 934 NTAPI 935 NtSetSecurityObject( 936 /*IN*/ HANDLE Handle, 937 /*IN*/ SECURITY_INFORMATION SecurityInformation, 938 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor); 939 940 NTOSAPI 941 NTSTATUS 942 NTAPI 943 ZwSetSecurityObject( 944 /*IN*/ HANDLE Handle, 945 /*IN*/ SECURITY_INFORMATION SecurityInformation, 946 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor); 947 948 NTOSAPI 949 NTSTATUS 950 NTAPI 951 NtOpenDirectoryObject( 952 /*OUT*/ PHANDLE DirectoryHandle, 953 /*IN*/ ACCESS_MASK DesiredAccess, 954 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes); 955 956 NTOSAPI 957 NTSTATUS 958 NTAPI 959 ZwOpenDirectoryObject( 960 /*OUT*/ PHANDLE DirectoryHandle, 961 /*IN*/ ACCESS_MASK DesiredAccess, 962 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes); 963 964 NTOSAPI 965 NTSTATUS 966 NTAPI 967 NtQueryDirectoryObject( 968 /*IN*/ HANDLE DirectoryHandle, 969 /*OUT*/ PVOID Buffer, 970 /*IN*/ ULONG BufferLength, 971 /*IN*/ BOOLEAN ReturnSingleEntry, 972 /*IN*/ BOOLEAN RestartScan, 973 /*IN OUT*/ PULONG Context, 974 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 975 976 NTOSAPI 977 NTSTATUS 978 NTAPI 979 ZwQueryDirectoryObject( 980 /*IN*/ HANDLE DirectoryHandle, 981 /*OUT*/ PVOID Buffer, 982 /*IN*/ ULONG BufferLength, 983 /*IN*/ BOOLEAN ReturnSingleEntry, 984 /*IN*/ BOOLEAN RestartScan, 985 /*IN OUT*/ PULONG Context, 986 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 987 988 typedef struct _DIRECTORY_BASIC_INFORMATION { 989 UNICODE_STRING ObjectName; 990 UNICODE_STRING ObjectTypeName; 991 } DIRECTORY_BASIC_INFORMATION, *PDIRECTORY_BASIC_INFORMATION; 992 993 NTOSAPI 994 NTSTATUS 995 NTAPI 996 NtCreateSymbolicLinkObject( 997 /*OUT*/ PHANDLE SymbolicLinkHandle, 998 /*IN*/ ACCESS_MASK DesiredAccess, 999 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 1000 /*IN*/ PUNICODE_STRING TargetName); 1001 1002 NTOSAPI 1003 NTSTATUS 1004 NTAPI 1005 ZwCreateSymbolicLinkObject( 1006 /*OUT*/ PHANDLE SymbolicLinkHandle, 1007 /*IN*/ ACCESS_MASK DesiredAccess, 1008 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 1009 /*IN*/ PUNICODE_STRING TargetName); 1010 1011 1012 1013 1014 /* Virtual memory */ 1015 1016 typedef enum _MEMORY_INFORMATION_CLASS { 1017 MemoryBasicInformation, 1018 MemoryWorkingSetList, 1019 MemorySectionName, 1020 MemoryBasicVlmInformation 1021 } MEMORY_INFORMATION_CLASS; 1022 1023 NTOSAPI 1024 NTSTATUS 1025 NTAPI 1026 NtAllocateVirtualMemory( 1027 /*IN*/ HANDLE ProcessHandle, 1028 /*IN OUT*/ PVOID *BaseAddress, 1029 /*IN*/ ULONG ZeroBits, 1030 /*IN OUT*/ PULONG AllocationSize, 1031 /*IN*/ ULONG AllocationType, 1032 /*IN*/ ULONG Protect); 1033 1034 NTOSAPI 1035 NTSTATUS 1036 NTAPI 1037 ZwAllocateVirtualMemory( 1038 /*IN*/ HANDLE ProcessHandle, 1039 /*IN OUT*/ PVOID *BaseAddress, 1040 /*IN*/ ULONG ZeroBits, 1041 /*IN OUT*/ PULONG AllocationSize, 1042 /*IN*/ ULONG AllocationType, 1043 /*IN*/ ULONG Protect); 1044 1045 NTOSAPI 1046 NTSTATUS 1047 NTAPI 1048 NtFreeVirtualMemory( 1049 /*IN*/ HANDLE ProcessHandle, 1050 /*IN OUT*/ PVOID *BaseAddress, 1051 /*IN OUT*/ PULONG FreeSize, 1052 /*IN*/ ULONG FreeType); 1053 1054 NTOSAPI 1055 NTSTATUS 1056 NTAPI 1057 ZwFreeVirtualMemory( 1058 /*IN*/ HANDLE ProcessHandle, 1059 /*IN OUT*/ PVOID *BaseAddress, 1060 /*IN OUT*/ PULONG FreeSize, 1061 /*IN*/ ULONG FreeType); 1062 1063 NTOSAPI 1064 NTSTATUS 1065 NTAPI 1066 NtQueryVirtualMemory( 1067 /*IN*/ HANDLE ProcessHandle, 1068 /*IN*/ PVOID BaseAddress, 1069 /*IN*/ MEMORY_INFORMATION_CLASS MemoryInformationClass, 1070 /*OUT*/ PVOID MemoryInformation, 1071 /*IN*/ ULONG MemoryInformationLength, 1072 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 1073 1074 NTOSAPI 1075 NTSTATUS 1076 NTAPI 1077 ZwQueryVirtualMemory( 1078 /*IN*/ HANDLE ProcessHandle, 1079 /*IN*/ PVOID BaseAddress, 1080 /*IN*/ MEMORY_INFORMATION_CLASS MemoryInformationClass, 1081 /*OUT*/ PVOID MemoryInformation, 1082 /*IN*/ ULONG MemoryInformationLength, 1083 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 1084 1085 /* MEMORY_WORKING_SET_LIST.WorkingSetList constants */ 1086 #define WSLE_PAGE_READONLY 0x001 1087 #define WSLE_PAGE_EXECUTE 0x002 1088 #define WSLE_PAGE_READWRITE 0x004 1089 #define WSLE_PAGE_EXECUTE_READ 0x003 1090 #define WSLE_PAGE_WRITECOPY 0x005 1091 #define WSLE_PAGE_EXECUTE_READWRITE 0x006 1092 #define WSLE_PAGE_EXECUTE_WRITECOPY 0x007 1093 #define WSLE_PAGE_SHARE_COUNT_MASK 0x0E0 1094 #define WSLE_PAGE_SHAREABLE 0x100 1095 1096 typedef struct _MEMORY_WORKING_SET_LIST { 1097 ULONG NumberOfPages; 1098 ULONG WorkingSetList[1]; 1099 } MEMORY_WORKING_SET_LIST, *PMEMORY_WORKING_SET_LIST; 1100 1101 typedef struct _MEMORY_SECTION_NAME { 1102 UNICODE_STRING SectionFileName; 1103 } MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME; 1104 1105 /* Zw[Lock|Unlock]VirtualMemory.LockType constants */ 1106 #define LOCK_VM_IN_WSL 0x01 1107 #define LOCK_VM_IN_RAM 0x02 1108 1109 NTOSAPI 1110 NTSTATUS 1111 NTAPI 1112 NtLockVirtualMemory( 1113 /*IN*/ HANDLE ProcessHandle, 1114 /*IN OUT*/ PVOID *BaseAddress, 1115 /*IN OUT*/ PULONG LockSize, 1116 /*IN*/ ULONG LockType); 1117 1118 NTOSAPI 1119 NTSTATUS 1120 NTAPI 1121 ZwLockVirtualMemory( 1122 /*IN*/ HANDLE ProcessHandle, 1123 /*IN OUT*/ PVOID *BaseAddress, 1124 /*IN OUT*/ PULONG LockSize, 1125 /*IN*/ ULONG LockType); 1126 1127 NTOSAPI 1128 NTSTATUS 1129 NTAPI 1130 NtUnlockVirtualMemory( 1131 /*IN*/ HANDLE ProcessHandle, 1132 /*IN OUT*/ PVOID *BaseAddress, 1133 /*IN OUT*/ PULONG LockSize, 1134 /*IN*/ ULONG LockType); 1135 1136 NTOSAPI 1137 NTSTATUS 1138 NTAPI 1139 ZwUnlockVirtualMemory( 1140 /*IN*/ HANDLE ProcessHandle, 1141 /*IN OUT*/ PVOID *BaseAddress, 1142 /*IN OUT*/ PULONG LockSize, 1143 /*IN*/ ULONG LockType); 1144 1145 NTOSAPI 1146 NTSTATUS 1147 NTAPI 1148 NtReadVirtualMemory( 1149 /*IN*/ HANDLE ProcessHandle, 1150 /*IN*/ PVOID BaseAddress, 1151 /*OUT*/ PVOID Buffer, 1152 /*IN*/ ULONG BufferLength, 1153 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 1154 1155 NTOSAPI 1156 NTSTATUS 1157 NTAPI 1158 ZwReadVirtualMemory( 1159 /*IN*/ HANDLE ProcessHandle, 1160 /*IN*/ PVOID BaseAddress, 1161 /*OUT*/ PVOID Buffer, 1162 /*IN*/ ULONG BufferLength, 1163 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 1164 1165 NTOSAPI 1166 NTSTATUS 1167 NTAPI 1168 NtWriteVirtualMemory( 1169 /*IN*/ HANDLE ProcessHandle, 1170 /*IN*/ PVOID BaseAddress, 1171 /*IN*/ PVOID Buffer, 1172 /*IN*/ ULONG BufferLength, 1173 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 1174 1175 NTOSAPI 1176 NTSTATUS 1177 NTAPI 1178 ZwWriteVirtualMemory( 1179 /*IN*/ HANDLE ProcessHandle, 1180 /*IN*/ PVOID BaseAddress, 1181 /*IN*/ PVOID Buffer, 1182 /*IN*/ ULONG BufferLength, 1183 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 1184 1185 NTOSAPI 1186 NTSTATUS 1187 NTAPI 1188 NtProtectVirtualMemory( 1189 /*IN*/ HANDLE ProcessHandle, 1190 /*IN OUT*/ PVOID *BaseAddress, 1191 /*IN OUT*/ PULONG ProtectSize, 1192 /*IN*/ ULONG NewProtect, 1193 /*OUT*/ PULONG OldProtect); 1194 1195 NTOSAPI 1196 NTSTATUS 1197 NTAPI 1198 ZwProtectVirtualMemory( 1199 /*IN*/ HANDLE ProcessHandle, 1200 /*IN OUT*/ PVOID *BaseAddress, 1201 /*IN OUT*/ PULONG ProtectSize, 1202 /*IN*/ ULONG NewProtect, 1203 /*OUT*/ PULONG OldProtect); 1204 1205 NTOSAPI 1206 NTSTATUS 1207 NTAPI 1208 NtFlushVirtualMemory( 1209 /*IN*/ HANDLE ProcessHandle, 1210 /*IN OUT*/ PVOID *BaseAddress, 1211 /*IN OUT*/ PULONG FlushSize, 1212 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock); 1213 1214 NTOSAPI 1215 NTSTATUS 1216 NTAPI 1217 ZwFlushVirtualMemory( 1218 /*IN*/ HANDLE ProcessHandle, 1219 /*IN OUT*/ PVOID *BaseAddress, 1220 /*IN OUT*/ PULONG FlushSize, 1221 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock); 1222 1223 NTOSAPI 1224 NTSTATUS 1225 NTAPI 1226 NtAllocateUserPhysicalPages( 1227 /*IN*/ HANDLE ProcessHandle, 1228 /*IN*/ PULONG NumberOfPages, 1229 /*OUT*/ PULONG PageFrameNumbers); 1230 1231 NTOSAPI 1232 NTSTATUS 1233 NTAPI 1234 ZwAllocateUserPhysicalPages( 1235 /*IN*/ HANDLE ProcessHandle, 1236 /*IN*/ PULONG NumberOfPages, 1237 /*OUT*/ PULONG PageFrameNumbers); 1238 1239 NTOSAPI 1240 NTSTATUS 1241 NTAPI 1242 NtFreeUserPhysicalPages( 1243 /*IN*/ HANDLE ProcessHandle, 1244 /*IN OUT*/ PULONG NumberOfPages, 1245 /*IN*/ PULONG PageFrameNumbers); 1246 1247 NTOSAPI 1248 NTSTATUS 1249 NTAPI 1250 ZwFreeUserPhysicalPages( 1251 /*IN*/ HANDLE ProcessHandle, 1252 /*IN OUT*/ PULONG NumberOfPages, 1253 /*IN*/ PULONG PageFrameNumbers); 1254 1255 NTOSAPI 1256 NTSTATUS 1257 NTAPI 1258 NtMapUserPhysicalPages( 1259 /*IN*/ PVOID BaseAddress, 1260 /*IN*/ PULONG NumberOfPages, 1261 /*IN*/ PULONG PageFrameNumbers); 1262 1263 NTOSAPI 1264 NTSTATUS 1265 NTAPI 1266 ZwMapUserPhysicalPages( 1267 /*IN*/ PVOID BaseAddress, 1268 /*IN*/ PULONG NumberOfPages, 1269 /*IN*/ PULONG PageFrameNumbers); 1270 1271 NTOSAPI 1272 NTSTATUS 1273 NTAPI 1274 NtMapUserPhysicalPagesScatter( 1275 /*IN*/ PVOID *BaseAddresses, 1276 /*IN*/ PULONG NumberOfPages, 1277 /*IN*/ PULONG PageFrameNumbers); 1278 1279 NTOSAPI 1280 NTSTATUS 1281 NTAPI 1282 ZwMapUserPhysicalPagesScatter( 1283 /*IN*/ PVOID *BaseAddresses, 1284 /*IN*/ PULONG NumberOfPages, 1285 /*IN*/ PULONG PageFrameNumbers); 1286 1287 NTOSAPI 1288 NTSTATUS 1289 NTAPI 1290 NtGetWriteWatch( 1291 /*IN*/ HANDLE ProcessHandle, 1292 /*IN*/ ULONG Flags, 1293 /*IN*/ PVOID BaseAddress, 1294 /*IN*/ ULONG RegionSize, 1295 /*OUT*/ PULONG Buffer, 1296 /*IN OUT*/ PULONG BufferEntries, 1297 /*OUT*/ PULONG Granularity); 1298 1299 NTOSAPI 1300 NTSTATUS 1301 NTAPI 1302 ZwGetWriteWatch( 1303 /*IN*/ HANDLE ProcessHandle, 1304 /*IN*/ ULONG Flags, 1305 /*IN*/ PVOID BaseAddress, 1306 /*IN*/ ULONG RegionSize, 1307 /*OUT*/ PULONG Buffer, 1308 /*IN OUT*/ PULONG BufferEntries, 1309 /*OUT*/ PULONG Granularity); 1310 1311 NTOSAPI 1312 NTSTATUS 1313 NTAPI 1314 NtResetWriteWatch( 1315 /*IN*/ HANDLE ProcessHandle, 1316 /*IN*/ PVOID BaseAddress, 1317 /*IN*/ ULONG RegionSize); 1318 1319 NTOSAPI 1320 NTSTATUS 1321 NTAPI 1322 ZwResetWriteWatch( 1323 /*IN*/ HANDLE ProcessHandle, 1324 /*IN*/ PVOID BaseAddress, 1325 /*IN*/ ULONG RegionSize); 1326 1327 1328 1329 1330 /* Sections */ 1331 1332 typedef enum _SECTION_INFORMATION_CLASS { 1333 SectionBasicInformation, 1334 SectionImageInformation 1335 } SECTION_INFORMATION_CLASS; 1336 1337 NTOSAPI 1338 NTSTATUS 1339 NTAPI 1340 NtCreateSection( 1341 /*OUT*/ PHANDLE SectionHandle, 1342 /*IN*/ ACCESS_MASK DesiredAccess, 1343 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 1344 /*IN*/ PLARGE_INTEGER SectionSize /*OPTIONAL*/, 1345 /*IN*/ ULONG Protect, 1346 /*IN*/ ULONG Attributes, 1347 /*IN*/ HANDLE FileHandle); 1348 1349 NTOSAPI 1350 NTSTATUS 1351 NTAPI 1352 ZwCreateSection( 1353 /*OUT*/ PHANDLE SectionHandle, 1354 /*IN*/ ACCESS_MASK DesiredAccess, 1355 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 1356 /*IN*/ PLARGE_INTEGER SectionSize /*OPTIONAL*/, 1357 /*IN*/ ULONG Protect, 1358 /*IN*/ ULONG Attributes, 1359 /*IN*/ HANDLE FileHandle); 1360 1361 NTOSAPI 1362 NTSTATUS 1363 NTAPI 1364 NtQuerySection( 1365 /*IN*/ HANDLE SectionHandle, 1366 /*IN*/ SECTION_INFORMATION_CLASS SectionInformationClass, 1367 /*OUT*/ PVOID SectionInformation, 1368 /*IN*/ ULONG SectionInformationLength, 1369 /*OUT*/ PULONG ResultLength /*OPTIONAL*/); 1370 1371 NTOSAPI 1372 NTSTATUS 1373 NTAPI 1374 ZwQuerySection( 1375 /*IN*/ HANDLE SectionHandle, 1376 /*IN*/ SECTION_INFORMATION_CLASS SectionInformationClass, 1377 /*OUT*/ PVOID SectionInformation, 1378 /*IN*/ ULONG SectionInformationLength, 1379 /*OUT*/ PULONG ResultLength /*OPTIONAL*/); 1380 1381 NTOSAPI 1382 NTSTATUS 1383 NTAPI 1384 NtExtendSection( 1385 /*IN*/ HANDLE SectionHandle, 1386 /*IN*/ PLARGE_INTEGER SectionSize); 1387 1388 NTOSAPI 1389 NTSTATUS 1390 NTAPI 1391 ZwExtendSection( 1392 /*IN*/ HANDLE SectionHandle, 1393 /*IN*/ PLARGE_INTEGER SectionSize); 1394 1395 NTOSAPI 1396 NTSTATUS 1397 NTAPI 1398 NtAreMappedFilesTheSame( 1399 /*IN*/ PVOID Address1, 1400 /*IN*/ PVOID Address2); 1401 1402 NTOSAPI 1403 NTSTATUS 1404 NTAPI 1405 ZwAreMappedFilesTheSame( 1406 /*IN*/ PVOID Address1, 1407 /*IN*/ PVOID Address2); 1408 1409 1410 1411 1412 /* Threads */ 1413 1414 typedef struct _USER_STACK { 1415 PVOID FixedStackBase; 1416 PVOID FixedStackLimit; 1417 PVOID ExpandableStackBase; 1418 PVOID ExpandableStackLimit; 1419 PVOID ExpandableStackBottom; 1420 } USER_STACK, *PUSER_STACK; 1421 1422 NTOSAPI 1423 NTSTATUS 1424 NTAPI 1425 NtCreateThread( 1426 /*OUT*/ PHANDLE ThreadHandle, 1427 /*IN*/ ACCESS_MASK DesiredAccess, 1428 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 1429 /*IN*/ HANDLE ProcessHandle, 1430 /*OUT*/ PCLIENT_ID ClientId, 1431 /*IN*/ PCONTEXT ThreadContext, 1432 /*IN*/ PUSER_STACK UserStack, 1433 /*IN*/ BOOLEAN CreateSuspended); 1434 1435 NTOSAPI 1436 NTSTATUS 1437 NTAPI 1438 ZwCreateThread( 1439 /*OUT*/ PHANDLE ThreadHandle, 1440 /*IN*/ ACCESS_MASK DesiredAccess, 1441 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 1442 /*IN*/ HANDLE ProcessHandle, 1443 /*OUT*/ PCLIENT_ID ClientId, 1444 /*IN*/ PCONTEXT ThreadContext, 1445 /*IN*/ PUSER_STACK UserStack, 1446 /*IN*/ BOOLEAN CreateSuspended); 1447 1448 NTOSAPI 1449 NTSTATUS 1450 NTAPI 1451 NtOpenThread( 1452 /*OUT*/ PHANDLE ThreadHandle, 1453 /*IN*/ ACCESS_MASK DesiredAccess, 1454 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 1455 /*IN*/ PCLIENT_ID ClientId); 1456 1457 NTOSAPI 1458 NTSTATUS 1459 NTAPI 1460 ZwOpenThread( 1461 /*OUT*/ PHANDLE ThreadHandle, 1462 /*IN*/ ACCESS_MASK DesiredAccess, 1463 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 1464 /*IN*/ PCLIENT_ID ClientId); 1465 1466 NTOSAPI 1467 NTSTATUS 1468 NTAPI 1469 NtTerminateThread( 1470 /*IN*/ HANDLE ThreadHandle /*OPTIONAL*/, 1471 /*IN*/ NTSTATUS ExitStatus); 1472 1473 NTOSAPI 1474 NTSTATUS 1475 NTAPI 1476 ZwTerminateThread( 1477 /*IN*/ HANDLE ThreadHandle /*OPTIONAL*/, 1478 /*IN*/ NTSTATUS ExitStatus); 1479 1480 NTOSAPI 1481 NTSTATUS 1482 NTAPI 1483 NtQueryInformationThread( 1484 /*IN*/ HANDLE ThreadHandle, 1485 /*IN*/ THREADINFOCLASS ThreadInformationClass, 1486 /*OUT*/ PVOID ThreadInformation, 1487 /*IN*/ ULONG ThreadInformationLength, 1488 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 1489 1490 NTOSAPI 1491 NTSTATUS 1492 NTAPI 1493 ZwQueryInformationThread( 1494 /*IN*/ HANDLE ThreadHandle, 1495 /*IN*/ THREADINFOCLASS ThreadInformationClass, 1496 /*OUT*/ PVOID ThreadInformation, 1497 /*IN*/ ULONG ThreadInformationLength, 1498 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 1499 1500 NTOSAPI 1501 NTSTATUS 1502 NTAPI 1503 NtSetInformationThread( 1504 /*IN*/ HANDLE ThreadHandle, 1505 /*IN*/ THREADINFOCLASS ThreadInformationClass, 1506 /*IN*/ PVOID ThreadInformation, 1507 /*IN*/ ULONG ThreadInformationLength); 1508 1509 NTOSAPI 1510 NTSTATUS 1511 NTAPI 1512 ZwSetInformationThread( 1513 /*IN*/ HANDLE ThreadHandle, 1514 /*IN*/ THREADINFOCLASS ThreadInformationClass, 1515 /*IN*/ PVOID ThreadInformation, 1516 /*IN*/ ULONG ThreadInformationLength); 1517 1518 typedef struct _THREAD_BASIC_INFORMATION { 1519 NTSTATUS ExitStatus; 1520 PNT_TIB TebBaseAddress; 1521 CLIENT_ID ClientId; 1522 KAFFINITY AffinityMask; 1523 KPRIORITY Priority; 1524 KPRIORITY BasePriority; 1525 } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION; 1526 1527 typedef struct _KERNEL_USER_TIMES { 1528 LARGE_INTEGER CreateTime; 1529 LARGE_INTEGER ExitTime; 1530 LARGE_INTEGER KernelTime; 1531 LARGE_INTEGER UserTime; 1532 } KERNEL_USER_TIMES, *PKERNEL_USER_TIMES; 1533 1534 NTOSAPI 1535 NTSTATUS 1536 NTAPI 1537 NtSuspendThread( 1538 /*IN*/ HANDLE ThreadHandle, 1539 /*OUT*/ PULONG PreviousSuspendCount /*OPTIONAL*/); 1540 1541 NTOSAPI 1542 NTSTATUS 1543 NTAPI 1544 ZwSuspendThread( 1545 /*IN*/ HANDLE ThreadHandle, 1546 /*OUT*/ PULONG PreviousSuspendCount /*OPTIONAL*/); 1547 1548 NTOSAPI 1549 NTSTATUS 1550 NTAPI 1551 NtResumeThread( 1552 /*IN*/ HANDLE ThreadHandle, 1553 /*OUT*/ PULONG PreviousSuspendCount /*OPTIONAL*/); 1554 1555 NTOSAPI 1556 NTSTATUS 1557 NTAPI 1558 ZwResumeThread( 1559 /*IN*/ HANDLE ThreadHandle, 1560 /*OUT*/ PULONG PreviousSuspendCount /*OPTIONAL*/); 1561 1562 NTOSAPI 1563 NTSTATUS 1564 NTAPI 1565 NtGetContextThread( 1566 /*IN*/ HANDLE ThreadHandle, 1567 /*OUT*/ PCONTEXT Context); 1568 1569 NTOSAPI 1570 NTSTATUS 1571 NTAPI 1572 ZwGetContextThread( 1573 /*IN*/ HANDLE ThreadHandle, 1574 /*OUT*/ PCONTEXT Context); 1575 1576 NTOSAPI 1577 NTSTATUS 1578 NTAPI 1579 NtSetContextThread( 1580 /*IN*/ HANDLE ThreadHandle, 1581 /*IN*/ PCONTEXT Context); 1582 1583 NTOSAPI 1584 NTSTATUS 1585 NTAPI 1586 ZwSetContextThread( 1587 /*IN*/ HANDLE ThreadHandle, 1588 /*IN*/ PCONTEXT Context); 1589 1590 NTOSAPI 1591 NTSTATUS 1592 NTAPI 1593 NtQueueApcThread( 1594 /*IN*/ HANDLE ThreadHandle, 1595 /*IN*/ PKNORMAL_ROUTINE ApcRoutine, 1596 /*IN*/ PVOID ApcContext /*OPTIONAL*/, 1597 /*IN*/ PVOID Argument1 /*OPTIONAL*/, 1598 /*IN*/ PVOID Argument2 /*OPTIONAL*/); 1599 1600 NTOSAPI 1601 NTSTATUS 1602 NTAPI 1603 ZwQueueApcThread( 1604 /*IN*/ HANDLE ThreadHandle, 1605 /*IN*/ PKNORMAL_ROUTINE ApcRoutine, 1606 /*IN*/ PVOID ApcContext /*OPTIONAL*/, 1607 /*IN*/ PVOID Argument1 /*OPTIONAL*/, 1608 /*IN*/ PVOID Argument2 /*OPTIONAL*/); 1609 1610 NTOSAPI 1611 NTSTATUS 1612 NTAPI 1613 NtTestAlert( 1614 VOID); 1615 1616 NTOSAPI 1617 NTSTATUS 1618 NTAPI 1619 ZwTestAlert( 1620 VOID); 1621 1622 NTOSAPI 1623 NTSTATUS 1624 NTAPI 1625 NtAlertThread( 1626 /*IN*/ HANDLE ThreadHandle); 1627 1628 NTOSAPI 1629 NTSTATUS 1630 NTAPI 1631 ZwAlertThread( 1632 /*IN*/ HANDLE ThreadHandle); 1633 1634 NTOSAPI 1635 NTSTATUS 1636 NTAPI 1637 NtAlertResumeThread( 1638 /*IN*/ HANDLE ThreadHandle, 1639 /*OUT*/ PULONG PreviousSuspendCount /*OPTIONAL*/); 1640 1641 NTOSAPI 1642 NTSTATUS 1643 NTAPI 1644 ZwAlertResumeThread( 1645 /*IN*/ HANDLE ThreadHandle, 1646 /*OUT*/ PULONG PreviousSuspendCount /*OPTIONAL*/); 1647 1648 NTOSAPI 1649 NTSTATUS 1650 NTAPI 1651 NtRegisterThreadTerminatePort( 1652 /*IN*/ HANDLE PortHandle); 1653 1654 NTOSAPI 1655 NTSTATUS 1656 NTAPI 1657 ZwRegisterThreadTerminatePort( 1658 /*IN*/ HANDLE PortHandle); 1659 1660 NTOSAPI 1661 NTSTATUS 1662 NTAPI 1663 NtImpersonateThread( 1664 /*IN*/ HANDLE ThreadHandle, 1665 /*IN*/ HANDLE TargetThreadHandle, 1666 /*IN*/ PSECURITY_QUALITY_OF_SERVICE SecurityQos); 1667 1668 NTOSAPI 1669 NTSTATUS 1670 NTAPI 1671 ZwImpersonateThread( 1672 /*IN*/ HANDLE ThreadHandle, 1673 /*IN*/ HANDLE TargetThreadHandle, 1674 /*IN*/ PSECURITY_QUALITY_OF_SERVICE SecurityQos); 1675 1676 NTOSAPI 1677 NTSTATUS 1678 NTAPI 1679 NtImpersonateAnonymousToken( 1680 /*IN*/ HANDLE ThreadHandle); 1681 1682 NTOSAPI 1683 NTSTATUS 1684 NTAPI 1685 ZwImpersonateAnonymousToken( 1686 /*IN*/ HANDLE ThreadHandle); 1687 1688 1689 1690 1691 /* Processes */ 1692 1693 NTOSAPI 1694 NTSTATUS 1695 NTAPI 1696 NtCreateProcess( 1697 /*OUT*/ PHANDLE ProcessHandle, 1698 /*IN*/ ACCESS_MASK DesiredAccess, 1699 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 1700 /*IN*/ HANDLE InheritFromProcessHandle, 1701 /*IN*/ BOOLEAN InheritHandles, 1702 /*IN*/ HANDLE SectionHandle /*OPTIONAL*/, 1703 /*IN*/ HANDLE DebugPort /*OPTIONAL*/, 1704 /*IN*/ HANDLE ExceptionPort /*OPTIONAL*/); 1705 1706 NTOSAPI 1707 NTSTATUS 1708 NTAPI 1709 ZwCreateProcess( 1710 /*OUT*/ PHANDLE ProcessHandle, 1711 /*IN*/ ACCESS_MASK DesiredAccess, 1712 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 1713 /*IN*/ HANDLE InheritFromProcessHandle, 1714 /*IN*/ BOOLEAN InheritHandles, 1715 /*IN*/ HANDLE SectionHandle /*OPTIONAL*/, 1716 /*IN*/ HANDLE DebugPort /*OPTIONAL*/, 1717 /*IN*/ HANDLE ExceptionPort /*OPTIONAL*/); 1718 1719 NTOSAPI 1720 NTSTATUS 1721 NTAPI 1722 NtTerminateProcess( 1723 /*IN*/ HANDLE ProcessHandle /*OPTIONAL*/, 1724 /*IN*/ NTSTATUS ExitStatus); 1725 1726 NTOSAPI 1727 NTSTATUS 1728 NTAPI 1729 ZwTerminateProcess( 1730 /*IN*/ HANDLE ProcessHandle /*OPTIONAL*/, 1731 /*IN*/ NTSTATUS ExitStatus); 1732 1733 NTOSAPI 1734 NTSTATUS 1735 NTAPI 1736 NtQueryInformationProcess( 1737 /*IN*/ HANDLE ProcessHandle, 1738 /*IN*/ PROCESSINFOCLASS ProcessInformationClass, 1739 /*OUT*/ PVOID ProcessInformation, 1740 /*IN*/ ULONG ProcessInformationLength, 1741 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 1742 1743 NTOSAPI 1744 NTSTATUS 1745 NTAPI 1746 ZwQueryInformationProcess( 1747 /*IN*/ HANDLE ProcessHandle, 1748 /*IN*/ PROCESSINFOCLASS ProcessInformationClass, 1749 /*OUT*/ PVOID ProcessInformation, 1750 /*IN*/ ULONG ProcessInformationLength, 1751 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 1752 1753 NTOSAPI 1754 NTSTATUS 1755 NTAPI 1756 NtSetInformationProcess( 1757 /*IN*/ HANDLE ProcessHandle, 1758 /*IN*/ PROCESSINFOCLASS ProcessInformationClass, 1759 /*IN*/ PVOID ProcessInformation, 1760 /*IN*/ ULONG ProcessInformationLength); 1761 1762 NTOSAPI 1763 NTSTATUS 1764 NTAPI 1765 ZwSetInformationProcess( 1766 /*IN*/ HANDLE ProcessHandle, 1767 /*IN*/ PROCESSINFOCLASS ProcessInformationClass, 1768 /*IN*/ PVOID ProcessInformation, 1769 /*IN*/ ULONG ProcessInformationLength); 1770 1771 typedef struct _PROCESS_BASIC_INFORMATION { 1772 NTSTATUS ExitStatus; 1773 PPEB PebBaseAddress; 1774 KAFFINITY AffinityMask; 1775 KPRIORITY BasePriority; 1776 ULONG UniqueProcessId; 1777 ULONG InheritedFromUniqueProcessId; 1778 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION; 1779 1780 typedef struct _PROCESS_ACCESS_TOKEN { 1781 HANDLE Token; 1782 HANDLE Thread; 1783 } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN; 1784 1785 /* DefaultHardErrorMode constants */ 1786 /* also in winbase.h */ 1787 #define SEM_FAILCRITICALERRORS 0x0001 1788 #define SEM_NOGPFAULTERRORBOX 0x0002 1789 #define SEM_NOALIGNMENTFAULTEXCEPT 0x0004 1790 #define SEM_NOOPENFILEERRORBOX 0x8000 1791 /* end winbase.h */ 1792 typedef struct _POOLED_USAGE_AND_LIMITS { 1793 ULONG PeakPagedPoolUsage; 1794 ULONG PagedPoolUsage; 1795 ULONG PagedPoolLimit; 1796 ULONG PeakNonPagedPoolUsage; 1797 ULONG NonPagedPoolUsage; 1798 ULONG NonPagedPoolLimit; 1799 ULONG PeakPagefileUsage; 1800 ULONG PagefileUsage; 1801 ULONG PagefileLimit; 1802 } POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS; 1803 1804 typedef struct _PROCESS_WS_WATCH_INFORMATION { 1805 PVOID FaultingPc; 1806 PVOID FaultingVa; 1807 } PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION; 1808 1809 /* PROCESS_PRIORITY_CLASS.PriorityClass constants */ 1810 #define PC_IDLE 1 1811 #define PC_NORMAL 2 1812 #define PC_HIGH 3 1813 #define PC_REALTIME 4 1814 #define PC_BELOW_NORMAL 5 1815 #define PC_ABOVE_NORMAL 6 1816 1817 typedef struct _PROCESS_PRIORITY_CLASS { 1818 BOOLEAN Foreground; 1819 UCHAR PriorityClass; 1820 } PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS; 1821 1822 /* PROCESS_DEVICEMAP_INFORMATION.DriveType constants */ 1823 #define DRIVE_UNKNOWN 0 1824 #define DRIVE_NO_ROOT_DIR 1 1825 #define DRIVE_REMOVABLE 2 1826 #define DRIVE_FIXED 3 1827 #define DRIVE_REMOTE 4 1828 #define DRIVE_CDROM 5 1829 #define DRIVE_RAMDISK 6 1830 1831 typedef struct _PROCESS_DEVICEMAP_INFORMATION { 1832 _ANONYMOUS_UNION union { 1833 struct { 1834 HANDLE DirectoryHandle; 1835 } Set; 1836 struct { 1837 ULONG DriveMap; 1838 UCHAR DriveType[32]; 1839 } Query; 1840 } DUMMYUNIONNAME; 1841 } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION; 1842 1843 typedef struct _PROCESS_SESSION_INFORMATION { 1844 ULONG SessionId; 1845 } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION; 1846 1847 typedef struct _RTL_USER_PROCESS_PARAMETERS { 1848 ULONG AllocationSize; 1849 ULONG Size; 1850 ULONG Flags; 1851 ULONG DebugFlags; 1852 HANDLE hConsole; 1853 ULONG ProcessGroup; 1854 HANDLE hStdInput; 1855 HANDLE hStdOutput; 1856 HANDLE hStdError; 1857 UNICODE_STRING CurrentDirectoryName; 1858 HANDLE CurrentDirectoryHandle; 1859 UNICODE_STRING DllPath; 1860 UNICODE_STRING ImagePathName; 1861 UNICODE_STRING CommandLine; 1862 PWSTR Environment; 1863 ULONG dwX; 1864 ULONG dwY; 1865 ULONG dwXSize; 1866 ULONG dwYSize; 1867 ULONG dwXCountChars; 1868 ULONG dwYCountChars; 1869 ULONG dwFillAttribute; 1870 ULONG dwFlags; 1871 ULONG wShowWindow; 1872 UNICODE_STRING WindowTitle; 1873 UNICODE_STRING DesktopInfo; 1874 UNICODE_STRING ShellInfo; 1875 UNICODE_STRING RuntimeInfo; 1876 } RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS; 1877 1878 NTSTATUS 1879 NTAPI 1880 RtlCreateProcessParameters( 1881 /*OUT*/ PRTL_USER_PROCESS_PARAMETERS *ProcessParameters, 1882 /*IN*/ PUNICODE_STRING ImageFile, 1883 /*IN*/ PUNICODE_STRING DllPath /*OPTIONAL*/, 1884 /*IN*/ PUNICODE_STRING CurrentDirectory /*OPTIONAL*/, 1885 /*IN*/ PUNICODE_STRING CommandLine /*OPTIONAL*/, 1886 /*IN*/ PWSTR Environment /*OPTIONAL*/, 1887 /*IN*/ PUNICODE_STRING WindowTitle /*OPTIONAL*/, 1888 /*IN*/ PUNICODE_STRING DesktopInfo /*OPTIONAL*/, 1889 /*IN*/ PUNICODE_STRING ShellInfo /*OPTIONAL*/, 1890 /*IN*/ PUNICODE_STRING RuntimeInfo /*OPTIONAL*/); 1891 1892 NTSTATUS 1893 NTAPI 1894 RtlDestroyProcessParameters( 1895 /*IN*/ PRTL_USER_PROCESS_PARAMETERS ProcessParameters); 1896 1897 typedef struct _DEBUG_BUFFER { 1898 HANDLE SectionHandle; 1899 PVOID SectionBase; 1900 PVOID RemoteSectionBase; 1901 ULONG SectionBaseDelta; 1902 HANDLE EventPairHandle; 1903 ULONG Unknown[2]; 1904 HANDLE RemoteThreadHandle; 1905 ULONG InfoClassMask; 1906 ULONG SizeOfInfo; 1907 ULONG AllocatedSize; 1908 ULONG SectionSize; 1909 PVOID ModuleInformation; 1910 PVOID BackTraceInformation; 1911 PVOID HeapInformation; 1912 PVOID LockInformation; 1913 PVOID Reserved[8]; 1914 } DEBUG_BUFFER, *PDEBUG_BUFFER; 1915 1916 PDEBUG_BUFFER 1917 NTAPI 1918 RtlCreateQueryDebugBuffer( 1919 /*IN*/ ULONG Size, 1920 /*IN*/ BOOLEAN EventPair); 1921 1922 /* RtlQueryProcessDebugInformation.DebugInfoClassMask constants */ 1923 #define PDI_MODULES 0x01 1924 #define PDI_BACKTRACE 0x02 1925 #define PDI_HEAPS 0x04 1926 #define PDI_HEAP_TAGS 0x08 1927 #define PDI_HEAP_BLOCKS 0x10 1928 #define PDI_LOCKS 0x20 1929 1930 NTSTATUS 1931 NTAPI 1932 RtlQueryProcessDebugInformation( 1933 /*IN*/ ULONG ProcessId, 1934 /*IN*/ ULONG DebugInfoClassMask, 1935 /*IN OUT*/ PDEBUG_BUFFER DebugBuffer); 1936 1937 NTSTATUS 1938 NTAPI 1939 RtlDestroyQueryDebugBuffer( 1940 /*IN*/ PDEBUG_BUFFER DebugBuffer); 1941 1942 /* DEBUG_MODULE_INFORMATION.Flags constants */ 1943 #define LDRP_STATIC_LINK 0x00000002 1944 #define LDRP_IMAGE_DLL 0x00000004 1945 #define LDRP_LOAD_IN_PROGRESS 0x00001000 1946 #define LDRP_UNLOAD_IN_PROGRESS 0x00002000 1947 #define LDRP_ENTRY_PROCESSED 0x00004000 1948 #define LDRP_ENTRY_INSERTED 0x00008000 1949 #define LDRP_CURRENT_LOAD 0x00010000 1950 #define LDRP_FAILED_BUILTIN_LOAD 0x00020000 1951 #define LDRP_DONT_CALL_FOR_THREADS 0x00040000 1952 #define LDRP_PROCESS_ATTACH_CALLED 0x00080000 1953 #define LDRP_DEBUG_SYMBOLS_LOADED 0x00100000 1954 #define LDRP_IMAGE_NOT_AT_BASE 0x00200000 1955 #define LDRP_WX86_IGNORE_MACHINETYPE 0x00400000 1956 1957 typedef struct _DEBUG_MODULE_INFORMATION { 1958 ULONG Reserved[2]; 1959 ULONG Base; 1960 ULONG Size; 1961 ULONG Flags; 1962 USHORT Index; 1963 USHORT Unknown; 1964 USHORT LoadCount; 1965 USHORT ModuleNameOffset; 1966 CHAR ImageName[256]; 1967 } DEBUG_MODULE_INFORMATION, *PDEBUG_MODULE_INFORMATION; 1968 1969 typedef struct _DEBUG_HEAP_INFORMATION { 1970 ULONG Base; 1971 ULONG Flags; 1972 USHORT Granularity; 1973 USHORT Unknown; 1974 ULONG Allocated; 1975 ULONG Committed; 1976 ULONG TagCount; 1977 ULONG BlockCount; 1978 ULONG Reserved[7]; 1979 PVOID Tags; 1980 PVOID Blocks; 1981 } DEBUG_HEAP_INFORMATION, *PDEBUG_HEAP_INFORMATION; 1982 1983 typedef struct _DEBUG_LOCK_INFORMATION { 1984 PVOID Address; 1985 USHORT Type; 1986 USHORT CreatorBackTraceIndex; 1987 ULONG OwnerThreadId; 1988 ULONG ActiveCount; 1989 ULONG ContentionCount; 1990 ULONG EntryCount; 1991 ULONG RecursionCount; 1992 ULONG NumberOfSharedWaiters; 1993 ULONG NumberOfExclusiveWaiters; 1994 } DEBUG_LOCK_INFORMATION, *PDEBUG_LOCK_INFORMATION; 1995 1996 1997 1998 /* Jobs */ 1999 2000 NTOSAPI 2001 NTSTATUS 2002 NTAPI 2003 NtCreateJobObject( 2004 /*OUT*/ PHANDLE JobHandle, 2005 /*IN*/ ACCESS_MASK DesiredAccess, 2006 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes); 2007 2008 NTOSAPI 2009 NTSTATUS 2010 NTAPI 2011 ZwCreateJobObject( 2012 /*OUT*/ PHANDLE JobHandle, 2013 /*IN*/ ACCESS_MASK DesiredAccess, 2014 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes); 2015 2016 NTOSAPI 2017 NTSTATUS 2018 NTAPI 2019 NtOpenJobObject( 2020 /*OUT*/ PHANDLE JobHandle, 2021 /*IN*/ ACCESS_MASK DesiredAccess, 2022 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes); 2023 2024 NTOSAPI 2025 NTSTATUS 2026 NTAPI 2027 ZwOpenJobObject( 2028 /*OUT*/ PHANDLE JobHandle, 2029 /*IN*/ ACCESS_MASK DesiredAccess, 2030 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes); 2031 2032 NTOSAPI 2033 NTSTATUS 2034 NTAPI 2035 NtTerminateJobObject( 2036 /*IN*/ HANDLE JobHandle, 2037 /*IN*/ NTSTATUS ExitStatus); 2038 2039 NTOSAPI 2040 NTSTATUS 2041 NTAPI 2042 ZwTerminateJobObject( 2043 /*IN*/ HANDLE JobHandle, 2044 /*IN*/ NTSTATUS ExitStatus); 2045 2046 NTOSAPI 2047 NTSTATUS 2048 NTAPI 2049 NtAssignProcessToJobObject( 2050 /*IN*/ HANDLE JobHandle, 2051 /*IN*/ HANDLE ProcessHandle); 2052 2053 NTOSAPI 2054 NTSTATUS 2055 NTAPI 2056 ZwAssignProcessToJobObject( 2057 /*IN*/ HANDLE JobHandle, 2058 /*IN*/ HANDLE ProcessHandle); 2059 2060 NTOSAPI 2061 NTSTATUS 2062 NTAPI 2063 NtQueryInformationJobObject( 2064 /*IN*/ HANDLE JobHandle, 2065 /*IN*/ JOBOBJECTINFOCLASS JobInformationClass, 2066 /*OUT*/ PVOID JobInformation, 2067 /*IN*/ ULONG JobInformationLength, 2068 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 2069 2070 NTOSAPI 2071 NTSTATUS 2072 NTAPI 2073 ZwQueryInformationJobObject( 2074 /*IN*/ HANDLE JobHandle, 2075 /*IN*/ JOBOBJECTINFOCLASS JobInformationClass, 2076 /*OUT*/ PVOID JobInformation, 2077 /*IN*/ ULONG JobInformationLength, 2078 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 2079 2080 NTOSAPI 2081 NTSTATUS 2082 NTAPI 2083 NtSetInformationJobObject( 2084 /*IN*/ HANDLE JobHandle, 2085 /*IN*/ JOBOBJECTINFOCLASS JobInformationClass, 2086 /*IN*/ PVOID JobInformation, 2087 /*IN*/ ULONG JobInformationLength); 2088 2089 NTOSAPI 2090 NTSTATUS 2091 NTAPI 2092 ZwSetInformationJobObject( 2093 /*IN*/ HANDLE JobHandle, 2094 /*IN*/ JOBOBJECTINFOCLASS JobInformationClass, 2095 /*IN*/ PVOID JobInformation, 2096 /*IN*/ ULONG JobInformationLength); 2097 2098 2099 /* Tokens */ 2100 2101 NTOSAPI 2102 NTSTATUS 2103 NTAPI 2104 NtCreateToken( 2105 /*OUT*/ PHANDLE TokenHandle, 2106 /*IN*/ ACCESS_MASK DesiredAccess, 2107 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 2108 /*IN*/ TOKEN_TYPE Type, 2109 /*IN*/ PLUID AuthenticationId, 2110 /*IN*/ PLARGE_INTEGER ExpirationTime, 2111 /*IN*/ PTOKEN_USER User, 2112 /*IN*/ PTOKEN_GROUPS Groups, 2113 /*IN*/ PTOKEN_PRIVILEGES Privileges, 2114 /*IN*/ PTOKEN_OWNER Owner, 2115 /*IN*/ PTOKEN_PRIMARY_GROUP PrimaryGroup, 2116 /*IN*/ PTOKEN_DEFAULT_DACL DefaultDacl, 2117 /*IN*/ PTOKEN_SOURCE Source 2118 ); 2119 2120 NTOSAPI 2121 NTSTATUS 2122 NTAPI 2123 ZwCreateToken( 2124 /*OUT*/ PHANDLE TokenHandle, 2125 /*IN*/ ACCESS_MASK DesiredAccess, 2126 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 2127 /*IN*/ TOKEN_TYPE Type, 2128 /*IN*/ PLUID AuthenticationId, 2129 /*IN*/ PLARGE_INTEGER ExpirationTime, 2130 /*IN*/ PTOKEN_USER User, 2131 /*IN*/ PTOKEN_GROUPS Groups, 2132 /*IN*/ PTOKEN_PRIVILEGES Privileges, 2133 /*IN*/ PTOKEN_OWNER Owner, 2134 /*IN*/ PTOKEN_PRIMARY_GROUP PrimaryGroup, 2135 /*IN*/ PTOKEN_DEFAULT_DACL DefaultDacl, 2136 /*IN*/ PTOKEN_SOURCE Source 2137 ); 2138 2139 NTOSAPI 2140 NTSTATUS 2141 NTAPI 2142 NtOpenProcessToken( 2143 /*IN*/ HANDLE ProcessHandle, 2144 /*IN*/ ACCESS_MASK DesiredAccess, 2145 /*OUT*/ PHANDLE TokenHandle); 2146 2147 NTOSAPI 2148 NTSTATUS 2149 NTAPI 2150 ZwOpenProcessToken( 2151 /*IN*/ HANDLE ProcessHandle, 2152 /*IN*/ ACCESS_MASK DesiredAccess, 2153 /*OUT*/ PHANDLE TokenHandle); 2154 2155 NTOSAPI 2156 NTSTATUS 2157 NTAPI 2158 NtOpenThreadToken( 2159 /*IN*/ HANDLE ThreadHandle, 2160 /*IN*/ ACCESS_MASK DesiredAccess, 2161 /*IN*/ BOOLEAN OpenAsSelf, 2162 /*OUT*/ PHANDLE TokenHandle); 2163 2164 NTOSAPI 2165 NTSTATUS 2166 NTAPI 2167 ZwOpenThreadToken( 2168 /*IN*/ HANDLE ThreadHandle, 2169 /*IN*/ ACCESS_MASK DesiredAccess, 2170 /*IN*/ BOOLEAN OpenAsSelf, 2171 /*OUT*/ PHANDLE TokenHandle); 2172 2173 NTOSAPI 2174 NTSTATUS 2175 NTAPI 2176 NtDuplicateToken( 2177 /*IN*/ HANDLE ExistingTokenHandle, 2178 /*IN*/ ACCESS_MASK DesiredAccess, 2179 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 2180 /*IN*/ BOOLEAN EffectiveOnly, 2181 /*IN*/ TOKEN_TYPE TokenType, 2182 /*OUT*/ PHANDLE NewTokenHandle); 2183 2184 NTOSAPI 2185 NTSTATUS 2186 NTAPI 2187 ZwDuplicateToken( 2188 /*IN*/ HANDLE ExistingTokenHandle, 2189 /*IN*/ ACCESS_MASK DesiredAccess, 2190 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 2191 /*IN*/ BOOLEAN EffectiveOnly, 2192 /*IN*/ TOKEN_TYPE TokenType, 2193 /*OUT*/ PHANDLE NewTokenHandle); 2194 2195 NTOSAPI 2196 NTSTATUS 2197 NTAPI 2198 NtFilterToken( 2199 /*IN*/ HANDLE ExistingTokenHandle, 2200 /*IN*/ ULONG Flags, 2201 /*IN*/ PTOKEN_GROUPS SidsToDisable, 2202 /*IN*/ PTOKEN_PRIVILEGES PrivilegesToDelete, 2203 /*IN*/ PTOKEN_GROUPS SidsToRestricted, 2204 /*OUT*/ PHANDLE NewTokenHandle); 2205 2206 NTOSAPI 2207 NTSTATUS 2208 NTAPI 2209 ZwFilterToken( 2210 /*IN*/ HANDLE ExistingTokenHandle, 2211 /*IN*/ ULONG Flags, 2212 /*IN*/ PTOKEN_GROUPS SidsToDisable, 2213 /*IN*/ PTOKEN_PRIVILEGES PrivilegesToDelete, 2214 /*IN*/ PTOKEN_GROUPS SidsToRestricted, 2215 /*OUT*/ PHANDLE NewTokenHandle); 2216 2217 NTOSAPI 2218 NTSTATUS 2219 NTAPI 2220 NtAdjustPrivilegesToken( 2221 /*IN*/ HANDLE TokenHandle, 2222 /*IN*/ BOOLEAN DisableAllPrivileges, 2223 /*IN*/ PTOKEN_PRIVILEGES NewState, 2224 /*IN*/ ULONG BufferLength, 2225 /*OUT*/ PTOKEN_PRIVILEGES PreviousState /*OPTIONAL*/, 2226 /*OUT*/ PULONG ReturnLength); 2227 2228 NTOSAPI 2229 NTSTATUS 2230 NTAPI 2231 ZwAdjustPrivilegesToken( 2232 /*IN*/ HANDLE TokenHandle, 2233 /*IN*/ BOOLEAN DisableAllPrivileges, 2234 /*IN*/ PTOKEN_PRIVILEGES NewState, 2235 /*IN*/ ULONG BufferLength, 2236 /*OUT*/ PTOKEN_PRIVILEGES PreviousState /*OPTIONAL*/, 2237 /*OUT*/ PULONG ReturnLength); 2238 2239 NTOSAPI 2240 NTSTATUS 2241 NTAPI 2242 NtAdjustGroupsToken( 2243 /*IN*/ HANDLE TokenHandle, 2244 /*IN*/ BOOLEAN ResetToDefault, 2245 /*IN*/ PTOKEN_GROUPS NewState, 2246 /*IN*/ ULONG BufferLength, 2247 /*OUT*/ PTOKEN_GROUPS PreviousState /*OPTIONAL*/, 2248 /*OUT*/ PULONG ReturnLength); 2249 2250 NTOSAPI 2251 NTSTATUS 2252 NTAPI 2253 ZwAdjustGroupsToken( 2254 /*IN*/ HANDLE TokenHandle, 2255 /*IN*/ BOOLEAN ResetToDefault, 2256 /*IN*/ PTOKEN_GROUPS NewState, 2257 /*IN*/ ULONG BufferLength, 2258 /*OUT*/ PTOKEN_GROUPS PreviousState /*OPTIONAL*/, 2259 /*OUT*/ PULONG ReturnLength); 2260 2261 NTOSAPI 2262 NTSTATUS 2263 NTAPI 2264 NtQueryInformationToken( 2265 /*IN*/ HANDLE TokenHandle, 2266 /*IN*/ TOKEN_INFORMATION_CLASS TokenInformationClass, 2267 /*OUT*/ PVOID TokenInformation, 2268 /*IN*/ ULONG TokenInformationLength, 2269 /*OUT*/ PULONG ReturnLength); 2270 2271 NTOSAPI 2272 NTSTATUS 2273 NTAPI 2274 ZwQueryInformationToken( 2275 /*IN*/ HANDLE TokenHandle, 2276 /*IN*/ TOKEN_INFORMATION_CLASS TokenInformationClass, 2277 /*OUT*/ PVOID TokenInformation, 2278 /*IN*/ ULONG TokenInformationLength, 2279 /*OUT*/ PULONG ReturnLength); 2280 2281 NTOSAPI 2282 NTSTATUS 2283 NTAPI 2284 NtSetInformationToken( 2285 /*IN*/ HANDLE TokenHandle, 2286 /*IN*/ TOKEN_INFORMATION_CLASS TokenInformationClass, 2287 /*IN*/ PVOID TokenInformation, 2288 /*IN*/ ULONG TokenInformationLength); 2289 2290 NTOSAPI 2291 NTSTATUS 2292 NTAPI 2293 ZwSetInformationToken( 2294 /*IN*/ HANDLE TokenHandle, 2295 /*IN*/ TOKEN_INFORMATION_CLASS TokenInformationClass, 2296 /*IN*/ PVOID TokenInformation, 2297 /*IN*/ ULONG TokenInformationLength); 2298 2299 2300 2301 2302 /* Time */ 2303 2304 NTOSAPI 2305 NTSTATUS 2306 NTAPI 2307 NtQuerySystemTime( 2308 /*OUT*/ PLARGE_INTEGER CurrentTime); 2309 2310 NTOSAPI 2311 NTSTATUS 2312 NTAPI 2313 ZwQuerySystemTime( 2314 /*OUT*/ PLARGE_INTEGER CurrentTime); 2315 2316 NTOSAPI 2317 NTSTATUS 2318 NTAPI 2319 NtSetSystemTime( 2320 /*IN*/ PLARGE_INTEGER NewTime, 2321 /*OUT*/ PLARGE_INTEGER OldTime /*OPTIONAL*/); 2322 2323 NTOSAPI 2324 NTSTATUS 2325 NTAPI 2326 ZwSetSystemTime( 2327 /*IN*/ PLARGE_INTEGER NewTime, 2328 /*OUT*/ PLARGE_INTEGER OldTime /*OPTIONAL*/); 2329 2330 NTOSAPI 2331 NTSTATUS 2332 NTAPI 2333 NtQueryPerformanceCounter( 2334 /*OUT*/ PLARGE_INTEGER PerformanceCount, 2335 /*OUT*/ PLARGE_INTEGER PerformanceFrequency /*OPTIONAL*/); 2336 2337 NTOSAPI 2338 NTSTATUS 2339 NTAPI 2340 ZwQueryPerformanceCounter( 2341 /*OUT*/ PLARGE_INTEGER PerformanceCount, 2342 /*OUT*/ PLARGE_INTEGER PerformanceFrequency /*OPTIONAL*/); 2343 2344 NTOSAPI 2345 NTSTATUS 2346 NTAPI 2347 NtQueryTimerResolution( 2348 /*OUT*/ PULONG CoarsestResolution, 2349 /*OUT*/ PULONG FinestResolution, 2350 /*OUT*/ PULONG ActualResolution); 2351 2352 NTOSAPI 2353 NTSTATUS 2354 NTAPI 2355 ZwQueryTimerResolution( 2356 /*OUT*/ PULONG CoarsestResolution, 2357 /*OUT*/ PULONG FinestResolution, 2358 /*OUT*/ PULONG ActualResolution); 2359 2360 NTOSAPI 2361 NTSTATUS 2362 NTAPI 2363 NtDelayExecution( 2364 /*IN*/ BOOLEAN Alertable, 2365 /*IN*/ PLARGE_INTEGER Interval); 2366 2367 NTOSAPI 2368 NTSTATUS 2369 NTAPI 2370 ZwDelayExecution( 2371 /*IN*/ BOOLEAN Alertable, 2372 /*IN*/ PLARGE_INTEGER Interval); 2373 2374 NTOSAPI 2375 NTSTATUS 2376 NTAPI 2377 NtYieldExecution( 2378 VOID); 2379 2380 NTOSAPI 2381 NTSTATUS 2382 NTAPI 2383 ZwYieldExecution( 2384 VOID); 2385 2386 NTOSAPI 2387 ULONG 2388 NTAPI 2389 NtGetTickCount( 2390 VOID); 2391 2392 NTOSAPI 2393 ULONG 2394 NTAPI 2395 ZwGetTickCount( 2396 VOID); 2397 2398 2399 2400 2401 /* Execution profiling */ 2402 2403 NTOSAPI 2404 NTSTATUS 2405 NTAPI 2406 NtCreateProfile( 2407 /*OUT*/ PHANDLE ProfileHandle, 2408 /*IN*/ HANDLE ProcessHandle, 2409 /*IN*/ PVOID Base, 2410 /*IN*/ ULONG Size, 2411 /*IN*/ ULONG BucketShift, 2412 /*IN*/ PULONG Buffer, 2413 /*IN*/ ULONG BufferLength, 2414 /*IN*/ KPROFILE_SOURCE Source, 2415 /*IN*/ ULONG ProcessorMask); 2416 2417 NTOSAPI 2418 NTSTATUS 2419 NTAPI 2420 ZwCreateProfile( 2421 /*OUT*/ PHANDLE ProfileHandle, 2422 /*IN*/ HANDLE ProcessHandle, 2423 /*IN*/ PVOID Base, 2424 /*IN*/ ULONG Size, 2425 /*IN*/ ULONG BucketShift, 2426 /*IN*/ PULONG Buffer, 2427 /*IN*/ ULONG BufferLength, 2428 /*IN*/ KPROFILE_SOURCE Source, 2429 /*IN*/ ULONG ProcessorMask); 2430 2431 NTOSAPI 2432 NTSTATUS 2433 NTAPI 2434 NtSetIntervalProfile( 2435 /*IN*/ ULONG Interval, 2436 /*IN*/ KPROFILE_SOURCE Source); 2437 2438 NTOSAPI 2439 NTSTATUS 2440 NTAPI 2441 ZwSetIntervalProfile( 2442 /*IN*/ ULONG Interval, 2443 /*IN*/ KPROFILE_SOURCE Source); 2444 2445 NTOSAPI 2446 NTSTATUS 2447 NTAPI 2448 NtQueryIntervalProfile( 2449 /*IN*/ KPROFILE_SOURCE Source, 2450 /*OUT*/ PULONG Interval); 2451 2452 NTOSAPI 2453 NTSTATUS 2454 NTAPI 2455 ZwQueryIntervalProfile( 2456 /*IN*/ KPROFILE_SOURCE Source, 2457 /*OUT*/ PULONG Interval); 2458 2459 NTOSAPI 2460 NTSTATUS 2461 NTAPI 2462 NtStartProfile( 2463 /*IN*/ HANDLE ProfileHandle); 2464 2465 NTOSAPI 2466 NTSTATUS 2467 NTAPI 2468 ZwStartProfile( 2469 /*IN*/ HANDLE ProfileHandle); 2470 2471 NTOSAPI 2472 NTSTATUS 2473 NTAPI 2474 NtStopProfile( 2475 /*IN*/ HANDLE ProfileHandle); 2476 2477 NTOSAPI 2478 NTSTATUS 2479 NTAPI 2480 ZwStopProfile( 2481 /*IN*/ HANDLE ProfileHandle); 2482 2483 /* Local Procedure Call (LPC) */ 2484 2485 typedef struct _LPC_MESSAGE { 2486 USHORT DataSize; 2487 USHORT MessageSize; 2488 USHORT MessageType; 2489 USHORT VirtualRangesOffset; 2490 CLIENT_ID ClientId; 2491 ULONG MessageId; 2492 ULONG SectionSize; 2493 UCHAR Data[ANYSIZE_ARRAY]; 2494 } LPC_MESSAGE, *PLPC_MESSAGE; 2495 2496 #define LPC_MESSAGE_BASE_SIZE 24 2497 2498 typedef enum _LPC_TYPE { 2499 LPC_NEW_MESSAGE, 2500 LPC_REQUEST, 2501 LPC_REPLY, 2502 LPC_DATAGRAM, 2503 LPC_LOST_REPLY, 2504 LPC_PORT_CLOSED, 2505 LPC_CLIENT_DIED, 2506 LPC_EXCEPTION, 2507 LPC_DEBUG_EVENT, 2508 LPC_ERROR_EVENT, 2509 LPC_CONNECTION_REQUEST, 2510 LPC_CONNECTION_REFUSED, 2511 LPC_MAXIMUM 2512 } LPC_TYPE; 2513 2514 typedef struct _LPC_SECTION_WRITE { 2515 ULONG Length; 2516 HANDLE SectionHandle; 2517 ULONG SectionOffset; 2518 ULONG ViewSize; 2519 PVOID ViewBase; 2520 PVOID TargetViewBase; 2521 } LPC_SECTION_WRITE, *PLPC_SECTION_WRITE; 2522 2523 typedef struct _LPC_SECTION_READ { 2524 ULONG Length; 2525 ULONG ViewSize; 2526 PVOID ViewBase; 2527 } LPC_SECTION_READ, *PLPC_SECTION_READ; 2528 2529 NTOSAPI 2530 NTSTATUS 2531 NTAPI 2532 NtCreatePort( 2533 /*OUT*/ PHANDLE PortHandle, 2534 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 2535 /*IN*/ ULONG MaxDataSize, 2536 /*IN*/ ULONG MaxMessageSize, 2537 /*IN*/ ULONG Reserved); 2538 2539 NTOSAPI 2540 NTSTATUS 2541 NTAPI 2542 ZwCreatePort( 2543 /*OUT*/ PHANDLE PortHandle, 2544 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 2545 /*IN*/ ULONG MaxDataSize, 2546 /*IN*/ ULONG MaxMessageSize, 2547 /*IN*/ ULONG Reserved); 2548 2549 NTOSAPI 2550 NTSTATUS 2551 NTAPI 2552 NtCreateWaitablePort( 2553 /*OUT*/ PHANDLE PortHandle, 2554 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 2555 /*IN*/ ULONG MaxDataSize, 2556 /*IN*/ ULONG MaxMessageSize, 2557 /*IN*/ ULONG Reserved); 2558 2559 NTOSAPI 2560 NTSTATUS 2561 NTAPI 2562 ZwCreateWaitablePort( 2563 /*OUT*/ PHANDLE PortHandle, 2564 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, 2565 /*IN*/ ULONG MaxDataSize, 2566 /*IN*/ ULONG MaxMessageSize, 2567 /*IN*/ ULONG Reserved); 2568 2569 NTOSAPI 2570 NTSTATUS 2571 NTAPI 2572 NtConnectPort( 2573 /*OUT*/ PHANDLE PortHandle, 2574 /*IN*/ PUNICODE_STRING PortName, 2575 /*IN*/ PSECURITY_QUALITY_OF_SERVICE SecurityQos, 2576 /*IN OUT*/ PLPC_SECTION_WRITE WriteSection /*OPTIONAL*/, 2577 /*IN OUT*/ PLPC_SECTION_READ ReadSection /*OPTIONAL*/, 2578 /*OUT*/ PULONG MaxMessageSize /*OPTIONAL*/, 2579 /*IN OUT*/ PVOID ConnectData /*OPTIONAL*/, 2580 /*IN OUT*/ PULONG ConnectDataLength /*OPTIONAL*/); 2581 2582 NTOSAPI 2583 NTSTATUS 2584 NTAPI 2585 ZwConnectPort( 2586 /*OUT*/ PHANDLE PortHandle, 2587 /*IN*/ PUNICODE_STRING PortName, 2588 /*IN*/ PSECURITY_QUALITY_OF_SERVICE SecurityQos, 2589 /*IN OUT*/ PLPC_SECTION_WRITE WriteSection /*OPTIONAL*/, 2590 /*IN OUT*/ PLPC_SECTION_READ ReadSection /*OPTIONAL*/, 2591 /*OUT*/ PULONG MaxMessageSize /*OPTIONAL*/, 2592 /*IN OUT*/ PVOID ConnectData /*OPTIONAL*/, 2593 /*IN OUT*/ PULONG ConnectDataLength /*OPTIONAL*/); 2594 2595 NTOSAPI 2596 NTSTATUS 2597 NTAPI 2598 NtListenPort( 2599 /*IN*/ HANDLE PortHandle, 2600 /*OUT*/ PLPC_MESSAGE Message); 2601 2602 NTOSAPI 2603 NTSTATUS 2604 NTAPI 2605 ZwListenPort( 2606 /*IN*/ HANDLE PortHandle, 2607 /*OUT*/ PLPC_MESSAGE Message); 2608 2609 NTOSAPI 2610 NTSTATUS 2611 NTAPI 2612 NtAcceptConnectPort( 2613 /*OUT*/ PHANDLE PortHandle, 2614 /*IN*/ ULONG PortIdentifier, 2615 /*IN*/ PLPC_MESSAGE Message, 2616 /*IN*/ BOOLEAN Accept, 2617 /*IN OUT*/ PLPC_SECTION_WRITE WriteSection /*OPTIONAL*/, 2618 /*IN OUT*/ PLPC_SECTION_READ ReadSection /*OPTIONAL*/); 2619 2620 NTOSAPI 2621 NTSTATUS 2622 NTAPI 2623 ZwAcceptConnectPort( 2624 /*OUT*/ PHANDLE PortHandle, 2625 /*IN*/ ULONG PortIdentifier, 2626 /*IN*/ PLPC_MESSAGE Message, 2627 /*IN*/ BOOLEAN Accept, 2628 /*IN OUT*/ PLPC_SECTION_WRITE WriteSection /*OPTIONAL*/, 2629 /*IN OUT*/ PLPC_SECTION_READ ReadSection /*OPTIONAL*/); 2630 2631 NTOSAPI 2632 NTSTATUS 2633 NTAPI 2634 NtCompleteConnectPort( 2635 /*IN*/ HANDLE PortHandle); 2636 2637 NTOSAPI 2638 NTSTATUS 2639 NTAPI 2640 ZwCompleteConnectPort( 2641 /*IN*/ HANDLE PortHandle); 2642 2643 NTOSAPI 2644 NTSTATUS 2645 NTAPI 2646 NtRequestPort( 2647 /*IN*/ HANDLE PortHandle, 2648 /*IN*/ PLPC_MESSAGE RequestMessage); 2649 2650 NTOSAPI 2651 NTSTATUS 2652 NTAPI 2653 ZwRequestPort( 2654 /*IN*/ HANDLE PortHandle, 2655 /*IN*/ PLPC_MESSAGE RequestMessage); 2656 2657 NTOSAPI 2658 NTSTATUS 2659 NTAPI 2660 NtRequestWaitReplyPort( 2661 /*IN*/ HANDLE PortHandle, 2662 /*IN*/ PLPC_MESSAGE RequestMessage, 2663 /*OUT*/ PLPC_MESSAGE ReplyMessage); 2664 2665 NTOSAPI 2666 NTSTATUS 2667 NTAPI 2668 ZwRequestWaitReplyPort( 2669 /*IN*/ HANDLE PortHandle, 2670 /*IN*/ PLPC_MESSAGE RequestMessage, 2671 /*OUT*/ PLPC_MESSAGE ReplyMessage); 2672 2673 NTOSAPI 2674 NTSTATUS 2675 NTAPI 2676 NtReplyPort( 2677 /*IN*/ HANDLE PortHandle, 2678 /*IN*/ PLPC_MESSAGE ReplyMessage); 2679 2680 NTOSAPI 2681 NTSTATUS 2682 NTAPI 2683 ZwReplyPort( 2684 /*IN*/ HANDLE PortHandle, 2685 /*IN*/ PLPC_MESSAGE ReplyMessage); 2686 2687 NTOSAPI 2688 NTSTATUS 2689 NTAPI 2690 NtReplyWaitReplyPort( 2691 /*IN*/ HANDLE PortHandle, 2692 /*IN OUT*/ PLPC_MESSAGE ReplyMessage); 2693 2694 NTOSAPI 2695 NTSTATUS 2696 NTAPI 2697 ZwReplyWaitReplyPort( 2698 /*IN*/ HANDLE PortHandle, 2699 /*IN OUT*/ PLPC_MESSAGE ReplyMessage); 2700 2701 NTOSAPI 2702 NTSTATUS 2703 NTAPI 2704 NtReplyWaitReceivePort( 2705 /*IN*/ HANDLE PortHandle, 2706 /*OUT*/ PULONG PortIdentifier /*OPTIONAL*/, 2707 /*IN*/ PLPC_MESSAGE ReplyMessage /*OPTIONAL*/, 2708 /*OUT*/ PLPC_MESSAGE Message); 2709 2710 NTOSAPI 2711 NTSTATUS 2712 NTAPI 2713 ZwReplyWaitReceivePort( 2714 /*IN*/ HANDLE PortHandle, 2715 /*OUT*/ PULONG PortIdentifier /*OPTIONAL*/, 2716 /*IN*/ PLPC_MESSAGE ReplyMessage /*OPTIONAL*/, 2717 /*OUT*/ PLPC_MESSAGE Message); 2718 2719 NTOSAPI 2720 NTSTATUS 2721 NTAPI 2722 NtReplyWaitReceivePortEx( 2723 /*IN*/ HANDLE PortHandle, 2724 /*OUT*/ PULONG PortIdentifier /*OPTIONAL*/, 2725 /*IN*/ PLPC_MESSAGE ReplyMessage /*OPTIONAL*/, 2726 /*OUT*/ PLPC_MESSAGE Message, 2727 /*IN*/ PLARGE_INTEGER Timeout); 2728 2729 NTOSAPI 2730 NTSTATUS 2731 NTAPI 2732 ZwReplyWaitReceivePortEx( 2733 /*IN*/ HANDLE PortHandle, 2734 /*OUT*/ PULONG PortIdentifier /*OPTIONAL*/, 2735 /*IN*/ PLPC_MESSAGE ReplyMessage /*OPTIONAL*/, 2736 /*OUT*/ PLPC_MESSAGE Message, 2737 /*IN*/ PLARGE_INTEGER Timeout); 2738 2739 NTOSAPI 2740 NTSTATUS 2741 NTAPI 2742 NtReadRequestData( 2743 /*IN*/ HANDLE PortHandle, 2744 /*IN*/ PLPC_MESSAGE Message, 2745 /*IN*/ ULONG Index, 2746 /*OUT*/ PVOID Buffer, 2747 /*IN*/ ULONG BufferLength, 2748 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 2749 2750 NTOSAPI 2751 NTSTATUS 2752 NTAPI 2753 ZwReadRequestData( 2754 /*IN*/ HANDLE PortHandle, 2755 /*IN*/ PLPC_MESSAGE Message, 2756 /*IN*/ ULONG Index, 2757 /*OUT*/ PVOID Buffer, 2758 /*IN*/ ULONG BufferLength, 2759 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 2760 2761 NTOSAPI 2762 NTSTATUS 2763 NTAPI 2764 NtWriteRequestData( 2765 /*IN*/ HANDLE PortHandle, 2766 /*IN*/ PLPC_MESSAGE Message, 2767 /*IN*/ ULONG Index, 2768 /*IN*/ PVOID Buffer, 2769 /*IN*/ ULONG BufferLength, 2770 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 2771 2772 NTOSAPI 2773 NTSTATUS 2774 NTAPI 2775 ZwWriteRequestData( 2776 /*IN*/ HANDLE PortHandle, 2777 /*IN*/ PLPC_MESSAGE Message, 2778 /*IN*/ ULONG Index, 2779 /*IN*/ PVOID Buffer, 2780 /*IN*/ ULONG BufferLength, 2781 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 2782 2783 typedef enum _PORT_INFORMATION_CLASS { 2784 PortBasicInformation 2785 } PORT_INFORMATION_CLASS; 2786 2787 NTOSAPI 2788 NTSTATUS 2789 NTAPI 2790 NtQueryInformationPort( 2791 /*IN*/ HANDLE PortHandle, 2792 /*IN*/ PORT_INFORMATION_CLASS PortInformationClass, 2793 /*OUT*/ PVOID PortInformation, 2794 /*IN*/ ULONG PortInformationLength, 2795 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 2796 2797 NTOSAPI 2798 NTSTATUS 2799 NTAPI 2800 ZwQueryInformationPort( 2801 /*IN*/ HANDLE PortHandle, 2802 /*IN*/ PORT_INFORMATION_CLASS PortInformationClass, 2803 /*OUT*/ PVOID PortInformation, 2804 /*IN*/ ULONG PortInformationLength, 2805 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 2806 2807 NTOSAPI 2808 NTSTATUS 2809 NTAPI 2810 NtImpersonateClientOfPort( 2811 /*IN*/ HANDLE PortHandle, 2812 /*IN*/ PLPC_MESSAGE Message); 2813 2814 NTOSAPI 2815 NTSTATUS 2816 NTAPI 2817 ZwImpersonateClientOfPort( 2818 /*IN*/ HANDLE PortHandle, 2819 /*IN*/ PLPC_MESSAGE Message); 2820 2821 2822 2823 2824 /* Files */ 2825 2826 NTOSAPI 2827 NTSTATUS 2828 NTAPI 2829 NtDeleteFile( 2830 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes); 2831 2832 NTOSAPI 2833 NTSTATUS 2834 NTAPI 2835 ZwDeleteFile( 2836 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes); 2837 2838 NTOSAPI 2839 NTSTATUS 2840 NTAPI 2841 NtFlushBuffersFile( 2842 /*IN*/ HANDLE FileHandle, 2843 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock); 2844 2845 NTOSAPI 2846 NTSTATUS 2847 NTAPI 2848 ZwFlushBuffersFile( 2849 /*IN*/ HANDLE FileHandle, 2850 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock); 2851 2852 NTOSAPI 2853 NTSTATUS 2854 NTAPI 2855 NtCancelIoFile( 2856 /*IN*/ HANDLE FileHandle, 2857 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock); 2858 2859 NTOSAPI 2860 NTSTATUS 2861 NTAPI 2862 ZwCancelIoFile( 2863 /*IN*/ HANDLE FileHandle, 2864 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock); 2865 2866 NTOSAPI 2867 NTSTATUS 2868 NTAPI 2869 NtReadFileScatter( 2870 /*IN*/ HANDLE FileHandle, 2871 /*IN*/ HANDLE Event /*OPTIONAL*/, 2872 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, 2873 /*IN*/ PVOID ApcContext /*OPTIONAL*/, 2874 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, 2875 /*IN*/ PFILE_SEGMENT_ELEMENT Buffer, 2876 /*IN*/ ULONG Length, 2877 /*IN*/ PLARGE_INTEGER ByteOffset /*OPTIONAL*/, 2878 /*IN*/ PULONG Key /*OPTIONAL*/); 2879 2880 NTOSAPI 2881 NTSTATUS 2882 NTAPI 2883 ZwReadFileScatter( 2884 /*IN*/ HANDLE FileHandle, 2885 /*IN*/ HANDLE Event /*OPTIONAL*/, 2886 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, 2887 /*IN*/ PVOID ApcContext /*OPTIONAL*/, 2888 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, 2889 /*IN*/ PFILE_SEGMENT_ELEMENT Buffer, 2890 /*IN*/ ULONG Length, 2891 /*IN*/ PLARGE_INTEGER ByteOffset /*OPTIONAL*/, 2892 /*IN*/ PULONG Key /*OPTIONAL*/); 2893 2894 NTOSAPI 2895 NTSTATUS 2896 NTAPI 2897 NtWriteFileGather( 2898 /*IN*/ HANDLE FileHandle, 2899 /*IN*/ HANDLE Event /*OPTIONAL*/, 2900 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, 2901 /*IN*/ PVOID ApcContext /*OPTIONAL*/, 2902 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, 2903 /*IN*/ PFILE_SEGMENT_ELEMENT Buffer, 2904 /*IN*/ ULONG Length, 2905 /*IN*/ PLARGE_INTEGER ByteOffset /*OPTIONAL*/, 2906 /*IN*/ PULONG Key /*OPTIONAL*/); 2907 2908 NTOSAPI 2909 NTSTATUS 2910 NTAPI 2911 ZwWriteFileGather( 2912 /*IN*/ HANDLE FileHandle, 2913 /*IN*/ HANDLE Event /*OPTIONAL*/, 2914 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, 2915 /*IN*/ PVOID ApcContext /*OPTIONAL*/, 2916 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, 2917 /*IN*/ PFILE_SEGMENT_ELEMENT Buffer, 2918 /*IN*/ ULONG Length, 2919 /*IN*/ PLARGE_INTEGER ByteOffset /*OPTIONAL*/, 2920 /*IN*/ PULONG Key /*OPTIONAL*/); 2921 2922 2923 2924 2925 /* Registry keys */ 2926 2927 NTOSAPI 2928 NTSTATUS 2929 NTAPI 2930 NtSaveKey( 2931 /*IN*/ HANDLE KeyHandle, 2932 /*IN*/ HANDLE FileHandle); 2933 2934 NTOSAPI 2935 NTSTATUS 2936 NTAPI 2937 ZwSaveKey( 2938 /*IN*/ HANDLE KeyHandle, 2939 /*IN*/ HANDLE FileHandle); 2940 2941 NTOSAPI 2942 NTSTATUS 2943 NTAPI 2944 NtSaveMergedKeys( 2945 /*IN*/ HANDLE KeyHandle1, 2946 /*IN*/ HANDLE KeyHandle2, 2947 /*IN*/ HANDLE FileHandle); 2948 2949 NTOSAPI 2950 NTSTATUS 2951 NTAPI 2952 ZwSaveMergedKeys( 2953 /*IN*/ HANDLE KeyHandle1, 2954 /*IN*/ HANDLE KeyHandle2, 2955 /*IN*/ HANDLE FileHandle); 2956 2957 NTOSAPI 2958 NTSTATUS 2959 NTAPI 2960 NtRestoreKey( 2961 /*IN*/ HANDLE KeyHandle, 2962 /*IN*/ HANDLE FileHandle, 2963 /*IN*/ ULONG Flags); 2964 2965 NTOSAPI 2966 NTSTATUS 2967 NTAPI 2968 ZwRestoreKey( 2969 /*IN*/ HANDLE KeyHandle, 2970 /*IN*/ HANDLE FileHandle, 2971 /*IN*/ ULONG Flags); 2972 2973 NTOSAPI 2974 NTSTATUS 2975 NTAPI 2976 NtLoadKey( 2977 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes, 2978 /*IN*/ POBJECT_ATTRIBUTES FileObjectAttributes); 2979 2980 NTOSAPI 2981 NTSTATUS 2982 NTAPI 2983 ZwLoadKey( 2984 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes, 2985 /*IN*/ POBJECT_ATTRIBUTES FileObjectAttributes); 2986 2987 NTOSAPI 2988 NTSTATUS 2989 NTAPI 2990 NtLoadKey2( 2991 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes, 2992 /*IN*/ POBJECT_ATTRIBUTES FileObjectAttributes, 2993 /*IN*/ ULONG Flags); 2994 2995 NTOSAPI 2996 NTSTATUS 2997 NTAPI 2998 ZwLoadKey2( 2999 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes, 3000 /*IN*/ POBJECT_ATTRIBUTES FileObjectAttributes, 3001 /*IN*/ ULONG Flags); 3002 3003 NTOSAPI 3004 NTSTATUS 3005 NTAPI 3006 NtUnloadKey( 3007 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes); 3008 3009 NTOSAPI 3010 NTSTATUS 3011 NTAPI 3012 ZwUnloadKey( 3013 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes); 3014 3015 NTOSAPI 3016 NTSTATUS 3017 NTAPI 3018 NtQueryOpenSubKeys( 3019 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes, 3020 /*OUT*/ PULONG NumberOfKeys); 3021 3022 NTOSAPI 3023 NTSTATUS 3024 NTAPI 3025 ZwQueryOpenSubKeys( 3026 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes, 3027 /*OUT*/ PULONG NumberOfKeys); 3028 3029 NTOSAPI 3030 NTSTATUS 3031 NTAPI 3032 NtReplaceKey( 3033 /*IN*/ POBJECT_ATTRIBUTES NewFileObjectAttributes, 3034 /*IN*/ HANDLE KeyHandle, 3035 /*IN*/ POBJECT_ATTRIBUTES OldFileObjectAttributes); 3036 3037 NTOSAPI 3038 NTSTATUS 3039 NTAPI 3040 ZwReplaceKey( 3041 /*IN*/ POBJECT_ATTRIBUTES NewFileObjectAttributes, 3042 /*IN*/ HANDLE KeyHandle, 3043 /*IN*/ POBJECT_ATTRIBUTES OldFileObjectAttributes); 3044 3045 typedef enum _KEY_SET_INFORMATION_CLASS { 3046 KeyLastWriteTimeInformation 3047 } KEY_SET_INFORMATION_CLASS; 3048 3049 NTOSAPI 3050 NTSTATUS 3051 NTAPI 3052 NtSetInformationKey( 3053 /*IN*/ HANDLE KeyHandle, 3054 /*IN*/ KEY_SET_INFORMATION_CLASS KeyInformationClass, 3055 /*IN*/ PVOID KeyInformation, 3056 /*IN*/ ULONG KeyInformationLength); 3057 3058 NTOSAPI 3059 NTSTATUS 3060 NTAPI 3061 ZwSetInformationKey( 3062 /*IN*/ HANDLE KeyHandle, 3063 /*IN*/ KEY_SET_INFORMATION_CLASS KeyInformationClass, 3064 /*IN*/ PVOID KeyInformation, 3065 /*IN*/ ULONG KeyInformationLength); 3066 3067 typedef struct _KEY_LAST_WRITE_TIME_INFORMATION { 3068 LARGE_INTEGER LastWriteTime; 3069 } KEY_LAST_WRITE_TIME_INFORMATION, *PKEY_LAST_WRITE_TIME_INFORMATION; 3070 3071 typedef struct _KEY_NAME_INFORMATION { 3072 ULONG NameLength; 3073 WCHAR Name[1]; 3074 } KEY_NAME_INFORMATION, *PKEY_NAME_INFORMATION; 3075 3076 NTOSAPI 3077 NTSTATUS 3078 NTAPI 3079 NtNotifyChangeKey( 3080 /*IN*/ HANDLE KeyHandle, 3081 /*IN*/ HANDLE EventHandle /*OPTIONAL*/, 3082 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, 3083 /*IN*/ PVOID ApcContext /*OPTIONAL*/, 3084 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, 3085 /*IN*/ ULONG NotifyFilter, 3086 /*IN*/ BOOLEAN WatchSubtree, 3087 /*IN*/ PVOID Buffer, 3088 /*IN*/ ULONG BufferLength, 3089 /*IN*/ BOOLEAN Asynchronous); 3090 3091 NTOSAPI 3092 NTSTATUS 3093 NTAPI 3094 ZwNotifyChangeKey( 3095 /*IN*/ HANDLE KeyHandle, 3096 /*IN*/ HANDLE EventHandle /*OPTIONAL*/, 3097 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, 3098 /*IN*/ PVOID ApcContext /*OPTIONAL*/, 3099 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, 3100 /*IN*/ ULONG NotifyFilter, 3101 /*IN*/ BOOLEAN WatchSubtree, 3102 /*IN*/ PVOID Buffer, 3103 /*IN*/ ULONG BufferLength, 3104 /*IN*/ BOOLEAN Asynchronous); 3105 3106 /* ZwNotifyChangeMultipleKeys.Flags constants */ 3107 #define REG_MONITOR_SINGLE_KEY 0x00 3108 #define REG_MONITOR_SECOND_KEY 0x01 3109 3110 NTOSAPI 3111 NTSTATUS 3112 NTAPI 3113 NtNotifyChangeMultipleKeys( 3114 /*IN*/ HANDLE KeyHandle, 3115 /*IN*/ ULONG Flags, 3116 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes, 3117 /*IN*/ HANDLE EventHandle /*OPTIONAL*/, 3118 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, 3119 /*IN*/ PVOID ApcContext /*OPTIONAL*/, 3120 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, 3121 /*IN*/ ULONG NotifyFilter, 3122 /*IN*/ BOOLEAN WatchSubtree, 3123 /*IN*/ PVOID Buffer, 3124 /*IN*/ ULONG BufferLength, 3125 /*IN*/ BOOLEAN Asynchronous); 3126 3127 NTOSAPI 3128 NTSTATUS 3129 NTAPI 3130 ZwNotifyChangeMultipleKeys( 3131 /*IN*/ HANDLE KeyHandle, 3132 /*IN*/ ULONG Flags, 3133 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes, 3134 /*IN*/ HANDLE EventHandle /*OPTIONAL*/, 3135 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, 3136 /*IN*/ PVOID ApcContext /*OPTIONAL*/, 3137 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, 3138 /*IN*/ ULONG NotifyFilter, 3139 /*IN*/ BOOLEAN WatchSubtree, 3140 /*IN*/ PVOID Buffer, 3141 /*IN*/ ULONG BufferLength, 3142 /*IN*/ BOOLEAN Asynchronous); 3143 3144 NTOSAPI 3145 NTSTATUS 3146 NTAPI 3147 NtQueryMultipleValueKey( 3148 /*IN*/ HANDLE KeyHandle, 3149 /*IN OUT*/ PKEY_VALUE_ENTRY ValueList, 3150 /*IN*/ ULONG NumberOfValues, 3151 /*OUT*/ PVOID Buffer, 3152 /*IN OUT*/ PULONG Length, 3153 /*OUT*/ PULONG ReturnLength); 3154 3155 NTOSAPI 3156 NTSTATUS 3157 NTAPI 3158 ZwQueryMultipleValueKey( 3159 /*IN*/ HANDLE KeyHandle, 3160 /*IN OUT*/ PKEY_VALUE_ENTRY ValueList, 3161 /*IN*/ ULONG NumberOfValues, 3162 /*OUT*/ PVOID Buffer, 3163 /*IN OUT*/ PULONG Length, 3164 /*OUT*/ PULONG ReturnLength); 3165 3166 NTOSAPI 3167 NTSTATUS 3168 NTAPI 3169 NtInitializeRegistry( 3170 /*IN*/ BOOLEAN Setup); 3171 3172 NTOSAPI 3173 NTSTATUS 3174 NTAPI 3175 ZwInitializeRegistry( 3176 /*IN*/ BOOLEAN Setup); 3177 3178 3179 3180 3181 /* Security and auditing */ 3182 3183 NTOSAPI 3184 NTSTATUS 3185 NTAPI 3186 NtPrivilegeCheck( 3187 /*IN*/ HANDLE TokenHandle, 3188 /*IN*/ PPRIVILEGE_SET RequiredPrivileges, 3189 /*OUT*/ PBOOLEAN Result); 3190 3191 NTOSAPI 3192 NTSTATUS 3193 NTAPI 3194 ZwPrivilegeCheck( 3195 /*IN*/ HANDLE TokenHandle, 3196 /*IN*/ PPRIVILEGE_SET RequiredPrivileges, 3197 /*OUT*/ PBOOLEAN Result); 3198 3199 NTOSAPI 3200 NTSTATUS 3201 NTAPI 3202 NtPrivilegeObjectAuditAlarm( 3203 /*IN*/ PUNICODE_STRING SubsystemName, 3204 /*IN*/ PVOID HandleId, 3205 /*IN*/ HANDLE TokenHandle, 3206 /*IN*/ ACCESS_MASK DesiredAccess, 3207 /*IN*/ PPRIVILEGE_SET Privileges, 3208 /*IN*/ BOOLEAN AccessGranted); 3209 3210 NTOSAPI 3211 NTSTATUS 3212 NTAPI 3213 ZwPrivilegeObjectAuditAlarm( 3214 /*IN*/ PUNICODE_STRING SubsystemName, 3215 /*IN*/ PVOID HandleId, 3216 /*IN*/ HANDLE TokenHandle, 3217 /*IN*/ ACCESS_MASK DesiredAccess, 3218 /*IN*/ PPRIVILEGE_SET Privileges, 3219 /*IN*/ BOOLEAN AccessGranted); 3220 3221 NTOSAPI 3222 NTSTATUS 3223 NTAPI 3224 NtAccessCheck( 3225 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 3226 /*IN*/ HANDLE TokenHandle, 3227 /*IN*/ ACCESS_MASK DesiredAccess, 3228 /*IN*/ PGENERIC_MAPPING GenericMapping, 3229 /*IN*/ PPRIVILEGE_SET PrivilegeSet, 3230 /*IN*/ PULONG PrivilegeSetLength, 3231 /*OUT*/ PACCESS_MASK GrantedAccess, 3232 /*OUT*/ PBOOLEAN AccessStatus); 3233 3234 NTOSAPI 3235 NTSTATUS 3236 NTAPI 3237 ZwAccessCheck( 3238 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 3239 /*IN*/ HANDLE TokenHandle, 3240 /*IN*/ ACCESS_MASK DesiredAccess, 3241 /*IN*/ PGENERIC_MAPPING GenericMapping, 3242 /*IN*/ PPRIVILEGE_SET PrivilegeSet, 3243 /*IN*/ PULONG PrivilegeSetLength, 3244 /*OUT*/ PACCESS_MASK GrantedAccess, 3245 /*OUT*/ PBOOLEAN AccessStatus); 3246 3247 NTOSAPI 3248 NTSTATUS 3249 NTAPI 3250 NtAccessCheckAndAuditAlarm( 3251 /*IN*/ PUNICODE_STRING SubsystemName, 3252 /*IN*/ PVOID HandleId, 3253 /*IN*/ PUNICODE_STRING ObjectTypeName, 3254 /*IN*/ PUNICODE_STRING ObjectName, 3255 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 3256 /*IN*/ ACCESS_MASK DesiredAccess, 3257 /*IN*/ PGENERIC_MAPPING GenericMapping, 3258 /*IN*/ BOOLEAN ObjectCreation, 3259 /*OUT*/ PACCESS_MASK GrantedAccess, 3260 /*OUT*/ PBOOLEAN AccessStatus, 3261 /*OUT*/ PBOOLEAN GenerateOnClose); 3262 3263 NTOSAPI 3264 NTSTATUS 3265 NTAPI 3266 ZwAccessCheckAndAuditAlarm( 3267 /*IN*/ PUNICODE_STRING SubsystemName, 3268 /*IN*/ PVOID HandleId, 3269 /*IN*/ PUNICODE_STRING ObjectTypeName, 3270 /*IN*/ PUNICODE_STRING ObjectName, 3271 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 3272 /*IN*/ ACCESS_MASK DesiredAccess, 3273 /*IN*/ PGENERIC_MAPPING GenericMapping, 3274 /*IN*/ BOOLEAN ObjectCreation, 3275 /*OUT*/ PACCESS_MASK GrantedAccess, 3276 /*OUT*/ PBOOLEAN AccessStatus, 3277 /*OUT*/ PBOOLEAN GenerateOnClose); 3278 3279 NTOSAPI 3280 NTSTATUS 3281 NTAPI 3282 NtAccessCheckByType( 3283 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 3284 /*IN*/ PSID PrincipalSelfSid, 3285 /*IN*/ HANDLE TokenHandle, 3286 /*IN*/ ULONG DesiredAccess, 3287 /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, 3288 /*IN*/ ULONG ObjectTypeListLength, 3289 /*IN*/ PGENERIC_MAPPING GenericMapping, 3290 /*IN*/ PPRIVILEGE_SET PrivilegeSet, 3291 /*IN*/ PULONG PrivilegeSetLength, 3292 /*OUT*/ PACCESS_MASK GrantedAccess, 3293 /*OUT*/ PULONG AccessStatus); 3294 3295 NTOSAPI 3296 NTSTATUS 3297 NTAPI 3298 ZwAccessCheckByType( 3299 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 3300 /*IN*/ PSID PrincipalSelfSid, 3301 /*IN*/ HANDLE TokenHandle, 3302 /*IN*/ ULONG DesiredAccess, 3303 /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, 3304 /*IN*/ ULONG ObjectTypeListLength, 3305 /*IN*/ PGENERIC_MAPPING GenericMapping, 3306 /*IN*/ PPRIVILEGE_SET PrivilegeSet, 3307 /*IN*/ PULONG PrivilegeSetLength, 3308 /*OUT*/ PACCESS_MASK GrantedAccess, 3309 /*OUT*/ PULONG AccessStatus); 3310 3311 typedef enum _AUDIT_EVENT_TYPE { 3312 AuditEventObjectAccess, 3313 AuditEventDirectoryServiceAccess 3314 } AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE; 3315 3316 NTOSAPI 3317 NTSTATUS 3318 NTAPI 3319 NtAccessCheckByTypeAndAuditAlarm( 3320 /*IN*/ PUNICODE_STRING SubsystemName, 3321 /*IN*/ PVOID HandleId, 3322 /*IN*/ PUNICODE_STRING ObjectTypeName, 3323 /*IN*/ PUNICODE_STRING ObjectName, 3324 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 3325 /*IN*/ PSID PrincipalSelfSid, 3326 /*IN*/ ACCESS_MASK DesiredAccess, 3327 /*IN*/ AUDIT_EVENT_TYPE AuditType, 3328 /*IN*/ ULONG Flags, 3329 /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, 3330 /*IN*/ ULONG ObjectTypeListLength, 3331 /*IN*/ PGENERIC_MAPPING GenericMapping, 3332 /*IN*/ BOOLEAN ObjectCreation, 3333 /*OUT*/ PACCESS_MASK GrantedAccess, 3334 /*OUT*/ PULONG AccessStatus, 3335 /*OUT*/ PBOOLEAN GenerateOnClose); 3336 3337 NTOSAPI 3338 NTSTATUS 3339 NTAPI 3340 ZwAccessCheckByTypeAndAuditAlarm( 3341 /*IN*/ PUNICODE_STRING SubsystemName, 3342 /*IN*/ PVOID HandleId, 3343 /*IN*/ PUNICODE_STRING ObjectTypeName, 3344 /*IN*/ PUNICODE_STRING ObjectName, 3345 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 3346 /*IN*/ PSID PrincipalSelfSid, 3347 /*IN*/ ACCESS_MASK DesiredAccess, 3348 /*IN*/ AUDIT_EVENT_TYPE AuditType, 3349 /*IN*/ ULONG Flags, 3350 /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, 3351 /*IN*/ ULONG ObjectTypeListLength, 3352 /*IN*/ PGENERIC_MAPPING GenericMapping, 3353 /*IN*/ BOOLEAN ObjectCreation, 3354 /*OUT*/ PACCESS_MASK GrantedAccess, 3355 /*OUT*/ PULONG AccessStatus, 3356 /*OUT*/ PBOOLEAN GenerateOnClose); 3357 3358 NTOSAPI 3359 NTSTATUS 3360 NTAPI 3361 NtAccessCheckByTypeResultList( 3362 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 3363 /*IN*/ PSID PrincipalSelfSid, 3364 /*IN*/ HANDLE TokenHandle, 3365 /*IN*/ ACCESS_MASK DesiredAccess, 3366 /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, 3367 /*IN*/ ULONG ObjectTypeListLength, 3368 /*IN*/ PGENERIC_MAPPING GenericMapping, 3369 /*IN*/ PPRIVILEGE_SET PrivilegeSet, 3370 /*IN*/ PULONG PrivilegeSetLength, 3371 /*OUT*/ PACCESS_MASK GrantedAccessList, 3372 /*OUT*/ PULONG AccessStatusList); 3373 3374 NTOSAPI 3375 NTSTATUS 3376 NTAPI 3377 ZwAccessCheckByTypeResultList( 3378 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 3379 /*IN*/ PSID PrincipalSelfSid, 3380 /*IN*/ HANDLE TokenHandle, 3381 /*IN*/ ACCESS_MASK DesiredAccess, 3382 /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, 3383 /*IN*/ ULONG ObjectTypeListLength, 3384 /*IN*/ PGENERIC_MAPPING GenericMapping, 3385 /*IN*/ PPRIVILEGE_SET PrivilegeSet, 3386 /*IN*/ PULONG PrivilegeSetLength, 3387 /*OUT*/ PACCESS_MASK GrantedAccessList, 3388 /*OUT*/ PULONG AccessStatusList); 3389 3390 NTOSAPI 3391 NTSTATUS 3392 NTAPI 3393 NtAccessCheckByTypeResultListAndAuditAlarm( 3394 /*IN*/ PUNICODE_STRING SubsystemName, 3395 /*IN*/ PVOID HandleId, 3396 /*IN*/ PUNICODE_STRING ObjectTypeName, 3397 /*IN*/ PUNICODE_STRING ObjectName, 3398 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 3399 /*IN*/ PSID PrincipalSelfSid, 3400 /*IN*/ ACCESS_MASK DesiredAccess, 3401 /*IN*/ AUDIT_EVENT_TYPE AuditType, 3402 /*IN*/ ULONG Flags, 3403 /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, 3404 /*IN*/ ULONG ObjectTypeListLength, 3405 /*IN*/ PGENERIC_MAPPING GenericMapping, 3406 /*IN*/ BOOLEAN ObjectCreation, 3407 /*OUT*/ PACCESS_MASK GrantedAccessList, 3408 /*OUT*/ PULONG AccessStatusList, 3409 /*OUT*/ PULONG GenerateOnClose); 3410 3411 NTOSAPI 3412 NTSTATUS 3413 NTAPI 3414 ZwAccessCheckByTypeResultListAndAuditAlarm( 3415 /*IN*/ PUNICODE_STRING SubsystemName, 3416 /*IN*/ PVOID HandleId, 3417 /*IN*/ PUNICODE_STRING ObjectTypeName, 3418 /*IN*/ PUNICODE_STRING ObjectName, 3419 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 3420 /*IN*/ PSID PrincipalSelfSid, 3421 /*IN*/ ACCESS_MASK DesiredAccess, 3422 /*IN*/ AUDIT_EVENT_TYPE AuditType, 3423 /*IN*/ ULONG Flags, 3424 /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, 3425 /*IN*/ ULONG ObjectTypeListLength, 3426 /*IN*/ PGENERIC_MAPPING GenericMapping, 3427 /*IN*/ BOOLEAN ObjectCreation, 3428 /*OUT*/ PACCESS_MASK GrantedAccessList, 3429 /*OUT*/ PULONG AccessStatusList, 3430 /*OUT*/ PULONG GenerateOnClose); 3431 3432 NTOSAPI 3433 NTSTATUS 3434 NTAPI 3435 NtAccessCheckByTypeResultListAndAuditAlarmByHandle( 3436 /*IN*/ PUNICODE_STRING SubsystemName, 3437 /*IN*/ PVOID HandleId, 3438 /*IN*/ HANDLE TokenHandle, 3439 /*IN*/ PUNICODE_STRING ObjectTypeName, 3440 /*IN*/ PUNICODE_STRING ObjectName, 3441 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 3442 /*IN*/ PSID PrincipalSelfSid, 3443 /*IN*/ ACCESS_MASK DesiredAccess, 3444 /*IN*/ AUDIT_EVENT_TYPE AuditType, 3445 /*IN*/ ULONG Flags, 3446 /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, 3447 /*IN*/ ULONG ObjectTypeListLength, 3448 /*IN*/ PGENERIC_MAPPING GenericMapping, 3449 /*IN*/ BOOLEAN ObjectCreation, 3450 /*OUT*/ PACCESS_MASK GrantedAccessList, 3451 /*OUT*/ PULONG AccessStatusList, 3452 /*OUT*/ PULONG GenerateOnClose); 3453 3454 NTOSAPI 3455 NTSTATUS 3456 NTAPI 3457 ZwAccessCheckByTypeResultListAndAuditAlarmByHandle( 3458 /*IN*/ PUNICODE_STRING SubsystemName, 3459 /*IN*/ PVOID HandleId, 3460 /*IN*/ HANDLE TokenHandle, 3461 /*IN*/ PUNICODE_STRING ObjectTypeName, 3462 /*IN*/ PUNICODE_STRING ObjectName, 3463 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 3464 /*IN*/ PSID PrincipalSelfSid, 3465 /*IN*/ ACCESS_MASK DesiredAccess, 3466 /*IN*/ AUDIT_EVENT_TYPE AuditType, 3467 /*IN*/ ULONG Flags, 3468 /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, 3469 /*IN*/ ULONG ObjectTypeListLength, 3470 /*IN*/ PGENERIC_MAPPING GenericMapping, 3471 /*IN*/ BOOLEAN ObjectCreation, 3472 /*OUT*/ PACCESS_MASK GrantedAccessList, 3473 /*OUT*/ PULONG AccessStatusList, 3474 /*OUT*/ PULONG GenerateOnClose); 3475 3476 NTOSAPI 3477 NTSTATUS 3478 NTAPI 3479 NtOpenObjectAuditAlarm( 3480 /*IN*/ PUNICODE_STRING SubsystemName, 3481 /*IN*/ PVOID *HandleId, 3482 /*IN*/ PUNICODE_STRING ObjectTypeName, 3483 /*IN*/ PUNICODE_STRING ObjectName, 3484 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 3485 /*IN*/ HANDLE TokenHandle, 3486 /*IN*/ ACCESS_MASK DesiredAccess, 3487 /*IN*/ ACCESS_MASK GrantedAccess, 3488 /*IN*/ PPRIVILEGE_SET Privileges /*OPTIONAL*/, 3489 /*IN*/ BOOLEAN ObjectCreation, 3490 /*IN*/ BOOLEAN AccessGranted, 3491 /*OUT*/ PBOOLEAN GenerateOnClose); 3492 3493 NTOSAPI 3494 NTSTATUS 3495 NTAPI 3496 ZwOpenObjectAuditAlarm( 3497 /*IN*/ PUNICODE_STRING SubsystemName, 3498 /*IN*/ PVOID *HandleId, 3499 /*IN*/ PUNICODE_STRING ObjectTypeName, 3500 /*IN*/ PUNICODE_STRING ObjectName, 3501 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, 3502 /*IN*/ HANDLE TokenHandle, 3503 /*IN*/ ACCESS_MASK DesiredAccess, 3504 /*IN*/ ACCESS_MASK GrantedAccess, 3505 /*IN*/ PPRIVILEGE_SET Privileges /*OPTIONAL*/, 3506 /*IN*/ BOOLEAN ObjectCreation, 3507 /*IN*/ BOOLEAN AccessGranted, 3508 /*OUT*/ PBOOLEAN GenerateOnClose); 3509 3510 NTOSAPI 3511 NTSTATUS 3512 NTAPI 3513 NtCloseObjectAuditAlarm( 3514 /*IN*/ PUNICODE_STRING SubsystemName, 3515 /*IN*/ PVOID HandleId, 3516 /*IN*/ BOOLEAN GenerateOnClose); 3517 3518 NTOSAPI 3519 NTSTATUS 3520 NTAPI 3521 ZwCloseObjectAuditAlarm( 3522 /*IN*/ PUNICODE_STRING SubsystemName, 3523 /*IN*/ PVOID HandleId, 3524 /*IN*/ BOOLEAN GenerateOnClose); 3525 3526 NTOSAPI 3527 NTSTATUS 3528 NTAPI 3529 NtDeleteObjectAuditAlarm( 3530 /*IN*/ PUNICODE_STRING SubsystemName, 3531 /*IN*/ PVOID HandleId, 3532 /*IN*/ BOOLEAN GenerateOnClose); 3533 3534 NTOSAPI 3535 NTSTATUS 3536 NTAPI 3537 ZwDeleteObjectAuditAlarm( 3538 /*IN*/ PUNICODE_STRING SubsystemName, 3539 /*IN*/ PVOID HandleId, 3540 /*IN*/ BOOLEAN GenerateOnClose); 3541 3542 3543 3544 3545 /* Plug and play and power management */ 3546 3547 NTOSAPI 3548 NTSTATUS 3549 NTAPI 3550 ZwRequestWakeupLatency( 3551 /*IN*/ LATENCY_TIME Latency); 3552 3553 NTOSAPI 3554 NTSTATUS 3555 NTAPI 3556 ZwRequestDeviceWakeup( 3557 /*IN*/ HANDLE DeviceHandle); 3558 3559 NTOSAPI 3560 NTSTATUS 3561 NTAPI 3562 ZwCancelDeviceWakeupRequest( 3563 /*IN*/ HANDLE DeviceHandle); 3564 3565 NTOSAPI 3566 BOOLEAN 3567 NTAPI 3568 ZwIsSystemResumeAutomatic( 3569 VOID); 3570 3571 NTOSAPI 3572 NTSTATUS 3573 NTAPI 3574 ZwSetThreadExecutionState( 3575 /*IN*/ EXECUTION_STATE ExecutionState, 3576 /*OUT*/ PEXECUTION_STATE PreviousExecutionState); 3577 3578 NTOSAPI 3579 NTSTATUS 3580 NTAPI 3581 ZwGetDevicePowerState( 3582 /*IN*/ HANDLE DeviceHandle, 3583 /*OUT*/ PDEVICE_POWER_STATE DevicePowerState); 3584 3585 NTOSAPI 3586 NTSTATUS 3587 NTAPI 3588 ZwSetSystemPowerState( 3589 /*IN*/ POWER_ACTION SystemAction, 3590 /*IN*/ SYSTEM_POWER_STATE MinSystemState, 3591 /*IN*/ ULONG Flags); 3592 3593 NTOSAPI 3594 NTSTATUS 3595 NTAPI 3596 ZwInitiatePowerAction( 3597 /*IN*/ POWER_ACTION SystemAction, 3598 /*IN*/ SYSTEM_POWER_STATE MinSystemState, 3599 /*IN*/ ULONG Flags, 3600 /*IN*/ BOOLEAN Asynchronous); 3601 3602 NTOSAPI 3603 NTSTATUS 3604 NTAPI 3605 ZwPowerInformation( 3606 /*IN*/ POWER_INFORMATION_LEVEL PowerInformationLevel, 3607 /*IN*/ PVOID InputBuffer /*OPTIONAL*/, 3608 /*IN*/ ULONG InputBufferLength, 3609 /*OUT*/ PVOID OutputBuffer /*OPTIONAL*/, 3610 /*IN*/ ULONG OutputBufferLength); 3611 3612 NTOSAPI 3613 NTSTATUS 3614 NTAPI 3615 NtPlugPlayControl( 3616 /*IN*/ ULONG ControlCode, 3617 /*IN OUT*/ PVOID Buffer, 3618 /*IN*/ ULONG BufferLength); 3619 3620 NTOSAPI 3621 NTSTATUS 3622 NTAPI 3623 ZwPlugPlayControl( 3624 /*IN*/ ULONG ControlCode, 3625 /*IN OUT*/ PVOID Buffer, 3626 /*IN*/ ULONG BufferLength); 3627 3628 NTOSAPI 3629 NTSTATUS 3630 NTAPI 3631 NtGetPlugPlayEvent( 3632 /*IN*/ ULONG Reserved1, 3633 /*IN*/ ULONG Reserved2, 3634 /*OUT*/ PVOID Buffer, 3635 /*IN*/ ULONG BufferLength); 3636 3637 NTOSAPI 3638 NTSTATUS 3639 NTAPI 3640 ZwGetPlugPlayEvent( 3641 /*IN*/ ULONG Reserved1, 3642 /*IN*/ ULONG Reserved2, 3643 /*OUT*/ PVOID Buffer, 3644 /*IN*/ ULONG BufferLength); 3645 3646 3647 3648 3649 /* Miscellany */ 3650 3651 NTOSAPI 3652 NTSTATUS 3653 NTAPI 3654 NtRaiseException( 3655 /*IN*/ PEXCEPTION_RECORD ExceptionRecord, 3656 /*IN*/ PCONTEXT Context, 3657 /*IN*/ BOOLEAN SearchFrames); 3658 3659 NTOSAPI 3660 NTSTATUS 3661 NTAPI 3662 ZwRaiseException( 3663 /*IN*/ PEXCEPTION_RECORD ExceptionRecord, 3664 /*IN*/ PCONTEXT Context, 3665 /*IN*/ BOOLEAN SearchFrames); 3666 3667 NTOSAPI 3668 NTSTATUS 3669 NTAPI 3670 NtContinue( 3671 /*IN*/ PCONTEXT Context, 3672 /*IN*/ BOOLEAN TestAlert); 3673 3674 NTOSAPI 3675 NTSTATUS 3676 NTAPI 3677 ZwContinue( 3678 /*IN*/ PCONTEXT Context, 3679 /*IN*/ BOOLEAN TestAlert); 3680 3681 NTOSAPI 3682 NTSTATUS 3683 NTAPI 3684 ZwW32Call( 3685 /*IN*/ ULONG RoutineIndex, 3686 /*IN*/ PVOID Argument, 3687 /*IN*/ ULONG ArgumentLength, 3688 /*OUT*/ PVOID *Result /*OPTIONAL*/, 3689 /*OUT*/ PULONG ResultLength /*OPTIONAL*/); 3690 3691 NTOSAPI 3692 NTSTATUS 3693 NTAPI 3694 NtSetLowWaitHighThread( 3695 VOID); 3696 3697 NTOSAPI 3698 NTSTATUS 3699 NTAPI 3700 ZwSetLowWaitHighThread( 3701 VOID); 3702 3703 NTOSAPI 3704 NTSTATUS 3705 NTAPI 3706 NtSetHighWaitLowThread( 3707 VOID); 3708 3709 NTOSAPI 3710 NTSTATUS 3711 NTAPI 3712 ZwSetHighWaitLowThread( 3713 VOID); 3714 3715 NTOSAPI 3716 NTSTATUS 3717 NTAPI 3718 NtLoadDriver( 3719 /*IN*/ PUNICODE_STRING DriverServiceName); 3720 3721 NTOSAPI 3722 NTSTATUS 3723 NTAPI 3724 ZwLoadDriver( 3725 /*IN*/ PUNICODE_STRING DriverServiceName); 3726 3727 NTOSAPI 3728 NTSTATUS 3729 NTAPI 3730 NtUnloadDriver( 3731 /*IN*/ PUNICODE_STRING DriverServiceName); 3732 3733 NTOSAPI 3734 NTSTATUS 3735 NTAPI 3736 ZwUnloadDriver( 3737 /*IN*/ PUNICODE_STRING DriverServiceName); 3738 3739 NTOSAPI 3740 NTSTATUS 3741 NTAPI 3742 NtFlushInstructionCache( 3743 /*IN*/ HANDLE ProcessHandle, 3744 /*IN*/ PVOID BaseAddress /*OPTIONAL*/, 3745 /*IN*/ ULONG FlushSize); 3746 3747 NTOSAPI 3748 NTSTATUS 3749 NTAPI 3750 ZwFlushInstructionCache( 3751 /*IN*/ HANDLE ProcessHandle, 3752 /*IN*/ PVOID BaseAddress /*OPTIONAL*/, 3753 /*IN*/ ULONG FlushSize); 3754 3755 NTOSAPI 3756 NTSTATUS 3757 NTAPI 3758 NtFlushWriteBuffer( 3759 VOID); 3760 3761 NTOSAPI 3762 NTSTATUS 3763 NTAPI 3764 ZwFlushWriteBuffer( 3765 VOID); 3766 3767 NTOSAPI 3768 NTSTATUS 3769 NTAPI 3770 NtQueryDefaultLocale( 3771 /*IN*/ BOOLEAN ThreadOrSystem, 3772 /*OUT*/ PLCID Locale); 3773 3774 NTOSAPI 3775 NTSTATUS 3776 NTAPI 3777 ZwQueryDefaultLocale( 3778 /*IN*/ BOOLEAN ThreadOrSystem, 3779 /*OUT*/ PLCID Locale); 3780 3781 NTOSAPI 3782 NTSTATUS 3783 NTAPI 3784 NtSetDefaultLocale( 3785 /*IN*/ BOOLEAN ThreadOrSystem, 3786 /*IN*/ LCID Locale); 3787 3788 NTOSAPI 3789 NTSTATUS 3790 NTAPI 3791 ZwSetDefaultLocale( 3792 /*IN*/ BOOLEAN ThreadOrSystem, 3793 /*IN*/ LCID Locale); 3794 3795 NTOSAPI 3796 NTSTATUS 3797 NTAPI 3798 NtQueryDefaultUILanguage( 3799 /*OUT*/ PLANGID LanguageId); 3800 3801 NTOSAPI 3802 NTSTATUS 3803 NTAPI 3804 ZwQueryDefaultUILanguage( 3805 /*OUT*/ PLANGID LanguageId); 3806 3807 NTOSAPI 3808 NTSTATUS 3809 NTAPI 3810 NtSetDefaultUILanguage( 3811 /*IN*/ LANGID LanguageId); 3812 3813 NTOSAPI 3814 NTSTATUS 3815 NTAPI 3816 ZwSetDefaultUILanguage( 3817 /*IN*/ LANGID LanguageId); 3818 3819 NTOSAPI 3820 NTSTATUS 3821 NTAPI 3822 NtQueryInstallUILanguage( 3823 /*OUT*/ PLANGID LanguageId); 3824 3825 NTOSAPI 3826 NTSTATUS 3827 NTAPI 3828 ZwQueryInstallUILanguage( 3829 /*OUT*/ PLANGID LanguageId); 3830 3831 NTOSAPI 3832 NTSTATUS 3833 NTAPI 3834 NtAllocateLocallyUniqueId( 3835 /*OUT*/ PLUID Luid); 3836 3837 NTOSAPI 3838 NTSTATUS 3839 NTAPI 3840 NtAllocateUuids( 3841 /*OUT*/ PLARGE_INTEGER UuidLastTimeAllocated, 3842 /*OUT*/ PULONG UuidDeltaTime, 3843 /*OUT*/ PULONG UuidSequenceNumber, 3844 /*OUT*/ PUCHAR UuidSeed); 3845 3846 NTOSAPI 3847 NTSTATUS 3848 NTAPI 3849 ZwAllocateUuids( 3850 /*OUT*/ PLARGE_INTEGER UuidLastTimeAllocated, 3851 /*OUT*/ PULONG UuidDeltaTime, 3852 /*OUT*/ PULONG UuidSequenceNumber, 3853 /*OUT*/ PUCHAR UuidSeed); 3854 3855 NTOSAPI 3856 NTSTATUS 3857 NTAPI 3858 NtSetUuidSeed( 3859 /*IN*/ PUCHAR UuidSeed); 3860 3861 NTOSAPI 3862 NTSTATUS 3863 NTAPI 3864 ZwSetUuidSeed( 3865 /*IN*/ PUCHAR UuidSeed); 3866 3867 typedef enum _HARDERROR_RESPONSE_OPTION { 3868 OptionAbortRetryIgnore, 3869 OptionOk, 3870 OptionOkCancel, 3871 OptionRetryCancel, 3872 OptionYesNo, 3873 OptionYesNoCancel, 3874 OptionShutdownSystem 3875 } HARDERROR_RESPONSE_OPTION, *PHARDERROR_RESPONSE_OPTION; 3876 3877 typedef enum _HARDERROR_RESPONSE { 3878 ResponseReturnToCaller, 3879 ResponseNotHandled, 3880 ResponseAbort, 3881 ResponseCancel, 3882 ResponseIgnore, 3883 ResponseNo, 3884 ResponseOk, 3885 ResponseRetry, 3886 ResponseYes 3887 } HARDERROR_RESPONSE, *PHARDERROR_RESPONSE; 3888 3889 NTOSAPI 3890 NTSTATUS 3891 NTAPI 3892 NtRaiseHardError( 3893 /*IN*/ NTSTATUS Status, 3894 /*IN*/ ULONG NumberOfArguments, 3895 /*IN*/ ULONG StringArgumentsMask, 3896 /*IN*/ PULONG Arguments, 3897 /*IN*/ HARDERROR_RESPONSE_OPTION ResponseOption, 3898 /*OUT*/ PHARDERROR_RESPONSE Response); 3899 3900 NTOSAPI 3901 NTSTATUS 3902 NTAPI 3903 ZwRaiseHardError( 3904 /*IN*/ NTSTATUS Status, 3905 /*IN*/ ULONG NumberOfArguments, 3906 /*IN*/ ULONG StringArgumentsMask, 3907 /*IN*/ PULONG Arguments, 3908 /*IN*/ HARDERROR_RESPONSE_OPTION ResponseOption, 3909 /*OUT*/ PHARDERROR_RESPONSE Response); 3910 3911 NTOSAPI 3912 NTSTATUS 3913 NTAPI 3914 NtSetDefaultHardErrorPort( 3915 /*IN*/ HANDLE PortHandle); 3916 3917 NTOSAPI 3918 NTSTATUS 3919 NTAPI 3920 ZwSetDefaultHardErrorPort( 3921 /*IN*/ HANDLE PortHandle); 3922 3923 NTOSAPI 3924 NTSTATUS 3925 NTAPI 3926 NtDisplayString( 3927 /*IN*/ PUNICODE_STRING String); 3928 3929 NTOSAPI 3930 NTSTATUS 3931 NTAPI 3932 ZwDisplayString( 3933 /*IN*/ PUNICODE_STRING String); 3934 3935 NTOSAPI 3936 NTSTATUS 3937 NTAPI 3938 NtCreatePagingFile( 3939 /*IN*/ PUNICODE_STRING FileName, 3940 /*IN*/ PULARGE_INTEGER InitialSize, 3941 /*IN*/ PULARGE_INTEGER MaximumSize, 3942 /*IN*/ ULONG Reserved); 3943 3944 NTOSAPI 3945 NTSTATUS 3946 NTAPI 3947 ZwCreatePagingFile( 3948 /*IN*/ PUNICODE_STRING FileName, 3949 /*IN*/ PULARGE_INTEGER InitialSize, 3950 /*IN*/ PULARGE_INTEGER MaximumSize, 3951 /*IN*/ ULONG Reserved); 3952 3953 typedef USHORT RTL_ATOM, *PRTL_ATOM; 3954 3955 NTOSAPI 3956 NTSTATUS 3957 NTAPI 3958 NtAddAtom( 3959 /*IN*/ PWSTR AtomName, 3960 /*IN*/ ULONG AtomNameLength, 3961 /*OUT*/ PRTL_ATOM Atom); 3962 3963 NTOSAPI 3964 NTSTATUS 3965 NTAPI 3966 ZwAddAtom( 3967 /*IN*/ PWSTR AtomName, 3968 /*IN*/ ULONG AtomNameLength, 3969 /*OUT*/ PRTL_ATOM Atom); 3970 3971 NTOSAPI 3972 NTSTATUS 3973 NTAPI 3974 NtFindAtom( 3975 /*IN*/ PWSTR AtomName, 3976 /*IN*/ ULONG AtomNameLength, 3977 /*OUT*/ PRTL_ATOM Atom); 3978 3979 NTOSAPI 3980 NTSTATUS 3981 NTAPI 3982 ZwFindAtom( 3983 /*IN*/ PWSTR AtomName, 3984 /*IN*/ ULONG AtomNameLength, 3985 /*OUT*/ PRTL_ATOM Atom); 3986 3987 NTOSAPI 3988 NTSTATUS 3989 NTAPI 3990 NtDeleteAtom( 3991 /*IN*/ RTL_ATOM Atom); 3992 3993 NTOSAPI 3994 NTSTATUS 3995 NTAPI 3996 ZwDeleteAtom( 3997 /*IN*/ RTL_ATOM Atom); 3998 3999 typedef enum _ATOM_INFORMATION_CLASS { 4000 AtomBasicInformation, 4001 AtomListInformation 4002 } ATOM_INFORMATION_CLASS; 4003 4004 NTOSAPI 4005 NTSTATUS 4006 NTAPI 4007 NtQueryInformationAtom( 4008 /*IN*/ RTL_ATOM Atom, 4009 /*IN*/ ATOM_INFORMATION_CLASS AtomInformationClass, 4010 /*OUT*/ PVOID AtomInformation, 4011 /*IN*/ ULONG AtomInformationLength, 4012 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 4013 4014 NTOSAPI 4015 NTSTATUS 4016 NTAPI 4017 ZwQueryInformationAtom( 4018 /*IN*/ RTL_ATOM Atom, 4019 /*IN*/ ATOM_INFORMATION_CLASS AtomInformationClass, 4020 /*OUT*/ PVOID AtomInformation, 4021 /*IN*/ ULONG AtomInformationLength, 4022 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); 4023 4024 typedef struct _ATOM_BASIC_INFORMATION { 4025 USHORT ReferenceCount; 4026 USHORT Pinned; 4027 USHORT NameLength; 4028 WCHAR Name[1]; 4029 } ATOM_BASIC_INFORMATION, *PATOM_BASIC_INFORMATION; 4030 4031 typedef struct _ATOM_LIST_INFORMATION { 4032 ULONG NumberOfAtoms; 4033 ATOM Atoms[1]; 4034 } ATOM_LIST_INFORMATION, *PATOM_LIST_INFORMATION; 4035 4036 NTOSAPI 4037 NTSTATUS 4038 NTAPI 4039 NtSetLdtEntries( 4040 /*IN*/ ULONG Selector1, 4041 /*IN*/ LDT_ENTRY LdtEntry1, 4042 /*IN*/ ULONG Selector2, 4043 /*IN*/ LDT_ENTRY LdtEntry2); 4044 4045 NTOSAPI 4046 NTSTATUS 4047 NTAPI 4048 ZwSetLdtEntries( 4049 /*IN*/ ULONG Selector1, 4050 /*IN*/ LDT_ENTRY LdtEntry1, 4051 /*IN*/ ULONG Selector2, 4052 /*IN*/ LDT_ENTRY LdtEntry2); 4053 4054 NTOSAPI 4055 NTSTATUS 4056 NTAPI 4057 NtVdmControl( 4058 /*IN*/ ULONG ControlCode, 4059 /*IN*/ PVOID ControlData); 4060 4061 NTOSAPI 4062 NTSTATUS 4063 NTAPI 4064 ZwVdmControl( 4065 /*IN*/ ULONG ControlCode, 4066 /*IN*/ PVOID ControlData); 4067 4068 #pragma pack(pop) 4069 4070 #ifdef __cplusplus 4071 } 4072 #endif 4073 4074 #endif /* __NTAPI_H */ 4075